Advancing threat landscape should attract clever VARs

Sophisticated cyberattacks have become a truly golden opportunity for resellers, says Dan Sibille

The threat landscape has been evolving at an alarming rate. Targeted attacks – many of which use email or other online accounts to engineer an attack against an individual or company – have become increasingly common. Conventional security products are no longer enough.

Many organisations are unaware of malware until after the damage is done.

The focus of information security practice is moving from prevention to detection and investigation. Organisations need to continually monitor what's happening on their networks to help mitigate a wide range of potential attacks, including zero-day malware and Advanced Persistent Threats (APTs), especially as more devices connect to a multitude of services across distributed networks.

Through the collection and analysis of NetFlow, sFlow, IPFIX and other types of flow data, the latest technologies can deliver advanced network behaviour and security analytics for fast, effective threat detection. Through in-depth insight across distributed networks, including mobile, identity and application awareness, the enhanced visibility can speed up incident response.

By analysing and storing large amounts of flow data, companies can obtain a comprehensive audit trail to expedite forensic investigations and eliminate time-consuming, manual analysis. Businesses can use their existing infrastructure while improving their network security and complementing existing firewalls, IDS/IPS and SIEM layers.

Businesses are increasingly turning to their reseller partners for advice and guidance on an effective information security strategy. A comprehensive security solutions portfolio, backed by industry accreditations and certifications, can help capitalise on the increased demand for network visibility and security intelligence.

The reseller objective is simply to provide end users with the best technology, services and support, perhaps selecting from a range of vendor technologies and capitalising on upselling opportunities. Recurring revenue with annual maintenance contracts, software upgrades and a hardware refresh add further value, as does professional services.

Services may include an in-depth evaluation of existing security infrastructure and procedures, customised product deployment, comprehensive installation and configuration, training on product features, workflows and troubleshooting, consulting and integration, or just a tune-up.

Leading vendor partner programmes will also include compelling discounts on product, maintenance and services, additional discounts for opportunity registration, sales volume rebates and marketing development funds.

In general, partners recognise the opportunities to recommend integrated offerings rather than point products, which are arguably now a thing of the past.

Thankfully, the landscape has changed dramatically over the past two years. Companies now have ways to identify the who, what, how, when and where of user access to resources. Harmonisation of security and using the network infrastructure together with centralised visibility management through standards-based integration is here.

Companies need to acknowledge this and take comfort in the fact that there are some clever people on the "good" side, providing partners with the tools to fight back against the rise in cybercrime and targeted attack.

But it represents a golden opportunity for proficient resellers to provide much-needed expertise, training and consultancy to large organisations with complex global networks.

Dan Sibille is vice president of worldwide channels at Lancope