The Gately Report: Special RSA Edition with Flashpoint, Orca Security, More
The conference was a "coming out party" for RSA after its separation from Dell.
![RSA Wide Shot RSA Wide Shot](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltf5b1e28361b60223/652427fe2c37415e44909fae/RSA-Wide-Shot.jpg?width=700&auto=webp&quality=80&disable=upscale)
Channel Futures: What are your thoughts on “transform,” the theme of RSAC 2022? Is the industry receiving this message?
RSA’s Jim Taylor: Yes, I think it’s starting to. I’ve been working in this space for a long time, 25-plus years. I would say the overall market is more disrupted and going through more change now than I’ve ever seen in my career. It feels like something is changing. There are new conversations. Just look at the rise of zero trust, and all of the stuff that’s come from government and the Cybersecurity and Infrastructure Security Agency (CISA), and multifactor authentication (MFA) … It feels like it’s coming of age. The conversation is real now and things are actually changing. So we’re very hopeful that it’s a meaningful change and that cyber as a whole really starts to move forward rapidly.
CF: What did RSA, the company, bring to the conference? Did it present new opportunities for partners and the channel?
JT: Yes, absolutely. I’m sure you’re aware that RSA has been going through a lot of change separating out of Dell. So for us, this was to some extent a bit of a coming-out party. It was the re-establishing of our own independence. It was us reclaiming our own identity. And so there’s been a lot of work done and a lot of innovation.
For example, on the RSA SecureID side of things, we actually have started to talk about a brand-new token. It’s the first time in 20 years that RSA is launching a brand new form factor of token. And across the group, all of the companies have come with innovation and have come with announcements.
As our business is innovating and migrating, that’s leading to a lot of opportunity in the channel. We actually have just completed in Europe a partner road show … where we were previewing a lot of the innovation, the announcements … with huge success and great attendance across all of our channel partners. So we intend to continue that and continue to partner with the channel, and roll out innovation. But we’re seeing a lot of activity. I think the channel recognizes that there’s an opportunity to do something as well. So huge engagement.
CF: What sort of feedback have you been hearing from conference attendees?
JT: So far it’s been very good. I want to be measured in my response. I’m not sure how much of it is kind of the euphoria of actually not being stuck at home in the home office, and interacting with real-life people again. I think it was time for the industry to come together, for people to meet their peers and meet their customers. So overall, I would say excitement is a great way to describe it. There’s a lot of energy, there’s a lot of excitement just around what’s going on in our world, right? Cyber is a bit of a funny world. We’re very insular to ourselves, but there are meaningful things happening. So yeah, I’ve seen a lot of great activity, a lot of great conversations.
CF: What do you hope attendees can take home and make use of from RSA?
JT: I would say the big things are the big messages around the themes. It’s around disruption, transformation and change. I would say the consistent conversation that we’ve been having is around zero trust and what that means. Everybody has a different definition for zero trust, you know. And there’s MFA and securing hybrid work. That’s been a huge topic of conversation.
I would say the whole [discussion around] how does security operate in the new world? Onboarding employees that you may never actually meet. People don’t come into the office; they work from home. So how do you do that initial identity verification? I think people are starting to get their heads around the new norm, which is very different from the old norm. And I think there have been a lot of security discussions around how to really secure the new norm. That’s a message that everybody’s taking away. I think everybody’s going to take a breath and say, “OK, we’ve defined what the new norm looks like; there’s a new problem set with it and now we know what we need to do to go solve that.”
CF: What can partners and the channel expect from RSA in the months ahead through the remainder of 2022?
JT: Not just innovation around new tokens, but we’ve also launched a whole new set — or a whole new way — of doing business with subscription pricing around our hybrid and cloud models. We’re engaging with the partners. You’ll see big releases from us. You’ll see a half-dozen of them this year, really meaningful, significant innovation. And so we’re really engaging with our partners because there’s a big opportunity to move our customers forward to solve some of those new challenges that we’ve been talking about. So I think it’s going to be a really exciting year for the channel as far as RSA goes.
CF: Any final thoughts?
JT: It feels like the world is turning again. It kind of stopped there for a little while and I think we all felt that. So I think there’s this overwhelming feeling of things actually starting to happen again. Not just specific to RSA or the conference, but I think the next 12 months are going to be a very big year for cybersecurity in general. There’s a lot of work that needs to be done, particularly in things like addressing MFA, passwordless, those kinds of things. So I think now is a good time to be in security.
In other RSA news …
Flashpoint acquired Risk Based Security (RBS) earlier this year, and recently unveiled its first integration with more to come in 2022. RBS specializes in vulnerability and data breach intelligence, as well as vendor risk ratings.
