Cyber security vendors still have sales targets to meet and their own products to glorify, but a “weird sales dynamic,” as Brian Krause describes, is also creeping its way into the market.
“Every single person in here is a salesperson, there’s no denying what we’re doing here … it’s our software first,” said the director of North American channels for Centrify, referring to a room full of cyber security vendors at Optiv Security‘s 2018 Toronto Enterprise Security Solutions Summit last week. “But we’re seeing more, especially in the software community, most of us are partnering with each other.”
Customers are becoming increasingly overwhelmed by the thousands of products available on the market today, said Krause. There’s an overabundance of companies making niche products, many of which seem great in a vacuum, but don’t actually work well with other previously installed products. According to Cisco’s 2018 Annual Cybersecurity Report, nearly half of the security risk that organizations face come from having multiple security vendors and products.
“More and more, customers can’t even begin to figure out what products they need, let alone how they’re going to get this new product to work with what they have,” he explained. Helping potential customers answer some of these initial questions with competing vendors has opened new doors. “All of a sudden we’re offering a bigger solution together. It’s better for the customer and a better value proposition overall.”
Since entering the Canadian market in 2016, Optiv Security’s Canadian business has grown significantly. A small team of five has since ballooned to a team of 50, and recently, three new leadership positions have been filled. This growth has largely been fueled by Optiv’s ability to help clients integrate security products with surgical precision, while ensuring they all communicate with each other properly, said Cheryl McGrath, Optiv’s area vice-president and general manager for Canada.
“We’ve got around 1,800 technical resource employees, so rather than have the client stitch everything together, we’ll do that for them,” she said.
Quick facts:
- IoT attacks were up 600 per cent in 2017. (Symantec)
- 69 per cent of organizations don’t believe the threats they’re seeing can be blocked by anti-virus software. (Ponemon Institute’s 2017 Cost of Data Breach Study)
- Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38 per cent of the total. (Cisco)
At times, this strategy conflicts with a security vendor’s ability to install a new product for a customer.
“From the software vendor side, we’ll have our own little battles with a partner like Optiv, we’ll go ‘how come you’re not talking about our software first?’ Well it’s because they’re looking at the overall solution,” said Krause. “Maybe it’s not the right time for me to step in, I need to let that other partner or manufacturer install their part for the customer first. So when you’re partnering with three software vendors, all of a sudden it keeps everyone playing together a little nicer.”
Stop trying to be perfect at everything
The tech industry is good at making lists and developing standards. Organizations are desperately trying to adhere to them all, even if some of those best practices don’t make sense for their business, according to J.R Cunningham, vice-president of product management for Optiv, who was a keynote speaker at the summit.
Peter Evans, chief marketing officer for Optiv, told ITWC that in the company’s entire history, only half a dozen organizations have ever received a five-star rating from Optiv when it comes to security compliance – a five-star rating is the highest rating one can achieve. Evans zeroed in on one five-star business that scored so high on its physical and access control standards, it made up for the other areas that it failed in. That business was a zoo.
“Obviously, that access control and physical security is important there, but they failed on certain other metrics. But that’s okay, because it didn’t matter for their business model,” he said.
On the other hand, retailers that process credit cards need to emphasize network segmentation and strong endpoint security, Evans explained. Manufacturing businesses, which are often short-staffed in the IT department, are prime candidates for automation.
Optiv rolling out new solutions
Last month, Optiv announced a new suite of security solutions, beginning with EnemyPerspectives@Optiv, a service that gives users an attacker’s perspective of the company’s overall security program, helping them identify security gaps and potential attack patterns. Evans said Optiv plans to roll out more solutions this year, one of which, he teased, will scan all of an organizations devices and produce a prioritized list indicating which ones are behind on security patches.