Trusted Knight targets hosting providers and MSSPs with WAF solution
EMEA MD warns customers not to assume that a third party is protecting their website
The channel needs to stop its customer base assuming that their websites are automatically protected from cyber attacks by third parties, according to Trusted Knight EMEA managing director Brooks Wallace.
Trusted Knight's Cloud DMZ solution provides a web application firewall (WAF) which creates a replica of a customer's website and hosts it in the cloud. Because of this any malicious content can only reach the replica version, not the end user's real site.
Trusted Knight has been in the UK since partnering with Cloud Distribution last June, and has spent the year recruiting the likes of Blue Cube and Sapphire to its partner programme.
Wallace explained that customers often assume their websites are protected by their hosting provider, which isn't necessarily the case.
While market awareness of WAF solutions remains relatively low, Wallace said that high-profile incidents such as the recent attack on Debenhams' website have started to bring attention to the technology.
"If someone asked me what's the one thing I could use more of, it would be market awareness," he said.
"Debenhams probably assumed they had it before their flower site was hacked and 26,000 records were put in the open domain.
"A lot of people don't have WAF and so the leads we're having are surprisingly refreshing in that people know they have a requirement for it and they're trying to get it at a level within the organisation to raise budgets for the product."
David Lannin, director of technology at Trusted Knight partner Sapphire, said the replication element of Cloud DMZ is the key feature that moves the WAF market on from the previous, over-complicated solutions.
Lannin explained that the previous era of WAF solutions became too complicated to manage because they didn't have the replication capabilities, so the WAF had to be reprogrammed every time a change was made to the original website.
"Firewalls have been around for an awfully long time and traditionally people were using regular next-gen firewalls against web applications, but it's not quite good enough," he said.
"A couple of big vendors have been pushing their [WAF] solutions for quite a few years now, and indeed we used to resell them, but we were finding that there was typically a huge amount of configuration every time we deployed them.
"That means you have an initial set-up period that can be complicated and takes time, but equally if the customer wishes to change or update their web applications - like betting companies and online retailers - in an environment with a WAF it presents a real challenge. Every change you make on the back end has to be replicated for the WAF."
The Trusted Knight solution does not require this level of maintenance and is automated to mirror any changes made to the website it is replicating.
"Cloud DMZ is a cloud-based system that automatically looks at the surface of the web infrastructure and understands it, which takes away all the additional overhead in terms of management [of older WAF solutions," Lannin added.
A drawback of the solution, Lannin explained, is that it is not always compatible with websites that use dynamic content, for example a website that analyses stock prices.
Channel activity
Trusted Knight currently has 10 partners in the UK and is in the process of growing out its programme into different channels, Wallace explained, by targeting hosting providers and managed security service providers (MSSPs).
Rob Swainson, sales director at Trusted Knight partner Blue Cube, said he has seen success selling Trusted Knight into the VARs' existing customer bases as part of a wider solution.
"We've worked with Trusted Knight for about six months, so it's still relatively early stages but we've closed some business, which is great," he said.
"My view is that there is a massive opportunity for WAF and I don't think the uptake, with the exception of things like PCI (Payment Card Industry) [compliance], has been as great as we'd expect so there's a good opportunity there.
"Essentially we use it to wrap around other solutions that we've been building as a part of a solution, rather than a standalone solution at this stage."