I’ve had the distinct privilege of meeting with more than 100+ value-added resellers (VARs), managed service providers (MSPs), systems integrators, (SIs) and, independent software vendors (ISVs) during the last six months from four different countries. While this represents a diverse group of partners, the topics we discussed were quite consistent:

  • How do I assure my customers that they’re protected from threat actors?
  • Where do I start and how do I profit?
  • With more than 5000 point solutions in the cyber security market, how do I know I’m partnering with the right ones?

These are questions the industry is wrestling with, including the likes of Amazon, Microsoft and Google!  The FBI announced that more than $325M of successful ransomware attacks occurred in the last 12 months.  Assuming the average ransom is $10k, this means 32,500 successful hacks occurred in the last year, or 89 per day! Clearly, firewalls aren’t enough, yet a large percentage of IT spend in security is dedicated to exactly that.

I’ve spent the last eight months learning how hard it is to prevent threat actors from succeeding, and counseling partners on how to help their customers become secure. There are a few principles we’ve learned over the years that I want to share in hopes of helping answer some of the questions above and truly protect your customers’ businesses. I’ve framed them in terms of common mistakes that VARs, SIs, MSPs and ISVs should avoid.

  1. Starting from the Outside In

The last 10 years have seen accelerated growth and interest in firewall technologies and end point protection of compute/mobile devices. Unfortunately, great security isn’t built from the outside in. It’s designed from the inside out. If you want to protect against a threat, you need to understand what the threat is after. Are they after the credit card numbers stored on your phone? No. They’re searching the most value data the business has; credit card numbers, trade secrets, intellectual property, customer data, etc. All that data lives on servers either in the customer’s data center, a co-lo facility, or the public cloud. The best place to start being secure is understanding which servers house your most valuable data, and start securing those. Now.

At Armor, we use a combination of seven different security tools to secure, harden, monitor and prevent threat actors from attacking our customers. We take all event and alerting information and correlate it through our SIEM using proprietary scripts (and eventually machine learning). These insights allow us to screen out the noise so our security analysts can identify when a threat actor is actually attacking. While there’s more to it than that, including Armor talent and processes, this represents the fundamental first step of any security conversation: identifying the digital assets that need to be secured and secure them first.

  1. Underestimating the Talent Gap

Cybersecurity talent is unique, in high demand, and the industry is facing one of the largest talent shortage across any industry.  More than 250k cyber security jobs go unfilled in North America alone. The talent gap isn’t just for industry headlines, it’s real.

Only the largest, best funded Fortune 500 companies in the world can afford to attract and retain the kind of talent required to construct a successful security posture. Couple this with the increasing level of expertise, funding and support threat actors continue to grow – making it incredibly difficult for CIOs to secure and actively protect their environments on their own.

  1. Focusing on tools, not security outcomes

What customers are rapidly realizing is implementing security tools isn’t the answer. All they do is block previously successful attacks and notify when something suspicious is occurring.  Unfortunately for the security tools industry, threat actors are changing their attacks faster than the companies can update their tools.

At Armor, we use the metaphor of Blacksmiths vs. the Knights. There are more than 5000 security tool vendors, the Blacksmiths, making different sized swords and shields to throw at the feet of a customer.  Unfortunately, threat actors are constantly innovating so, as soon as you implement the shield that blocks last year’s attack, threat actors are using catapults to bypass your shield.

The only way to protect customers today is to focus on the outcome. What data do they need to protect? Construct the right security posture (tools and process), and then hire skilled and experienced knights to defend and conquer 24x7x365.

In summary, defending customers from cyber threat actors is hard, complicated and a 24×7 job.  If you consider yourself a strategic advisor to your customer, hopefully, you can leverage the lessons above and start them down the right path. The good news is, if you’re the partner that makes a customer’s life easier, safer and better, then you’ve earned a customer for life!