… other security technologies and can gain value by adding SecBI on top of their existing technologies. This can play out as an add-on sale, possibly bundling with VAR services as well.
SecBI offers two training and certification options. For IT, the training is about how to install and configure SecBI to integrate our technology with existing systems. The second option is aimed at Tier 1, 2, 3 analysts and hunters on how to use SecBI’s technology and configure new playbooks to match organizations’ SOC processes. Each analyst completing the training will receive SecBI certification.
CP: Quick-hit answers: Percentage of sales through the channel, number of partners, average margin. Go.
DD: SecBI sells completely through channels. When we have direct customers, we connect them to the most relevant channel. Although still a startup, SecBI already has 12 partners worldwide, mainly based in the United States, Canada, France, Poland, the United Kingdom, Spain, Italy and Japan.
CP: Who are your main competitors, and what makes your offering better?
DD: Network visibility to malicious communications is sometimes achieved through packet capture, but that requires using appliances (sensors) at various parts of the network. The main vendors in this market are DarkTrace and Vectra Networks. SecBI achieves the same if not better network visibility to malicious communications by collecting metadata from existing infrastructure such as web gateways and security information and event management (SIEM) without the installation of any extra hardware.
Another advantage may be understood in contrast to other machine-learning vendors. SecBI uses unsupervised machine learning with an approach called cluster analysis to detect unusual patterns of associated activities that would not be detected by looking in one particular area, nor by comparisons of anomalies to a baseline of normal activities. Most threat-detection solutions that claim to use machine learning are using supervised machine learning, which uses a baseline to look for anomalies — but with today’s advanced attacks, that approach no longer works. Unsupervised machine learning and cluster-based analysis do not require building a learning curve or baseline, and they begin to detect true threats immediately.
CP: How do you think your technology portfolio will change in the next three years?
DD: SecBI is actively adding additional technological integrations and support to enable better detection, hunting and remediation suggestions. As the market moves toward faster (some would even say to automated) remediation, SecBI is adding capabilities for automated remediation and prevention on top of our precise detections. Over the next three years, SecBI is poised to become the center of the advanced SOC by providing connectivity to all security systems, including remediation and prevention. These extra functionalities will enable our MSSP partners to gain instant analytics and connectivity for their SOC as a service, as well as for their deployed on-premises SOCs.
CP: How do you expect your channel strategy to evolve over that time frame?
DD: Over the next three years, MSSPs will become more dominant in all security offerings for customers. SecBI’s technology will become the cornerstone that enables this transition. European customers, who are slower at adopting MSSPs and prefer VARs, will enjoy a one-stop shop for all their security needs, including connectivity, analytics and response, through the VARs that also sell SecBI.
CP: What didn’t we ask that partners should know?
DD: Potential partners should know about ramp-up time and maintenance. One of SecBI’s strongest features is the simplicity of our deployment, usage and maintenance with our software-based approach. Many of our partners came to us due to either high maintenance costs or negative experiences maintaining too much infrastructure on-site. Our partners enjoy a machine learning and analytics system that is sophisticated, yet simple to deploy and maintain.