Andrea Danti - Fotolia

Security consulting firms find niche in breach detection platforms

Channel partners, particularly those with IT security experience, may find new opportunities in the emerging field of breach detection technology.

Listen to the news on any given day and you're almost guaranteed to hear about the breach of another company's network. As a result, breach detection platforms have created an enormous opportunity for the channel -- especially for security consulting firms and other partners with built-in security expertise.

Breach detection software provides the ability to detect breaches, conduct log analysis and identify if a company has a problem, and whether [company personnel] are "forensically sound and robust at incident response to identify how bad the breach is," said Jim Broome, president of DirectDefense, a provider of information security services and a partner of LightCyber, which offers an active breach detection platform.

Certain verticals, especially those in highly regulated industries like financial companies, are clamoring for these types of products, Broome said. Others require educating on what the benefits are of breach detection technologies.

Most vendors require their partners to have a technical understanding of cybersecurity, such as false-positive incidents, Broome said.

"We are very focused on what we call 'boutique' security resellers and service providers," agreed Jason Matlof, executive vice president at LightCyber, which makes both physical and virtual appliances. "Security has become so specialized. … People selling what they don't understand is one of the biggest problems we have today." Security resellers and managed service providers "are the trusted advisors to the CISOs [chief information security officers] and directors of network security," he added.

Breach detection software: Service opportunity

Broome said they have built services on top of software from LightCyber and other vendors, including a compromise assessment "to show organizations how badly they've been breached because of using old antivirus software. Most companies are struggling with either the manpower to identify an actual breach --the actual monitoring -- or the response part."

It's a great opportunity for channel partners to make more money.
Jason Matlofexecutive VP, LightCyber

DirectDefense also developed an executive dashboard called Threat Advisor, which generates alerts for its clients when an incident has occurred and response management.

LightCyber's Channel Alliance Program requires in-depth technical training, said Matlof, especially since they sell exclusively through the channel. "We recognized early on we can't scale out … if we don't invest in courses required to efficiently transfer the knowledge" of the technology. Partners can do online, self-paced training and competency tests and receive certification in one of four learning paths the vendor offers.

Some partners layer LightCyber's APIs onto other products they install on customers' networks, and others sell LightCyber in a traditional resale model where they install the breach detection software and customers can purchase additional support services, Matlof said.

In terms of margins, he would only say that LightCyber has been "very, very careful to not over distribute and be selective in each region with partners so we don't drive the margins out of the business. It's a great opportunity for channel partners to make more money. They might make literally 10 times as much margin per dollar sold."

Security consulting firms add value

Other security threat platform and breach detection software vendors also seek security consulting firms and service providers as a sales and support channel.

"Technology can alert you to the fact that something bad is happening, but how do you respond to that and triage that? There's huge [potential] for partners to add that value to their customers," concurred Steve Pataky, vice president of Worldwide Channels and Alliances at advanced security threat platform provider FireEye Inc.

The vendor sells over 90% through the channel and works with a "substantial security channel with a broad range of skills from security resellers to those with specialized services and offerings," said Pataky. "There's a whole channel emerging that understands it's not just about deploying a box or software into a customer, but providing expertise and help, especially in midmarkets and small enterprises that don't have their own deep security organization."

FireEye has partners that sell traditional security products and their products become another piece of their portfolio, he said. "We also have a set of partners that are managed security providers and take our technology and embedded it into an offering they take to their customers." The company also offers FireEye as a service, so becoming trusted security consultants and advisors is another way for partners to deliver value, Pataky said.

FireEye has a traditional three-tiered partner program with variety of accreditations at each level, as well as accreditations and formal technical certifications for sales teams.

Pataky said the threat landscape has become so well-known now, companies are "acutely aware of the risk" of breaches and these types of products are in demand.

If partners already have some core security management skills, there are revenue opportunities for them to expand their offerings to include advanced security services such as breach detection and internal networking monitoring, maintained Dave Burton, vice president of marketing at startup GuardiCore, whose software monitors east-west traffic once the perimeter has already been breached.

GuardiCore doesn't have a formal channel program yet but is working with partners that are already providing critical IT infrastructure monitoring and designing, deploying and managing data centers for their customers. The company does not require certification presently, but Burton said there is a learning curve for any type of product used inside a cloud or data center environment.

Next Steps

Read about the difference between breach detection software and traditional IDS/IPS products

Learn about a dark Web scanner that promises to shrink breach detection time

Gain insight into know when to analyze threats

Dig Deeper on Cybersecurity risk assessment and management