Skyhigh Security rises from McAfee-FireEye’s SSE

CEO chats to us about zero trust, data protection, and more


Skyhigh Security, formed from the Secure Service Edge (SSE) pieces of McAfee Enterprise and FireEye, today announced its name and data-guarding portfolio. 

CEO Gee Rittenhouse, who led McAfee Enterprise Cloud and is a former Cisco security executive, said Skyhigh aims to shift practitioners' focus from granting or blocking network access to resources, to fine-grain monitoring and protection of applications and data even after people have logged in.

Instead of simply securing access to an application, Skyhigh examines what people and machines do with the software, and how they use information with in once their identity has been verified and access granted, Rittenhouse said.

"What happens after you have access? How do I protect the information and the sensitive data after the login, after I've done zero trust? Because we operate in an environment that's highly collaborative, protecting that flow of information is important," Rittenhouse told The Register.

To this end, Skyhigh strives to secure access to web, cloud-based, and private apps, and then safeguards an organization's data within those applications, using a policy-based approach: "The policy follows the data instead of being attached to different technologies," Rittenhouse said.

A quick refresher on how Skyhigh came to be: early last year private equity firm Symphony Technology Group acquired McAfee's enterprise security business for $4bn, and a few months later bought FireEye's security products business for $1.2bn.  

Then in January, this combined McAfee Enterprise-FireEye outfit renamed itself Trellix, and rolled out an extended detection and response platform. At the time, Symphony announced it would spin off the McAfee Enterprise's Secure Service Edge portfolio into a company with Rittenhouse at the helm. Skyhigh will maintain a close relationship with Trellix particularly around data-loss prevention, Rittenhouse said.

Skyhigh's portfolio includes a secure web gateway, cloud access security broker, zero trust network access, cloud data loss prevention, remote browser isolation technology, cloud firewall, and cloud-native application protection platform. 

In addition to the combined McAfee-FireEye SSE pieces, the portfolio includes technology from McAfee's earlier acquisitions, including Skyhigh Networks, Light Point Security, NanoSec, and Secure Computing.​

SSE encompasses a set of service services that allow enterprises to adopt a secure access service edge (SASE) architecture — SSE is basically SASE without the networking component — and Skyhigh faces stiff competition from the likes of Zscaler and Netskope.

Rittenhouse says Skyhigh's approach is unique in that it is "data aware," and he cites Gartner's accolades in its SSE Magic Quadrant for the former McAfee platform's "completeness of vision." The other two aforementioned vendors ranked higher in their "ability to execute."

"We were the farthest along on the vision piece of this single view of the data and the single policy element, the single portal," Rittenhouse said. "It's not enough just to have a broad portfolio, but it's how that portfolio interacts to protect this particular use case around data."

To this end, it sets policies that enforce how data is used, and those policies follow the data where it resides, he explained.

So after an employee uses multi-factor authentication to verify her identity to log onto Box, for example, Skyhigh's tech will set and enforce policy around what she can do with the application. In this case, uploading corporate secrets to Box would raise red flags.

"It's this data-aware piece of what [a user is] doing with the data," Rittenhouse added. ®

Broader topics

Narrower topics


Other stories you might like

  • LokiLocker ransomware family spotted with built-in wiper
    BlackBerry says extortionists erase documents if ransom unpaid

    BlackBerry security researchers have identified a ransomware family targeting English-speaking victims that is capable of erasing all non-system files from infected Windows PCs.

    LokiLocker, a ransomware-as-a-service (RaaS) family with possible origins in Iran, was first seen in the wild in mid-August 2021, BlackBerry Threat Intelligence researchers write in a blog post today.

    "It shouldn't be confused with an older ransomware family called Locky, which was notorious in 2016, or LokiBot, which is an infostealer," they say. "It shares some similarities with the LockBit ransomware (registry values, ransom note filename), but it doesn't seem to be its direct descendant."

    Continue reading
  • Microsoft offers 'open' app store to draw regulators away from Activision takeover
    Windows giant will say anything at this point to protect $69bn deal – and stick boot into Google, Apple

    Microsoft, a monopolist of yore that recently disallowed third-party browsers from handling a protocol associated with its Edge browser, has pledged to uphold a set of Open App Store Principles for the Microsoft Store on Windows and future game marketplaces.

    "We have developed these principles in part to address Microsoft's growing role and responsibility as we start the process of seeking regulatory approval in capitals around the world for our acquisition of Activision Blizzard," said Microsoft president Brad Smith, in a blog post announcing Redmond's commitments.

    Smith acknowledges that regulators around the world are looking to make app markets more competitive, and says that Microsoft wants to demonstrate that it's committed to adapting. In other words, the Windows giant really wants its $69bn deal for Activision Blizzard to be approved (and not do an Nvidia-Arm.) But Microsoft also sees an opportunity to level a playing field dominated by Apple and Google.

    Continue reading
  • Conti ransomware gang's source code leaked
    Latest info dump days after anonymous outing of 60,000 messages

    Infamous ransomware group Conti is now the target of cyberattacks in the wake of its announcement late last week that it fully supports Russia's ongoing invasion of neighboring Ukraine, with the latest hit being the leaking of its source code for the public to see.

    This disclosure comes just days after an archive leaked containing more than a year's worth of instant messages between members of Conti, believed to be based in Russia: we're talking 400 files and tens of thousands of lines of internal chat logs written in Russian. The internal communication files include messages that run from January 2021 to February 27 of this year.

    Conti announced on February 25 that it was giving its "full support" to Russia's attack on Ukraine, adding the threat that, "If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy."

    Continue reading
  • ServiceNow preps mobile apps for real-time transformation tracking
    Shifting to measuring results of its trademark workflows, not just building 'em. And it comes with a 'bat-phone'

    ServiceNow will soon release mobile apps that allow real-time tracking of metrics, so business leaders can see the progress of digital transformation initiatives.

    The apps will be companions to Impact – a product ServiceNow announced last month. It diverges from ServiceNow's usual offerings in measuring the results of its core workflow engine – rather than driving workflows. The companion apps will be applicable across its expertise in HR, ITSM, and other areas of business.

    Impact includes consulting, best-practice templates, and some AI fairy dust, all in the service of tuning ServiceNow's SaaS to ensure it delivers desired business outcomes, especially as applied to digital transformation projects.

    Continue reading

Biting the hand that feeds IT © 1998–2022