Sealing the Deal With Security Certifications

When it comes to security, obviously no company--big or small--takes it lightly these days. Selecting the right solution provider for the security job is a task that also takes serious consideration.

In the case of Pyrotek, a Spokane, Wash.-based supplier of consumable products and melt-treatment solutions for the aluminum industry, it went directly to the source and contacted Symantec for help in selecting a solution provider.

Pyrotek had been a Symantec shop for some time, but was in need of a security-infrastructure makeover of sorts. Preferring to work with a local, trusted third party, the company was looking for a VAR. But without a large selection of solution providers in the area to choose from, Michael Brandley, network operations manager at Pyrotek, turned to his Symantec rep for a recommendation. "Pyrotek has been using Symantec products as the antivirus standard since before I got there," Brandley says. "And as we've grown and gotten more sophisticated, [we've been] living and relying on Symantec for every facet of our security."

Symantec recommended Colorado Springs, Colo.-based Advanced Internet Security (AIS), a solution provider with extensive Symantec certifications that had worked with other customers in the Washington area. "We're not a small company, and we're not a really big company where we can hire a specific security expert to be knowledgeable in every aspect of security," Brandley explains. "Having a partner that can help us in these decisions is very helpful."

AIS was initially enlisted to simply renew Pyrotek's antivirus licenses. That led to discussions about general security issues. "They were looking to improve their overall security infrastructure, making it more robust," explains Gary Cannon, president of AIS. "They had multiple locations and wanted to protect everything with an integrated approach."

But, first, AIS helped Pyrotek renew and streamline its licensing structure. "We put them into some better pricing structures," Cannon says, "moving them to an 'Elite' contract to reduce the pricing and, at the same time, bring everything together so it all expires at the same time." Cannon explains that an Elite contract requires a customer to sign on for two years, instead of one year at a time, but in return offers a 20 percent discount below the corporate MSRP.

Then it was down to the real business at hand: helping Pyrotek better manage its entire security infrastructure. Pyrotek had multiple tiers of Symantec products, from firewall to e-mail protection, desktop antivirus and Symantec client security. The company also went through several acquisitions, and, as a result, was left with various combinations of firewalls and the like. "We wanted to standardize our platform," Brandley says.

So AIS recommended the Symantec Enterprise Security Architecture (SESA), which collects and manages security information--such as virus alerts or intrusion alerts--from various Symantec security products across the enterprise and displays it in the SESA Manager centralized console.

"It's like a database that takes the information from various Symantec servers and clients, providing an interface to see what's happening all around," Brandley says. Basically, instead of logging into individual servers, the information is brought into one management interface, where the policies can be more efficiently managed, he explains. In addition, specific policies, or rules, can be rolled out on the SESA console to update the appropriate products. "It's much easier than going to each box and putting the rules in place," Brandley adds.

Pyrotek purchased the SESA solution roughly six months ago from AIS and is still in the process of implementing the complete product. AIS has been on hand with its expertise, but Pyrotek is doing the actual implementation itself. "Most of our support has been recommendations on the technologies to deploy and how to configure things," Cannon says. "When they have questions, they come to us."

But AIS has been called into action with one of Pyrotek's international offices. When a hardware failure occurred, Cannon took it upon himself to procure a replacement device, configure it and ship it down to the Mexico office. "Because of the difficulties in getting distribution and shipping abroad, we shipped our own product down there while we waited for one from the distributor on our side, so they could be up and running again as soon as possible," Cannon says.

Certification Clout

One-third of AIS' business comes from Symantec referrals because the solution provider is certified on some acquired products from Accent, and helped with training and demos of the products for other Symantec resellers. "We deal with not just a single product, but all of the products either on a point-product or integrated-product basis," Cannon explains.

When it comes to closing the deal with customers, Cannon says it's most important to be able to demonstrate expertise on the technology the customer wants. For that reason, Symantec certifications give customers a higher comfort level because they show that the company has gone through a formal process to prove its abilities with the technologies.

From Brandley's perspective, the certifications were key. "I think that's one of the main reasons we decided to ultimately go with AIS, because they're security experts, and they're completely focused on it," he says. The security focus enabled Brandley and his team to communicate their challenges and goals around the company's security initiatives more effectively.

More specifically, Brandley says he was looking for "someone who's an expert not only in security, but on the specific products we're relying on to mitigate our risks."

Cannon says his company runs most, if not all, of Symantec's products in its lab and undergoes training whenever updates or new versions are released. "Security is a constant," Cannon says. "Dealing with spam, spyware and viruses can be full-time jobs for quite a few people, especially in the enterprise environment." In the end, Cannon says the best thing to do is "close the gap between the time something is done by hackers or spammers and the time you can fix it."

While Cannon says his customers run the gamut from large enterprises to small shops, midmarket customers are where he's seeing a lot of uptake in security products. "They're feeling vulnerable and seeing all the spam and viruses that are out there," Cannon says.

And vendors are taking notice and positioning products for them. Where enterprise customers might spend in the hundred thousands on solutions, the equivalent products for midmarket customers are now available for $5,000 to $10,000. "It's a good thing there are integrated, cost-effective solutions out there for smaller customers to protect themselves," Cannon adds. "It's more than just a firewall or antivirus protection for them these days. It's about intrusion detection, content filtering and having everything integrated so it's efficient and effective." *