'7 Minutes' with SecBI Co-Founder, VP Doron Davidson

SecBI is taking on DarkTrace, Vectra Networks and other vendors in automated cyberthreat detection and investigation with its two main channel streams.

The company delivers automated threat detection and investigation for security operations centers (SOCs) and MSSPs. Doron Davidson, its co-founder, and vice president of business development and customer success, has more than 15 years of experience in IT security and telecommunications.

Last fall, SecBI partnered with Tokyo-based reseller Intelligent Wave to offer its autonomous investigation technology to organizations and enterprises throughout Japan. It also announced the availability of its autonomous investigation app for the Palo Alto Networks Application Framework.

SecBI’s Doron Davidson

Before joining SecBI, Davidson held operational, and profit-and loss-responsibilities for RSA’s EMEA professional security service practices. In that role, he worked with some of the world’s largest security teams and helped them to establish the systems and business processes at the heart of their incident-response operations.

In a Q&A with Channel Partners, Davidson talks about how his company works with partners and the advantages it has over its competitors.

Channel Partners: Tell us what customers love about your product or service. What’s the secret selling sauce?

Doron Davidson: Customers love the simplicity of our automated threat remediation and investigation solution. The fact that, within a few minutes, cybersecurity analysts understand the full scope of an attack, as well as the affected entities (for example, users and servers), enables them to completely eliminate the cyberthreat from the network. Typically, alert systems leave the security analyst to manually piece together forensic information, threat intelligence and log data to come up with a full picture — a process which typically takes from days to months, and often leaves remnants of the attack in the network.

SecBI’s simple integration with an enterprise’s existing equipment allows for fast installation in the cloud or on premises. Within a few hours, an enterprise is prepared for tomorrow’s stealthy attacks, with its security operations center achieving higher return on investment (ROI) from a streamlined, efficient process. In short, our technology helps security analysts provide faster and better value to their organization — better security, more efficiently. As it can be deployed in the cloud, it’s easy for many channels to develop new revenue streams or optimize existing ones by providing new services based on SecBI’s solution, including hunting, incident response and more. In addition, the cloud allows channels to benefit from more business-model options.

CP: Describe your channel program — metal levels, heavy on certifications, open or selective, unique features?

DD: SecBI has two main channel program streams. The first is intended for MSSPs whose business model is “SOC as a service.” SecBI makes it easy for them to recommend enhanced cyber defense such as automated hunting or incident response. The second stream is for MSSPs who run the security services at the customers’ site, or VARs who sell …

… other security technologies and can gain value by adding SecBI on top of their existing technologies. This can play out as an add-on sale, possibly bundling with VAR services as well.

SecBI offers two training and certification options. For IT, the training is about how to install and configure SecBI to integrate our technology with existing systems. The second option is aimed at Tier 1, 2, 3 analysts and hunters on how to use SecBI’s technology and configure new playbooks to match organizations’ SOC processes. Each analyst completing the training will receive SecBI certification.

CP: Quick-hit answers: Percentage of sales through the channel, number of partners, average margin. Go.

DD: SecBI sells completely through channels. When we have direct customers, we connect them to the most relevant channel. Although still a startup, SecBI already has 12 partners worldwide, mainly based in the United States, Canada, France, Poland, the United Kingdom, Spain, Italy and Japan.

CP: Who are your main competitors, and what makes your offering better?

DD: Network visibility to malicious communications is sometimes achieved through packet capture, but that requires using appliances (sensors) at various parts of the network. The main vendors in this market are DarkTrace and Vectra Networks. SecBI achieves the same if not better network visibility to malicious communications by collecting metadata from existing infrastructure such as web gateways and security information and event management (SIEM) without the installation of any extra hardware.

Another advantage may be understood in contrast to other machine-learning vendors. SecBI uses unsupervised machine learning with an approach called cluster analysis to detect unusual patterns of associated activities that would not be detected by looking in one particular area, nor by comparisons of anomalies to a baseline of normal activities. Most threat-detection solutions that claim to use machine learning are using supervised machine learning, which uses a baseline to look for anomalies — but with today’s advanced attacks, that approach no longer works. Unsupervised machine learning and cluster-based analysis do not require building a learning curve or baseline, and they begin to detect true threats immediately.

CP: How do you think your technology portfolio will change in the next three years?

DD: SecBI is actively adding additional technological integrations and support to enable better detection, hunting and remediation suggestions. As the market moves toward faster (some would even say to automated) remediation, SecBI is adding capabilities for automated remediation and prevention on top of our precise detections. Over the next three years, SecBI is poised to become the center of the advanced SOC by providing connectivity to all security systems, including remediation and prevention. These extra functionalities will enable our MSSP partners to gain instant analytics and connectivity for their SOC as a service, as well as for their deployed on-premises SOCs.

CP: How do you expect your channel strategy to evolve over that time frame?

DD: Over the next three years, MSSPs will become more dominant in all security offerings for customers. SecBI’s technology will become the cornerstone that enables this transition. European customers, who are slower at adopting MSSPs and prefer VARs, will enjoy a one-stop shop for all their security needs, including connectivity, analytics and response, through the VARs that also sell SecBI.

CP: What didn’t we ask that partners should know?

DD: Potential partners should know about ramp-up time and maintenance. One of SecBI’s strongest features is the simplicity of our deployment, usage and maintenance with our software-based approach. Many of our partners came to us due to either high maintenance costs or negative experiences maintaining too much infrastructure on-site. Our partners enjoy a machine learning and analytics system that is sophisticated, yet simple to deploy and maintain.