SparkCognition Targets MSPs With AI-Based Endpoint Protection

SparkCognition is looking to make a big play with MSPs for its artificial intelligence-based endpoint protection product, DeepArmor, which the startup says can do a better job of detecting advanced threats without creating performance issues.

In an interview with CRN at The Channel Company's XChange 2018 event, Bryan Lares, SparkCognition's product management head for cybersolutions, said the Austin, Texas-based company launched its partner program for MSPs earlier this year, providing them with sales enablement resources, staff support, sales incentives and integrations with tools for remote monitoring and management, as well as professional services automation.

"There's a lot of benefits to switching from legacy security solutions to AI-based, next-generation solutions," Lares said.

[Related: Expert: Safety Will Trump Compliance In Future Security Conversations]

Those benefits include better performance, which Lares said is the result of DeepArmor not requiring daily or weekly scans, as well as having regular updates. Another advantage is the need to do less post-infection remediation because of DeepArmor's ability to see threats that other offerings can't.

Founded in 2014 by Amir Husain, SparkCognition has 230 employees and has raised $73.5 million in funding from investors, including former Cisco CEO John Chambers, former Cisco executive Pankaj Patel, Verizon Ventures and The Boeing Company.

DeepArmor does not require regular updates because its machine-learning models are trained on "millions of samples" of malicious and benign files, from which it has learned more than 20,000 characteristics, according to Lares. Instead of taking a signature-based approach to detecting threats, DeepArmor looks at the underlying characteristics of files to determine if they are malicious. This, Lares said, allows the software to find malicious files that have been obfuscated and mutated into new variants that would typically fly under the radar with traditional security offerings.

"We can take a model from a year-plus ago and easily detect most new variants of malware," he said, adding that DeepArmor's machine-learning models are updated once a quarter.

Lares said DeepArmor's detection engine can also get 30 percent better efficacy rates detecting new malware than other next-generation vendors and up to 60 percent better than first-generation vendors.

"There's a huge gap there that currently exists in all of these organizations that are deploying first-generation products," he said.

For example, one of SparkCognition's larger customers deployed DeepArmor across some of its systems and a more traditional security offering across the rest. When a new variant of the WannaCry ransomware had penetrated the company, the systems using DeepArmor were able to stop the malicious file in its tracks while it circumvented the company's traditional security systems.

With advanced detection, Lares said it can help save money for both partners and customers.

"Every time a partner's customer gets breached, there's a level of resource they have to expend to remediate that," he said.

Mark Jones, CEO of BlackLake Security, an Austin-based managed security services provider, said many senior executives have begun talking about the need to bring AI into security solutions.

"It's shifting that computing paradigm from rules-based programming to an outcomes-based approach," he said.

Just last week, Zscaler, one of BlackLake's vendors, said that it had acquired the AI and machine-learning technology of a cybersecurity startup called TrustPath, which Jones said has already generated multiple discussions with his customers.

"I think it's going to be one of those things where it's not a nice-to-have, it's a must-have," he said.

Lares said SparkCognition already has around five to 10 MSPs selling DeepArmor, including Revolution Technologies and Cyber Business Analytics. The company's channel chief is Rick Pither, who was previously a sales director at SecureWorks, AirVM and VMware.

"There seems to be quite a demand in the service provider community to start adding AI security products to their portfolio," Lares said, which is being driven by questions from customers about how MSPs are innovating and taking advantage of the latest technology. "I think our service provider partners are in a fantastic position to make that easier for customers because they can learn the tools, they can handle the deployment, and the customers get the benefits of the superior technology."

Jones said he finds the new wave of AI-based solutions promising and expects that every vendor will eventually add their own capabilities. That's good news, he said, because it gives customers a better fighting chance against an increasingly complex threat environment.

"This is absolutely going to be a game-changer, making sure the next 'CNN moment' doesn’t happen to our client," he said.