New LogRhythm Channel Chief Nancy Reynolds On 'Embracing' Indirect Model


LogRhythm hired Nancy Reynolds last month to build out a program that supports solution providers, and the new channel chief told CRN this week that she believes the opportunity is "greenfield" as the company expands into network monitoring and network forensics to capture the growing market for big data security analytics.

"The executive team has made a business decision that to help us grow faster we need to embrace an indirect channel model to reward the most successful partners and together bring value to the end customer," said Reynolds, LogRhythm's vice president of channel sales. "We have a lot of opportunity in front of us but we need to provide more tools to enable the partners to sell more, faster and more efficiently."

Reynolds most recently served as vice president of corporate sales at Kaspersky Lab. She spent several years at Dell, leading the company's enterprise channel program. She also served in sales and channel positions at Palo Alto Networks and Trend Micro.

[Related: 8 Ways Big Data Will Change Our Lives]

Reynolds said she is assessing LogRhythm's Connect channel program and talking to partners to determine "where the shortcomings are and fix them." The company is looking to grow its U.S. partner base and hopes to attract solution providers who have network security expertise and are interested in building out a strong security practice, Reynolds said. It also will build out its partner portal to make more training materials and documentation easily available, she said.

"It's important to ensure that our partners have the right set of training and tools to not only help them be smarter than the competition but also give them the knowledge in the format that can be easily consumed," Reynolds said.

LogRhythm is promoting its Connect channel program as simple and straightforward, with product and services discounts. The company offers deal registration protection and a local sales team to help support engagements with potential clients. In addition to free field sales training and formal technical training, LogRhythm provides demonstration equipment and joint marketing activities.

Industry analysts have praised the Boulder, Colo.-based company's security information and event management (SIEM) appliances, and market adoption -- driven mainly by compliance -- has been good. LogRhythm co-founder and CTO Chris Petersen said the next step to fuel growth in adoption of the company's platform is to embrace the channel.

LogRhythm competes against Hewlett-Packard's ArcSight appliances as well as SIEM platforms from IBM; RSA, the security division of EMC; and McAfee.

LogRhythm's Network Monitor competes with RSA's NetWitness platform; Solera Networks (acquired this year by Blue Coat); and IBM's new analytics platform. The LogRhythm deep packet analysis engine will be connected to the SIEM system so incident responders can search and investigate signs of suspicious activity, Petersen said.

"We think it will bring up new customer acquisition and new capability for existing customers," Petersen said. "We're still in the early stages here, and a lot of businesses don't have this capability."

Petersen said the stand-alone system also supports network behavior anomaly detection, offering IT teams application and network session data analysis from multiple areas combined with data pulled in from other sources. The storage requirements for the full session packet capture is reduced, according to Petersen, through the company's new SmartCapture functionality, which eliminates unusable data. Data is stored for 30 days but supports expansion. The platform also supports unstructured search.

LogRhythm needs to add carefully trained partners that understand its products to build its customer base, said Karim Ladha, CEO of Vancouver-based managed security services provider IPS Networks, an early LogRhythm partner. Deployments of SIEM systems take time and patience, and many companies require additional assistance with monitoring and investigating suspicious activity, Ladha said. Channel partners can build out their business by offering customers a hybrid model or fully managed system, he said.

"Traditionally, most businesses don't have the bandwidth and expertise to manage and monitor, investigate or mitigate what is the outcome of a threat or suspicious anomaly in the middle of the night," Ladha said.

PUBLISHED OCT. 1, 2013