**Editor’s Note: Click here for a list of April’s important channel-program changes you should know.**

Customers know – or should be convinced – that we can’t build walls high or deep enough to stop all attacks. But by discovering a normal, or known good, network baseline, security teams have a shot at spotting anomalous traffic that could indicate a breach. That detection process requires drawing intelligence from a range of network and endpoint security systems and running advanced behavioral profiling techniques on the data. Deviations can then trigger detection and response processes by those existing systems.

This concept is the basis of a number of security vendor coalitions. The commonality is to use APIs to link disparate data sources and feed threat intelligence to an analysis engine. LightCyber launched on Monday its ecosystem entry, the LightCyber Technology Alliance Program, or LTAP, that it says will power greater security intelligence and remediation options while enhancing revenue opportunities for its partners.

“Your average channel partner has a full line card of different solutions, and we want to support and complement those solutions to make the net whole better by integration,” said LightCyber’s EVP of marketing Jason Matloff, in a briefing. “Signatures, blacklists and hashes are part of an outdated known-bad model.”

It’s almost a certainty that determined attackers can get into a customer’s system. “The big deal is being able to find out before they cause damage,” Matloff said.{ad}

LightCyber is 100-percent channel and in 15 months has signed on 100 customers and 25 partners in North America. It doesn’t work through distributors, preferring to deal directly with specialized security services providers.

“We don’t fulfill any deals outside the channel,” said Matloff. “We know that the growth trajectory that we want to have is only going to be enabled by leveraging the channel.”

Through LTAP, LightCyber’s Magna platform will eventually interoperate with nine technology categories, including firewalls and Web gateways, security information and event managers, VPNs, network access control and authentication systems, and IT workflow and service management suites. The Magna platform is a passive system that sits on a span port and learns what’s normal on a customer network. The product offers Active Directory integration and is able to quarantine suspect nodes and revoke credentials automatically if a user account is compromised.

Today LightCyber is announcing four integration deals. 

Under the HPE Technology Alliance Partner Program, Magna is certified to interoperate with HPE ArcSight for security information and event management (SIEM). Packet capture for analytics is provided by the Gigamon GigaSecure Security Delivery Platform under the Gigamon Ecosystem Partners Program. Magna also integrates with Check Point’s next-generation threat prevention solutions and Palo Alto Networks’ next-generation firewalls to isolate compromised endpoints and block the command-and-control channels used by attackers to exfiltrate data.

Independent security analyst Michael Cobb says these alliances are likely to …

{vpipagebreak}

… grow in number and scope.

“They all raise the security bar, but nobody’s sure which will be the most effective, become the de facto standard, become the killer app or a waste of time, so everyone is happy to be part of each other’s projects,” says Cobb. “It’s a way to improve security and hedge your bets at the same time. For partners, you win either way as vendors are working very hard to cover all bases so you’re being fed the best of everything.”

Security-focused partners should already be compiling a scorecard of security vendor consortiums and learning about new behavioral analysis techniques so you can explain the value to customers, who may question the logic of purchasing an additional security solution and layering it on top of what are arguably ineffective systems.

Matloff acknowledges that its partners must address this and says it’s about return on security spend.

“The incremental ROI of purchasing behavioral detection is greater than trying to implement another layer of security to try to get to that 100-percent comprehensive protection, the Holy Grail that’s been promised for 20 years,” he said. “The incremental ROI on another prevention system is essentially zero.”

In contrast, Matloff says, the RESTful APIs on which the LTAP program is based enable LightCyber channel partners to wring more value from customers’ – and their own – existing security portfolios. 

“The APIs are open so customers and channel partners can actually build services around them without us,” he said.

**Editor’s Note: For Cobb’s take on using APIs securely, download our free report.** 

Matloff also acknowledges that security skills are hard to come by and that this sort of integration takes specialized enablement, which LightCyber is working to provide.

“What we’re selling is inherently complicated because it’s new,” said Matloff. “We’re employing behavioral profiling, machine learning concepts, database analytics — we recognized early on that we really had to educate the market about the technology, and we had to build the infrastructure to deliver that training.”

As a result, LightCyber offers an online learning management system with four modules to train partners for different aspects of customer engagement.

“There’s initial sales training, there’s analyst training, and then there’s full deployment and services-delivery training,” he said. Within these, the company offers four certification levels.

“I’m very proud that we’ve been able to build that out,” he says.

LightCyber is in growth mode; it hired a worldwide VP of sales in January and will have tripled its North America sales team by the end of this quarter.

“And with that growth, we’re rapidly expanding the boutique security resellers that we’re partnering with,” he said. “Multitenancy and remote managed services are absolutely being delivered today by our partners.”

The APIs and associated documentation and examples are available now.

Do you agree with the platform approach? Let me know, either in comments or direct. Follow executive editor @LornaGarey on Twitter.