Special report: Once more unto the breach
This Exclusive Networks-sponsored Special Report discusses a new VAD initiative paying off in the security market
More than 80 per cent of large organisations and 60 per cent of small firms in the UK suffer at least one security breach every year, and most are caused by external attack. Worse still, the cost per breach continues to increase - this year to as much as £1.15m per breach in large organisations and £115,000 for small companies, according to the Department for Business, Innovation and Skills' Information Security Breaches Survey 2014.
A vast number of such attacks go undetected, with unaware organisations caught short days or even months afterwards, the report says. Unsurprisingly, there have been louder calls for a change to the IT security landscape and the way threats are handled by IT professionals of late, but few organisations know where to turn in terms of solution, or who to turn to.
Paul Starr, technical director at NTS (UK), says reseller partners and customers have long struggled to come to terms with the myriad security offerings on the market - and the technologies are both diverse and ever-expanding.
With this in mind, might a relatively new approach to customers from leading VAD Exclusive Networks shine a light through the apparent darkness? It is called CARM - standing for Cyber Attack Remediation and Mitigation - and it brings together a portfolio of different yet carefully chosen offerings in a way that could significantly boost the IT security market opportunity for partners.
"What Exclusive has done is put forward a ‘product', idea and strategy around IT security," Starr says. "And I think it works really well because customers are typically looking for a way of understanding what they need to achieve. Previously, it has always been focused on a technology."
This has obscured the need for technology to be considered as part of a whole, in a bigger picture that can help end users learn about and adopt the right technologies - ones that work together in an overall strategy to detect and mitigate threats.
Network and security services provider NTS (UK) has long been a partner of Exclusive Networks, Starr notes, but the focus on the detection, remediation and mitigation of cyber threat - with prevention now playing a smaller while still important role in the mix - is relatively new within the industry. And customers are appreciating this holistic approach to taking them through the minefield, he confirms.
"And for us, it is about having the right conversations - good conversations - that lead to sales. CARM allows that conversation to happen, and gives us a way of developing a relationship with the customer. Rather than going in and talking about a firewall, we can go in and talk about the threat landscape," Starr says.
Ben Densham, chief technology officer at another Exclusive partner, cyber security testing specialist Nettitude, agrees.
"It's a really good way of changing strategy and talking to people. Many people start off with products, and think they need a firewall or a login system or whatever, but the real issue is that organisations have something they are trying to protect."
Having that conversation can help both partner and customer divine what needs to be protected, and design the best way of doing so. Is the data itself the high-value item - or is it less important than someting else? CARM helps users start to think about their real requirements and develop a strategy in a concrete way that provides a solid grounding for the future.
"Often people come to us for penetration testing and would like to install the latest and greatest, flash bit of kit. So the first thing we do is help them complete a risk assessment if they haven't already," Densham says. "And from there, we can get to a point where we can help them in multiple areas: providing solutions, conducting awareness training, and more."
Tony Rowan, solutions architect at Exclusive Networks, says the time is now past when tech providers could offer a method of prevention - too often assumed to be foolproof. No security technology is incapable of breach or failure, and clever partners and customers have long realised this.
"One hundred per cent protection has never been possible," he confirms. "And now we're seeing SMBs becoming more of a target - especially as the larger businesses have got more successful at defending themselves; the threat is moving down, and the threat actors are changing their businesses."
What has been thin on the ground among partners and customers is an understanding of best practice and strategy that promises to both remediate and mitigate cyber threats - especially the more serious and difficult to prevent zero-day, targeted or advanced persistent threats - that slip past any and all organisational defences.
Often, such threats could not even be easily detected - leaving customers having to buy and deploy products essentially on faith. Were they even actually being targeted? Analysts and commentators - as well as salespeople - might say so, but where was the proof? Today, however, the rise of increasingly sophisticated detection technologies is changing the game.
Coupled with consultancy, managed services, and help to educate internal and external users, partners with the "attitude and the aptitude" stand to gain from a CARM approach, he adds.
"The sort of products we're targeting through CARM is a range of capabilities, covering everything from larger companies to public sector and SMB," Rowan explains. "And the opportunities for the partner are expanding, so CARM is about helping the partner, rather than talking about a point solution. And we work with the partners on that."
CARM before the storm
Exclusive's CARM platform includes a range of vendors handpicked by the VAD to present that joined-up picture to partners.
Stuart Quinsey, EMEA director of business development and channels at one partner, LogRhythm, says CARM has come at the right time to enable partners to reshape their channel model in ways that will benefit customer businesses.
"Across the board, it [the CARM portfolio] is really complementary to what we do. It just makes more sense," he says. "And we probably partner with some of the most specialised partners."
