'7 Minutes' with Secdo VP of Alliances Zion Zatlavi

**Editor’s Note: “7 Minutes” is a feature where we ask channel executives from startups – or companies that may be new to the Channel Partners audience – a series of quick questions about their businesses and channel programs.**

Secdo plays in the endpoint detection and response (EDR) space, which Gartner says has growth potential — though how much depends on your customer base. While all companies need mobility management, Gartner says that by 2020, 80 percent of large enterprises, 25 percent of midsize organizations and 10 percent of small businesses will have invested in specialized endpoint protection. Endpoint protection is also a crowded arena that includes specialists like Carbon Black, CounterTack, FireEye, Guidance Software and Tanium, as well as big security software providers such as McAfee, Sophos, Symantec and Trend Micro.

Secdo’s Zion Zatlavi

Typically, says Secdo, endpoint threat detection is based on indicators of compromise. Classic examples are unusual read activity in a database or suspicious changes to a registry. Secdo’s twist is that it adds what it calls a behavioral-based modifier to IoCs; that is, an application or endpoint OS acting in an unusual manner, like randomly creating an .exe file. With version 5 of its response platform, released in October, customers or an MSP can automatically block potentially malicious activities, choose from a number of automated responses and freeze a suspect endpoint.

Secdo’s VP of alliances Zion Zatlavi took some time to answer our Q&A.

Channel Partners: Tell us what customers love about your product or service. What’s the secret selling sauce?

Zion Zatlavi: Customers fall in love with the visibility and advanced response features Secdo delivers. They are blown away when they see all the information they get on their endpoints, information that helps them make better, more effective decisions in the areas of security and IT. We almost always hear from customers that before using Secdo, their endpoints were a huge blind spot for them. Once Secdo is deployed, they are amazed at what they can see and do.

With Secdo, customers get immediate access to all endpoint data. The software also includes the ability to proactively hunt for and surgically respond to threats, on a single machine or across the entire network, from a centralized, easy-to-use console. The advanced capabilities of Secdo’s automated endpoint security and incident response platform give organizations unprecedented endpoint visibility and precise control over responses, so they can quickly and efficiently shut down attacks.

In addition, customers appreciate that they can tailor the platform to meet their needs. From the start, Secdo engineers understood that one size doesn’t fit all. The company knew that threat detection varies greatly from one organization to another, so the platform was built to support customization. For example, customers can configure and tune rules, including PowerShell, indicators of compromise (IOCs) and behavior-based IOCs (BIOC) rules, to optimize the ongoing detection and prevention of attacks. This makes it easy for customers to hunt for threats in their unique environments, to maximize the value they get from …

… Secdo’s visibility, analysis and surgical responses.

CP: Describe your channel program — metal levels, heavy on certifications, open or selective, unique features?

ZZ: Secdo is focused on enabling the channel and directing all sales through its partner network. The company does not compete against its partners and is very selective about the partners it works with, preferring to focus on quality versus quantity. Secdo partners fall into two categories – VARs and MSSPs.

Secdo looks for VARs who have long-lasting relationships with customers and are focused on selling technologies and services that are complementary. The company wants partners who “get it,” who understand how hard it is for customers to identify and respond to attacks.

Secdo has three partnership levels: Platinum, Gold and Silver. Based on the level, partners have access to discounts, joint marketing funds and collateral, event opportunities, support programs and free software. The company also provides extensive training that helps partners hit the ground running and successfully build services around Secdo that will generate new, profitable revenue streams.

Secdo sees additional growth with service providers, both those who are looking to enrich their product and service catalogs and those who have cost-cutting initiatives. The open, multi-tenancy platform gives providers a single solution they can rely on for their incident investigation and resolution needs. It gives them a complete view into endpoints and simplifies ongoing security operations, by automatically identifying the root cause and complete timeline of an incident and enabling swift, appropriate responses to threats.

As a result, managed service providers are eager to work with the company to help them reduce the risks associated with offering security services. While MSSPs are coming to use the Secdo platform to cut costs out of their security operations centers, as well as [to] create differentiated offerings, such as managed defense and response MDR services, that gives them a competitive edge in the marketplace. Because partners can use the single solution to support multiple different services, they can achieve higher margins.

CP: Quick-hit answers: Percentage of sales through the channel, number of partners, average margin. Go.

ZZ: Currently, around 80 percent of Secdo’s sales go through the channel, globally. The company’s goal is to get as close as possible to 100 percent in 2018. To get there, the sales force is incentivized to go through channel partners to complete all sales. Secdo has developed relationships with several strategic partners, who have offices and sales arms across the globe. In addition, the company is investing in regional channel partnerships to extend its depth and reach, working directly with their sales teams in the field to build close, profitable relationships.

CP: Who are your main competitors, and what makes your offering better?

ZZ: We compete with technologies that are looking to improve endpoint security and incident response. While many of the claims these technologies make seem similar to ours, the actual capabilities differ greatly. For example, only Secdo monitors and stores historical thread-level endpoint data. This matters because …

… if a solution only has visibility at the user or process level, it’s highly likely that some attacks, such as file-less and in-memory, will be missed.

The historical, thread-level visibility lays the foundation for many of Secdo’s other innovations. For instance, Secdo’s patented Causality Analysis Engine takes alerts and automatically correlates them with all the thread-level data to validate threats and pinpoint the root cause and full timeline of an attack with unparalleled speed and accuracy. Secdo’s unique behavior-based indicators of compromise (BIOCs) rules leverage the thread-level data to uncover attack activity that would typically go undetected. The thread-level data is also used by Secdo to surgically remediate an attack to ensure systems and users remain productive and secure.

CP: How do you think your technology portfolio will change in the next three years?

ZZ: The short- and long-term plans for the company’s core portfolio – Secdo’s automated endpoint security and incident response platform – are to continue to enhance response capabilities to empower analysts to recover from security events even quicker and more efficiently. The company expects to incorporate advancements in artificial intelligence and machine learning that will enable the automation and fine tuning of Secdo’s analysis, response and preemptive defensive capabilities even more.

CP: How do you expect your channel strategy to evolve over that time frame?

ZZ: As with most technology adoption curves, the early adopters are the ones with the biggest pain points. Today, the value of Secdo’s end-to-end incident response platform, which reduces response times and operational costs while increasing productivity and scaling resources, really resonates with large enterprises, whose security operations are overwhelmed and understaffed. It is expected, however, that smaller organizations have similar needs. To expand the company’s reach and penetrate the SMB market, Secdo will be building up its channel to ensure there is significant SMB expertise to tailor its offerings and address user requirements. The company will continue to work with channel partners to support ongoing product and business development.

As the company grows, its partners are instrumental in relaying feedback from the market and helping determine how to innovate to continue to bring differentiated value to customers.

CP: What didn’t we ask that partners should know?

ZZ: We see the success that channel partners are having with Secdo and know that it can be replicated to address additional markets. Secdo partners are using the software to build up new revenue streams, reduce operational costs and differentiate against their competitors. They are not only able to offer a unique product, but also unique advanced services that other partners cannot match, simply because they don’t have the visibility and response options that Secdo offers. With a single Secdo platform, they can create, roll out and scale a broad set of security services. The risk is low, while the gains are high.