Special report: Cybersecurity under the microscope
What if companies had the tools and services to respond faster to threats? In this special report sponsored by AccessData, Fleur Doidge finds out
You might think that the channel had the whole security area more or less covered. However, according to cybersecurity, e-discovery and forensics specialist AccessData, there is a veritable field of opportunity which remains largely unharvested.
And the US company has been putting its money where its mouth is; AccessData this year ploughed $6m (£4m) into its channel, with a view to building up its indirect sales. Partner sales used to be just 25 per cent of its revenue, but as reported by ChannelWeb in May, it wants to expand this to as much as 65 per cent as it scales up its business globally.
Across EMEA, including the UK, the private company moved to recruit four or five partners involved in litigation around IP theft or in criminal trials. It is also interested in helping larger corporate bodies and government agencies respond better and more quickly to cyberthreats.
In May, Chad Gailey, its vice president of worldwide channel sales, told ChannelWeb it is offering $1m in marketing funds this year, as part of a total channel spend that is being multiplied by a factor of 12 to $6m. And it now has eight staff focused purely on the channel, with indirect sales to tip $50m worldwide by the end of 2013.
"In Europe we will probably do more than $20m to $22m in the channel this year and the UK is the number-one spot for us for recruitment," Gailey said at the time. Likely candidates will be expected to achieve $1m to $2m in revenue for AccessData via software sales.
AccessData already has about 12 partners in the UK, including BlueCube, mostly for its forensic tool kit. Newer partners will focus on its higher-margin e-discovery and cyberforensics offerings, adding enterprise services providers to its stable of point-product resellers to enterprise services providers.
Current UK customers include BP and the Royal Military Police.
So what's it all about, then? The idea is to enable organisations to use more integrated cyberintelligence and response technology not only to detect unknown threats or incursions, but to slash the time it takes for organisations to respond and act on them. With the advent of advanced persistent threats (APTs) in recent years, the area of cyberprotection has only become even more complex for all sizes of organisation.
The market may appear awash with cybersecurity products, but according to AccessData, few of them really enable IT security professionals to manage all the complexity, least of all in a timely manner. Its latest white paper found that many appear to be relegated to attempting to mitigate threats only after the damage has been done, despite juggling a veritable armoury of disparate tools.
The Verizon RISK Team's 2013 Data Breach Investigations Report (DIBR) included data and analysis from 18 global-class organisations - including Carnegie Mellon University's Software Engineering Institute, the US Secret Service, the European Cyber Crime Centre, and more. It incorporated 47,000 reported security incidents, including 621 confirmed data breaches from the past year.
Ninety-two per cent of the incidents and breaches reported were from external threats, outside the organisation concerned or its business partner network. Over the past 10 years, it has become clear that such attacks are increasing - although it also found that internal threats had fallen in number considerably in more recent years under analysis.
"Fifty-two per cent of all the confirmed breaches in 2012 were the result of hacking, while 76 network intrusions exploited weak or stolen credentials. Forty per cent incorporated malware, 35 per cent involved physical attacks, and 29 per cent adopted ‘social' tactics," according to AccessData's white paper.
"What is alarming is that the DBIR also reported that organisations are finding out about breaches after the fact, and in most cases they are not even discovering them themselves. In fact, 66 per cent took months or more to discover [an incident], and 69 per cent of the incidents were discovered by a third party."
Weapons drawn
[asset_library_tag 7338,>]Craig Carpenter, chief global marketing officer at AccessData (pictured, left), says what's needed is a weaponisation of the incident response within mid-market organisations especially - perhaps with its own appliance-based offering for cybersecurity threats.
"We are helping push the market forward in this area," he asserts. "It is a quite niche area and a fast-growing part of our business. So our messaging is around helping organisations deal with it. Traditionally, it has been a human-led process - now [it is] more automated, to allow organisations to get a jump on it earlier."
Neil Batstone, director of international channel sales at AccessData, agrees. He notes, though, that the US vendor's offering is primarily targeting customers with 2,000 to 3,000 seats or even more - as these larger organisations have real IT and management issues regarding complexity.
"So it's about figuring out who is involved, what is happening and automating as much of that process around that as organisations are comfortable automating," says Batstone. "It's about starting to take action, whether it's closing things down - to protect the organisation from a threat, for example - or starting the investigation."
Batstone says there is indeed a lot of "very good" monitoring and tracking technology in the marketplace. However, AccessData is about improving the response as a point of differentation, automating certain processes to speed up the entire cycle of forensics to discovery and ultimate mitigation or defence.
"It's like with a barking dog - if the dog just keeps on barking, no one listens. So it's about the ability to respond when the dog is barking. Pay attention to the barking, and the second thing is around reducing that manual labour investment, and then having that all feed back," he says.
