Identify, protect, detect, respond, and recover. As threat volumes have soared in recent years, many channel pros have grown familiar with the five core sections of the NIST Cybersecurity Framework, one of the most respected guides to security in the industry.
Cyberint would like you to consider the possibility that it’s missing a critical sixth category, though: predict.
Most of the security strategies MSPs and MSSPs rely on today are essentially reactive in nature, notes Andrew Brearton, Cyberint’s channel sales director for North America. “You’re waiting for the attack to occur.”
Even companies with experienced CISOs rarely spend time anticipating where threats will come from three months from now, or six, adds Brearton’s colleague Jacob Silutin, Cyberint’s head of sales engineering for the Americas.
“Are we being targeted? Are we not targeted? Is our sector targeted? Is our country targeted?” he says. “That whole aspect of prediction is not something that a lot of people focus on today, and to us it’s the new approach. It’s the future.”
Brearton and Silutin described that approach to ChannelPro in a conversation at this week’s SMB Forum event in Dallas. It begins with a platform launched two years ago by an Israeli security services firm based on tools originally developed for internal use. The system combines a deep pool of threat intelligence collected from across the open and dark web with digital risk protection technology that analyzes the data and warns would-be victims of potential attacks plus an attack surface management engine that continuously inventories an organization’s targetable information assets.
The end result is a solution capable of picking up the first stirrings of online danger before it ever materializes. Cyberint, for example, saw chatter in the cyber underground that someone had gained access to authentication vendor Okta’s network through a compromised laptop some two months before Okta (not a Cyberint client) disclosed it had been breached. More recently, when the Conti ransomware group targeted elements of the Costa Rican government, Cyberint saw it coming days in advance.
“Maybe a few days is not enough. Maybe you need a few weeks to actually prevent it. But even a few days, even a few hours, is better than getting hit and then reacting as opposed to knowing it was going to happen,” Silutin says.
Of course, it takes a trained security expert to glean insights from Cyberint’s data lake, separate significant from insignificant information, and take effective action on the risks that matter. Democratizing threat intelligence by letting channel pros who can’t afford that kind of talent outsource threat analysis to Cyberint’s team is part of the company’s mission.
“You can have it any which way you want,” says Brearton of Cyberint’s service. Mature MSPs with analysts on staff can trawl the platform for insights on their own. “If it’s a younger MSP without a security analyst or a dedicated SOC team, they actually have the ability to leverage our analysts to help augment their staff,” Brearton notes.
MSPs are actually a new market for Cyberint, which has mostly sold directly to medium and large enterprises until now. Brearton, a former employee of Barracuda Networks who helped that company adapt its products, pricing, and partner programs for managed service providers, switched jobs this March to help Cyberint do the same in a bid extend the company’s reach into SMBs.
“Our company is now really trying to pivot and make the channel the priority,” he says.
Brearton expects to have an MSP-friendly rate sheet and revenue model in place by the end of the year. “MRR is the most important thing for the channel,” he says. White label reporting is scheduled to arrive sometime in Q3, along with a host of new product features tailored to MSP requirements.
“One of the beautiful things about an Israeli startup is there’s no real hierarchy,” Brearton explains. “The willingness to change and adapt is amazing.”
Getting MSPs to change and adapt may take longer though, he concedes. Few of them think of threat intelligence at present as an essential layer in a complete security stack.
“I’ve had probably about 40 different conversations with different partners that I’ve worked with over the years, and I think only two of them really fully understood what we do and where we are in the market, because it is such an emerging technology.”
Kaspersky recently updated a threat intelligence solution oriented toward MSSPs and other users with analysts on their payroll. Threat intelligence data lakes play a critical role in managed detection and response solutions from a host of vendors, including Sophos and Trend Micro.