Eric Hutchinson's goals as CEO of Spirent are nothing if not ambitious. He is seeking to not only move the long-time testing and assurance vendor into a new strategic role but also to transform its internal culture and capitalize on its expertise in critical areas such as the 5G rollout and cybersecurity.
In the first of a two-part CXO Q&A, Hutchinson discussed Spirent Communications plc 's 5G success and the changing relationship the company has with its customers. In this second part, he explains more about Spirent's plans for the cybersecurity realm, how the company is addressing machine learning/artificial intelligence and how the strategic changes are making engineers more warm and fuzzy. Oh, and also how Spirent saved one large carrier customer tens of millions of dollars using its VisionWorks system.
Carol Wilson: How long has Spirent been engaged in cybersecurity?
Eric Hutchinson : On security testing, we've been working with the guys who've developed firewalls for over a decade. It's the same concept as our regular business -- we simulate the network environment, but in this case, it will be peppered with malware and scale attacks so that the companies like Palo Alto Networks, for example, can get an emulation of real-world traffic. We've been working at scale with real-world emulation with the firewall developers.
CW: How is that changing?
EH: What the team has done now is, they've taken that deep expertise and turned it into a software-based tool that now can be run in a live network deployment. We're bringing the same level of scale and realism that we've been doing for the firewall developers and now allowing the enterprise and service provider customers to run that same simulation on their own live network deployment. Clearly, they need to do that carefully and in a very controlled way, because it can take their network down. It enables them to do continuous security testing because your security is only as good as the last test you ran.
Cybersecurity fundamentally is not different. There are constantly new challenges coming up, so we update with any new attacks we've added to our database, we send an update to our customers. They've all got that within 24 hours of anything happening. The benefit here is that we're enabling security officers to eliminate the need for up to about ten different point solutions bringing it into an automated test process.
Not only does it give them greater scale and realism, it's also giving them a way to get the benefits of automation. It doesn't matter who you are, you're still working with a limit on your resources in some form, either to get the count of people or to get the dollars to pay for it.
CW: Cybersecurity folks are talking a lot about using analytics and automation to constantly look for patterns of network behavior that might predict cyber attacks, based on signatures of past attacks and more. Are you part of that process?
EH: We are on a path where we're adding more data analytics to the system. We're not all the way there. Where we are is based on requirements, constantly being right up-to-date with the real threats, and we're focusing on financial services, healthcare organizations as our two primary markets. Then we're looking to see what value we can add.
We're just bringing out a new concept of testing data breaches. This is where somebody is actually testing whether the network can prevent the entry. We're able to, through emulation of the stuff that's being sent out of your network, show people [whether or not] they've got protections to detect when data and information is being sent out from their network which is not authorized. We're developing a new system deployment which will be launching at the end of this year, but we're already beginning to show it to select customers at the moment. That's really getting a lot of interest, particularly in financial services.
We're showing them in advance of [a data breach] actually happening, where their network is vulnerable to that taking place so they can prevent it happening in the first place.
Closed loop service assurance
CW: Changing subjects, Spirent has been talking for some time about service assurance in the virtual world and the need for closed-loop service assurance. Where are you with that?
EH: The way that service assurance is done traditionally is by passive monitoring and huge big data analytics. You're pulling everything that's happening in the network, analyzing it, looking at patterns, looking at behaviors, looking at traffic loading and getting a read-back. As you move into a virtual world, that becomes less valuable because as you say, the way that the traffic is running through a virtual network is not predictive. It takes a different path.
We came up with this concept of VisionWorks, which is taking our test automation tool software system that's running in live networks, and our ability to test mobile infrastructure at the basestation and beyond to the individual subscriber, and both capture what's happening but also, then simulate traffic through the network to an end-point. That's taking our test automation software and it's taking our data analytics and bundling that together so that we can then run active tests.
So when the service is turned up to a large enterprise customer across a virtual network, the service provider is now able to automatically send a test through to verify the quality of that service and they can re-run those tests at any time to verify the quality of that service to the end customer. This has really enabled them to revolutionize the way that they are monitoring the quality of their services.
We have a very large Tier 1 service provider that has services deployed to enterprise customers, all under contract, all under service level agreements. [Using] skilled engineers with specialized tools, they could only cover 7% of their customers and they could only test those customers a few times a day on the quality of service, but 93% of their customers they couldn't test. So they were getting challenges on the service level they were delivering. They had no way of countering those claims. They were paying out multi-million-dollar penalties onto their contracts.
CW: And you could help them automate that process and do better?
EH: After they deployed our system, they were able to cover 100% of their customer base and they could run those tests against customers every 15 minutes. We saved them tens of millions just in those penalties under the SLA contracts, let alone anything else in the efficiency and the use of their own engineering staff.
As we look out the networks and different services, we have a different use case for whole series of other service provisions. We'll continue to develop more of those use cases.
Next page: AI, machine learning and culture change