Big Data And Security: Solera Sees The Opportunity For VARs

Solera Networks rolled out a new channel partner program that it said could help VARs and service providers take advantage of enterprises' growing interest in tapping into big data repositories for security intelligence.

The South Jordan, Utah-based company introduced its 20:20 Partner Program, aimed at network security solution providers that can sell, install and maintain its DeepSee platform. DeepSee collects network packets and flows and can integrate with SIEM and IDS/IPS appliances, next-generation firewalls and anti-malware platforms. The company has technology partnerships with HP-ArcSight, LogRhythm, McAfee, Palo Alto Networks, Q1 Labs, Splunk, Dell SonicWall, Arbor Networks and Sourcefire.

In addition, Solera is readying a new DeepSee "black box" recorder that can be deployed by an enterprise and only be used by managed security providers and incident responders after a breach takes place. Partners offering incident response services can deploy the DeepSee black box to their clients for free. The appliance acts as an alarm system, silently monitoring what is happening on the network.

[Related: EMC's Greenplum: These 10 People Get Big Data ]

Sponsored post

"In the event of a breach, the service provider would break the glass and access the data they need to determine what happened," said Alex Seton, vice president of worldwide channels and strategic alliances at Solera. "At that point, costs would be incurred once the black box is recovered."

The trend for big data security analytics is now emerging as large organizations collect network packets and proactively mine them with logs and other data for security intelligence, said Jon Oltsik, a senior principal analyst at Enterprise Strategy Group.

Incident responders often connect their own inspection tools to network capture appliances when conducting breach investigations. Appliance makers' goal is to have strong analytics and incident detection and alerting combined with easy-to-use dashboard displays, Oltsik said.

"The traditional tools people use for incident detection are either not accurate or not scalable," he said. "It's about analytics and visibility; whatever vendor can look at realtime logs, flows and IP packets and bring those things together with the best rules and visualization wins."

Seton said Solera has been working with the channel on targeting midsize and large enterprise companies for the past year and a half. Solera typically sells to government accounts, but threats have moved from government to commercial enterprises trying to safeguard intellectual property, Seton said.

"We've seen that trend over the last two years and hence we need a commercial channel as well," Seton said.

NEXT: Solera Partner Sees Potential

DeepSee is sold as a preconfigured appliance, hosted or as a virtual appliance. The platform was created to provide data to mine after a breach takes place, but it has grown to support continuous monitoring, malware detection and policy compliance, Seton said. It can be a boon for professional services organizations or for firms offering integration with other network security platforms, he said.

Solera was one of the earliest vendors specializing in network capture technology and currently has the most robust capture appliance on the market, said Jason Miller, CEO of Gambrills, Md.-based Critical Resources Group, an early Solera partner. The company's forensics tools were not robust early on, but they have significantly improved, Miller said.

Potential enterprise clients may use Solera with other forensics tools, Miller said, noting its integration with the FireEye antimalware platform, the Splunk log monitoring and reporting tool, and Palo Alto Networks' intrusion prevention appliances to proactively investigate a problem.

"Their integration with other security industry partners makes it easy to integrate it within your architecture," Miller said. "It's also offered as a virtual appliance, which makes it easy for companies with a small footprint."

Under Solera's new channel program partners can register as either a Premier Partner or Authorized Reseller. Partners must commit to $500,000 in sales bookings, at least two sales engineers and a certified expert. In return, Solera gives Premier Partners renewal protection, lead referrals, funds for market development and around-the-clock support. Partners also get in-person sales and technical training and are required to have not-for-resale Solera units.

Seton said the company's sales territory reps will work closely with resellers to collaborate on a go-to-market plan and exchange leads. The company will ensure that territory reps are incented to work with the channel, he said. Solera did a 20-city roadshow series with FishNet Security last year, gaining a perspective on how to build success with partners, Seton said.

No revenue commitment is required to become an Authorized Reseller. Resellers get online technical and sales training, sales tools and access to all sales and service resources through Solera's partner portal.