The Missing Link Security and Zscaler
When co-owner and chief information security officer Aaron Bailey and his business partner set up The Missing Link Security four-and-a-half years ago, he relished the chance to pick which vendors they wanted to do business with.
“When you’re a new company, you can’t have the sort of arrogance towards vendors that large, established companies often have,” says Bailey. “We basically begged to become a partner of Zscaler.”
Zscaler makes a line of web security products designed to detect threats as network traffic flows in and out of an organisation.
“The operation of the platform is really simple and easy,” says Bailey.
Bailey sought out Zscaler specifically after founding The Missing Link Security.
“We wanted to deal with challenger brands,” he says. “Back then, security was all about on-site appliances, but Zscaler was born in the cloud.”
The cloud nature of the product, the investments in research and development the company was making, and the vendor’s rapid release of new features all endeared Zscaler to the nascent The Missing Link business.
“There was a lot of education required at the beginning,” says Bailey, “It took more effort than selling a heritage brand, but we stuck with it.”
Bailey’s tenacity paid off: The Missing Link is now earning more than seven figures in revenue annually and has grown from 2 staff to 38.
Bailey says The Missing Link’s superpower is its ability to integrate Zscaler with other tools. “We can deal with the integrations that can be a bit weird,” he says. “We understand how to drive the tools to do the trickier stuff.”
CyberRisk and Cylance
CyberRisk was formed in December 2016 and started selling Cylance in March of 2017. It is already a platinum level partner less than a year later. The decision to partner with Cylance came from first-hand experience with using its products.
“I was working in industry, evaluating endpoint products,” says Wayne Tufek, director of CyberRisk, “And I was impressed with how Cylance performed in the heat of battle.”
Cylance’s flagship product is its anti-virus and anti-malware CylancePROTECT. “The advantage is that it doesn’t use signatures,” says Tufek. For several decades, anti-virus software has relied on databases of signatures of “known bad” malware, which limits its ability to detect new threats.
Tufek says the Cylance heuristic approach — which is similar to the Bayesian statistics approach used by many spam filters — means it can detect and respond to threats that have never been seen before. “Cylance doesn’t need Internet connectivity to work,” Tufek says. “It doesn’t need to download a new set of signatures every day.”
With new threats arising at a pace and volume that dwarfs that of even five years ago, Tufek believes that Cylance offers a compelling solution that will eventually replace the signature approach.
Tufek is also impressed with the local support CyberRisk receives from Cylance. “They give us good support in pre-sales, lead generation and during proof-of-value demonstrations,” says Tufek. “We add our own expertise in services like how to design a robust security posture.”
Brennan IT and Mimecast
“Brennan IT researched the security marketplace and made the strategic decision to partner with Mimecast due to the company’s exemplary solutions, which fit our mid-market customer base,” says Andrew Borthwick, head of partners and channel.
While Brennan IT partners with a number of security vendors, it has “a strong and valued relationship with Mimecast.”
Brennan IT uses all of Mimecast’s offerings, including email protection, cyber resilience and cloud archiving. Borthwick praises Mimecast’s email security services in particular.
With the increasing sophistication of phishing attacks — including some very public examples of CFOs being duped into authorising large financial payments to thieves masquerading as the chief executive — keeping email systems protected is becoming an important tool in any security team’s arsenal.
“The continued increase in hackers’ sophistication and the new and varied methods cybercriminals are using to attempt to gain access to confidential information are a real threat to both Brennan IT and our clients,” Borthwick says.
Brennan IT sees the Notifiable Data Breaches scheme as a key challenge for clients in the immediate future.
“We’re working closely with our customers to ensure they have the appropriate security systems in place, and can promptly respond should a breach occur,” Borthwick says.
Sense of Security and LMNTRIX
LMNTRIX sells an Adaptive Threat Response system built from network and endpoint sensors as well as honeypots. LMNTRIX augments the raw data with intrusion analysts who monitor the system for signs of compromise.
Sense of Security chose to partner with LMNTRIX because it considers the human element of attackers, particularly those behind advanced persistent threats (APTs).
“LMNTRIX has a very strong team that has previously built a serious SOC [security operations centre] from the ground up,” says Jonathon Barford, national sales manager at Sense of Security.
“They have now taken that knowledge and developed a truly revolutionary approach, based on the concept of adversary pursuit,” he says.
Rather than leaving everything to the relatively unsophisticated computerised systems, Barford says the LMNTRIX approach means they can detect the subtleties of human adversaries that other approaches miss.
