Channeling Security: Sophos CEO Takes Swipe at Competitors’ Partner Strategies, Kaspersky Spam Study

At last week’s Intel Security/McAfee Focus 16 conference, I sat down with Richard Steranka, vice president of Intel Security’s global channel operations. If you’re unfamiliar with the McAfee program, check out our in-depth Q&A with Steranka, who was brought in to institute a competency-based channel model that rewards commitment while also streamlining the program and adding enablement tools for the entire partner base.

Last week, Steranka zeroed in on the plethora of announcements at the conference, the ongoing move to cloud and a broadening McAfee portfolio.

“We’re moving from the perception that we are endpoint-focused,” said Steranka. “The vision has been in place for quite a while to have broader threat defense protection; that includes infrastructure, that includes data and, obviously, it includes management of all those assets.”

Steranka says the announcements at the conference are less net-new than an effort to incorporate more pieces of the product set into a unified platform. McAfee has also asked partners — especially the top-tier platinum resellers — to broaden their portfolios.

“We’ve raised the bar,” said Steranka. “More strategic partnerships, more strategic engagement with them, improving our mutual profitability, and improving customer outcomes.”

To the profit point, he cited a just-announced change to the incentive rebate program for platinum partners.

“Bottom line, it’s going to be more money for them,” he said. “They’ll start earning earlier, at 80 percent of quota attainment, and the payouts are actually higher now. If they can hit 150 percent of their quota they’ll get eight percent across their entire quarter bookings. That’s a big check.”

The company has also removed quota caps.

“What’s good for you is going to be good for us as well,” he said.

Bring On the IP

Steranka told me he is excited to see what partners build on top of the new OpenDXL application framework.

“I fully expect partners to be bringing [intellectual property] to the table, for running automated scripts, for problem resolution, a lot of the things we heard about orchestration,” he said. “That’s going to become very relevant as they begin to move rapidly from just selling and implementing products to actually managing them, and ultimately managing security operations for their customers.”

The McAfee partner ecosystem now numbers more than 10,000, with a high percentage of broader IT sellers versus security specialists — something Steranka sees as a strength because security needs to be pervasive throughout the network.

He also sees no letup in the move to delivering security in an as-a-service model.

“I look at our competitors, and services are a big part of the industry,” he said. “The traditional margins of selling security software are diminishing at a pretty rapid rate.” Customers want to pay for performance, and they don’t want lock-in. For partners, deployment is simpler and less expensive — critical for selling down market, where SMB customers are under fire.

“The bad actors are using the same techniques against everyone,” Steranka said. “The tools have to be enterprise-class, but you need to shield that complexity from customers because they don’t have the resources to operate them.”

There’s now an opportunity for McAfee partners to sell hardware in an as a service model, accelerating the move to MRR, which Steranka says can be painful in the short term but equalizes over about two years, depending on how rapidly solution providers shift their bases.

“There’s demand from customers to make all our products subscription-based,” he said. “What we want to do is minimize the short-term impact to the partner, because there will be long-term gain. There will be an annuity stream.”

That cushioning isn’t just financial. He also sees changes in go-to-market strategies, like embedding “customer success managers” to make sure services perform as expected, because it’s easy for a disgruntled customer to pull the plug on a subscription.

“That’s as opposed to, ‘I sold the product, we implemented it, I’ll call you when there’s a support renewal coming up three years from now,’” he said.

Sophos CEO Talks Some Smack

In the company’s Q1 earnings call this week, Sophos CEO Kris Hagerman and CFO Nick Bray took swipes at competitors including McAfee and Symantec, including dissing their partner strategies. When asked about whether Symantec’s Blue Coat buy is impacting hardware sales, for example, Hagerman insisted there has been “no real change in the landscape” despite disruption and ownership shuffles.

“In the short to medium term, there’s a lot of disruption there,” Hagerman said of Symantec. “Quite a bit of confusion through the sales ranks and the channel partner ranks, and, ultimately, that’s probably pretty good news for Sophos. And now you’re seeing a similar case at McAfee, where it’s not entirely clear where McAfee is going from a strategic perspective.”