At RSA, we caught up with Inga Goddijn, RBS’ vice president of structured intelligence.
“So we already have our first official integration out there, which is just fantastic, but even more so behind the scenes,” she said. “We continue to look at different opportunities to just learn from each other around best practices, and how we respectively have delivered our information and our intelligence to our customers in the past, and what can we take from each other in order to do it, continue to do it in the best possible way going forward. So it’s been a lot of work going on and we’re already starting to see the fruits of that.”
Combining Flashpoint and RBS is creating new opportunities for partners, and also opportunities to reach more customers, Goddijn said.
“It has already been an amazing reception from our customer base and we’ve had some really encouraging conversations around just being able to bring something new, something different to our customers,” she said. “And we found that we’ve had a fair amount of overlap between customers as well. So it was nice to be able to make doing business with our two companies easier for those organizations. And then as far as integration with our partners, that’s something that both Flashpoint and RBS had pursued separately. So now just being able to take those data sets and make it that one point of contact, that single flow to get all that data into one place, we’re already starting to see success in that regard.”
More integrations between Flashpoint and RBS are coming, Goddijn said.
“We have multiple data sets within the RBS environment,” she said. “We’re just starting down that path with the VulnDB data and we’re going to continue to grow that and expand that integration. Coming up behind that, we have our product called Cyber Risk Analytics, where we track publicly disclosed data breach events or data compromise events along with a data set that we call pre-breach, which are just indicators of security hygiene for all sorts of organizations out there. And we’re looking at our road map to bringing those data sets into the Flashpoint universe as well.”
Orca Security is transforming from a partner company to a partner-first company. That’s according to John Schwan, Orca’s vice president of global partner sales. He took charge of Orca’s channel in December.
“Orca is going through a transformational mode where we were a company with partners and we are now fundamentally a partner company,” he said. “Everything that we’re doing is partner-first as it relates to giving them the tools. We have a brand-new partner portal that will be rolling out in July where they can self-service register deals. We’ve refined our programs to make it very easy for them to be profitable and for us to be predictable. These are the most important things that our partners are looking at.
And most importantly, we’re providing freedom of choice. So if you’re an integrator, a reseller, solution provider or cloud provider, we’re letting all of those interface together. So if you’re a reseller or you want to sell Orca via Amazom Web Services (AWS), Azure or Google Cloud, or distribution, we’re allowing that freedom of choice for solution providers to meet the customer where they want to consume.”
Orca is making everything “Sesame Street simple,” and is focused on partners that will make the biggest difference for the company, Schwan said.
The switch to partner-first is about amplification and scale, he said.
“We’ve doubled the size of the company in less than 12 months, and we’re on that pace to continue to hire and expand resources,” Schwan said. “But the best way that you can get in front of customers and prospects is get with the partner community. If you look at how many salespeople we’ve activated just since I joined in December, it’s in the thousands. We only have hundreds of sellers, but we’re out there going and working with multitudes of partners for them to understand this message. And it’s a great opportunity for these partners to go back to customers for things that they sold and demonstrate a different way of doing things that’s powerful and easy to consume.”
HelpSystems has been on quite the acquisition spree lately, with three acquisitions announced so far this year. Those include Tripwire, Terranova Security and Alert Logic. Terranova was the most recent of the three deals to close.
John Grancarich is HelpSystems’ executive vice president of strategy. He said there will “absolutely” be more acquisitions in the coming months.
“What I want to highlight is HelpSystems is not trying to be everything to everybody in cybersecurity,” he said. “It’s too vast, too complex and too dynamic. So what we’ve really chosen to do is focus within data security and infrastructure protection from both a product services and managed services perspective. We’re always looking for opportunities to add more capabilities to the portfolio, but within those product categories. We want to get as deep and as granular as we possibly can. Now, we’ve made a lot of great progress in a few years in building out the portfolio, but we’re always on the lookout, and it’s one of the reasons we’re here is just … see what’s out there, what the other solutions are. And so we’re always evaluating and looking for ways to expand what we’re doing.”
Thirty percent of HelpSystems’ business is through the channel, Grancarich said. That increases to about two-thirds in EMEA and APAC.
“So we have a huge channel presence outside of North America as well,” he said. “Partners today already get to avail themselves of the broader HelpSystems portfolio. That portfolio is largely focused around products and software, and some managed services pieces. [Terranova] gives us a complementary piece in security awareness and phishing simulation, which really we haven’t been playing very deeply in up to this point. So our partners will get an ability to provide a broader set of solutions, including the security awareness and training piece. So we’re kind of looking at it from both sides, both how to better prepare employees for the ever changing risk and threat landscape, and then the products to actually help them better manage those threats when they do occur.”
