The security landscape is undergoing monumental change – even the smallest of players in a supply chain are vulnerable and weak if not protected – and partners are being relied upon like never before to educate customers about the dangers.
That was a key message delivered by WatchGuard vice-president worldwide sales, Alex Thurber, to a select group of resellers, who were invited to attend the company’s Elite OneVision conference in the Gold Coast. The trip rewarded and recognised the company’s top achieving partners nationally from January 2014 to December 2014.
Thurber said the security landscape has undergone massive change and upheaval in the last 15 years with the level of attacks so sophisticated that customers are struggling.
“We’re under attack. There is a lot going on in security. I am not suggesting that any of us go out and sell the fear and uncertainty, dread and doubt model of security. But if you have customers that don’t truly understand what is going on in the security world today, who have an Internet connection, then they are exposed to an attack. It isn’t just a question of if, it’s a question of when.”
He said the smaller fish in the sea are now equally as challenged as the top end of town.
“The attacking is becoming so sophisticated and so rampant that you no longer have the opportunity to do security through obscurity,” he said.
“It is no longer the company that is being attacked that has to be secure. Everybody in the chain of trust, or the kill chain, needs to be protected,” he said, adding the breach can be a smaller supply chain company that is connected to a larger player.
He acknowledged how selling security is a challenge.
“Every day you have to go and convince your customers to spend money, where when things work nothing happens. That’s the problem with selling security. It’s like insurance – when it works, nothing happens. And you don’t really want to claim your life insurance. The same thing in security.”
He suggested there is a whole new paradigm in selling security given network breaches are escalating and risk is everywhere.
“It is easier now to make an argument to the person in the C-suite, the CEO, CFO or chief risk officer, that this is not just about your credit card records. Now we are talking about all of the data in a company is at risk.”
He said the biggest problem in the business is education.
“If we can truly educate our customers as to what’s going on in the world, it would be a pretty logical thing.”
Resellers need to deploy a defense in-depth strategy
Speaking about education, WatchGuard A/NZ regional director, David Higgins, said everyone can sell a good story about security. The hard part in network security is being able to deliver not only feature-rich technology, but also advanced manageability and visibility.
“If everything is going well and network security is working, nobody knows about it (maybe a few of the people in the IT shop). But when it’s not working, everybody seems to know about it. So it’s how do we take what’s going on with our network and actually give that information into the hands of the people who are not necessarily running the security, but providing the budget for the security.”
Resellers need to show customers what the actual software is doing, show them what it is doing in terms of protection and show them what their investment is doing.
“It is always very difficult for our customer’s IT person to be able to justify that expense in terms of what they’ve put into that security. So how do we do that for non-IT executives who are making that decision on budget allocation to IT security departments,” Higgins said.
“Put the product into their hands, show them what it does, show them what sort of protection it has. Show them the biggest users of bandwidth and how we are able to manage that.”
The case for UTM
With today’s sophisticated threats (including Cryptolocker), resellers should be pitching to customers the need for unified threat management (UTM) technology, according to WatchGuard APAC senior systems engineer, Rob Collins.
Collins said every business needs a multi-layered approach to security (and adopt UTM) given attacks are becoming more sophisticated, and attack surfaces have increased thanks to BYOD, the Internet of Things (IoT) and integrating wireless.
“Malware is bypassing existing controls, and attacks continue to leverage Web and email,” he said.
“Web and email are still the most common threat vectors, so nothing has changed, but these are the two communication technologies that everybody is using on a daily basis.”
“With BYOD, the IT department has really lost control of what sort of surfaces they do have control over. We’ve got all kinds of iPads, phones, laptops, Macs, all different operating systems that all need to be secured as well. So you need more than just what’s known as stateful packet inspection. This is ingress control – they are stopping attacks that are coming into their network. But what you need is egress control.”
Collins said security needs of any business are continuing to grow, and therefore partners can help a customer with a multi-layered security approach.
In the case of Cryptolocker, he said the layers of security protection include: stopping the spam emails; protecting against exploits; stopping the links working; detecting and stopping the Cryptolocker, Cryptowall package; stopping the Cryptolocker actions; logging, reporting and monitoring; recovering from an attack; and Layer 8.
He said partners need to educate customers on Layer 8, which is user awareness. He gave partners a checklist to take to customers, namely:
1) Users should be trained to be suspicious of every attachment and every link in an email. 2) Be suspicious of poor grammar and spelling errors in emails and when visiting new web sites. 3) Report suspicious activity to IT. 4) Ask your colleagues: would you be happy for the company to make front page news because of a breach?