7 Big Bets From FireEye-McAfee Enterprise CEO Bryan Palma

From market-leading Extended Detection and Response and Secure Access Service Edge offerings to MSSP-friendly multitenant portals, here’s what CEO Bryan Palma believes will set FireEye-McAfee Enterprise apart.

A New Beginning

Bryan Palma officially became CEO of the combined $2 billion FireEye-McAfee Enterprise organization Friday after private equity firm Symphony Technology Group (STG) closed its $1.2 billion acquisition of FireEye. Palma joined FireEye in February 2021 as executive vice president of products, and previously was BlackBerry’s president and COO as well as Cisco’s senior vice president and general manager of Americas’ customer experience.

Palma will have his work cut out for him, overseeing an organization with more than 5,000 employees and 40,000 customers that has grown more slowly than the industry in recent years. One of his first decisions will be whether to call the company FireEye or come up with a new name, which will have to be decided this quarter since the company doesn’t own the McAfee Enterprise name beyond this year.

Shortly after STG’s acquisition of FireEye closed, Palma spoke with CRN about his technological and go-to-market priorities for the combined organization. From Extended Detection and Response (XDR) and Secure Access Service Edge (SASE) to MSSP-friendly multitenant portals and potential partnerships with RSA Security portfolio companies, here’s what Palma believes will set the combined company apart.

7. Standardize Security Operations Around FireEye Helix

FireEye’s Helix security operations offering is going to be a central component of the company’s extended detection and response (XDR) platform since it was developed as a cloud-first tool, according to Palma. In contrast, McAfee’s Enterprise Security Manager (ESM) is more of a traditional SIEM tool, and Palma said the company plans to integrate some ESM capabilities into Helix.

Going forward, Palma said the company needs to have a single security operations console for running its XDR and intends to be cloud-first and cloud-native, which is what Helix does. As for the fate of ESM, Palma said he needs to understand the company’s customer base and technology better before providing more details on the integration plan.

FireEye Helix was unveiled in June 2016 and became generally available to customers in April 2017. McAfee, meanwhile, first debuted a cloud-based version of ESM in July 2020. Gartner in April classified both FireEye and McAfee as niche players in the Security Information and Event Management (SIEM) market, while Forrester in late 2020 called FireEye a contender in the security analytics platform space.

6. Bring In Talented Executives From The Outside

Palma plans to staff the company’s leadership team not only with executives from FireEye and McAfee Enterprise, but also with talented executives from outside both companies given his many years in the industry. The merger was unique in that many top leadership roles were vacant due to the executive in that position remaining with either Mandiant or McAfee’s consumer business, according to Palma.

This most notably took place with the CFO role, where Frank Verdecanna stuck with Mandiant and Venkat Bhamidipati remained with McAfee’s consumer unit. As a result, Palma brought in Riverbed Technology’s Ian Halifax to fill the CFO position for the combined company. There are several other areas such as general counsel and human resources lead that are also like this, according to Palma.

Conversely, Palma said there are also places where both FireEye and McAfee Enterprise already have leaders in place and decisions will have to be made about who’s best-suited to lead the combined organization going forward. This is true for the Americas channel chief role, where both FireEye and McAfee already have longtime leaders in the position--Chris Carter and Ken McCray, respectively.

5. Return To Market-Level Growth With Greater Focus

Palma said the company needs to get back to innovating and investing since both FireEye and McAfee Enterprise are growing much more slowly than the cybersecurity market as a whole. Net revenue for McAfee Enterprise in the fiscal year ended Dec. 26, 2020, inched ahead to $1.35 billion, up just 1.2 percent, while FireEye’s product revenue fell to $540.9 million in 2020, down 3 percent year over year.

The FireEye Mandiant business struggled with being spread too thin, with the company playing in appliance markets, Software-as-a-Service markets, managed services and consulting despite having less than $1 billion in annual sales, Palma said. The portion of the portfolio not sold to STG was renamed Mandiant and includes the company’s threat intelligence and incident response services business.

