Security automation and orchestration (SAO) is going to be big in the channel, so much so that it will replace security information and event management (SIEM) in the fight against cyberattacks.
That’s according to Chris Jordan, CEO of SAO startup Fluency Security. The company automates correlation, detection, validation and ongoing tracking through artificial intelligence and machine learning to reduce the dependence on human analysts.
The global security orchestration market is estimated to grow from $826 million in 2016 to nearly $1.7 billion by 2021, at an estimated compound annual growth rate (CAGR) of 15.3 percent. The major forces driving the market are the rise in security breaches and incidents, rapid deployment and development of cloud-based services, and growth in the BYOD trend, affecting SMEs.
In a Q&A with Channel Partners, Jordan talks about his company’s work with the channel and the evolution of cybersecurity.
Channel Partners: What led to you becoming CEO of Fluency Security?
Chris Jordan: I went into a startup in 2000 that was acquired by Verizon and I started my own company, Endeavor Security, in 2003 for fast-moving viruses and worms, and services; and that company was purchased by McAfee in 2009. I left McAfee in 2012 and started … Fluency Security, focused around security automation and orchestration. And the objective is to grab all of the information that exists not only inside a network, but also in the cloud and cloud services, and combine all of that data so somebody has the vision in order to make a decision to automate a response.
CP: What has been your experience working with the channel?
CJ: I didn’t really have any channel partners before, but this time around we started the company and we focused on slowly generating channel partners. So it’s kind of new to me. I kind of learned from past history that how much support you can give an organization is really what makes a channel partner successful. So we’ve been doing a lot of development around the capability of creating slide decks … white papers and use cases, just all the materials necessary for somebody to be able to do a sale as if it was in-house. We give all of that material to channel partners to help them with leads and the marketing. We go out and try to get as much brand awareness as possible to try to make it easier for the channel partners to execute.
CP: Do you have a formal partner program in place or is that something planned?
CJ: We did create a channel partner deal-registration capability. We use a company called Patriot Technology out of Frederick, Maryland, as our distributor, and so we created a formal process around that. We have a vice president who came from a previous company that did a lot of value-added reselling, so he’s helped shape the channel -artner capability to make it more formal. We do focus a little bit more on the speed of the engagement and the ease of use, even in the engagement from the channel side.
CP: How is security evolving? Where is it heading?
CJ: If you were to take a look at where security is today, you have to understand security is what we call a nonfunctional requirement, which means it’s not part of the business. It’s kind of like insurance; it helps make a company execute better and makes sure it does so without loss of profit and stuff like that. And so when we look at how security changes, really we have to first ask how has business changed. And what we see in business is that there’s a lot more than just what we call hybrid architectures, but a lot more things like cloud infrastructure, IT in the cloud … you see now a lot of cloud-oriented, both infrastructure and back office. And so to handle that, security kind of loses what it used to be. So before when we ran security, it was all about the network, but now it’s changing; it’s all about a user.
So there [are] two main products that have been introduced in the last two to three years that have gained traction. One is what they call cloud access security brokers (CASB) … and the other one is security information and event management (SIEM). Those are being displaced by SAOs. The idea is that … the information is doubling, the log information is doubling and so there’s just more information than people can handle. And then you’ve heard the other argument, which is that there [are] not enough people to do the work. So in the security industry, we now have automation to try to handle the gap of redundant processes, but also to make better decisions, and that’s what SAOs are all about.
CP: You expect to see a big focus on SAO in the channel. Why?
CJ: For the most part, security operations centers (SOCs) are divided into three levels. The first group is in monitoring, the second group is in response and the third group is the repair. So when you talk about the channel partners, most of the channel partners make the most money on the level 2 and level 3 work. And so what we’re doing – and what the SAO allows – is these smaller channel partners to scale and to do a very good job with the monitoring without the high cost of monitoring (through automation). Monitoring itself is very expensive because for every person who sits down in a (24/7) operation, it takes six people to do the work. Most SOC operations cost a minimum of $1.2 million to operate. So for these channel partners to have services that are diligent (24/7) and to do it with quality, they need SAOs to help them have quality people reviewing the data and determining the issues.
CP: Does SAO eliminate barriers/issues partners are facing in security?
CJ: It definitely takes down barriers because the biggest issue in security is finding qualified people. So if you can have tools that amplify people’s decisions and amplify people’s knowledge, then these companies … don’t have to have as many people as smart as they would have if they were to do this (24/7) and doing the monitoring. And also it adds consistency in the product line. So there [are] a lot of benefits.
CP: What are the goals for your company’s channel strategy and business strategy?
CJ: Our overall goal is to develop really strong regional channels. And the reason is because … there’s nothing better than to have local, qualified people. When there’s an issue, and somebody can drive over and be in a meeting face to face, and sit down and work with the customer, or listen and say, “Oh, you need this to do this better,” that’s where the real power of the channel comes in. People don’t just buy a product just because of that product … it’s that service of that local touch.
CP: What is your percentage of indirect versus direct sales?
CJ: I think last year about 60 percent of our sales were direct. From the growth curve, I’m not really focused on our direct sales as being what’s going to drive our company. And the reason is … to scale, and maintain relationships and quality is just not going to occur if we maintain direct sales. We need to increase the people that we have out there by region, and that’s what I look toward the channels for. As we gain more regional insight, we turn toward channels for the sales. So I expect the numbers to flip-flop and eventually the majority of work to go through channels.
CP: Who are your customers in terms of verticals?
CJ: We found our strength to really be in two vertical markets. Financial and insurance is one, and the other is health care. Those two areas have been the backbone of our company as far as commercially. We do have one government client who’s been awesome, but we’ve never really focused on the government. A lot of our success has been in Texas, Oklahoma, Louisiana and Arkansas, and when it comes to size, it’s the mid to large [businesses].