Ignition warns resellers of shift away from appliance-based security

Ignition CSO Sean Remnant tells partners to focus on software-based tech as the distributor showcases its vendors at The Shard in London

Security distributor Ignition Technology is "avoiding appliances like the plague" as it focuses on pure software security solutions, according to chief strategy officer Sean Remnant.

Speaking at Ignition's partner update event at The Shard in London, which saw the distributor showcase its vendors, Remnant explained that Ignition and its emerging vendors are leading the way in moving security away from appliances and into fully software-based solutions.

Founded in 2015, Ignition currently carries 3GRC, Cato Networks, Cloudistics, Cylance, Digital Guardian, Illusive networks, Menlo Security, RiskIQ and WhiteHat Security in the UK.

"Appliances and boxes are on a slippery slope," Remnant said. "We believe that everyone, including the consumers, is interested in software-based delivery models, consumption-based models, and they absolutely want annuity and subscription services.

"Going down that route means that we are doing away with the old-school, hardware-based approach and that's really hard for the channel to swallow, including the vendors."

Legacy tech

Remnant explained that these software-led vendors are looking to displace legacy technology that has been failing customers for the past three decades.

He said the security sector has got itself stuck in a rut of adding layer upon layer of products to the security stack, which has left users with complicated security infrastructures producing a mass of security data that is impossible to interpret.

Because of this, there needs to be a shift towards more intelligent solutions that can assess the data themselves and act accordingly in an automated fashion, he explained.

"There is a lot of legacy technology - signatures, behavioural analysis, sandboxing - it's all very old tech and a lot of it has been around for 30 years," he said.

"The CISO in a lot of enterprises is getting a really hard time. All of us in this room have sold the CISO a number of appliances and a number of solutions and they're still getting problems.

"We don't think more layers are necessarily better - that's just a route that we have gone down as an industry because stuff hasn't worked - but it was the best that we had at the time. I don't feel guilty, because it was just the best that we had at the time.

"If you've got response solutions you'll probably need resources to look [through the data] for those needles in the haystack, which might be good for consultancy but it's not particularly good for the customer, so what we want to do is drive down the operation cost of owning security infrastructure."

David Lannin, director of technology at security reseller Sapphire, attended the event and told CRN that in his experience, clients are looking for ways to protect their IT without having to employee a large team of security specialists.

"Organisations' budgets are stretched and so they simply don't have the resources for employing large teams of individuals who look after complex security systems which turn out an awful lot of security information," he said.

"Any vendor that tries to put a degree of intelligence behind what it's accessing, rather than just offering all the information, is going to really help because of resourcing - people just don't have time to read through log information anymore. Very few customers I meet with these days talk about having analysts looking through the same degree of security logs as they might have done 10, 15 years ago."

Menlo Security

Lannin said that of the vendors Ignition has brought to the UK so far, internet and email vendor Menlo Security is the one that has caught his eye the most.

Menlo's isolation platform opens websites in a secure cloud-based container, displaying only a replica of the website on the end-point device, which keeps potentially harmful material away from the machine itself.

Speaking at the event, Menlo's EMEA CTO Jason Steer said that the vendor addresses a problem that has existed since the internet's inception.

"Your web browser is still using 1995 architecture and that architecture is the reason why ransomware continues to be a problem," he said.

"Every click a user makes on a web browser, on average the browser makes 31 background requests to advertising, tracking and social media.

"Your web browser allows it. In any other protocol that you come across on the internet, would you accept unsigned, unauthenticated, active code and execute it on the end-point without anything other than an anti-virus scan? No, it is fundamentally wrong. It's completely out of kilter with the threats that we face today."

Lannin explained that Sapphire started speaking to Menlo last year, with a view to adding the vendor to its portfolio in 2017.

"We're about to start working with Menlo for the end-point side of things," he said. "That's going to be a new addition to our portfolio in 2017 and we really like what they're doing.

"The idea of putting that virtual air gap between what's out there on the internet and what the user actually sees is a really interesting way of offering security.

"It's a new technology and we're excited to read about what's in their road map and keen to see that come to fruition over the next few months. They've had a fairly active time since I engaged with them at InfoSec last year, and the technology has evolved an awful lot since then in a very positive manner, hence the intention to get them included in our portfolio."

Cato Networks

Perhaps the most disruptive vendor in Ignition's portfolio is network and security vendor Cato Networks, founded by Shlomo Kramer, the man behind Check Point.

Cato offers a cloud-based enterprise network which it says eradicates the need for a number of network and security solutions that have typically been sold as individual appliances and layered up, including network firewall hardware.

Introducing Cato, Remnant warned partners that the technology will "potentially disrupt a lot of channel business", which Lannin said could alienate partners.

"There was a room full of resellers that have been selling security technology to their customers for in some cases 20 years and now Cato Networks are coming in and talking about ripping out that technology; ripping out that investment in security infrastructure, in favour of moving to the Cato cloud where security is embedded.

"I don't follow that - it's great if you're a greenfield site and you don't have that security already, but for a reseller community where they're talking about actively stripping out those elements that you've worked so hard to get into your customers, I don't think that's a great pitch."