Technology Reseller - v10

technolog y reseller.co.uk CYBER SECURITY 43 The product lends itself to the channel really well because it is very straightforward to demonstrate; and it’s very easy for customers to get a fast time to value, so the partners we are working with really love it. the business and maybe something a bit cheaper like Nessus in another part; they will have an application security solution, WhiteHat or Veracode; they may be using ServiceNow. So, there’s lots of pieces of infrastructure. We are not looking to replace any of that. What we do is connect to all of it, draw it into one place, normalise the data and make it useful so you can actually do something with it. TR : Who are your customers? Are they all very large organisations? TC: We work with a very wide range of organisations. My smallest customer in Europe has probably only 100 assets. If you have 100 assets, you probably only devote half of one person’s time to security. You scale your resources in line with the number of assets you have, so the problem is the same. If I say to you ‘You’ve only got two hours a week of somebody’s security time’ and you’ve got 460 vulnerabilities to look at, it’s just as daunting as if you’ve got 50 people and 10 million vulnerabilities. It’s a scale issue. I think the most important thing is making sure our customers have a way of looking at this from a risk-based perspective so they make the right decisions about what to do. We see more people log in from IT than we do from security and the reason for that is because it works. The IT team can log into our system; they can see what they need to patch; but, more importantly, they can see why they need to patch it. They can see why they need to do the few things that will make the greatest difference to their risk score. TR : What feedback have you had from customers that are using your platform? TC: We’ve already got quite a few customers in the UK and Europe and they give a lot of different reasons for why they bought it. Primarily, they centre around: ‘We now do less, we are much more efficient and we are much more effective’; and ‘We are nailing the vulnerabilities that fill the business much earlier and much more precisely than we were previously when we were working off a spreadsheet’. We are talking about switching from multiple spreadsheets with the mother of all pivot tables to an ability instantly to look at the risks in a business and make really solid decisions about what you are doing and why you are doing it and the ability to measure that, report on it and evidence that to management. So, when management say ‘What has security done for us recently?’, they don’t have conversations about Bad Rabbit, Meltdown and Spectre; they have conversations around ‘Our risk score today is 420 for the Linux part of our business. Is that acceptable to you? If it isn’t, give me more resources and I will drag that number down’. You can measure the efficacy of what we are doing. TR : Do you operate entirely through the channel? TC: We are 100% channel. Every business we find we take to partners and all of our marketing budget bar Infosec will go through partners. We are totally committed to that way of business. It’s not altruism. It’s good business sense. We have the ability to scale, the ability to reach many more customers, more quickly. The product lends itself to the channel really well because it is very straightforward to demonstrate; and it’s very easy for customers to get a fast time to value, so the partners we are working with really love it. From our perspective, we have much more reach than we could possibly have with our direct sales people, not to mention the ability to operate in different geographies and languages as well. TR : Why are you launching in Europe now? TC: The business has taken the eminently sensible approach to build a solid base of customers in the US, where the HQ is, and then move into Europe in a considered fashion. We are building a UK business first and we have some customers in Scandinavia, some coming on board in Benelux and a distributor in South Africa, Obscure Technologies. We will react to customers that reach out to us wherever they may be in Europe, but our focus is on building the UK, Benelux and Scandinavian business. I am looking to recruit 12 partners in the UK. I prefer to have really deep relationships with a smaller group of partners, rather than very transient relationships with hundreds and hundreds of partners. I like to operate with people who really understand what we are doing, really believe in what we are doing. We are already working with Securelink across the region. They are a fantastic reseller; they are committed; they are dedicated; they really understand this space; and they provide a great managed service offering called Secure Prevent, as well as the ability for customers to buy Kenna and operate it themselves. www.kennasecurity.com Prioritise Application Vulnerabilities According to Risk The Kenna Application Risk Module identifies and prioritises application vulnerabilities by risk, giving security and DevOps teams, developers and executives the context they need to fix the highest risk application vulnerabilities.