Meet Forescout’s New CEO, Greg Clark: CRN Exclusive

Greg Clark, former president and CEO of Symantec and former CEO of Blue Coat Systems, is now Forescout’s new CEO. Clark, along with former Forescout CEO Michael DeCesare, will be co-chairmen as the security vendor plots its future growth.

Forescout Sails For New Horizons Under New Leadership

When San Jose, Calif.-based cybersecurity company Forescout was acquired in July by Advent International, one of the big changes was the injection of former executives from Symantec. This included the appointment of former Symantec President and CEO Greg Clark (pictured) to Forescout’s board of directors, and of Nicholas Noviello, who served as Symantec’s CFO from December 2016 to January 2019, who took over as Forescout’s chief operating officer. Both Clark and Noviello are affiliated with Crosspoint Capital Partners, which has an equity stake in Forescout. With Clark’s appointment, unveiled Wednesday but which CRN first reported in September, Michael DeCesare is stepping down after five years as Forescout CEO to become Forescout co-chairman with Clark.

Clark and DeCesare told CRN that while Forescout is focused on a wide range of cybersecurity issues, it has a special emphasis on security concerns around the type of digital transformation activities business and government organizations are facing, particularly with IoT and the cloud.

As co-chairmen of Forescout, the two are determined to work together to build Forescout around the future requirements of its customers. Clark called his relationship with DeCesare a “partnership.” “This is a partnership between the management team and the [investor] sponsors and, very importantly, between Mike DeCesare and Greg Clark, which I think are two very compatible and great forces to bring into the market,” he said.

DeCesare said Clark joining Forescout is a big win for the company. “When you get an opportunity to get someone like Greg Clark involved in a business the size of Forescout, you take advantage of it,” he said. “I‘ve been the CEO of Forescout for the last almost six years. And Greg will tell you that, for almost the entire time, I was trying to get him involved in some way with our company.”

Here is a look what the executives see as the future of Forescout and the types of cybersecurity issues the company and its customers face.

How would you describe Forescout, and what's unique about what the company does in the industry?

Clark: The types of risk faced by companies, whether they be industrial companies or enterprises, is exacerbated by the ability for bad guys to get into the Internet of Things and embedded devices, things that get on the Wi-Fi, things in the conference room. ... That brings profound risk to a company, and Forescout is the No. 1 solution to address that. It‘s recognized by the new investors in our business that Forescout differentiates itself in the most difficult parts of the industry around securing that for customers. That’s super exciting. I think that’s a decade-long tailwind, and something that can’t be ignored by risk managers and cyber professionals.

You said that this differentiation was recognized by Forescout’s new investors. Are you part of the investment company that's working with Forescout?

Clark: Yes. There are two sponsors behind Forescout. [One is] Advent International, a very prominent and excellent private equity firm. The leader of the security business there is Bryan Taylor [head of Advent‘s technology investment team], who has a phenomenal background of investing in cyber companies, things like Zscaler, McAfee, Tanium. He is the lead partner at Advent, and an excellent colleague of Mike [DeCesare] and myself. And I am a managing partner at the other sponsor firm, Crosspoint Capital. We are a firm that is focused on cyber privacy investments. We have a very hands-on approach, with myself coming in to work with the team as the CEO of Forescout.

Just to be clear, is Forescout focused primarily on IoT and the edge?

DeCesare: What Forescout provides customers is this single pane of glass that gives them complete, real-time, active visibility into everything connected to their network. That includes some of the more traditional compute platforms like Windows and Linux where IT departments buy the machine, install things on them, and give them to their customers. And it also includes the more fast-growing areas of IT such as IoT, as Greg said, all the machines that come inside the building. Elevators, building management systems, security cameras, HVAC control systems, everything in a building that is connected to the network. And also on the more industrial control side, what we call OT, which is more of the operational technologies, the industrial control systems. PG&E [Pacific Gas & Electric] is a customer with all the smart meters that they have under management with us. And other industrial use cases. That‘s the secret sauce of Forescout: We provide a single platform that can give customers visibility across everything that connects across their enterprise. And nobody else can provide that.