“The final outcome, which they deliver to clients is a set of recommendations regarding a fully validated breach,” he says. “What they don’t deliver clients is an overload of alerts, a fancy portal that nobody logs into, or reports with lots of meaningless statistics.”
Barford laments the overload of alerting information that undermines the effectiveness of many security teams. “During the delivery of our engagements we often find that existing security controls have not been implemented correctly and may be operating with reduced effectiveness, and in many cases not at all,” he says.
Loop Secure and RSA
While RSA has a reputation as one of the old guard of security, Loop Secure chose to partner with RSA because of this heritage. Loop Secure sells RSA’s SecurID Access, an enterprise-grade multi-factor authentication and access management solution.
“RSA has the most mature offering and integrates with more agents than any other solution on the market today,” says Jeremy Keast, national sales director for Loop Secure.
“From the business side, they’re easy to deal with which is a key requirement for any of our partners.”
Loop Secure has been impressed with how RSA has adapted to the cloud era and the rapid changes in the security industry in the past few years.
“RSA has spent a lot of time developing a cloud offering which has provided great benefits for our clients by removing some traditional barriers to entry,” says Keast. He says the move to a consumption pricing model is something a lot of Loop Secure’s clients have been looking for.
Two-factor authentication has become far more common than when RSA first introduced its iconic SecurID keyfobs, with banks and online services now adopting SMS codes and various software and hardware options for more robust authentication.
Keast says that sophisticated customers are looking for even more robust solutions than the relatively simple two-factor authentication.
“Being a true multi-factor solution, rather than a traditional two-factor solution is a key differentiator,” he says, “RSA also has an advanced risk-engine which can provide token-less authentication for a lot of use cases, which again simplifies the outcomes for IT teams.”
Seccom Global and Cybereason
Seccom Global has chosen to work with Cybereason, using its Deep Detect and Respond product.
“We evaluated a number of organisations when determining who we should partner with to build our more advanced solutions,” said Michael Demery, managing director at Seccom Global.
“After working closely with the team, Cybereason became the obvious choice for us to partner with.”
Cybereason deploys sensors on every endpoint to monitor the environment, and doesn’t require writing lots of rules to start working. Instead, it correlates events and builds a model of your environment. Then it can detect anomalies, because it knows what normal looks like.
Demery is impressed with Cybereason’s speed under pressure. “The real game changer with Cybereason is the way it uses graph database technology in its Malops engine,” he says.
“This technology significantly increases the speed Cybereason is able to interrogate information, asking up to eight million questions per second.”
Demery believes that security is best handled by specialists. “Just as you would not go to a general practitioner for brain surgery, you should not trust your critical information security to a reseller who is a generalist in desktop or network support,” he says.
SecureWare and Cofense
PhishMe, which bills itself as a leading provider of human-driven phishing defence, had just rebranded as Cofense as CRN went to press, following its private equity acquisition.
“PhishMe develops anti-phishing threat management solutions against phishing, malware, and drive-by attacks,” says Adam Barker, managing director at SecureWare.
“Email is clearly our customer’s number one threat vector,” says Barker. “We do our best to prevent targeted phishing attacks, however, determined spear-phishing attacks will get through even the best defences.”
Barker uses the PhishMe Simulator to provide a visceral kind of user training that goes beyond the fairly forgettable security awareness training organisations frequently deploy. An organisation’s culture can have a dramatic impact on its ability to increase security and to have staff respond appropriately to potential phishing emails.
“From our perspective it’s all about ‘changing behaviour’. With PhishMe, users that click on a phishing link are prompted on-the-spot with phishing education and security awareness training. It’s that emotive response that crucially makes the difference.”
Barker is impressed with the local presence “PhishMe has a great local team here in Australia that can support us and our customers,” he says. It helps SecureWare to focus on customers and respond in ways competitors can’t.
“We’re agile, providing customers with an accurate and quick turn-around,” Barker says, “Something the larger integrators just can’t compete with.”
There was near unified consensus that there is a major skills shortage in Australia for information security people, and that the situation is getting worse, not better. Finding people with the right blend of skills and experience to handle the rapidly evolving world of cyber-security is going to be a challenge for the foreseeable future.
Aside from finding staff, the most pressing issue facing local firms is the start of the Notifiable Data Breaches scheme, which became active in February 2018. Many of the security firms we spoke to caution that organisations aren’t really prepared for it. This will lead to even higher demand for cyber-security services in the future.