The threat landscape has increasingly changed with cybercrime now being a commercial industry. This is making it easier than ever for threat actors to attack, adjust and attack again until they accomplish their objective. They tend to aim for the easy targets and extort a huge loot by exploiting a surprisingly small number of vulnerabilities, many of which current vulnerability management approaches do not consider as priorities. If security professionals are to stay ahead of the criminals, they have to be smarter and way more targeted in their approach — aligning it to what is happening in the real world. That is what cybersecurity company Skybox calls threat-centric vulnerability management. Michelle Cobb, CMO, Skybox Security in a chat with Channel Times delineates her views on the India market.
Channel Times: Why is it essential for companies to be able to see their attack surface to understand their security position?
Cobb: Comprehensive visibility of the network — physical, virtual, cloud and even OT — is essential to understanding where you are exposed and at most at risk. It’s key to being able to make smart decisions about where to prioritize action and direct resources. Too many companies are siloed when it comes to security data and intelligence. To use a metaphor, it is not enough to see just the trees, you need to see the entire forest to understand where fires could potential start — or where they’ve already started and you need to take action to put them out.
Why companies need to get smart with their approach to vulnerability management and the potential to use a ‘threat-centric’ approach, focusing attention on the most dangerous vulnerability exposures. Not only do organizations need to understand the context of their network, security controls and business, they need to combine this information with the intelligence of what cybercriminals currently have in their toolkits. With this internal and external context, organizations can focus on the small subset of vulnerabilities most likely to be used in an attack while also gradually reducing lower–level risks over time.
Channel Times: How challenging is managing security in the cloud especially for a market like India.
Cobb: The biggest challenges around security have to do with visibility (being able to gain visibility of your entire network, including physical, virtual and multi-cloud.) And, managing your security processes in very complex environments where your dealing with several different service providers and very different security control mechanisms.
Many companies will say they give visibility, but you need to ask what exactly they mean, as it’s often limited. We believe this “complete” visibility gives the needed context for extending existing security operations and processes into the cloud. It’s also important for managing the shared responsibility for security between the organization and cloud service providers (CSP).
Channel Times: What are the challenges to Cloud Security for the channel and what are your suggestions for addressing them?
Cobb: They’re dealing with the same challenges of visibility, complexity, fast changes in a dynamic environment that introduce risk, etc. In addition, they’re looking for ways to simplify the number of security technologies and vendors they’re working with. That’s why our platform is so popular. With Skybox, they can deploy a single technology for managing security across on-premises and cloud environments, eliminating the need to buy and deploy multiple tools.
Channel Times: Please explain your channel presence and distribution structure in India
Cobb: We’ve increased our presence to better serve this market because we’re seeing a lot of demand for our security policy management and vulnerability management solutions. For example, we’ve opened a support center in Bangalore to provide additional, localized technical support to customers in the region. As for our partners, we work with 15 top-tier channel partners in India, including Mahindra SSG, Valuepoint Techsol, Wipro and HCL. We add value to their existing offerings through our platform’s integration with more than 120 networking and security technologies their organizations are already using.
Channel Times: Skybox has announced a 154 percent increase in year-over-year revenue earned from Indian business in 2016. What were the top three services and the three key industry verticals the major numbers came from?
Cobb: Compliance is probably the number one driver for our business in India. Companies are in need of network automation to streamline workflows, data collection and analysis, tracking and reporting. They need these things because security teams simply can’t keep up with compliance requirements. So, our solutions for firewall and security policy management are really important.
We are seeing a lot of growth in vulnerability management, especially with the recent high-profile breaches like WannaCry and Petya/NotPetya.
Channel Times: What are your certification levels and explain your training initiatives for product managers?
Cobb: We offer two training certifications and a pre-requisite track for channel partners. The pre-requisite track offers a high-level overview of our platform, the Skybox Suite, and how to best pitch it to customers. The training certifications are Skybox Certified Sales Consultant and Skybox Technical Sales Professional. We offer online training for both. We also offer regional training programs.
Channel Times: In what ways are you enabling your channel partners in terms of training and profitability to excel the expectations of your customers?
Cobb: We enable our channel partners through our Skybox Partner Program which includes comprehensive onboarding and continuous sales enablement. We hold regular technical updates covering upcoming releases, new features, etc. and provide marketing resources through our portal. This year we launched our inaugural Skybox Rewards Program where partners can earn cash rewards for certain sales-related activities. It’s been extremely popular.
Channel Times: One feedback from few Indian channel partners focused on security is, your focus is only on select-partners in the topline business. Is it a planned decision to keep your product not to get into masses?
Cobb: We’re always open to new partners, but we’re not looking to blanket a region. We want to make sure a partnership is a good business fit for both parties. For example, we work well with traditional security VARs who understand networking, have service capabilities, and are interested in growing that part of their business. This can run the gamut of strong regional players to global ones. Our core customers are companies/organizations that have large, complex networks.
Channel Times: What are the pre-sales and post-sales support for your channel partners to reach out the CIOs and CISOs?
Cobb: Skybox offers pre-sales support with sales engineers (SE) and dedicated staff for the India market. We encourage on-going account and opportunity management with our sales and technical resources in qualification, value proposition presentation, objection handling and other sales and account management issues. We also offer post-sales support with our professional services, including things like Skybox Remote Management Services.
Channel Times: What is the market expansion in India for security products due to digital India movement?
Cobb: We don’t have detailed data to speculate on the market for security products and the digital India movement. However, it has been a driver of business for us and will continue to be so in the near future.