Customers are turning to extended detection and response (XDR) for a broad set of automated and wholly integrated security capabilities, according to executives at Cynet.
The Boston-based autonomous breach protection platform has taken on the challenge associated with managing multiple discrete capabilities in a customer’s security stack and providing around-the-clock monitoring and response for those capabilities, said Bryan Leggett, VAR channel account manager. Cynet gives customers more visibility into threats as well as the ability to hunt for issues in their environment.
“They [partners and customers] don’t have enough qualified staff to be able to manage all the technology,” Leggett said Monday during an executive briefing at the 2021 Best of Breed Conference , hosted by CRN parent The Channel Company. “Even the staff they do have often don’t have the skill set required since they’re not SOC [Security Operations Center] analysts.”
Cynet plans to sell exclusively through the channel starting at the beginning of 2022 and offers margins of 35 percent for its base platform, with opportunities for partners to further increase their profitability by wrapping their own services around the company’s technology, according to Royi Barnea, head of channel sales for North America.
Partners looking to deliver a best-of-breed experience security today often end up having to manage four, five or six different vendors of their own, Barnea said. With the stand-alone model, he said solution providers often resort to selling add-on products at a discount to make it affordable for their customers to have endpoint protection, cloud assessment, a SOC, and managed detection and response services.
“When you’re selling one consolidated XDR platform, it’s a single setup,” Barnea said. “Your win rates are higher, and your margins are higher as well.”
Cynet offers around-the-clock managed detection and response (MDR) for interested partners as part of its XDR platform, Leggett said. Unlike competing offerings that require two, three or even four full-time employees to manage all the different components of XDR, Leggett said Cynet’s XDR platform can be managed by just a single half-time employee.
“We definitely solve a problem when it comes to the time, the effort, the staff, and the skill set needed to do XDR,” Leggett said.
Some solution providers rely fully of Cynet’s MDR capabilities to service and support customers, while other partners offer the first layer of support themselves and sign a retainer with the company to provide Level 2 or Level 3 support to their customers, Barnea said. Cynet’s XDR includes next-generation antivirus comparable to other players in the market to satisfy compliance requirements, Barnea said.
Where Cynet differentiates itself, though, is by including deception technology as part of its XDR platform, which Barnea said is the single most effective way of catching ransomware gangs in the act. Most deception tools on the market today are very expensive, intended for the midsize or large enterprise, and require at least two or three dedicated employees to manage, according to Barnea.
“The investments that we made from day one can be seen in how automated our deception solution is,” Barnea said. “It’s one of the coolest technologies that we have today.”
Cynet also goes beyond the user behavior analysis offers by many competitors to analyze the behavior of entities as well, according to Barnea. This can help with everything from identifying out of the ordinary behavior by PowerShell and applications leveraging misconfigurations to evade firewalls to traffic running between different VLANs or between Office 365 and a CRM system in violation of customer rules.
The company’s log collection, Security Information and Event Management (SIEM) and SaaS Security Posture Management (SSPM) capabilities are completely automated across the investigation, correlation and remediation phases, Barnea said. The company’s MDR provides access to 13 people in each shift who are experts in malware research, reverse engineering, ethical hacking or incident response, he said.
“We really need tools that will enable us to do much more with automation,” Barnea said. “Our XDR is ready to take all the telemetry from all those different sources, put it in a single pane of glass, and really address consolidation.”
XDR is an all-encompassing way to keep customers safe even if users are adding machines without the knowledge of their channel partners or IT department, according to Craig Hickman, vice president of sales at Bloomington, Ind.-based ProBleu.
Adoption of XDR has been strongest in compliance-driven industries like financial services and medical, while some customers in less regulated sectors like manufacturing and retail aren’t willing to pay for much beyond antivirus, Hickman said. Cynet’s technology sounded interesting to Hickman, who plans to research the cost and if it can be procured on a month-to-month basis. ‘
”Every customer has their pain point,” Hickman said. “How much cost are clients willing to absorb?”
Read More:Cynet: Automate, Consolidate Security Functions With XDR