Playbook Volume 9 - ChannelVision Magazine

nities the current state of cybersecurity presents channel partners and their solution providers. For starters, it’s no longer safe to assume that attacks can be prevented. “Hackers will continue unabated to innovate and expose new vulner- abilities,” said Joseph Carson, chief security scientist at Thycotic, which of- fers privileged password and endpoint protection solutions. In other words, cybersecurity is not just a matter of how bad guys will pen- etrate networks and devices but when they will penetrate, and how quickly a company can react. “It is increas- ingly clear that motivated threat actors can circumvent de- fenses,” agreed Rick Moy, chief marketing of- ficer for Acalvio, a provider of autonomous deception solutions. “However, organizations are still facing an unacceptably long dwell time to detect and address breaches, with the average around 99 days.” “One challenge is inertia,” added Mike Banic, vice president of marketing at Vectra, which utilizes artificial intelli- gence to power its threat detection and response platform. While organizations have made significant investment in preventative security, such as firewalls, proxies, secure web gateway and end- point security, said Banic, attackers continually search for ways to outpace prevention products. Banic points to a recent Gartner report in which the research firm boldly states that “pre- vention is futile in 2020,” making a call to action for enterprises to shift their investments to rapid threat detection and response. “While CISOs today often admit that cyber-attackers may already be inside their networks, the majority of their spending is still on prevention de- fenses,” said Banic. That’s starting to change. Gartner forecasts a 39 percent increase in spending on detection and response security in 2018, growing to an in- crease of 50 percent in 2019 and a 60 percent increase in 2020. Even so, “Most organizations have not yet made the re-balancing adjustment from prevention to detec- tion recommended by Gartner two years ago,” added Moy. “Channel partners can differentiate them- selves from the pack by offering cost-effective detection solutions, including emerging technologies like deception, managed detection and response and orchestration.” “Integrating the new detection and response solution with the exist- ing endpoint, NAC, firewall, workflow, ticketing and SIEM solution creates a high-value opportunity for services,” said Banic. And AI-based detection and response automation platforms such as Vectra’s Cognito are SaaS-based offerings with annual recurring revenue that increases business-model predict- ability for channel partners, he added. Similarly, the awareness that “breaches are a fact of life” means IT departments will be looking for partners and providers that prioritize resilience, or the ability to bounce back from attacks, said Carson. “CISO’s quickly realize that no man is an island when it comes to staying ahead of the threat landscape and that third parties with the latest advanced knowledge and expertise will be part of their resiliency program,” said Carson. “By ad- dressing threats of the type and scale mentioned above, IT firms that can demon- strate their ability to consult, advise and implement infrastructure that will adapt rapidly to changing conditions and recovery from disruptions will reap the largest windfall in 2018.” The Connected Conundrum Another challenge, or opportunity, depending on your perspective, is a direct result of the technological processes that have come with the industry 4.0 and IoT (Internet of things) trends we have seen dur- ing the past five or so years. More specifically, “the accidental system threats and undiscovered vulner- ability resulting from the multiplying amount of connected corporate de- vices,” said Thomas Nuth, product marketing director for No- zomi Networks. Nuth points to modern indus- trial control systems (ICS) and operational technologies (OT), such as those common in manufacturing, oil/gas, chemical, government and utilities industries. These networks are now made up many devices, systems, networks and controls used to operate and/or automate processes. “The increased connectedness of non-consumer devices has filtered down to mission-critical networks and industrial control systems such as DCS (distributed control system), MES (manufacturing execution systems) and SCADA (supervisor control and data acquisition),” said Nuth. “As these industrial applications grow more intel- ligent, so does their exposure to cyber- born threats; whether they are internal or external.” Budgets are starting to be allo- cated to ICS/OT cybersecurity proj- ects on a larger scale than in years past, continued Nuth, as companies and organizations realize that their critical infrastructure is too exposed not to invest in improved operation- al visibility and ICS cybersecurity technologies. “To achieve an improved cyber- security posture, companies are looking for ways to extend the utility of their existing IT/OT infrastructure, such as firewalls and SIEMs, and they’re looking for technological expertise and guidance from channel partners to support them,” said Nuth. “The opportunity to guide companies and organizations in their ICS cybersecu- rity selection journey is tremendous Tony Rock; Lockpath Joseph Carson; Thycotic Mike Banic; Vectra 6 THE CHANNEL MANAGER’S PLAYBOOK