Boston-based EiQ Networks announced this week fully managed, monthly subscription-based SIEM and log management, available alongside its signature SaaS security services. The company handles the software, manpower and infrastructure (AWS), and bundles value-added features including forensic analysis, compliance reporting and threat detection.

In the wake of recent horror stories about subpar security monitoring that left customers hanging, I spoke with Vijay Basani, EiQ’s co-founder, president and CEO, about the company’s vision and channel program, the new SIEM offering and how partners should vet potential providers. Basani co-founded EiQ in 2001.

“A large number of breaches were taking place in the midmarket,” he said, citing findings from the Verizon DBIR that show increasing attacks on smaller targets. Yet the midmarket is price sensitive and lacks security expertise — a major problem given the sophistication of attackers.

“It was an underserved opportunity,” says Basani.

In July, EiQ announced a 136 percent year-over-year increase in its customer base, and the company recently raised a $9.55 million Series C funding round.

What differentiates EiQ, he says, is its focus on shops with budget and staffing constraints that are open to security as a service. EiQ’s customers typically have between 50 and 5,000 employees.

“Throwing technology at them doesn’t solve the problem,” he says. “We bring in the technology, but we augment it with people and processes.”

Basani says he understands how midsize and small customers lean on their partners and is actively looking to increase the percentage of sales coming through EiQ’s channel.

“Our goal is not to compete with MSSPs, but most of the partners we talk to don’t have that 24/7 security monitoring capability,” he says. “They can’t hire the people. We allow them to leverage our SOC team.”

For partners, Basani says that subscription-based pricing delivers recurring revenue streams. Typical margins are 20 percent for authorized partners; there’s a higher tier for higher-touch engagements.

He says partners can be more or less involved, depending on their security expertise.

“Some partners prefer to be the primary contacts for customers, and in that case, we train them,” says Basani. “But we can do all the heavy lifting.”

Billing can be done by EiQ or by the partner on its own paper. The SOCVue portal provides a multitenant dashboard. Internal sales teams are incentivized to work with the channel, and unlike with many security providers, no certifications are required to start selling.

This week the company announced four new partners — Horsetail Technologies, Solutions4Networks, Technical Support International and United Technology Group. It serves a variety of regulated industries, including financial services, health care and government.

The new SecureVue Cloud SIEM and log service is tightly integrated with EiQ’s SOCVue platform, which Basani says has seen triple-digit year-over-year growth. The service is based on the Qualys Cloud platform and takes advantage of both big-data analysis technologies and two 24x7x365 SOCs — one in Vancouver, one in India. Pricing starts at $9,000 per year, including log data archiving for up to 12 months to meet regulatory and audit requirements. It can be deployed as a managed cloud service or on-premises in a hybrid setup, suitable for customers that must keep log data on site.

The SOCVue offering is also relatively affordable, given the cost of security expertise. Both SecureVue Cloud and SOCVue run on AWS.

Bad Medicine

An ineffective monitoring solution can be worse than leaving the network wide open because customers have a false sense of security. But how can partners select the right supplier?

“We’re increasingly seeing people who claim to provide SOC operations, but if you ask how many people they have in their SOC, they’ll tell you five or six, and they’re serving hundreds of customers,” says Basani. “There’s absolutely zero chance that they’re providing real monitoring.”

He advises partners to ask not just how many SOCs a potential supplier has, but how they’re staffed. “Unless there are 40 or 50 people, they’re not offering true monitoring,” he says.

He says customers or partners should be able to reach a live person 24/7.

“Our customers can call our SOC team members anytime they want; they can email,” he says. “Partners can go to the portal and open up a ticket, and we measure those response times. When we sign a customer, we want that customer to be with us forever.” 

Ask for response rate and remediation metrics, read contracts carefully and perform regular penetration testing on customer networks (seven tips for realistic testing are here).

“We’re publishing customer case studies that show we’re walking the walk,” says Basani.

As to the biggest challenge for customers, Basani cites executive indifference or outright denial.

“They think they’re a small company, they won’t be a target,” he says. “Their security IQ is really low, and I’ll bet a majority of these companies have already been breached and don’t know it. The IT people want to protect their assets, but they don’t get the support.”

Check Their Privilege

CyberArk and BeyondTrust this week rolled out new ways to control privileged access. The concept – limiting access rights to only what’s required – is a good one. It minimizes the potential damage of a breach, including ransomware.

CyberArk’s new Global Channel Partner Program is zeroing in on enhancing partners’ security expertise and ability to drive new business by expanding training and technical certification programs. (Add one to the trend of suppliers emphasizing skills development within their partner orgs.) Initiatives include new CyberArk University offerings and an expanded Global Certification Program, including a new CyberArk Certified Delivery Engineer (CCDE) cert.

