Playing a role in the shift from prevention to detection

Balck and neon blue mockup of a padlock against a backdrop of data depicting cyber security
(Image credit: Shutterstock)

As the spectre of financial and reputational devastation to businesses grows, cyber security has become a top boardroom talking point, with the average cost of a data breach standing $3.9 million, according to IBM. This means more customers are asking partners how they can stay out of the headlines.

Consequently, concentrating security on prevention-first strategies, organisations are left blind to attackers slipping through the net. Exacerbating the problem is that the way we work has shifted irrevocably in the past 18 months. The attack surface has widened, the traditional security perimeter has disappeared, and visibility is clouded. The recent Kaseya attack further signalled that perimeter-focused security solutions are no longer fit for purpose.

The uncomfortable truth is that, while it has its place, prevention alone can never be 100% effective. There will always be some attackers that find a way in – whether it’s via spear-phishing and social engineering, a software vulnerability or misconfiguration, or credential stuffing, the list is endless. In this increasingly distributed world of work, prevention-based approaches are not equipped to provide the visibility needed into cloud environments and keep users safe.

Stopping attacks before they become breaches

What does this mean for the channel? It’s up to partners, as trusted advisors, to educate their customers about the changing nature of the threat. They must advise them to shift their mindset and operate as if they’ve been breached. This means adding technologies like AI and proactive threat detection solutions that can identify suspicious anomalies and behaviours, so they can stop attackers in their tracks.

For example, technologies like Network Detection and Response (NDR) and cloud-based security for services like Office 365 can increase visibility and enable them to stop attacks before they do any real damage. The good news for the channel is that the timing couldn’t be better, as the market for detection tools is skyrocketing. In fact, the NDR market is set to register a 14.2% Compound Annual Growth Rate (CAGR) over the next five years, meaning there’s huge potential for the channel.

Managed security service providers (MSSPs) and other cyber channel businesses can improve the security posture of their customers and keep them out of the headlines. They can also be first in line to capitalise on what stands to be a huge market and upselling opportunity.

Meanwhile, it looks like remote working is here to stay; there are now 145 million Microsoft Teams daily active users worldwide, for example. Being able to provide security teams with visibility into Microsoft cloud environments will be a gamechanger for partners, again with huge upsell potential for those partners already selling Microsoft services.

Partners should pay particular attention to detection solutions that integrate well with existing Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) tools, which will provide them with greater opportunities to cross-sell, too.

Expanding revenue streams for partners

The channel will play a vital role in moving customers from traditional, low value, prevention-based cybersecurity technologies such as those relying heavily on signatures, to detection-based security that will keep their customers safe while presenting new revenue streams. Traditional solutions are simply not equipped to provide visibility in an increasingly cloud-driven world. Indeed, 71% of companies suffered seven account takeovers of authorised O365 users on average last year.

This realisation is driving the adoption of detection tools like NDR technology as organisations using Office 365 begin to recognise the need for a new type of security. They are increasingly investing in and deploying proactive AI-based threat detection solutions that identify, manage and stop any and all breaches. Partners, however, must act quickly to engage customers before others snap up detection revenue streams and own those customers in the long run.

Partners must engage with their customers as soon as possible to qualify opportunities and prioritise those who are in the most need of detection technology. By securing NDR revenue, Office 365 security revenue – or both – partners can own that revenue stream moving forward as the whole industry shifts to detection, strengthening relationships and creating multiple and significant upsell opportunities.

Garry Veale is the UK & Ireland Regional Director with Vectra AI