Carbon Black sets sights on UK security resellers

Security vendor looking to expand partner ecosystem by adding UK-based resellers

Endpoint security software vendor Carbon Black is on the hunt for UK-based partners after investing heavily in its channel last year, according to CTO Mike Viscuso.

Carbon Black is already served in the UK by larger partners like NTT Security and CDW, but Viscuso said the vendor is now looking to sign up partners who are headquartered in the UK.

The vendor's offering is centred around its endpoint security platform which offers, anti-virus, incident response and threat-hunting capabilities.

"We started to invest in the UK in 2015," Viscuso said, "and we put a lot of money into the UK market in 2016.

"We largely relied on US-based channel companies for that international presence. Companies, Like CDW, IBM and NTT who have a global presence, so we really focused on extending our relationship with those companies versus adding specific UK channel partners, but I think you're going to see us add a lot more regional channel partners in 2017."

Originally known as Bit9, Carbon Black has an EMEA team of around 40 members of staff, based out of London, and has raised $190m in venture capital funding since 2002.

Viscuso said that Carbon Black's revenue is split roughly at 70 per cent in the US and 30 per cent globally, but that the vendor is looking to expand its global income through the channel.

"We are in fact making our move into the UK, Europe, the Middle East, Asia Pacific and Japan - they're big emerging growth areas for us as we look at 2017,18 and 19.

"From a channel perspective we are the most channel friendly endpoint security company.

"About 90 per cent of our bookings go through the trusted channel and the other 10 per cent is largely when a customer just doesn't want to purchase through a value added reseller and they want to go direct. This doesn't happen very frequently but it happens about 10 per cent of the time."

Tony Lock, analyst at Freeform Dynamics, said that Carbon Black has made a number of shrewd acquisitions over recent months that have helped it broaden its wider security offering.

Most recently the vendor acquired antivirus firm Confer in a deal it claimed would allow it to take on Symantec, Palo Alto Networks, Cylance and Crowdstrike.

"They were very much centred on the US, that's pretty standard, but they've started to expand their European presence more and they've created offices and staff here," he said.

"More recently they've been expanding their portfolio quite a lot through acquisition, so it's understandable that maybe their channel presence isn't as big as they'd like it to be, but that is basically business as usual for companies coming to the UK.

"Their portfolio and the solutions that they have are quite interesting. They have a slightly different way of looking at the whole security angle, and as I said the acquisitions they've made in particular are expanding their capabilities quite dramatically."

Anti-virus competition

Viscuso claimed that Carbon Black's endpoint security platform addresses an area that is being missed by both legacy vendors and emerging companies.

He said that in 2017 cybercriminals will shift from using malware to manipulating the files already stored on an endpoint device.

"Both Cylance and SentinelOne, when you look at their prevention strategy - particularly Cylance [which] has pioneered this machine learning view of anti-virus - they just look at malware.

"When a new file shows up on the file system they look at it and apply their machine learning model against that file to determine whether it's malicious or not, and just like anti-virus if they allow it to run they don't look at it after that," he said.

"if they're wrong you wouldn't know anything about it and that piece of malware can run rampant throughout your system.

"More importantly, attackers just aren't using malicious software anymore [because] they already have everything they need on the file system on your computer. If you were to go to the computer store and buy a new computer the attacker has realised that they already have the files that are on the computer to conduct malicious activity.

"So when Cylance or SentinelOne [for example] try to prevent an attack there are no new files to look at and so they'll completely miss these non-malware attacks."

Viscuso explained that Carbon Black's solutions acts as a surveillance camera and monitors all files on a computer continuously, not just when a new file is added.

"It's what we refer to as streaming prevention," he said. "You can think of streaming prevention as a surveillance camera that is watching everything that is going on and can reach out and stop an attack when it figures out its malicious.

"Unlike anti-virus which just checks when a new file shows up and checks on certain conditions, we're actually recording everything that is going on a particular device."

Gartner Magic Quadrant

Carbon Black recently featured in the Gartner Magic Quadrant for Endpoint Protection Platforms for the first time, alongside the likes of Cylance, SentinelOne and Crowdstrike in the Visionaries section.

Gartner said that Carbon Black's offering is effective for organisations looking to replace their traditional anti-virus solutions, but said that the vendor still has some way to go to integrate all of its recent acquisitions.

"Carbon Black is still integrating its recent acquisitions, and now has three independent agent products and three independent management consoles," the report stated.

"While most Carbon Black clients will not deploy all three solutions concurrently, those who do will experience the challenges and increased deployment complexity associated with a lack of a single centralised management console for a vendor's set of offerings."conditions, we're actually recording everything that is going on on a particular device."