Who Did Solution Providers Pick As Their Security Startup Standouts For 2015?

Solution providers looking to build out their security practice need to think beyond standard antivirus software and network security appliances and instead evaluate some of the new startups that have come to market in the past few years, according to security experts interviewed by CRN.

For Justin Kallhoff, CEO of Lincoln, Neb.-based security consultancy Infogressive, choosing a winning security partnership goes beyond evaluating the effectiveness of the technology. Instead, vendors need to bring value to the table and have good relationships with early adopters, said Kallhoff. Infogressive partners with security startup Cylance as part of a broader strategy to address advanced threat detection and protection capabilities, he said.

"Cylance is pretty young for us, but I believe strongly in the people who are there and their ability to execute on their technical vision of the technology," Kallhoff said.

[Related: 10 Innovative Security Startups To Watch In 2014]

Sponsored post

Clients are asking for alternatives to traditional antivirus, which clearly is not detecting serious threats, Kallhoff said. Organizations want technology that can identify suspicious activity and custom malware, zero-day exploits and other sophisticated threats, he said. It’' been a longstanding trend that has caused revenue from sales of endpoint antivirus to decline to almost nonexistent levels, Kallhoff said of his business.

"Most people understand why antivirus is ineffective, and a dinosaur technology,’ Kallhoff said. "I would rather take my customers' money and spend it on something that gives them better potential success."

Cylance competes in a crowded space of emerging security vendors that differentiate themselves from traditional endpoint software and networking gear designed to detect threats and block them. Solution providers, IT consultancies and systems integrators should look at emerging technology that doesn't negatively impact the user experience, said Rick Holland, principal analyst at Forrester Research. The technology must appeal to systems administrators by providing actionable data and intuitive management capabilities, Holland said.

Above all, winning technologies reduce operational friction, Holland told CRN. Solution providers must ask vendors, "How do you enable teams with limited skills and staff to operationalize your tool effectively?" Holland said.

Holland has a long list of vendors that he is tracking. For example, Bromium, Invincea and Palo Alto Networks' Traps technology provide pure endpoint protection. CounterTack, Hexis and FireEye combine monitoring and threat detection with tools for removal.

Jim Matteo, CEO of San Diego-based Bird Rock Systems, said his company is partnering early with Vectra Networks, a San Jose, Calif.-based security startup that detects the subtle processes that criminals use in all stages of an attack and maps the extent of the threat and its risk profile for incident responders. Bird Rock Systems was responding to customer demand for alternatives to standard antivirus and networking gear, said Matteo.

"We are looking for companies that understand the channel, and Vectra was a good fit," he said. "The idea is to automate the process of finding better insight into an attack and the factors that raise its risk level."

Bird Rock Systems spends time helping clients ensure that resources are available to set enforceable policies and proactively manage the new security technology, according to Matteo. Technologies also must be deployed and configured properly to gain the biggest value from them, he said. Ultimately, organizations must reduce their attack surface as much as possible.

"Conducting security assessments is a big part of our business," Matteo said. "It's about addressing issues that caused a security incident to happen and tracing the other attack vectors to determine where else there may be too much exposure."

Other startups are using security analytics as a differentiator as well, including Prelert, Securonix, 21CT, Bay Dynamics and Narus, a subsidiary of Boeing. And some established security vendors are integrating their technologies to create a more cohesive platform, said David Monahan, a research director at Enterprise Management Associates. RSA, The Security Division of EMC is building its platform around its NetWitness appliance, positioning the analytics platform as the backbone of a security operations center. Meanwhile, BlueCoat Systems has added executives to create a cohesive platform around its Solera Networks packet capturing appliance.

Analytics are often tied to shedding false alerts or those that pose little or no risk, Monahan said.

"These technologies are being embraced because they provide a higher fidelity than a traditional SIEM," Monahan told CRN in a recent interview. "If you have a Swiss cheese environment you will have a lot of alerts to deal with, and the aim is to gain control of the chaos."

Working with the channel can be a challenge for vendor startups, however. Jarret Miller, a channel veteran who was recently named channel chief of cloud security startup Elastica, said the company is taking a systematic approach with its channel program. Elastica is 100 percent channel, Miller said, and is expected to unveil a deal with Accuvant. It takes time to build a channel presence, said Miller, who left another noted security startup, Bromium, to take the lead channel role at Elastica.

Security startups need to establish trust with partners, Miller said. Partners typically want assurance that the technology is viable and fits into their portfolio and skill set, he said.

"With emerging technology you typically take the approach of getting seasoned and skilled systems integrators or even boutique VARs first and then expand from there, but there is no right way to approach it," Miller said.

This article originally appeared as an exclusive on the CRN Tech News App for iOS and Windows 8.