How do channel partners best go about building a cybersecurity practice, who is winning the GenAI cybersecurity race out of the industry or cybercriminals, and what does Putin’s cyber sabre rattling really mean for the channel?
These were among the big cybersecurity questions tackled yesterday by two experts on a panel hosted by IT Channel Oxygen.
The event – entitled Transforming SecOps – was organised by Elastic, an enterprise search vendor that is pushing into a Security Information and Event Management (SIEM) space that has seen huge consolidation in 2024.
It was attended by over 50 representatives from GSIs, consultancies, VARs and MSPs.
At the London shindig, David Goff, Partner Development Manager at Elastic, said:
“Over the last few quarters, we’ve gone top-right in quadrants and have got to number four in SIEM market share. We’re the fastest-growing SIEM provider in the market as well, so everything is set up for quite an exciting time at Elastic.”
Here we bring you highlights from the opening panel session, which saw IT Channel Oxygen put some red-hot cybersecurity questions to Elastic UKI VP, Massimo Merlo, and Kevin Robertson, Founder and COO of Elastic partner Acumen Cyber.
Big question #1
How can resellers and MSPs best go about either starting, or growing, a cybersecurity business – should the buy, build or partner?
“Do it right, or don’t do it at all,” Kevin Robertson, Acumen Cyber
Robertson said customers can easily tell which MSPs do cybersecurity badly or just with revenue in mind.
“I’m quite biased, as I run a specialised security business, but I think it’s very difficult to do it right unless it’s your only focus,” he explained.
“That’s not advocating against GSIs or the big MSPs doing it as part of their core business, but you do need specialised skills and to invest a lot of time, effort and money into it.
“There’s been plenty of bad press recently on MSPs, and I think the government is certainly planning on ensuring things like the NIS2 regulations apply to the MSP space.”
“Buy what you can, partner where you need to, and absolutely build where your sweet spot is,” Massimo Merlo, Elastic
Responding to the same question, Elastic’s Merlo advised partners to take a mix-and-match approach.
“When you break it down, it’s actually a combination of all three. If I was introducing a car to the market I wouldn’t develop my own spark plugs. So there are elements you would buy because they’re well understood,” he said.
Big question #2
When it comes to GenAI, who is winning the race – is it the cybersecurity industry, or the cybercriminals?
“GenAI is on balance a much more powerful force for good than it is for bad,” Kevin Robertson, Acumen Cyber
Robertson said that the most sophisticated pieces of malware and ransomware are written by highly skilled individuals, and not AI.
“I don’t think it’s the case that just because GenAI is a thing that all of a sudden there’s going to be this influx of ransomware,” he said.
“I would say the shoe is on the other foot from a defensive point of view, because – as anyone who’s worked in a SOC will know – 90% of your day as a defensive engineer is spent doing stuff that is mundane or repetitive, and that’s where AI is becoming really powerful. It can eliminate the worst parts of your job, and get those bits automated, so you can focus on the more difficult and enjoyable parts.
“The security risks to AI, especially GenAI, are in my view more about accidental misuse or abuse of the actual GenAI LLMs and technologies themselves.”
Big question #3
With Cisco buying Splunk, and LogRhythm and Exabeam merging, just how jumpy are partners in the wake of recent SIEM market consolidation?
“Where’s the innovation; where’s the openness?” Massimo Merlo, Elastic
Merlo claimed recent SIEM sector M&A has been driven by larger vendors’ desire to “buy revenues”. He questioned what will happen to the innovation within the acquired brands.
“Our innovation has largely been driven by that massive [open source] community,” he added.
“Maybe some of those other products weren’t as open or agile, but at least they had the benefit of having that one-to-one communication. [For partners], now it’s like, ‘whoah!, I’ve lost all that innovation and agility and now I don’t even have a partner manager that cares about me because I’m such a small fish’.
“It’s a golden opportunity for us at Elastic to show our differentiation.”
“Consolidation will lead to an almost like-it-or-lump-it type methodology. There’ll be so little to choose from when the dust settles,” Kevin Robertson, Acumen Cyber
Robertson said recent M&A will mean partners are faced with “three-to-four”, rather than “eight-to-ten”, competitive products in the SIEM space.
“One of the reasons we love Elastic is because it’s rooted in open source,” he added.
“Even now it’s a commercialised organisation, that’s still prevalent. We can still jump onto Slack and talk to hundreds if not thousands of people about issues and problems.
“And it’s not just a SIEM platform – it was rooted in search. It’s actually a platform that stands separately from the others on the market where they are now too much set into one path. And that consolidation only makes it worse.”
Big question #4
All the nationals ran a story last month saying Putin plans to cripple the UK with cyberattacks. Are SMBs at risk when it comes to these nation state attacks?
“It’s the second, third and fourth waves that will see the big impact,” Kevin Robertson, Acumen Cyber
It was a big ‘yes’ to this question from Robertson, at least once the zero days become public exploits.
“That’s when they start to get replayed against all sorts of organisations,” he explained.
“If we look at when the [Russia-Ukraine conflict] started, ransomware attacks globally actually went down a bit, as the focus was entirely on Ukraine and Russia. But six months after that died down, it ratcheted up again. Maybe on the first wave you don’t have to worry [as an SME], but the impact will come as more and more innovative techniques become commonplace.”
“If you were going to attack something, would you go for the big fortress, or take out all the outlying things?,” Massimo Merlo, Elastic
Merlo agreed, saying state-sponsored attackers would in some ways be smarter to target smaller businesses.
“You could cripple a big bank by crippling all its smaller customers. That would arguably be a smarter way of doing it,” he explained.
“So, absolutely, they have cause to be concerned, and in some respects probably [more so than large enterprises] because big organisations can afford the skills and tech to baton down the hatches.”
This article was produced in association with Elastic and is classified as partner content. What is partner content? See more here.
