The biggest problem we have as an industry when it comes to security issues is that we don’t share information between organisations because we use try to use security as a way to differentiate between another organisation, according to Blue Coat chief information security officer, Damien Manuel.
He was speaking at at an end user security presentation at a CompTIA meet in Sydney.
“There needs to be a sharing of intelligence. The points of entry of to get to an organisation has changed and there are new aspects that are being used for attacks. It’s not about people attacking companies directly, it is about attacking through a supplier or supply chain,” he said.
Manuel said malware has also become more advanced, along with the way it is delivered.
“Gartner predicts that by 2017, 50 per cent of the malware will not be visible to the existing tools that all of us have in place to detect them. Businesses are dealing with so many challenges – Cloud, BYOD, changes in malware, cost reduction, etc. and the constant change is making it difficult for organisations.”
As such, Manuel addressed what solution providers can do to help. They include:
- Listening to customer needs
- Investingin the time required to understand business challenges and offer to place people into the environment
- Frame a solution using business values such as resource reduction, remediation, consolidation, risk reduction, decommissioning, reduced ongoing operational costs, and automation
- Provide integrated solutions such as single management and interfaced into other systems
- Provide advice and value such as skills, expertise, resources, networking, and communications
And he also mentioned what service providers should not be doing. These include:
- Using fear to sell and instead, talk about risk management
- Oversell. Instead, they should be honest in terms of what works and what doesn’t and sell on the future vision and roadmap, but be clear on timeframes
- Provide point solutions. Instead, offer tactical solutions and strategic solutions
- Make it about price or discounts because it can be viewed as price gouging if you suddenly drop the price to get the sale in by this quarter
The meet also saw a panel of speakers address a range of security focused topics.
Cisco security sales general manager, Anthony Stitt, said the threat environment has changed, causing an increase in the number of vendors in various areas of the security puzzle.
“This makes it difficult for customers and partners to sell into an environment because there are a large number of possible solutions that they can get form the market. Our thinking has been around perimeter control and that is also not as effective as it should be,” he said.
“My advise to businesses is to not step too far away from what they do – make security an adjacent to all the technologies you have in your stack. There also needs to be an evolution in skills, but we have a gap in providing that services.”
CyberArk regional director, Sam Ghebranious, agreed. He said not one vendor is going to do the whole solution and need to be trusted advisors in this process.
“The discussion is now around where partners can come in and provide a security strategy; it’s not all just about points. The channel needs to be there to implement, train, and do consultative sell. I agree that Australia also needs to lift its skillsets.
“In terms of partnerships, the channel should also allow complimentary skillsets between partners. They should facilitate relationships in the channel as well,” he mentioned.
FireEye SE director, Rich Costanzo, mentioned that attacks are occurring in more than just larger organisations – smaller businesses are under attack as well.
“From a technology perspective, organisations have been dealing with security on a high level but now, everybody needs that level of protection. As vendors in general, it’s about how we can make that easier for partners to deliver those solutions.
“We need to understand who these attackers are and what they’re doing. Whatever happens on the high end, filters on to the low end so as vendors, we need to be on top of the issue,” he said.
Intel Security sales engineer, Shakeel Ali, said organisations have been investing in and around Cloud solutions, and as a result, need to be two steps ahead when it comes to security.
“For customers that are looking to adopt security technologies to protect their investments, it’s becoming more difficult because they’re looking for simplicity. As the perimeter of Cloud grows, that causes a lot of risk for companies and they’re looking to the channel for help.
“There are a lot of opportunities for vendors and partners to educate the market, talk to them about security and be an agnostic player in the market and make recommendations,” he added.