"Most networks have transport systems that do not talk to each other. They go to a reporting model but they don't then use that technology to talk to each other with it. So we build in this missing piece of the platform."
Batstone says that AccessData believes there is a lot of money to be made in this area - not least because every customer organisation that has any kind of communicating device has its own problems which need resolution and an ongoing strategy against cyberthreat.
"They don't necessarily know they have a problem. But they might well know how bad it is. It is an opportunity, and the reality is it's a very technical subject," he says.
A channel that can provide a services wrap around AccessData's offerings is sure to find its niche, he suggests. The reality is that most organisations will struggle to deal with cybersecurity issues today, and that is not about there being just a lack of technology, but about a genuine lack of capability.
"For a services organisation that will technically have professional services and so on, it's about building the process [to address all this]. A lack can be something that is really quite compelling, for a services partner," Batstone says.
AccessData is punting its latest HP partnership, which Batstone says means four to five times the revenue received for every dollar spent on software. Services consultancy activities stand to gain, he indicates, not least from two new services that HP is launching. And then there's HP ArcSight interoperability hoving into sight as well.
"Initially, we're looking to build and add to our partner community in the UK, focusing on our cybersecurity practice. We have a distributor in the UK called Data Duplication - they are on the law enforcement side," Batstone says. "But this year and next, we are really looking to transform our channel, moving away from low-end point products that we sell to government, police, and law enforcement to more enterprise-level offerings."
Batstone confirms the company has its own professional services capability, but is looking for partners to deliver "a large amount" of professional services as well. "For the better margins," he says. "Primarily their own professional services capability."
It is working on providing specialised local support arrangements, but its partnering focus has been on large global providers such as TCS, and relationships with the likes of HP. However, it does have a traditional channel programme, he says, with reseller tiers for Authorised, Preferred and Elite partners.
"We're not looking for distributors in the UK so much as more resellers," he says. "Only by working with the right type of partners can we deliver the capability."
AccessData competes with vendors such as Guidance Software, Autonomy and Clearwell on the e-discovery side
and HBGary and Mandiant when it comes to cybersecurity.
Sitting on top
Ian Kilpatrick, chairman of security specialist distributor Wick Hill Group, says the market for e-discovery, cybersecurity and forensics is definitely one to watch. Wick Hill has been involved actively for about four months, partnering the likes of Guidance and EnCase.
"It's a new area, and it's an evolution from where we are. There are definitely opportunities to get into, and it sits kind of around what we do. So the piece we are focusing on actually sits above most of the security stuff, with say FireEye or ArcSight," Kilpatrick confirms. "People check what's coming in and look at what's going out - but what EnCase enables you to do is based on its forensic tool for PCs and servers, which allows you to move into the business environment and respond, based on that."
Customer businesses can now have a much improved ability to go beyond the monitoring and tracking to make predictions and decisions, and take action based on what is discovered, extrapolating from what forensics tools might have revealed.
"We took this on because we see that this market is moving forward," Kilpatrick (pictured, right) says. "Larger companies are more aware of what's happening, whereas smaller companies are potentially aware that they have a problem but are not motivated enough to do anything about it."
For this reason, he indicates, it does make sense to tackle the mid-market and up first when it comes to this emerging opportunity, as well as areas such as legal, financial services, and law enforcement that have obvious concerns to the fore.
However, as time goes on, more companies of all sizes and in all markets will find they fall into a category of having to improve their compliance, and actually protect themselves better by working to prevent breaches - rather than simply treating compliance as a tick-box exercise to satisfy the powers that be.
"So to have something as a service that enables a response - that gives you some degree of automated response to what is happening and what has been discovered - that is definitely of value," Kilpatrick confirms.
"If you can respond [as a business] a lot more quickly to threats, and carry that out in a second, rather than having to stop to put three reports together to make sure you have a problem, that's a real advantage."
A vertical look at customer needs?
Just one niche that AccessData has been targeting is the legal sector. UK managed services provider Esteem has a practice in that space. What focus is needed?
Alastair Kitching, sales and marketing director at Esteem, provides some clues: "Legal is not unique. We are dealing with businesses that have more remote, mobile workforces and dealing with a lot of M&A activity. They
need flexibility."
Kitching says more and more data is being created, and then is required to comply with various regulations in storage terms and must be kept secure, which is a major undertaking for most.
"With that, security is obviously an important part of it, and that's part of what we do," he says.
Esteem has found that the sector really seeks suppliers that are willing to take the time to understand their specific needs - a theme that comes up again and again among IT channel customers in all markets. Too many tier-one IT outsourcers are one size fits all, whereas smaller and larger firms, for example, tend to want a different approach.
Smaller legal firms tended to outsource as much as possible, whereas larger firms are more likely to select key functions to outsource, such as helpdesk support, maintenance or field services, according to Esteem.
[asset_library_tag 7338,Download the special report in PDF here]