EXABEAM SPOTLIGHT — Exabeam has been gaining ground on larger security information and event management (SIEM) vendors like Splunk, IBM and ArcSight, and again expects double-digit revenue growth this year.
At this week’s Exabeam Spotlight 2018 in Las Vegas, the company’s first user conference, executives laid out their ambitious plans for the company to continue on its rapid growth trajectory.
Nir Polak, Exabeam’s co-founder and CEO, said as a channel-only organization, it has to depend on partners for growth.
“In security, when you’re trying to go wide in a transactional way, everything passes through a channel, so we’ve been 100-percent channel out of the gate,” he said. “We have a fairly large channel team here with very seasoned executives … we have very good channel connections. We try to have really good relationships with them and we’re never going to do anything that will upset the wars. We’re going to be very fair to the channel because we believe that they’re an integral part of our go to market.”
Last month, the company announced $50 million in new Series D funding.
In a Q&A with Channel Futures, Ted Plumis, Exabeam's vice president of channel, talks about how his company is able to steal partners from competitors, and what's next in terms of channel strategy.
Channel Futures: From the channel perspective, what is the main message being conveyed at Spotlight?
Ted Plumis: The main message that we’re conveying to channel partners is around taking your existing SIEM infrastructure and moving it to an Exabeam infrastructure — and all the benefits that come with that. What we’re seeing from a lot of our channel partners – and SIs is part of that, too – is there’s been a lot of frustration historically with SIEM. I worked at ArcSight and with Q1 Labs, so I’ve been in the space now for 10 years, and when we started, it wasn’t that we were lying to customers. We built a product that was trying to solve their problem, but the technology at that time, in 2007, didn’t exist to actually monitor users using machine learning and analytics. So the message we’re saying is, SIEM has a very key place inside the SOC, but everyone who has it is frustrated today. Why are they frustrated? Too much noise, too many alerts, no real ability to tie that back to a user or an entity. And the use cases from Exabeam are so tied into actually giving actionable intelligence to a SOC analyst, when before they’ve just been kind of chasing threads throughout. So when we talk to all of our channel partners, we’re really focused on solving the pain of, how do I get from all of this noise and clutter to actionable intelligence to go resolve these issues?
CF: What’s the latest in terms of partner enablement? This is one of the areas in which Exabeam plans to invest from its latest funding round.
TP: It’s going pretty well. We just launched our partner training enablement program. It’s a five-stage program. The first two stages are for everybody, so an overview of the market, an overview of Exabeam, what we do and how we do it, and company history. The next two are for the technical people, so it’s being able to go in and give a technical deep-dive on Exabeam and then do a cloud proof-of-concept. And then the fifth stage is professional services. In the United States, we have seven professional-services-certified partners today, and so now we’re rolling out this stage 1-4 training for the masses. In Mexico City we did a round last month and 25 people were at that; we did it in Singapore, we’re doing two in Europe in late October-early November, and (continuing) in the United States, so we’ve investing heavily in this content. Some of it is available in the partner portal. And then the other thing we’ve done is we track every deal we do at Exabeam, not just by the reseller, but by the actual reseller sales rep, so we can tell you at XYZ partner, here is the rep that’s doing all the Exabeam business, so we’re really focusing our enablement on the people that are already the champions for Exabeam, get them deeper, and then have them take us into other people in their company so they’re going to become Exabeam champions. It’s a two-tracked approach for training that way — focusing on the people who are already successful and getting all the SEs up to speed from there.
CF: Exabeam wants to the Splunk killer. What does Exabeam have to offer that Splunk doesn’t?
TP: Splunk is a market-leading product; they have a lot of people in the industry who like the product and they’ve built a great business, but there [have] been some frustrations on the security side when using Splunk. Splunk has had an SIEM called Enterprise Security, they bought a product called Caspida for behavioral analytics, and neither one of those really provided enough value to the customer base. Probably 90 percent of the customers here have Splunk in some form or another, but they’ve all chosen Exabeam now to be that security-analytics layer on top of it. Because of the licensing model where you can get unlimited data collection for one flat fee, you’re not having to pay to bring more and more data in, and they’re starting to move to us for that layer of the SIEM as well. Having to pay for bringing in information, what you’re essentially telling the customer is that the data itself is more valuable than the analytics on top of the data. Charging all this money just to collect it – they want to analyze data – so collection needs to be as much as you can, right? We come in by saying, "Collect all the data for one flat fee." We’ve had some customers call it a Splunk tax. So if I want to upgrade from a full-legacy firewall to a next-generation firewall, that now generates 30 percent more data, so my Splunk bill now goes up. So not only do I have this cost of firewall, I have to pay Splunk to log that data, or I just don’t log it and I don’t have the visibility I used to have for my analytics engines. So being able to offer all of that collection for a flat fee — we’ll just say, "How many users do you have?" They’ll tell us and we’ll give them one license fee whether you collect one byte or terabytes of data, so they’re free to collect all the data. When we talk about being the Splunk killer, part of it is licensing and collection, but the other part is using that data for the analytics, and that’s where Splunk has fallen down in the security space.
CF: Does being a smaller, 100-percent channel organization give Exabeam more of an advantage in some ways that some of these giants?
TP: For sure. We can be pretty nimble on the channel front. If you look at our channel program globally, we have the top security partners in every theater around the world, and part of that is we can be nimble and go in. One partner may say, "I need you to get me services certified," so we’ll spend and do that, and the other partner may say, "No, I don’t want to do services, but I really need you to come in and help me build a workshop for my customers that explains moving from legacy SIEM to an next-gen SIEM," and we can do that. We also have a lot of ability to fit into existing SIEM programs that these vendors have.
