CYBERShark, the SIEM-as-a-service platform launched by BlackStratus this spring, is off to a strong start. The New Jersey-based company easily achieved its goal of signing 100 partners in the first 100 days, and expects similar growth trends to continue in its CYBERShark channel as the product fills a crucial gap in the small and midsize business (SMB) security market.

According to Gartner, security information and event management (SIEM) is the fastest growing segment of the worldwide security market with a year-over-year growth of 15.8 percent. BlackStratus built its business on providing a security and compliance platform to channel partners, allowing them to sell security-as-a-service. The company also has an enterprise version of that technology that large companies use as part of their internal security operations.

But the cost for traditional SIEM solutions start at tens of thousands of dollars a month, putting it out of the reach for most small and midsize businesses. And for smaller channel partners that don’t have a strong security expertise, managing a SIEM platform can prove extremely complex. In fact, one of CYBERShark’s biggest selling points comes from its ability to mitigate the lack of skilled cybersecurity professionals outside of large enterprises by simplifying SIEM for smaller channel partners.

Dale Cline, CEO of BlackStratus, says the average time between when the breach occurs and when it’s discovered is around 205 days, due mainly to an inability to get people, processes and technology to all work hand-in-hand. “People and process tend to be the fall-down areas, so large organizations are moving in droves to managed security service providers,” he says. “The mean for our partners is something around 18 hours from breach to discovery. “

But if breach rates for enterprises are around 80 to 90 percent, Cline says they’re even higher for businesses in the mid-market. “Small organizations under 1,000 employees, they get hit more frequently and the results of those breaches are far more devastating to them from a business perspective than anything that’s happening in the enterprise.” In a double whammy, smaller businesses have even fewer people and process capabilities to deal with breaches, and without scalable solutions, they don’t know where to turn.

Enter CYBERShark, which lets SMBs point their devices into the BlackStratus cloud to correlate and identify threats in real time. Then, CYBERShark produces a “trouble ticket” that explains the security problem and how to remediate it in plain English. “They don’t have to have a security background. They don’t have to have special skillsets and security certifications. They just need to manage through the IT trouble ticket that’s generated.”

The CYBERShark system takes a comprehensive look at a client’s security posture in order to wipe out false positives and negatives. For example, let’s say a customer suffers a denial of service attack against a firewall, a string of failed logins followed by a successful login and then data extraction going to a specific IP range. Many system administrators would focus on the DoS incident, since the other two activities could be classified as normal. But the CYBERShark system would automatically flag the DoS as a probably distraction from the login and authentication breach happening in the background. And whatever the system doesn’t know how to handle, BlackStratus’s own analysts examine.

The other big selling point Cline says BlackStratus offers is multi-tenancy, giving partners the ability to do this across hundreds or thousands of enterprises at the same time without the need to deploy additional hardware or create databases for each customer.

It all sounds cool, but in the long run, the technology has to have a value proposition that helps resellers transition into selling managed security services. Cline says CYBERShark is billed on a recurring fee, which partners can pass on to their customers. It allows partners without a fully developed cybersecurity practice to offer security and compliance services while reducing their own OpEx by cutting down on the amount of time admins are “wandering around trying to find where the security issue resides.” Finally, by providing the security and compliance report, partners are increasing their “stickiness” with customers, Cline says. “Once you’re managing your customers’ security, and you’re doing a good job with it, they’re loathe to turn away from that and move someplace else.”

Beyond the technology, Cline says he wants partners to understand that as a young company, BlackStratus is a very open-minded company because it knows it has a lot to learn. The cybersecurity landscape is in a state of constant evolution, so it does no one any good if vendors are closed to feedback.

“We don’t try to set things in stone. We try to make sure that whatever we’re doing is very effective, and if it’s not effective, we’d like to change it.”