LogRhythm provides the critical security information and event management (SIEM) piece of the puzzle, using its patented AI Engine to analyse all available log and machine data on the network and sending alerts in real time to prompt an array of appropriate responses.
Palo Alto offers the CARM reseller a comprehensive security platform incorporating next-generation firewall, a cloud offering targeting APTs, and an end-point protection solution for Windows which differentiates between known and unknown malware traffic, responding within 15 minutes.
Alex Raistrick, regional vice president for Western Europe at Palo Alto Networks, says the protection goes "all the way to layer seven". "Typically, people know they need protection but they can't pick and choose which pieces they need," he says.
Shane Grennan, UK and Ireland country manager at network security appliance maker Fortinet, says the VAD's approach helps partners move into areas where they might otherwise struggle, with Exclusive not only helping to educate and train partners, but end-user customers as well.
Where Fortinet's family of products fits into CARM is partly as an efficiency play: "Our main aim for customers is to reduce their cost of ownership for security solutions. It's about taking multiple security solutions and consolidating them with a next-generation firewall," he points out.
Roy Duckles, EMEA channel director at Lieberman Software, confirms the opportunity: "A lot of distributors we have worked with in the past have sold security products in almost a reactive way. Exclusive has actually put a proactive portfolio together."
As part of that portfolio, Lieberman's software can provide the privileged identity management, access control, and password management aspect. "It manages access to everything from tin to Twitter when it comes to admin passwords," Duckles points out. "And if you don't manage them, you are going to get breached."
Druva is a relative newcomer to the ranks of leading security vendors as a player with a big angle on trends du jour mobility and big data. Steve McChesney, vice president of business development at Druva, explains that it offers integrated end-point protection, file sharing, and backup, rolled up with data analytics capabilities, for tablets, laptops and other mobile devices.
"Our play is to help enterprises and the mid-market deal with the proliferation of data on the end-point," McChesney says.
"Many companies do not have an effective way of getting that data backed up, and once it is backed up, you have an opportunity to do things with that data, such as file syncing and sharing."
Data loss prevention and data governance functionality are incorporated - and key to a mobile, cloud-based world that nevertheless must keep some information secure, he says.
Jason Steer, EMEA corporate sales director at FireEye, indicates that his firm was one other vendor that has been included for its specific advantages and selling points which thus far differentiate it in the market.
"If you think about what the security landscape looks like today, most successful attackers are from China, Russia or Eastern Europe. They are hacking and stealing information from businesses carte blanche, without anyone being aware. The CEO or whoever will have spent or be spending millions on business protection - yet not a single one of those flags up that it has been attacked," Steer says.
"The security model that has worked, or appeared to, for the past 15 years has been shown to be redundant."
So FireEye offers real-time attack detection functionality, including for the network, the end-point, content, and for email. Cloud platforms and managed subscription services are combined with forensics and analysis to keep the user - whether datacentre or SMB - on top of attacks as they happen, Steer says.
Darren Anstee, director of solutions architects at Arbor Networks, notes the main CARM building block from its store of solutions targets DDoS, a serious ongoing threat that has in its various forms crippled many a company, including SMBs as well as large enterprises. As more organisations have come to rely on the internet, the risk and threat from DDoS has increased.
"About four years ago, we began to see DDoS was changing," he says. "Now we are seeing application layer attacks becoming more common. Some look like genuine user traffic, but are subtly different in order to affect those services."
Arbor's network perimeter protection solution is about providing enterprise-grade assistance to a wider range of customers against a wider range of types of DDoS. "And it can also [automatically] ask for help when it realises a system has been overloaded," Anstee says.
External DDoS protection, internal network visibility, and security analytics are wound tightly to give a combined detection and mitigation approach from one vendor, he says.
Graham Jones (pictured, right), UK country manager at Exclusive Networks, says it is all about having a 100 per cent, 360° security focus. This is the only way of providing what customers really want: protection that can answer customers' questions about security and which really works, through combining detection, prevention, mitigation and remediation strategies.
For resellers, it is about consultancy, services and other ways of adding value that ensure the provider becomes a genuine long-term partner, with revenue and margins to match.
"From a reseller point of view, it is a smart way of putting sometimes enormously disparate vendors together to come up with a solution," Jones says. "Often when people bring new products to market, they say ‘look at my features'.
"What we have done with CARM is independently and objectively put a number of vendors together, in a way that really makes sense for the customer."
CARM, as an integrated palette of vendor offerings, enables customers to detect, contain, respond to, remediate and ultimately mitigate the effects of almost-inevitable cyber security breach. It can help them fix any damage in a timely manner, reducing cost and overall impact, finishes Jones.