Magazine Article | October 1, 2002

Why VARs Should Add Network Security

Integration Partners Corp. is relying on network security products and services to help grow its sales revenue by 40% this year.

Business Solutions, October 2002
Written by: Dan Schell
Demand, Margins High For Intrusion Detection Software

"Intrusion detection software is sparking interest in every industry we serve," said Mike Tavares, director of engineering for Integration Partners Corp. (IPC) (Cambridge, MA). One intrusion detection software package IPC is considering adding is from Tripwire, Inc. (Portland, OR). The package, called Tripwire for Servers, Check Point edition, provides additional security for networks with Check Point's (Redwood City, CA) firewall/VPN (virtual private network) solution.

According to Joe Nicoletti, product specialist at networking distributor Westcon (Tarrytown, NY), Tripwire for Servers establishes a baseline configuration of how a network looks in a healthy state. "The software identifies if any configuration changes have been made to the hardware [i.e. servers, routers, hubs] or software and notifies the system administrator of who made those changes," he explained. "It can then restore the system back to its baseline configuration, thereby minimizing network downtime."

"Our resellers are really embracing this product because it minimizes network downtime and also provides intrusion detection," explained Laurie Usewicz, director of product management at Westcon. "More importantly, though, since this is a new technology, its margins are higher than most networking products. It also gives a VAR a reason to go back to an existing customer with a product that complements an existing network's security features." Currently, Westcon is offering a $100 rebate on all Tripwire for Servers (Check Point edition) sold.

If IPC decides to start offering Tripwire products, Tavares said it is likely the company's engineers will use Westcon for the certification program. In the past, IPC has taken advantage of Westcon's training/certification programs for other products such as Check Point, Packeteer (Cupertino, CA), and Nortel Network's (Brampton, Ontario) Alteon security products.



Earn Additional Revenue From WLAN-Related Security Services

"During this down economy we still have had a lot of interest from customers wanting to deploy WLANs [wireless LANs]," stated Bart Graf, a director with integrator/VAR Integration Partners Corp. (IPC) (Cambridge, MA). "They are asking us to educate them on WLAN technology and the security needed for these networks. We accomplish this by scheduling roundtable meetings with our engineers and by providing evaluation equipment."

Of course, the hardware for WLAN projects often doesn't provide decent margins. That's why most VARs like IPC train their staffs on the more profitable installation and configuration services that WLANs require. And today, some type of network security know-how better be a part of those services.

At IPC, Graf said the most common product sold for WLAN security is a VPN (virtual private network). "We usually recommend securing all WLAN traffic via some encryption and authentication," he explained. "However, even some of our largest customers are just using the WEP [wired equivalent privacy] of the access points and letting their native systems be responsible for their own protection. It all depends on the type of data being transported through a customer's network."

He sits slumped over a computer keyboard in a dark, dingy basement. The only illumination comes from the flicker of his monitor and a small, novelty desk lamp shaped like a hula dancer. Empty soda cans, old pizza boxes, and food wrappers litter the room. Yet, disheveled as he is, he remains driven at his task: hacking into your unsuspecting customer's network.

We've been taught to loathe hackers. We're fearful of the havoc their meddling and their viruses will wreak on our networks. Now, with more mobile workers accessing extranets and wireless networks, companies of all shapes and sizes are even more concerned about the privacy of network data. These fears have helped create a security services market that research firm IDC predicts will reach $21 billion in sales by 2005, up from about $6.7 billion in 2000. One networking integrator/VAR that plans to capitalize on this security trend is Integration Partners Corp. (IPC) (Cambridge, MA).

$2 Million In One Year From Security
IPC partners David Nahabedian and Bart Graf expect much of the company's future growth to come from selling technologies that are complementary to network infrastructure products. (IPC's expertise is designing and installing LAN and WAN [wide area network] projects using Nortel Networks [Brampton, Ontario] hardware [e.g. routers, hubs, switches].) They list wireless, VoIP (voice over Internet protocol), and network security products (e.g. virtual private networks [VPNs], intrusion detection software, firewalls) as examples. However, Nahabedian said network security will be IPC's biggest growth area. He expects security products and services to account for nearly $2 million of their sales revenue during the next 12 months. "I recently called a customer who had used us for only networking infrastructure products and services," Nahabedian recalled. "After I told him about some of our security-related offerings, he hired us for products such as firewalls and secure authentication software."

Strong Margins Await
IPC's high expectations for security revenue come from conversations the company's representatives have had with current customers. It seems no longer are terms like firewall, VPN, and intrusion detection reserved for the lexicon of hackers, network engineers, and stereotypical computer geeks. Instead, even IT neophytes are uttering these and other security-related words now.

"Security has been one of the technologies on most of our customers' agendas," Nahabedian said. "So, the demand is there. Luckily, so are the margins, because there are more services to wrap around security products. For example, we can install and configure firewalls, conduct security audits, and provide off-site management of security enforcement points."

Despite The High Demand, Security Doesn't Sell Itself
Graf said IPC often leads with security-related products when pitching a new account. "A lot of the new accounts we pitch already have their networking infrastructure in place," he explained. "So, the security products offer us a different way of developing a relationship with these clients. And, even though many IT budgets have been slashed over the last year, we're finding customers still willing to spend money on security." However, he cautions that the logical addition of security to a network infrastructure project doesn't always mean the security portion will be an easy sell. In other words, security products don't sell themselves.

To make a security sale, he said it's important to understand a customer's Internet use policies including departmental communication and any other existing security policies. Once that information is obtained, IPC can develop a solution and either use its in-house lab or the client's lab to provide a proof of concept. With the proof of concept, IPC shows the client how the proposed network components will work with the customer's existing network. This step also assures the client the new equipment won't negatively affect the existing network's performance. Graf said 50% of the projects requiring a proof of concept are demonstrated in IPC's lab.

Most of IPC's customers want to see a payback in 15 months or less from the reduction of security-related costs. "Anytime we propose a solution that has a direct impact on an established cost, we can easily explain the ROI or payback," stated Graf. "But, when there is no hard cost, as with security projects, we need to clearly show the pain of not accepting our solution. Or, we show them the benefits, such as employee productivity, that can be obtained by deploying our solution."

Do You Need A Security Specialist On Staff?
Since 2000, IPC's engineers have been certified on network security products from companies like Nortel Networks, Check Point (Redwood City, CA), RSA (Bedford, MA), and ISS (Atlanta). "It is imperative for us to be able to design, test, install, and maintain all of the equipment and software we resell," Nahabedian explained. "We do this because there has to be a compelling reason for doing business with us, or else we are no different than a catalog house or box shipper."

IPC hasn't found a lack of experienced applicants when trying to create a staff of qualified engineers and support staff. Due to the massive layoffs at technology companies such as Nortel and Cisco in recent years, there has been an abundance of unemployed, highly qualified professionals seeking jobs. This job market has created a paradox for Graf and Nahabedian: Should they hire more employees in a down economy?

Thus far, their answer has been yes. In the last 12 months they hired five new employees, three of whom were former Nortel employees. And, as they prepare for an expected 40% growth in sales revenue this year, they are contemplating hiring another person with extensive network security software expertise.

"We don't just sell any products a customer wants," Nahabedian said. "Instead, we add technologies, like security, that complement our existing networking products and that industry trends indicate will be profitable in the long run."

Hackers aren't the only threat to your customers' networks. At large companies or college campuses, the authorized users of the network could be inadvertently damaging a network (e.g. by downloading large quantities of files from Napster). Often, these companies know they have a problem, but they don't know the best way to solve it. That's why VARs should add network security expertise.