STG is focused on getting the company’s top line growing again rather the cost synergies and layoffs, according to Palma. As a true software company, Palma said he wants FireEye and McAfee Enterprise to pivot to delivery in the cloud and invest in artificial intelligence and automation.

4. Partner With RSA Security Portfolio Companies

Palma said he’s excited about some of the other assets that are also owned by Symphony Technology Group, most notably RSA Security subsidiaries NetWitness--which does threat detection and response and SIEM--and Archer, which does governance, risk and compliance. STG bought RSA in September 2020 for $2.08 billion and brought in Clearlake Capital in April to be an equal ownership partner.

The company will explore natural combinations, ways to go to market together, and other partnership opportunities with the RSA Security portfolio companies once the integration work between FireEye and McAfee Enterprise is complete, according to Palma. From an M&A standpoint, Palma said the company will be focused on buying businesses that fill gaps associated with its XDR and SASE platforms.

Palma said its still to be determined whether the company’s inorganic growth opportunities will come from within or outside the STG portfolio. In addition to NetWitness and Archer, RSA Security is made up of SecurID identity and access management as well as Outseer fraud and risk intelligence.

3. Secure Access Service Edge

One of the two core portfolios the company will focus its investments on going forward is Secure Access Service Edge (SASE), which will leverage McAfee Enterprise’s expertise in data loss prevention (DLP), secure web gateway (SWG) and cloud access security broker (CASB). McAfee Enterprise strengthened its SASE posture with the February 2020 acquisition of browser isolation firm Light Point Security.

Palma said FireEye’s underlying MVX sandboxing engine should strengthen both McAfee Enterprise’s SWG as well as its intrusion prevention system (IPS) on the network security side. Both FireEye and McAfee Enterprise are pretty nascent in the clou- native application protection platform (CNAPP) market, with FireEye entering the market through its $13.2 million acquisition of Cloudvisory in 2020.

Gartner last year classified McAfee Enterprise as a leader in the CASB market and a challenger in the SWG market, while Forrester earlier this year called McAfee Enterprise a leader in unstructured data security platforms. McAfee Enterprise entered the CASB space through its $590 million acquisition of Skyhigh Networks in January 2018.

2. A More MSSP-Friendly Approach To Partnering

FireEye and McAfee Enterprise have some talented people in their channel organizations, but Palma said the partners need more investment as well as a new vision. The channel will be run on a global basis and the company plans to change how it engages and compensates channel partners, with a particular focus on making technology multitenant so that it’s more accessible for MSSPs, Palma said.

The company plans to go about creating a single, unified partner program in 2022 since it isn’t advisable to maintain separate programs for FireEye and McAfee Enterprise partners in the midterm, according to Palma. Palma sees the channel as one of the company’s most significant growth drivers, and has already met with 10 solution providers

Palma said one of the problems in the market today is that other technology providers are going broader into services and stepping on the channel’s toes. But that is not going to be the strategy at FireEye and McAfee Enterprise, Palma said--instead, the company will focus on creating software and driving technology and let solution providers bring consulting and managed services to their customers.

1. Extended Detection and Response

The company’s combined endpoint security capabilities will serve as the linchpin for its XDR platform, capitalizing on McAfee’s longtime strength in endpoint protection as well as FireEye’s expertise in endpoint detection and response (EDR). Palma expects XDR to draw from both the FireEye and McAfee Enterprise side and serve as one of the two primary architectures driving the company’s portfolio.

The XDR offering will be further enhanced by FireEye’s Helix SIEM platform and email security tool as well as McAfee Enterprise’s network security and data loss prevention offerings, according to Palma. FireEye and McAfee Enterprise fill in each other’s gaps pretty well when it comes to the building blocks of XDR with not a lot of overlap, which Palma said should serve to create a very robust XDR suite.

McAfee Enterprise introduced its MVision XDR offering in October 2020 and expanded it in May through correlations with the company’s endpoint security product, SASE platform and threat intelligence tool. FireEye XDR, meanwhile, debuted in August 2021 with native security protections for endpoint, network, email and cloud.