Hexis Turns To Channel To Sell Its Breach Detection Platform


Hexis Cyber Solutions, a company with technology deeply rooted in U.S. intelligence and law enforcement agencies, is building out a partner program and seeking partners in the U.S. in an effort to extend its breach detection capabilities to the private sector.

Hexis, a subsidiary of Hanover, Md.-based KEYW Holding Corp., sells a platform that combines endpoint security and analytics with automated response and remediation capabilities. The company's products include HawkEyeG to detect and address advanced threats, and HawkEye AP, which provides the analytics and data warehousing platform.

The platform is the result of KEYW's acquisition of security information event management vendor Sensage, Rsignia and Dilijent Solutions in 2012. The firm took the components to build out the cybersecurity platform around the Sensage engine, using agents on endpoint devices and a deep packet inspection engine to identify suspicious file activity and traffic that may signal a malware infection. Other components can capture information useful for malware analysis and forensics investigators.

[Related: Advanced Threat Scare Tactics Don't Sell, Say Solution Providers]

The company formally launched its channel program in February, and announced an increase in its channel presence in the Americas with partnerships throughout North and South America.

Hexis' global channel program currently has some 15 partners. The vendor is reaching out to providers with strong networking practices in the U.S. to sell and deploy FireEye, Palo Alto Networks and Cisco-Sourcefire appliances, said Katherine Russ-Hotfelter, director of channel marketing at Hexis. Russ-Hotfelter said the company had been working closely with Sourcefire's existing partner base prior to Cisco's acquisition of Sourcefire.

The channel program is still in its infancy, she said. The company has a partner portal and established partner levels. Certification and training are provided, in addition to marketing and development funds and other performance-based incentives. 

"The product itself is sophisticated so we're not looking to create the Subway franchise model here," Russ-Hotfelter said. "We don't want to liquidate the value of being a partner, so we're looking for partners that are strong security players and have strong references in their customer accounts."

Early partners said KeyW has breathed new life into Sensage with its offering by leveraging Sensage's analytical engine for advanced threat detection.

The platform can be a winner among telecommunications, health-care and financial-services sectors, where firms are investing heavily in emerging advanced threat detection capabilities, said John Murphy Sr. of Dublin, Ireland-based systems integrator and managed services provider Arkphire. Murphy said his firm has implemented and managed the company's core database component to help law enforcement search billions of records. Murphy said Arkphire has specialists that can provide incident response services around the platform.

"Hexis is going to do a lot for the potential of Sensage; I think with KeyW backing it could prove very interesting," Murphy told CRN. "The current Sensage customer base is a good starting point and it gives Hexis credibility, but the company is looking for net new wins."

Hexis is speeding up incident response with the different components of its platform and has added mechanisms to provide automation, said Rick Holland, principal analyst at Forrester Research. Holland said the company's visualization of a malicious executable file's processes and functions on an infection system provide forensics teams and malware analysts with strong telemetry data to aid in their investigations.  

"Their roots come from an offensive perspective and they know what adversaries are doing when they try to compromise hosts," Holland told CRN.

Some of Hexis' security capabilities fall in line with other security vendors that are developing new ways to identify so-called advanced threats. Organizations that align closely, according to Holland, include Carbon Black, now part of Bit9, CounterTack, CrowdStrike and Triumfant. Holland said Hexis needs to differentiate itself to be prominent to private-sector firms, which could turn to existing breach detection vendors -- FireEye, Palo Alto Networks and others -- that have endpoint components for threat visibility. 

PUBLISHED MAY 13, 2014