Wednesday, April 18, 2018

Interview: Lee Chen, CEO of A10 Networks

A10 Networks, which is sometimes referred to as the best-kept networking secret due to its high-performance security and load balancing product lines yet quiet public company profile, was founded by Lee Chen in 2007. Chen is a veteran of Silicon Valley networking start-ups having served in the key technical roles at Centillion Networks and later at Foundry Networks. Centillion Networks was a switching pioneer active in the late 1990s and later acquired by Bay Networks. Foundry Networks was a follow-up company that was first to ship a Gigabit Ethernet switch, and later had the good fortune of completing its IPO near the peak of the Internet bubble in 1999. Years later, Foundry was acquired by Brocade. A10 Networks, which got started in 2006 and is based in San Jose, California, completed its IPO in March 2014.

For its most recently reported fiscal quarter (3Q2017), the company's revenue grew 12 percent year-over-year to $61.4 million. Service Provider sales were about 53% of total revenue and enterprise sales were 47%. Total gross margin was 78.3%. A10 Networks postponed its 1Q2018 financial report, which had been expected in February, citing an internal investigation concerning a violation of its insider trading policy by a mid-level employee within its finance department.

Question: As yet another year of the annual RSA conference gets underway, it's clear that the really critical cybersecurity issues have not gone away. The daily news is filled with stories of attacks on critical infrastructure, major cryptocurrency heists, interference by one country in the electoral process of others, and most recently of the revelation from Facebook that possibly all of its nearly 2 billion users may have had profile data scaped by bad actors. What's your overall assessment of cyber security?

Lee Chen: My assessment of cybersecurity is that attacks will become frequent and more sophisticated. Will they ever go away? It’s not impossible but it’s not likely in the near term. I just don’t see in the next 10-20 years that they’re just going to go away. It’s a real part of our lives. That’s why it’s very important for every telecom company or operators, IT staff, IT organization, any enterprise customers, they need to have a security policy in place.

Q: Let's talk about DDoS. Over time, the number, duration, and volume of attacks always go higher.  What are your observations?

Lee Chen: As the number of DDoS attacks is increasing, the duration is getting longer the volume is getting higher and the vendor Solutions are getting more sophisticated, with much higher performance – and they’re becoming automated and easier to deploy. These solutions are getting better over time. It’s like any technology – it never stands still, and you always have a new era of attacks and solutions. The users need to make sure they keep up to date with the latest and greatest technology from the industry’s best vendors.

Q: The rise of crypto currencies tells us that a lot of electronic money is moving from the well-defended infrastructure of major banks to smaller platforms that may exist in less secure environments, perhaps making them more vulnerable to DDoS attacks. Does that mean that a greater amount of the money supply or capital will exist in a more vulnerable environment?

Lee Chen: I do believe that cryptocurrency is here to stay. Many people believe it’s a blip, but I believe it’s here to stay. I'm not sure cryptocurrency is necessarily more vulnerable because one of the things about the use of blockchain with cryptocurrency is that blockchain is more secure and provides more privacy. Just like any new technology, it will constantly be the target of cyberattacks, but for cryptocurrency to evolve, it will need a significant investment in cybersecurity.

Q: We're starting to see really substantial numbers of IoT devices coming online, some with better security controls than others. In some cases, it is the enterprise that is deploying IoT in volume to track their own assets. How significant is the security threat?

Lee Chen: IoT’s threat to the enterprise is not significant but in the future will be. IoT devices have the widest variety of different use cases: some are related to convenience, some for life and death, some for cost control, some for energy consumptions. Counting on IoT devices to be secure is not realistic – IoT devices will never be fully protected because attackers will always figure out a way get through the IoT device’s security.

Just like in any security scenario, it always comes down to policy. You need to have a well-designed security policy in place to make sure the application and IoT devices are protected from malware and DDoS attacks, and also from other network and application attacks.

Q: The gaming industry is becoming the latest professional sport. Players have a lot on the line to win their competition, but here again, there is a need for a very clean network.  How is this segment developing?

Lee Chen: Gaming is a very interesting and very challenging industry. It’s one of the most demanding DDoS protection environments, as no dirty traffic is allowed in the industry. One significant difference for a gaming environment is that the network needs to be super clean. Because of the time-sensitive nature of a gaming environment, you can’t have any lag, and you can’t have any latency due to dirty traffic on the network. The gaming industry needs a device that is really sophisticated, because any dirty traffic will cause one side to lose, and the stakes are very high. You need a device that can detect attacks instantly and will never allow volumetric attacks to happen to the network.

Q: Cloud migration. The move to public cloud services is another megatrend. Many companies, of course, are pursuing a hybrid public/private cloud strategy and this changes their security posture. How do you think about security when traditional network boundaries are changing?

Lee Chen: Most of the enterprise is moving from traditional networks to the cloud, and all corporations will have some data in the cloud and some on their corporate networks. Cloud is a great opportunity for companies to invest in a hybrid cloud strategy – as a matter of fact, one of the largest public cloud providers is one of A10’s marquee customers and does just that, with 40 data centers with 45 TB of data protected globally A10’s DDoS mitigation solutions.

Q: Carrier network virtualization - SDN and NFV are bringing the benefits of virtualization to carrier networks.  As they deploy x86-based infrastructure instead of proprietary systems, is this opening up new security vulnerabilities?

Lee Chen: The virtualized network such as SDN and NFV does provide the network efficiency, agility and flexibility, which is a must for virtual networks when it comes to providing good analytics and orchestration – all without vendor lock-in. And there are quite a few options when it comes to implementation: you have different versions of OpenStack; different vendors with their own versions, and different integrations. So you actually offer more integration opportunities. In the longer term, I can see significant advantages, and in the near-term, I see a lot of opportunities to integrate with the different vendors. The virtual solution does have some challenges because virtual management is a big issue. Overall, visibility and control is a must and there is a good opportunity for the application intelligence and analytics companies to provide a good solution for the virtualized networks.

Q: We are starting to see the rise of autonomous vehicles as companies like Waymo, Uber, Lyft, Maven and others talk about deploying tens of thousands of vehicles.  These future businesses will rely heavily on low-latency, mobile networks, presumably 5G. Could they also be vulnerable to DDoS attacks?

Lee Chen: Similar to the gaming industry and gaming networks, autonomous vehicles need super clean connectivity because now we're talking about life and death. With 5G networks, the opportunity to update the software in autonomous cars is really great. I think autonomous car usage will be popular although I don't know when. These cars absolutely need protection, because if somehow the network is compromised the risk is very high. Similar to the gaming industry, the DDoS protection needs to be very sophisticated, and be able to keep any volumetric attacks from entering the network. This DDoS detection and mitigation needs to be quick and automated via intelligent automation.