Mike, why are you stepping down from the CEO role at this time?

DeCesare (pictured): I‘m not leaving Forescout. I’m very excited to join Greg as co-chairman and be involved in this. I’ve been CEO for six years at this point. In the six years that I’ve been here, we saw over a 5X return to our investors. So I feel like the timing of moving this into private equity was just an opportunity for me personally to approach things from a slightly different perspective in Forescout. And to be quite frank, when you get an opportunity to get someone like Greg Clark involved, you take advantage of it. He has a tremendous technical background. We have a lot going on in our R&D organization where I see Greg can be a very, very strong advocate. And I think it became natural to both Greg and I that this was the right time for a transition, where Greg would take a more active role and I would have a chance to still be involved but play a role on the board.

Given the number of companies in your investors’ portfolios, could you see yourself in the near future taking another CEO role?

DeCesare: At this point, to be quite frank, all I‘m focused on is the successful transition of the CEO role over to Greg. I’m not the founder of the company, but I feel like it some days. I put my heart and soul into this organization over the last six years. Many of the people I respect the most in the industry work here. And really what I’m focused on is moving into things a little more strategic. I’m still staying involved with customers, and some of the bigger partnerships that Forescout has. All my focus at this point is in this transition with Greg and I.

Greg, you were at Symantec from 2016 to 2019. Why did you leave?

Clark: I merged Blue Coat [Systems] together with Symantec in 2016. If you look at the public filings, I said I would be with Symantec for two years. I did three. It was time. I always wanted to build an investment firm, and it was time to do that.

Given Symantec's big focus on security, what are some of the big differences for you when moving from Symantec to a smaller security company like Forescout?

Clark: I have a very strong track record in security companies the size of Forescout. When I took over Blue Coat in 2011, it was a very similar size to Forescout now. I‘ve also been a board member and a solid force in other security companies of similar size. So I really enjoy working on companies that are a few hundred million dollars in revenue because the impact and influence to really be able to bring those companies to new value propositions to their customer bases is much easier than with really huge platforms. So while I have a great track record on huge companies, I also helped bring startup companies to great success. And I love the size of Forescout. But more importantly, I really like the problem that Forescout is working on: IoT security is one of the most essential things that need fortification in the world of cyber defense. Machine-to-machine and IoT will become the most important things in the world. And when you extend that to virtual things like things that are in Kubernetes clusters or Docker containers that show up in the cloud, they are very similar in many cases to embedded devices. And really being able to take care of the security aspects, the behavioral analysis of those, to do that in cloud formats, is very important to the future of technology. And I think Forescout is best positioned to be able to deliver real value to the customer base. So I really like Forescout, not just because of the size of the company, but really the problem that Forescout is addressing in the enterprise in the industrial complex. It’s a really serious topic.

With the change in guard at Forescout, what are some things you would like to change going forward, Greg?

Clark: I think Forescout is an excellent company. I really like the management team that Forescout has. The engineering team is excellent. Mike and I will be working together to really bring some augmentation and fortification to the business as we go forward. I really like the ability for Forescout to deliver the coming cloud extensions to the product set. It brings profound value to our installed base, and allows us to really extend innovation faster in the market. Bringing that value to our customers is super important. And also in the areas of international expansion, I think Forescout has the ‘Who‘s Who’ of reference customers, whether you go to Japan or Germany or the U.K., the No. 1 anchor customers are already there [working with us]. I think that we can bring some very rapid expansion to the international markets. Customers face the same problems all over the place, and I think some of the things we can do around fortification of revenue products and the right channels can very immediate. I’m very excited about that.

Just how big is the market for IoT and edge security?

Clark: Every company in the world that runs any kind of Wi-Fi-enabled devices has to take care of that unmanaged device attack surface. I‘ve been doing this for a long time, and in prior lives have put systems in to watch what is in the embedded devices. These things are very easy to hack, and it’s very easy to have resident evil inside these things in a company. And they’re very hard to detect. And so, this is every company, every geography, governments, defense forces, everything needs to take care of this. And I think Forescout can bring solutions to that. And it’s a huge market. It’s a lot bigger than people think it is.

