Free Newsletters for the Channel
Register for Your Free Newsletter Now
Protecting PCs and mobile devices is difficult, but necessary. Partners can help.
June 29, 2016
By Tom Bain
Endpoint security means protecting customers from the usual viruses and malware, but also guarding against data loss and attempts by attackers to get into the network through a compromised device. Analyst firm Radicati Group says this opportunity alone will top $5.7 billion by 2019, and that makes sense. Endpoint security is relevant for all organizations — from small shops to large, regulated verticals and everything in between.
The aggressiveness of today’s cyberattacks is waking customers up to the realization that keeping bad guys out of their environments isn’t as simple as deploying firewalls and antivirus. There is no perimeter anymore. In fact, cybercriminals are now shifting their focus, targeting individual employees. That means customers must pay close attention to how people are behaving on their devices. Teasing out that insight takes time and expertise that most companies just don’t have.
As a result, managed security services are taking off, and not just for endpoint protection. Trusted security advisers are expected to making smart, innovative security recommendations, leveraging innovation in the cybersecurity market to help combat advanced, persistent threats.
My company makes endpoint detection and response (EDR) technology that enables continuous monitoring, threat hunting and remediation capabilities. But the principles of adding advanced managed security services to your portfolio to better service customers are relevant across a number of fronts.
1. Emerging security technologies require advanced skills, so hire smart.
As EDR technologies emerge, I’ve seen large, sophisticated enterprises with deep security benches being the early adopters, primarily because of the diverse skillsets that team members bring to the table. For example, they can more easily consume data on, for example, process execution, malware mutations and OS state changes, to understand the intersection of behavioral analysis data and real-world effects. Smaller organizations with fewer resources, headcount and expertise are the sweet spot for partners — but only if you can take on the responsibility of digesting often huge amounts of data, depending on number of endpoints monitored. Hiring these experts can be difficult and expensive, but often, vendor partners can help, whether with training opportunities or by automating and abstracting some complexity. The payoff is that, by removing barriers to adoption of cutting-edge technology for SMB customers, you gain a lot of stickiness.
Want to know the 5 Top Ways Customers Get Hacked? Find out from CounterTack CTO Mike Davis at Channel Partners Evolution, Aug. 14-17, in Washington, D.C.
2. Protecting endpoints demands changes in how end users operate, so get your training hat on.
There can be challenges deploying advanced security, as there are with any new platform that is integrated into the enterprise workflow — and especially where software agents are deployed to server, laptop and workstation endpoints. Security training is an often-overlooked but lucrative and valuable service, and rolling out a new endpoint protection or other advanced technology is a prime educational opportunity.
Related, look for broad OS support in security solutions. Even SMB environments today are heterogeneous, comprised of Windows, Mac and Linux systems as well as a myriad of mobile devices and cloud services. It is essential for a partner to have intimate knowledge of the customer environment before recommending a technology. That brings me to point No. 3.
3. Scope the job well. Successfully implementing and managing an EDR solution depends on a few key elements:
Scale: In engagements where the endpoint environment numbers into the hundreds of thousands, rollouts happen differently than in small shops. Still, the standard IT practice of phased software rollouts applies when deploying agents or sensors, and it makes sense. When scoping, target groups of machines with an inordinately high rate of activity that might be defined as at-risk. Move on from there.
Integration: In a managed environment, it is critical that any new endpoint-security technology added to your SOC integrate with other security platforms, like network sandboxing, firewalls, IPS/IDS and most notably, SIEM platforms. Most EDR products are architected with this type of integration in mind; ensure any solution you select can send collected data to be normalized and then consumed by the SOC operator next to data from other sources.
Role-based, multi-tenant capabilities: It is paramount for EDR technologies to check the RBAC box so that there is no crossover into other customer’s environments, and each customer’s data is kept safe and private.
Today, managed security services account for over 50 percent of enterprise security spending, and that number is expected to rise to 80 percent by 2019, according to Gartner’s recent Predicts 2016: Threat and Vulnerability Management report.
As this $14 billion market continues to grow, based on the magnitude of cyberattacks, this already huge opportunity for MSSPs is increasing. Time to get in on it.
Tom Bain is VP, sales and marketing, at CounterTack. Tom has more than 13 years of experience with leading IT security organizations. He also serves as a key cybersecurity evangelist for CounterTack. Bain’s responsibilities include strategic managing field and inside sales, messaging, security research, demand generation and analyst/investor relations. Prior to CounterTack, he spent time with Security Innovation, Q1 Labs (an IBM Company) and Application Security, Inc. (a Trustwave company), and has worked with leading security brands including Wave Systems, Sophos, CA and Red Hat.
Read more about:Agents
You May Also Like
Mobile World Congress: VMware Talks SASE, 5G, SD-WANFeb 27, 2024
Zero Trust World: ThreatLocker Providing an Action Plan for Preventing AttacksFeb 26, 2024
The Gately Report: Trellix Partners Shielding SMBs from RansomwareFeb 26, 2024
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024