So if you think about SIEM historically, most resellers have built their business on three products: firewalls, so a lot of them sold Checkpoint, Cisco, you name it, and then they’ve moved now to Palo Alto and next-gen; and then the endpoint is a really big one for most partners, and they were Symantec Mac partners who are now looking at CrowdStrike, Cylance, etc.; and then SIEM is the third big one — everyone built it on Splunk, ArcSight, QRadar, and now they’re looking at Exabeam coming in and taking what Palo Alto did with Firewall, and Crowdstrike and Cylance have done with the endpoint. We're doing that to the SIEM market. So we slot into their existing practice … and then have them go sell our products.
CF: Has Exabeam been growing its partner community, and stealing partners away from its competitors?
TP: We had rapid growth from when I started in 2015. We had 100 partners on the whiteboard globally, from distribution to SIs, through security, and our first year we signed 95 of those 100. So that was our target. And we probably signed another 125 through time, but every single one of those was selling competing product. There [are] very few partners that didn’t have SIEM in their portfolio. Everyone else, we're displacing competitors. And the partners like it. They’re not competing with thousands of partners, so competition isn’t there. The deal-[registration] program protects their margins … and then with us not selling services directly anymore, but offering them to partners, they can now wrap all of that margin around services, [and] managed services into that as well to help them build their business,
CF: There’s been a lot of buzz about cloud being a big part of Exabeam going forward. Can you elaborate on that?
TP: Exabeam has a cloud solution that will allow us to go back to all of these service providers that are wanting to work with us and give them a form factor that makes the most sense for their business. From a channel standpoint, what it allows our partners to do is ... [help] the customers save with this migration of all the CIOs and CEOs [wanting] to take everything to the cloud. And then it comes down the the people who actually have to do it, and they’re like, "It’s really hard." So being able to offer a customer software, hardware, cloud, whatever form factor you want, that’s what we get asked for from partners. Don’t limit your customer based on your form factor; let them choose and then go sell. So I think the uplift will be pretty substantial for partners.
The other thing it allows us to do is, we’ve made a conscious decision to not sell to below 1,000-user organizations as a company today just because we’ve had so much success in the high end. But I think a cloud product for our channel will now allow them to go in that market and have a solution that’s much easier. There wasn’t as much SIEM adoption in small companies and I think it’s because of complexity, but having a cloud product, we’ll now be able to go sell into all those small-size businesses through our channel.
The product is beyond research and development, but I’m not telling partners it’s in the next two or three quarters so we’re focused on what we have today. Customers got a sneak peek of it here.
CF: What kind of feedback have you been receiving from partners and how is that then being used?
TP: What we’re seeing from partners is … there [are] a lot of things that a SIEM couldn’t solve in the past. An example a partner gave me was, "You guys solved a problem for one of my customers around terminated employees. They’re always trying to monitor terminated employees." Do they cancel all the access, did they not put them on a watchlist? That’s a use case we could never do on our old SIEM because we couldn’t monitor behavior. So what we’re seeing from our partners is, there [are] a lot of new use cases that customers have always had, and now they’re finding ways to solve [them].. That’s been exciting.
The other thing is just the growth of Exabeam. ArcSight was kind of similar growth … but it wasn’t like what we have now. Partners want to be a part of something that starts small and gets really big. You talk to the early Palo Alto partners and it was almost like religion for them that they were selling, but now everybody sells it and it’s more mainstream. We’re getting a lot of good feedback from the partners right now.
CF: What can we expect to see in terms of channel strategy in the next few years? Is it evolving?
TP: Yes. It’s definitely evolving. If we look at back at 2015 when I started and we didn’t have a channel, the goal then was, "Let’s build a very simple program that rewards partners for engagement with Exabeam." We’re not going to compete head to head with the direct sales force; we’re going to let you make good margin on a deal and we’re going to focus on marketing, and we’re going to sign a limited number of partners. And for that first 18 months that’s what it was. Then in mid-2016, we added to that focus what are we going to do to now: Take these partners that were just doing lead generation with] to get them now able to embed us into their practice. So we hired three channel sales engineers and really doubled down on the technical side. Then in 2017 and the first half of 2918, the focus has been — they know how to sell us, they’re making money, they have labs setup, now let’s get them technically proficient where they can go in and do the installations. So we focused on building the curriculum and now we’re delivering on getting them services certified.
The focus for next year is going to be, "How do we take what we’ve built and make it much more consumable for partners," because right now we still have to go on site and you sit with us for a week for technical training. So we launched our partner portal six months ago now, and a lot of this will move to the portal, so it’s really about enabling self-service of Exabeam. The only thing is making it globally consistent. So you can imagine a company like us and my focus is not on making sure that everything looks the same from Asia to Latin America, and to the United States to Europe. We were more concerned about, "Let’s just get them what they need and sell it." Now we want to make it more globally consistent. So if I take a training in Mexico City, it’s the same training for the most part that you get in Singapore and Los Angeles, so everyone’s getting the same technical messaging. The other part is really focusing on what the key use-case messaging is for our partners. Instead of chasing these 100 different points, it’s [focusing] our partners on, "Here [are] the five key use cases," and then go to the market and help them build marketing plans and roadshows.
As a partner, we have a technical track, we have a sales track, we have a marketing track, we have a lead-generation engine, and we can take this to you, and then we’re going to hire more channel managers to get in front of partners because we want to spend as much time face to face as we can, so we’ll probably double the time in the next year – like 25 people globally – and we’re going to be focused on repeating consistent messaging.