Next Frontier of OT/IoT Ecosystem: AI & Cybersecurity

Barry Mainz outlines the Forescout Security culture, defining it not as an amorphous concept but as the company’s blueprint for problem-solving and establishing core routines. Forescout's ethos is straightforward: one must constantly improve, as "there's no staying the same" in the dynamic world of cybersecurity. A foundational routine involves executive engagement at the point of sale, or "where the money changes hands," to gain the customer's perspective. This unique focus on customer friction and ease of doing business drives cultural evolution and helps the organization refine its culture over time. This cultural commitment is crucial given the company’s 25-year history in a complex, global, and nation-state-involved space. The discussion shifts to the OT/IoT Ecosystem, highlighting the massive change driven by connected devices that extends beyond traditional IT. Mainz, leveraging his experience with embedded operating systems, notes that non-traditional devices, such as industrial controls (IOT/OT and medical OT), now have vulnerability issues (CDEs) exceeding those of standard IT operating systems. These critical infrastructure devices—from power grids to industrial robots—were not built for patching, creating significant, hard-to-remediate risk. Forescout recognized this shift early, transitioning from a core NAC company to a broad Forescout Security platform focused on network operations security for the world’s largest public and private companies.

This evolution into Critical Infrastructure Protection is accelerating due to the increasing frequency of severe breaches and regulatory pressure. The US Disclosure Act, for instance, has made CFOs and CEOs personally liable for non-disclosure of breaches affecting OT/IoT devices. This regulatory push is forcing mature organizations, which often deal with outdated, decades-old systems, to rethink their approach to security. Conversely, emerging markets (like META and India) frequently exhibit less ego and legacy lock-in, making them more open to modern, flexible solutions, which has led to them becoming Forescout's fastest-growing regions. The complexity of the OT/IoT Ecosystem demands this cultural fluidity.

Forescout operates on a 100% partner-based go-to-market model. The ecosystem comprises distributors (essential for hardware logistics and export compliance), resellers, and strategic alliance partners, such as Siemens or Yokogawa. The channel is segmented by a combination of vertical alignment (e.g., dedicated reps for healthcare, federal government) and horizontal motion for down-market strategics. This network extends to strategic alliances for deep, technical integrations, often resulting in ODM or OEM relationships. The Channel Partner Strategy includes sell-with (integration) and sell-through motions, covering 700 alliance partners and 25 OEM/ODM relationships worldwide. Distribution partners have moved far beyond their traditional roles. Today, they are critical value-add partners, providing specialized professional services, Tier 0/1 support in local regions, and acting as thought partners to guide the proper go-to-market motions, especially in emerging territories.

The shift to a subscription-first business model (90% software) has fundamentally changed the financial metrics tracked by the board. Key metrics now include Annual Recurring Revenue (ARR) and Gross Dollar Retention (GDR), along with contract length, which have superseded TCV and non-recurring revenue. While traditional hardware metrics, such as RMAs, are still tracked, they are less central to running the business. Other critical metrics include CSAT/NPS scores, pipeline coverage, and sales productivity indicators. Forescout’s product is ambidextrous, offering both cloud and on-prem deployment options, a flexibility that is proving critical as large enterprise customers begin to experience cloud repatriation—moving workloads back to cost-effective co-location due to CapEx/OpEx trade-offs on hyperscale platforms.

Measuring the ROI of AI investment is a challenge. Forescout's investment strategy is two-fold: Internal Productivity (e.g., advanced translation, co-pilot functions) and Product Feature Enhancement. In the product, AI is utilized as a tool to generate audit reports and prioritize events for the Security Operations Center (SOC). However, due to concerns over hallucinations and reliability, Forescout still doesn't permit AI agents to execute direct network control (like blocking). A new element in the sales cycle is a customer checklist to ensure vendors are utilizing AI, indicating a shift in customer procurement requirements. The board-level dialogue has matured from hype to pragmatism, asking for "real facts" on AI’s impact.

The shortage of AI/ML talent is a significant struggle, reminiscent of past industry transitions. The challenge lies in the lack of maturity in the AI space—specifically, the need to change language models, system choices, and the understanding of correct application—making it challenging to hire and train the proper personnel. This talent gap must be addressed to leverage AI within the OT/IoT ecosystem successfully. Finally, Mainz reveals his subsequent big bets for the cybersecurity industry. The first is Quantum Computing, which is seen as a near-term existential threat due to its potential to allow "bad actors" to unencrypt vast amounts of data in seconds—a post-quantum encryption problem that demands industry attention. The second is Agentic AI. He also dispels the myth that "IOT and OT don't matter" on campus.