CyberArk’s DNA product addresses the specific problem of unknown and unauthorized privileged accounts, which represent serious risk. Partners can run CyberArk DNA on a customer network and deliver a report that lists privileged accounts and related passwords, including hard-coded passwords in applications and scripts.

CyberArk currently has more than 250 channel partners, which delivered about 60 percent of business in 2015. The company has more than doubled its channel management team in the past 12 months. Its CyberArk C3 Alliance technology partner program delivers certified integrations between CyberArk and alliance member products, removing some stress from multivendor deployments.

Meanwhile, BeyondTrust announced this week the BeyondTrust Managed Service Provider (MSP) Program and an Amazon Machine Instance (AMI) version of its BeyondInsight risk management system available on the Amazon Marketplace.

The company says this is the first privileged access management (PAM) solution tailored for MSPs. It includes a service catalog that offers enterprise customers a password vault, key management, privilege management for desktops and servers as a service, and more.

The offering is available in a variety of deployment models, including as a service, with flexible subscription pricing.

With the Amazon BeyondInsight app and the proper licensing, a customer or partner could stand up PowerBroker Password Safe, PowerBroker for Unix and Linux, PowerBroker for Windows, PowerBroker for Mac and Retina CS in Amazon’s cloud marketplace. 

The BeyondTrust Managed Services Provider Program and the Amazon Marketplace version are available now.

HPE Protect: Hot on the heels of its Global Partner Conference, HPE this week held its Protect 2016 enterprise security event. Focuses were security analytics through ArcSight, application security with a focus on DevOps and end-to-end data security.

Ingram Inks Symantec Deal: Ingram Micro now offers Symantec’s Endpoint Protection Cloud through its automated Cloud Marketplace. With this announcement, Ingram becomes the first global distributor to fully automate the end-to-end service delivery of Symantec Endpoint Protection Cloud in the United States.

eSentire Partners with Carbon Black: Security as a service provider eSentire launched this week its Endpoint Managed Detection and Response service powered by channel-focused, next-generation endpoint security startup Carbon Black. The service provides real-time continuous monitoring to spot and stop infected endpoints before malware spreads through a customer’s network.

Sophos Launches Intercept X: Sophos announced this week its Intercept X endpoint security product that it says stops zero-day malware. The system includes an anti-ransomware feature that looks to detect previously unknown ransomware before it can execute. Sophos Intercept X installs alongside existing endpoint security software from any vendor and is available to order today. A free trial is available.

Intercept X combines signature-less threat and exploit detection, Cryptoguard anti-ransomware, root-cause analytics to show attack details, and the Sophos Clean utility that hunts for and removes spyware and malware. Pricing for Intercept X ranges from $20 to $40 per user for a one-year contract, based on volume. Partners can find discount and other information on the Sophos Partner website.

Gigamon Launches VAR Incentive Program: Attention GigaSecure resellers. Gigamon announced this week the launch of its Sell Smart Incentive Program in the U.S. and Canada. The idea is to reward Gigamon VARs for selling integrated security solutions built on the GigaSecure platform. To qualify, you’ll need to sell at least two products from select Gigamon technology ecosystem partners in addition to GigaSecure. The company says this is about the need for efficient, scalable security architectures that combine best-of-breed tools.

Participating technology partners include Blue Coat Systems, Check Point, Cisco Systems, ExtraHop Networks, Splunk and Trend Micro.

“Partnering with Gigamon to provide customers the flexibility to build their security posture has been a core tenet of the #wefightsmart campaign in which Check Point has been proud to take part,” said Alon Kantor, VP of business development at Check Point. “Amplifying the reach of this initiative through the reseller community is a natural extension of our efforts to protect customers from the next generation of cyber-attacks.”

Splunk Adds Device Visibility: Endpoint security vendor Absolute Software announced this week better interoperability with Splunk Enterprise SIEM, meaning Splunk customers can aggregate event data from all devices – even those off the network – to more quickly spot and react to cyber threats. It does this through persistent clients that are installed on endpoints; if the client is removed, it will automatically reinstall so IT can optionally wipe sensitive data. Persistence technology is embedded in the firmware of devices from vendors including Apple, Dell, HP, Lenovo, Microsoft, Panasonic, Samsung and Toshiba.

The integration also means Absolute and Splunk customers can initiate Absolute Data & Device Security response actions directly from the Splunk management console.

In a statement, Absolute said the announcement highlights its growing security partner ecosystem. The Absolute SIEM connector is available free to all Absolute customers and works with leading SIEMs including Splunk, RSA Analytics and HPE ArcSight. The Absolute DDS App for Splunk is supported in Splunk Enterprise and Splunk Cloud.

Speaking of Splunk, I’m looking forward to the 2016 Worldwide Users Conference in just a few weeks. If you’re also heading to Orlando, let me know, either in comments or direct.

Follow editor in chief @LornaGarey on Twitter.