Security Channel Chiefs: Here's Why Legacy Security Technologies 'Won't Cut It' Anymore

As security threats evolve, solution providers need to move beyond legacy technologies to the next generation of security.

But what does that next generation of security look like? Top security channel chiefs said in a roundtable discussion at XChange 2017 that the definition of next-generation security includes technologies that leverage the cloud, machine learning, heuristics, integration and more to provide predictive – rather than reactive – security.

On top of that, Matthew Polly, vice president of business development, alliances and channels at Crowdstrike, said next-generation security needs to be easy to implement, utilize and manage.

[The State Of Security: CRN's 2017 Security Roundtable]

From a technology perspective those factors mean that legacy security technologies aren't going to make the grade, Polly said.

"Going with a legacy technology won't cut it anymore," Polly said. "It's important for [the channel] to understand how to make those protections easy. I think legacy technologies are having a hard time adapting to that."

Fortinet Vice President of Americas Channels and Emerging Technologies Joe Sykora said integration across technology vendors is another key facet of the next generation of security. He said Fortinet and other security vendors are working to provide API integration into their technologies, even with the company's competitors. He said that is one big way the vendors can make it easier for customers and partners to integrate their technologies.

"We’re on the next-next-generation of security," Sykora said. "[Security vendor] platforms are going to have to adapt, and part of that is making sure that it's all open and it's not a closed system."

McAfee Head of Channels And Operations for the Americas Ken McCray agreed, saying that McAfee has moved to integrate its technologies with other vendors to reduce complexity for both partners and customers.

"The complexity of security is driving customers crazy. … But the more we work together in order to drive the outcomes, [the better]. … I think that you're seeing now more security companies are talking to each other and they're partnering with each other. That just takes that value and expands that value across the entire channel."

However, that integration also means different things to different people. Sophos Vice President Of Global Channels Kendra Krause said the security vendor is working to integrate its own technologies together, rather than those of third parties, across network, endpoint, server, email and more to provide a single-pane-of-glass management for its partners. She said that will help provide the predictive qualities that she said defines next-generation security.

With that evolution of security, the channel chiefs all agreed that the partner models need to evolve as well. Crowdstrike's Polly said partners, including managed service providers, need to evolve to meet this new next-generation model of security. He said MSPs can't just manage security logs anymore and need to specialize and provide more advanced security services, including remediation and incident response.

"Managed service [providers] really have to innovate and become the experts on how to remediate those problems," Polly said.

Todd Weber, vice president of partner strategy and research at Denver-based solution provider Optiv Security, said he sees customers in a transition between legacy and next-generation technologies. He said "less mature" customers tend to request legacy technologies to build a security foundation, then as the program matures will ask for more startup technologies. He said as companies mature they generally have a "higher tolerance to try new things" around security.

Weber said Optiv looks to help customers navigate that evolution, evaluating their maturity and helping them pick technologies based on their risk tolerance and technology needs. Then, he said Optiv will play a role in helping the customer adapt as it matures over time.

"We typically look at the maturity of a client’s information security program to base our technology recommendations as well as what combination of people and processes they need to achieve positive outcomes," Weber said.