I’ve spent over 25 years now in the channel supporting enterprise IT in some form or fashion. After a certain amount of time, conferences, and enough “give us an hour of your time!” webinars to fill an entire year, you may say I’m … jaded? Seasoned? I’ve worked with Next-gen, next-next-gen, and Next-Gen-X-Gen over the years. So often in security, the advice we give is a bit boring and … well, not sexy. Patch your stuff, keep up to date on vulnerabilities, make sure you’re properly using what you’ve already paid for.
Yawn. That’s … vanilla.
Even so, vanilla pays the bills. And over time, you tend to be skeptical of something that you hear is “holy cow, you gotta see this” or “dude, seriously, this is amazing”.
Occasionally, though…the hype is real.
I’ve recently had the opportunity to join Digital Shadows, who have built an amazing offering in the digital risk protection and threat intelligence space. The technology, the analyst teams, and the direction the company is going is very impressive. I think this space is poised to really become a critical piece of enterprise IT, by connecting internal risk identifiers to known and discovered external risk factors.
While this is a relatively newer space for the broader IT market, some Security Operations Center (SOC) managers and CISOs have begun to identify and connect their internal infrastructure information, internal datasets, and internal alert data to external data that correlates or is a direct result of some internal action. For the broader market, especially the MSSP space, layering in digital risk protection and threat intelligence to their technology stacks will allow them to provide a much more comprehensive offering to their customers, enhancing both value-add and reputation.
In typical/legacy SOC situations, when we consider their “traditional” workflows, it’s about alerting on typically internal issues – C2C beaconing, DLP, non-specific/non-protected data leakage, malicious exfiltration, or other potential exit vectors. Modern firewalls, SIEMs, and endpoints have become very good at detecting and defending these items, but the risk still exists of confidential company or personnel data being placed purposely or accidentally on the public Internet. Whether it’s through employees, contractors, or other suppliers, keeping control of data is increasingly difficult.
In many cases, typical SOCs don’t have a good view of this data – either what’s out there, or where it came from, or even how long it’s been out there. In addition, the “freemium” threat feeds and Open Source tools, while quite powerful, can be very information dense or require a steep learning curve. Many organizations are looking to continue to outsource these functions.
By connecting external data sources and information to existing internally focused tools and workflows, organizations can see:
- Where the data came from
- Where the data went
- And how long the data has been there
With this added visibility, it makes it possible to identify gaps in existing controls, such as firewall rules, DLP rules, endpoint enforcement rules, SIEM alerting, and even audit and privacy rules. This ‘inside and outside’ view allows further refinement of the large volume of alerts for SOC managers, helping to identify truly risky items vs. “noisy” items.
Finally, this isn’t a heavy lift for our customers. As a completely SaaS-based platform, with no touch to a customer infrastructure, we can begin providing intelligence and value from the moment a customer signs on. You don’t need to be an expert – let us do that. If you have expertise, fantastic – let us be in your back pocket, there for you to call on as needed.
From a partner standpoint, we are excited to announce some high points from 2019 in our Channels and MSSP programs. Our partners have seen significant increases this year. In fact:
- We more than doubled our % of ARR sourced by channel from 2018 to 2019.
- Two of our US-based MSSP partners attained Platinum status within the first year.
- Several global MSSPs want to either white-label our technology or co-brand our platform.
- We are typically running a new POC/Test Drive for our current partners weekly – once a VAR/MSSP sees our platform, the lightbulb goes on.
Those MSSPs and their customers are seeing Digital Shadows as a differentiator to their portfolios, and integrating it into their offerings. MSSPs who leverage our platform will be seen as leaders; they can bolster their skills without massive infrastructure investment and provide their customers with relevant data, which keeps that MSSP sticky to their customers.
Between the technology behind the scenes (ask me, it’s super impressive), and what I’ve seen in the security space and IT organizations, the digital risk protection market segment will be one to watch. Keep your eyes on us, and always feel free to hit me up with questions. Find me on Twitter (@DavittJPotter) or LinkedIn.
Davitt J. Potter: Director, MSSP and Channels, Americas
Born and raised in the Black Hills of South Dakota, Davitt has over 25 years of experience in the OEM, VAR & MSSP channels realm. From starting as a field services engineer fresh from school at the South Dakota School of Mines and Technology, and eventually defining and managing IT operations and strategy for numerous companies in a CTO capacity, he has a deep understanding of how our increasingly technical sales need to be properly positioned and supported. Davitt has developed and implemented go-to-market strategies including technical and sales enablement which have increased top-line revenue growth and improved efficiencies within the teams and has also developed and managed post-sales & services programs. Still an avowed technologist, he is always looking for what’s around the next corner.