Security Vulnerability Leads To VAR Opportunities

It may sound like an alternative to Feng Shui, but the term threat landscape actually describes the organized attempts to wreak havoc on computers that are connected to the Internet. According to Symantec, publicly reported security vulnerabilities grew at a rate of 34% last year — about 75 new vulnerabilities per week. However, there is some good news. As threats are evolving, so are the vendors we trust to protect us from those threats. As those solutions grow stronger, so do the opportunities for VARs.

Know The Threat Landscape
For VARs to protect customers from online security threats, they must have a good understanding of those threats. Installing the wrong product or combination of products can leave the front door wide open. What are the most common security threats today? “Cyber crime, the online theft of confidential information, is the leading type of attack on computers,” says Vincent Weafer, senior director of development at Symantec Security Response. “Bots, a type of computer program designed to perform automated tasks, are also a major threat. The huge pandemic of attacks that we have seen in the past has been replaced with very targeted and intense attacks occurring on a constant basis.”

John DiLullo, VP of worldwide sales for security vendor SonicWALL, defines the defenses to the threat landscape in three major categories: CDP (continuous data protection), network security, and secure content management. CDP provides data recovery to any point in time. Network security describes the combination of hardware and software such as firewalls and antivirus software used to keep networks protected. Secure content management includes Internet content filtering, Web content monitoring, e-mail content security management, network content monitoring, and other content-related security applications.

Alternative Technology is a VAD (value-added distributor) specializing in thin-client server-based computing, security products, edge infrastructure, wireless, and management utilities. Bill Botti is the president and COO of Alternative. He says the threat landscape is so broad, the industry is struggling to define terms such as unified threat management — a term he says is missing important components such as end-point security (protecting the network from access points such as USB ports on computers). Botti says identity management, strong authentication, and content management are security disciplines with clearer definitions than unified threat management.

Web applications are becoming focal points for attacks on the enterprise. Traditional perimeter defenses alone are no longer effective in protecting companies from those threats. What was once cyber vandalism has now become a profit center for many underhanded companies. Greed has become a major driver in the intensity and frequency of attacks, because some companies are willing to pay for malware (malicious code). It is common to see the same type of bots repackaged and used by another group for cyber crime. Unfortunately, the threat landscape has become the next bastion of capitalism.

Profit From The Complexity Of Security
As with any type of complicated business challenge, VARs can play a major role in helping to protect customers from the panacea of threats to their networks. But how can VARs learn the skills needed to provide those services? “It requires a level of investment,” explains Julie Parrish, VP of the Symantec global channel office. “Our successful security partners have made an investment in their security practice or their security specialty. The investment involves time, commitment, and money.” Parrish says VARs should not fear the security market. “They should move quickly to be a part of this opportunity. Markets such as storage and networking provide excellent cross-selling opportunities for security.”

Alternative’s Botti agrees. He sees a variety of opportunities for VARs with various skill levels in security. “In the SMB market, VARs with less security experience can install and configure firewall, antivirus, antimalware, and other types of basic security solutions,” he says. “More experienced security VARs can work with enterprises of all sizes to design and install layered security systems. In both scenarios, there are ongoing VAR revenue opportunities in the maintenance and update of the security products.”

Offer Managed Network Security Services
DiLullo says the trend in the channel is that partners are now becoming an extension of the customer’s IT staff, as opposed to being an extension of the vendor’s sales force. This shift puts VARs in a trusted advisor position to provide security products and services. “By its nature, the security business is very dynamic,” says DiLullo. “That dynamic nature provides the makings for an incredible managed service opportunity for VARs. No longer are VARs just selling ‘a book in a box’ solution; they can show the customer real value on a daily basis.”

Metavize offers a managed software approach to network security delivered via a virtual network residing on an appliance called Edgeguard. Dirk Morris, cofounder of Metavize, sees the same threat landscape as other vendors, but takes a different approach to security by offering VARs the ability to sell hosted managed security services to its customers. Metavize’s subscription-based software service allows customers to customize their security environments inside the appliances, without adding different pieces of hardware for each type of threat. The opportunity for VARs comes in the form of recurring monthly management fees.

Perhaps SonicWALL’s DiLullo sums up the sales potential in the security market best by saying, “I don’t think you can exaggerate the size of the security opportunity for VARs. They must concentrate on building a practice around security to be successful.” VARs shouldn’t be threatened by the threat landscape. It’s actually another fertile opportunity to grow sales and gain trusted advisor status with customers.