'7 Minutes' with Infocyte CEO Curtis Hutcheson

**Editor’s Note: “7 Minutes” is a feature where we ask channel executives from startups – or companies that may be new to the Channel Partners audience – a series of quick questions about their businesses and channel programs.**

This week Infocyte announced $5.2 million in Series B funding, bringing total investment to $8.6 million, and named Curtis Hutcheson its CEO. Hutcheson previously was GM for Dell Security Software.

The Infocyte HUNT service scans servers and endpoints, on demand or on a set schedule, looking for signs of compromise. In an interview, Hutcheson and Infocyte co-founder Chris Gerritz stressed the uniqueness of the service and the value that partners bring to the program.

Infocyte’s Curtis Hutcheson

“We wish we found more completely clean networks,” said Hutcheson. In their experience, about 48 percent of the time, the system uncovers evidence of a successful attack. In cases where no issues are found, partners can give the customer a clean bill of health.

The difference between HUNT and a penetration test, says Gerritz, is that pen-test reports consistently come back with vulnerabilities.

“But no one was asking the question, ‘Did anybody use one of the vulnerabilities?'” he said. An attacker might have been lurking on the network for six or 12 months, stealing data. That dwell time, which averages six months, is what’s given rise to the use of threat hunting technology in high-value targets, such as the military and top-tier financial institutions, says Gerritz. Since HUNT is delivered as a service, it’s accessible to midsize enterprises.

“The heritage of this company is around an Air Force team that was dealing with this before the modern enterprise really was,” said Hutcheson. “Three ex-Air Force folks have built this company on the highest level of integrity. You know when you partner with Infocyte that we’re going to deliver on what we say, and we’re going to help that partner always have credibility.”

Infocyte’s Chris Gerritz

Gerritz, one of those veterans, is a retired U.S. Air Force cyber-operations expert.

“Compromise assessments are a fairly new offering,” said Gerritz. “When we started the company, only very large service providers had offerings, and they were very expensive, $250,000-plus. We’re able to enable even small service providers that maybe have five people in their shops to deliver this service.”

He says companies that can recover within a day of a breach can reduce the cleanup cost by 99 percent.

Speaking of cost, Hutcheson says the product is very complementary to customers’ existing security investments and that the technology integrates with SIEM and security analytics platforms. As to competitors, Gerritz cites other methods for spotting intruders, such as deception technology built around honeypots. In contrast, HUNT looks for signs of post-compromise activity, such as code left in volatile memory, forensic artifacts or changes to the operating system. The product can simultaneously scan thousands of Windows and Linux endpoints, on premises or in the cloud. The HUNT scanner software is installed on a Windows server and delivered with existing endpoint-management tools. A rundown of the process is here. Gerritz says the company is working to make the product …

… generic in terms of OSes it can support.

“When you go and look at the NIST known vulnerabilities database, Microsoft right now is over 5,000, Oracle 4,800, Apple 4,000, IBM 3,600 — I could go down the list,” said Hutcheson. “A traditional vulnerability scan might uncover 70 pages of problems. It’s overwhelming.”

The HUNT scan, in contrast, is much more targeted. Hutcheson says Infocyte’s partner program is also targeted.

“We will not be pursuing any kind of two-tier model,” he said. “It’s really about high-value, certified partners.”

Channel Partners: Tell us what customers love about your product or service. What’s the secret selling sauce?

Hutcheson: Infocyte’s “secret sauce” is its dedicated forensics-based threat hunting platform. Infocyte HUNT was developed by former U.S. Air Force cybersecurity officers that were tasked with protecting the largest and most targeted networks in the world. HUNT discovers the post-compromise activity of cyber attackers and malware that have bypassed other defenses, empowering companies to defend networks and critical information. Infocyte HUNT leverages military-grade techniques and practices in an automated platform to simplify the process of hunting malware and advanced persistent threats.

Infocyte’s unique, forensics-based approach provides organizations and independent assessors with the tools to deny attackers the ability to persist undetected, reduce business impact and restore trust in a network’s health.

CP: Describe your channel program — metal levels, heavy on certifications, open or selective, unique features?

CH: Infocyte HUNT can be utilized by security services providers to conduct compromise assessments and perform threat hunting services for customers of any size. Infocyte’s partner program offers the leading agentless platform for conducting assessments and product training and hunt certification programs, so partners can quickly deliver new value-added threat hunting services to customers. Infocyte provides rapid on-boarding, and its model maximizes ROI and greatly reduces the skill sets required to conduct a thorough compromise assessment.

For Infocyte and its partners, this means new business opportunities to help companies better safeguard their networks and data, as well as reduce security costs. Infocyte HUNT can be offered on an annual subscription basis or delivered as a service with a compromise assessment.

CP: Quick-hit answers: Percentage of sales through the channel, number of partners, average margin. Go.

CH: The Infocyte partner ecosystem currently includes 50-plus security services providers, resellers and distributors leveraging Infocyte HUNT to maximize services revenue, while delivering concrete value to customers.

Assessments with Infocyte HUNT can be completed in days on a single platform, instead of weeks with multiple other tools. Infocyte HUNT naturally drives incident response work, allowing partners to achieve new annuity-based revenue and services, audit the success of existing investments and make …

… more informed recommendations to customers on improving cyber defenses.

Whether the partner is a solution provider, trusted adviser or MSSP, Infocyte’s program is designed to offer support and speed the new-business cycle. Customers benefit from the leading post-breach detection platform. There are no program participation fees, and we offer competitive discounts and a recurring-revenue stream with exceptional renewal rates. There is deal-registration protection; sales, marketing and PR support; and training and continued education.

CP: Who are your main competitors, and what makes your offering better?

CH: Dwell time, the period between infection and discovery, continues to plague enterprises. While vulnerability assessments and penetration tests look for security gaps and vulnerabilities, they do not detect existing compromises. Today’s enterprises need to add compromise assessments to their security practices to proactively verify whether a network has already been breached and more effectively mitigate risk.

Infocyte solves these unique enterprise security problems in a unique way, leveraging forensics-based analysis and a proprietary assessment platform, which makes Infocyte HUNT complementary to existing security investments.

CP: How do you think your technology portfolio will change in the next three years?

CH: We have several new product enhancements planned for early 2018 that including UI and reporting improvements, as well as improved distributed network scanning. As always, Infocyte will continue to stay ahead of the latest evasion techniques to ensure customers can detect any threat that has bypassed their proactive defenses.

CP: How do you expect your channel strategy to evolve over that time frame?

CH: We will be building out a more formal tier and certification program based on channel expertise and value. Customers need the expertise and best practices from partners. We will be working with all customers to leverage our channel partners.

CP: What didn’t we ask that partners should know?

CH: It’s clear that current real-time security processes are simply ineffective at detecting post-breach activity, especially as time passes after the initial compromise. Companies and partners can’t wait for clients or the authorities to let them know that they’ve fallen victim to cyberattack, and layering on increasing numbers of defensive tools does not deliver total security. Organizations must proactively hunt for hidden threats that have bypassed defenses.

Infocyte HUNT is quickly gaining favor with partners for a key reason: It’s a dedicated hunt platform. A typical Infocyte compromise assessment can be completed in days, not weeks, to help companies of all sizes protect IT assets and reduce security costs.