Technology Reseller v42

quickly to minimise any damage.” Managed services Cyberfit can help clients do this through a fully managed service, where they deal with all the remediation, use their own security analysts to analyse the data and look for indicators of compromise, or they can dial that service down and utilise the client’s own IT team to do various tasks, with Cyberfit providing a second line of defence/support. It is not just end user customers that need this sort of service. For the last three years, Cyberfit has been working closely with MSPs. “About 50% of our business is through partnerships with MSPs. They take us into their clients and we ensure that we put the correct protection and detection on their systems, because MSPs don’t really know what they are doing when it comes to cyber security. They are good at offering cloud services and infrastructure services, ERP systems, but they don’t secure those systems enough, so we do a lot of that,” explained Gray. Gray admits that finding skilled staff can be challenging but claims that through its 15 employees, successful graduate recruitment scheme, in-house training and a pool of consultants, it is able to maintain high skill levels. “One thing I pride my business on is we do have some of the top technical people in this industry and a lot of the people who work for me are ex-customers. They have got a background in critical national infrastructure, protecting some of the country’s crown jewels.” Reaching SMEs Since Covid, Cyberfit has been diversifying its customer base of large enterprises by developing an SME side to the business. To this end, it has created different security packages, available on monthly subscriptions, for small businesses & start-ups, medium & growing businesses and large enterprises and re-designed its website with a focus on clarity instead of industry jargon. “We’ve had a really good response from the market,” explained Gray. “These are companies with anywhere from 10 to 500 users that don’t have the resource, the skills, the budgets of large enterprises, yet are still heavily attacked because they are a route into enterprise organisations for the attackers. A good example might be a company that chases mortgage arrears on behalf of a bank. That third-party company might be a small to medium-sized business that hasn’t put the necessary security parameters in place.” As part of its service to businesses, Cyberfit will not only provide solutions to protect against common attacks, but also identify what needs protecting and strengthening. “We do penetration testing, we do vulnerability scans. We look at where the customer is, we look at where they are on their journey and we put an improvement plan together for them to say these are all your weaknesses and we recommend that you prioritise them in this order. We gain a good understanding of their business, rather than just going in and doing a general test, like where they make their money, how they make money, which are their most critical systems. That is the priority.” As cyber security has become more complex, more and more businesses are turning to managed service providers for reassurance and protection. For MSPs that don’t have the requisite expertise in-house, the next best thing might be partnering with a security specialist that does, like Cyberfit. www.cyberfit.uk too much of an issue. But if he actually opens the door and comes in and starts rooting around in your kitchen drawers, you will want to know about it. That is the difference between the two technologies. Darktrace tells you when somebody is coming up, looking over your fence and trying to get into your windows, when, really, you want to know when somebody is actually breaking into your property.” Skills and expertise Gray says that Cyberfit has skills and expertise in around 30 different vendors’ products and works closely with about 12. “We favour the ones we do because they do what they say they are going to do and have great R&D investment into their business. If there are new feature requests, they are done very quickly. We look at the funding they have as an organisation; we look at the people behind them. It is not just what the technology can do; we don’t want to be stung by putting these products into customers and then, a year down the line, find that financially they are struggling and we have to tell the customer they are going into liquidation. There are a lot of things we look at.” This sort of product expertise is critical because not all security products are equally effective. Nor, points out Gray, does everyone have the same requirements. “Every customer is subject to different regulations and has different drivers. We have some customers who just want a tick in a box to show they have done enough. Then, we’ve got others that actually want to protect their environment and detect when there is suspicious activity going on and really investigate the ‘who, what, when, where and how’ so that they can fix it and stop it from happening again in the future.” Gray estimates that only about 30% of companies have reached the stage where they can effectively investigate, protect and detect themselves, before adding that no one can protect themselves fully. “If somebody wants to come into your house, you can put double glazing in, you can put extra locks on your doors, double locks, you can padlock gates etc., but if they come with a sledgehammer and smash your window, they are in. It is the same in IT; bad actors can get in and then it is all about identifying that they are in and acting MSSP technologyreseller.co.uk 41