Did you say ‘resident evil?’

Clark: Yes. There‘s resident evil, when you find malware platforms. If you remember a few years ago, the FBI in the U.S. asked us to turn on and off our routers because there was software in there from some bad guys that were skimming off all your passwords. Those were hacked IoT devices. The Dyn attack that took down Netflix and some of the cloud providers was from an IoT camera that was orchestrating that botnet. These things are everywhere. There was a casino that had a breach from a thermostat in a fish tank. These are examples of things that can really harm your value from stuff that is just unmanaged.

So that‘s where the market is. I’d like to say to the risk managers of the companies, ’Do you have these unmanaged IoT devices under control? Yes or no.’ And if they go to their experts, and those experts say ’No,’ then they should be filing a list of things to repair. From a risk reduction point of view, you have to take care of this attack surface. It’s of paramount importance in the enterprise, in governments, in defense forces everywhere.

Do you have a good example of a customer win for Forescout that shows the company's capabilities?

Clark: We won a deal in Q3 that is of profound importance. It was from the U.S. Department of Defense. It was for IoT security for the Army, Air Force, Navy and Marine Corps. It was hotly contested by everybody who brings solutions and technology to this space. It was won by Forescout. It was a big annual deal, a very sizable transaction. But this deal really defines the industry. If you can take care of the attack surface for IoT for the U.S. Department of Defense, that is a great driver of requirements, a great indication of the current state of the technology. I think it‘s the landmark deal in this industry so far.

DeCesare: This deal also answers the question that you asked earlier. What makes Forescout unique is that, when you look at the IT cybersecurity landscape, and you look at our old employers—I ran McAfee, Greg ran Symantec—and those are mostly edge-based companies where they relied on an agent that goes onto a Windows or a Linux machine to interact with those devices. What makes Forescout special is this agentless technology that allows us to play a role in those other use cases. The DoD deal that Greg was referring to, what made it so significant was that we‘re protecting all their corporate laptops and servers just like we do for every other customer, and then all the defense equipment on top of that, all the logistical machines, the transferring of things all around the world, the military devices that are out in the battlefield. All of those have tons of IP-addressable assets, and of those are under management from Forescout. And that’s what makes us so significant out there with the larger customers.

Was that DoD contract won via a channel partner, or was it a direct deal?

DeCesare: Virtually every deal we do is through the channel. And our channel in the U.S. government is incredibly significant. I don‘t know if we’ve announced the partner’s name yet. Given the classified nature of some of these deals, I don’t just want to dive into that. But there was definitely a partner in the deal with us.

How big is government as a part of Forescout's overall revenue?

DeCesare: What we‘ve disclosed historically is a combination of regulated industries, which is government and financial services. It does differ from quarter to quarter. But it’s around 60 [percent] to 70 percent of our total business. We don’t break out government any more granular than that.

What is Forescout's merger and acquisition strategy?

Clark: Every time that you find myself and Bryan Taylor from Advent around a transaction, we have a very close eye on adjacencies. Our M&A strategy is to bring things to the customer base that really excite our customers. And that‘s where we start from. When we find a customer that says, ’Hey, Forescout, if you could put this integration together, or deliver this together, it would really help us out,’ we really like those. We never do any M&A or any kind of adjacency acquisition without a very strong discussion with many, many of our customers. And those are the ones that work best, where we find real synergies, where the customers love it, it’s going to save them money, it’s going to protect them better. And it’s something our channel can represent, that our sales and engineers can represent, our reps can represent, we really like those synergies. And we will be actively pursuing those.
There are plenty of them. There are many adjacencies to what Forescout does because it has some really strong product. And the platform is excellent. We‘ll be working really hard to deliver on that.
So, just like usual, you should expect us to lead technically and also to really excite the market with some very thoughtful M&A.