He called out similar lack of clarity at SonicWall, which was just spun out of Dell.

“Confusion over leadership, confusion over go-to-market strategy,” said Hagerman, questioning what each competitor “intends to be the best in the world at.”

Steranka and McAfee’s product leadership would likely argue that point, and the news isn’t all sunshine at Sophos. Overall, billing is up about 15 percent, but the company did post a $24.6 million operating loss, and Bray admitted that gross margin has shrunk slightly, though he insists that will soon turn around.

(We recently spoke with Sophos VP, global MSP Scott Barlow about Sophos’ own partner plans.)

On a more positive note, Hagerman called out a “differentiated strategy to tap into a massive and growing market,” specifically citing the Sophos Central cloud-based security management product, which he said grew sales more than 150 percent in the first half, to reach 30,000 customers, as well as the Intercept X cloud-based endpoint security solution, new encryption products and a new XG firewall.

His message of synchronized endpoints and network devices talking to one another is not unique. This is a running theme among competitors including McAfee and Kaspersky, as we discussed with Jon Whitlock, senior vice president of marketing for Kaspersky North America, and Kevin Lozeau, the security company’s new director of channel marketing. Cisco is also dipping into the endpoint security market.

Hagerman says Sophos grew its partner roster from 20,000 at the end of the company’s fiscal year to 26,000 now, with the number of “blue chip” high-producing partners growing from 4,700 to 5,400.

“Our 100-percent channel model gives us great reach, in an efficient manner,” he said.

He also touted 20 percent growth in new customers, up to 240,000, with strong renewal rates and 19 percent growth in subscriptions

‘Tis the Season for Credit Card Fraud

ClearSale released this week an ebook that partners can use to educate retail customers on the risks inherent in “card not present” transactions, and how to mitigate them.

According to Online Credit Card Fraud Risk: The Ultimate Guide to Growing E-Commerce Sales Safely, by 2018 there will be a total expected loss of $6 billon due to CNP fraud in the United States, so it’s worth sharing the ebook with customers. To encourage downloads, the company will give a limited number of participants free fraud screening on a portion of online transactions in November and December.

Spam? A Lot

Kaspersky Lab’s new Spam and Phishing in Q3 report says the company’s products blocked over 73 million attempts to attack users with malicious attachments, mostly ransomware Trojan downloaders. That’s the largest amount of malicious spam since the beginning of 2014 and a 37 percent increase compared with Q2. And there’s momentum — the amount of spam in email web traffic in September was the highest reported percentage so far this year, at 61 percent.

Besides distributing ransomware, in Q3 spammers tried to lure victims into fraud schemes by offering them the chance to test pricey products.

“The email headers included: ‘Register to test & keep a new iPhone 7S!’ and ‘Wanted: iPhone 7S Testers!’” said Daria Gudkova, acting head of content analysis and research, in a statement. “All people had to do was provide their postal and email addresses, and other personal information, and pay for the postage in return for the products to be sent to them. No guarantees were given and the result was that the fraudsters simply made off with the delivery payments and personal details of their victims.”

On the Road

Next week SaaSMAX is launching its inaugural Cybersecurity Road Show, focusing on trends and threats affecting solution providers serving SMBs. On Nov. 17, the production will make its first stop, in Irvine, California, beginning at 4:30 p.m. SaaSMAX has plans for additional road shows in U.S. cities; the schedule will be announced in January.

Next week’s event will kick off with a networking session, followed by panel sessions and product demos.

“Today, no company, small or large, is immune from cyberattacks or the severe impacts left in their wake,” said Clinton Gatewood, vice president of channel development, SaaSMAX. “Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion last year, according to Cybersecurity Ventures. With this in mind, if you are an IT solution provider, CSP, MSP or VAR located in the Southern California region who is looking to build your arsenal to better protect your clients and employees, then this is a must-attend event.”

Partners can learn more about the SaaSMAX Cybersecurity Road Show here.

Follow editor in chief Lorna Garey on Twitter.