CEO says insider risk management needs to be disrupted
Marshall Heilman, a long-time executive at Google Cloud's Mandiant, has left the company to head up insider-risk firm Dtex Systems, he first tells Axios.
Why it matters: Insider threats — or cyber risks related to employees either purposefully or incidentally leaking corporate data — have become a top concern for security executives, but the industry has yet to catch up.
- Heilman made the switch from being the chief technology officer at a top cyber intelligence firm to CEO of an insider-threat company as a huge bet on the subsector's potential.
The big picture: Insider threats have long plagued companies, especially high-value companies with precious intellectual property and sensitive corporate data.
- These issues can range from a company employee who leaks insider information to news outlets, employees hacking their own companies, and even nation-state spies working at U.S. companies.
- Increasingly, insider threats also include employees accidentally clicking on malicious phishing links or telling a hacker posing as an IT team member their corporate passwords — drastically expanding the threat landscape.
By the numbers: According to a report from the Ponemon Institute and Dtex, released in September, the number of insider-related incidents rose nearly 8% between last year's report and this year's.
- The report also found that, on average, companies reported spending an average of $16.2 million to respond to insider-related incidents in the last year.
Zoom in: Dtex uses machine learning to monitor network activity and company endpoints to detect unusual employee activity — such as logging on from a strange location, exfiltrating an unusual number of corporate files, and resetting passwords too many times.
- Dtex's customer base ranges from financial service organizations to major sports companies.
- Heilman also said he sees an opportunity to expand the company's list of government clients and work toward federal procurement cybersecurity certifications.
What they're saying: "It's a space that needs to be disrupted, it needs to be made more important, and we need to bring awareness to why it's such a problem," Heilman said.
Between the lines: Heilman told Axios he sees a lot of similarities between his new company and the early days of Mandiant.
- Right now, insider threats feel like something everyone is aware of — and most organizations set aside a budget for — but few actually know how to meaningfully address, much like threat intelligence and cyber incident response in the early days of Mandiant nearly 20 years ago.
- Dtex also has the same workplace culture and dedication to its craft that Mandiant does: "They are practitioners first, they understand this space," Heilman said.
The intrigue: Heilman is hopeful he can make Dtex the go-to provider for insider-threat monitoring technologies — something that he argues doesn't really exist right now.
- To get there, Heilman is embarking on a customer listening tour to gauge places for potential innovation and improvements.
- And he's focused on building out the company's marketing and sales divisions.
What we're watching: Heilman was coy about whether the company is eyeing additional venture capital to build out his vision.
- Dtex last raised capital in 2020 — a $17.5 million round led by NorthGate Capital.
- "There is a lot of interest in the investment community because they see what I see — that this is an industry ripe for disruption," Heilman said.