Synopsys is acquiring WhiteHat Security, which rebranded to NTT Application Security last year, for $330 million. Synopsys should finalize the acquisition next quarter.
In the meantime, we caught up with Dave Gerry, NTT Application Security’s chief revenue officer and head of global operations, to get the latest scoop from the company.
“First and foremost, we’re still pending regulatory review,” he said. “I’m not an approved spokesman on the deal, so I can’t get into specifics on that side. What I will tell you is that the reception as a whole has been incredibly positive. So we’re really excited about it and we think it’s going to be a really good thing for our partners.”
In the meantime, NTT Application Security continues to sign new partners to its partner program, Gerry said.
“One of the really exciting things is we’ve launched the Vantage platform,” he said. “This now enables our partners to start to wrap their expertise and their services around what we do. For a long time we’ve been a leader in managed application security testing, which means we do all the services for our partners. One of the really big benefits to Vantage is, one, it enables our customers to take a self-service approach for those organizations that want the flexibility to run this themselves and run their application security program themselves. But it also enables our partners to deliver some of those managed offerings. So instead of it just having to be from NTT Application Security, they can also start to do that and incorporate it into their broader application security consulting practice.”
In the months ahead, NTT Application Security is going to continue to double down on product, Gerry said.
“We have an incredibly robust product road map over the next six months,” he said. “We’re really excited for what’s going to come out from a Vantage perspective. We’re continuing to invest in the Sentinel platform and our managed Sentinel platform. But from a partner-led perspective, we’re really excited about what this means for our partners to be able to take services and wrap them around Vantage, and continue to put that in front of more and more customers because it’s just simply another arrow in the quiver of our partners.”
Synopsys is acquiring WhiteHat Security, which rebranded to NTT Application Security last year, for $330 million. Synopsys should finalize the acquisition next quarter.
In the meantime, we caught up with Dave Gerry, NTT Application Security’s chief revenue officer and head of global operations, to get the latest scoop from the company.
“First and foremost, we’re still pending regulatory review,” he said. “I’m not an approved spokesman on the deal, so I can’t get into specifics on that side. What I will tell you is that the reception as a whole has been incredibly positive. So we’re really excited about it and we think it’s going to be a really good thing for our partners.”
In the meantime, NTT Application Security continues to sign new partners to its partner program, Gerry said.
“One of the really exciting things is we’ve launched the Vantage platform,” he said. “This now enables our partners to start to wrap their expertise and their services around what we do. For a long time we’ve been a leader in managed application security testing, which means we do all the services for our partners. One of the really big benefits to Vantage is, one, it enables our customers to take a self-service approach for those organizations that want the flexibility to run this themselves and run their application security program themselves. But it also enables our partners to deliver some of those managed offerings. So instead of it just having to be from NTT Application Security, they can also start to do that and incorporate it into their broader application security consulting practice.”
In the months ahead, NTT Application Security is going to continue to double down on product, Gerry said.
“We have an incredibly robust product road map over the next six months,” he said. “We’re really excited for what’s going to come out from a Vantage perspective. We’re continuing to invest in the Sentinel platform and our managed Sentinel platform. But from a partner-led perspective, we’re really excited about what this means for our partners to be able to take services and wrap them around Vantage, and continue to put that in front of more and more customers because it’s just simply another arrow in the quiver of our partners.”
RSA CONFERENCE USA — That’s a wrap for this week’s massive RSA Conference USA in San Francisco, the first live RSA since the start of the pandemic.
The event drew a smaller crowd than usual, but this certainly wasn’t a small event, with tens of thousands in attendance and more than 300 exhibitors.
On Day 3 of RSA 2022, we caught up with Jim Taylor, chief product officer at RSA, to talk about the conference and its implications for the cybersecurity industry.
In addition, we caught up with Flashpoint, Orca Security, HelpSystems and NTT Application Security.
In a Q&A with Channel Futures, Taylor looks at the significance of this year’s RSA and where the industry goes from here.
Channel Futures: What are your impressions of RSAC 2022? Any firsts? Any surprises?
Jim Taylor: I would say it’s actually been really awesome. RSA has been going for so long, and I think we all just kind of took it for granted for a while. And as soon as you take something away from people and say, “No, you can’t have it,” then that’s the thing that they really, really want. So this year kind of feels like a resurgence. There’s a huge buzz around the show. There’s so much energy and activity. Attendance is really good. So we’re seeing a lot of enthusiasm. We can’t claim all the credit for that. I think part of that is people just want to be with people again. And so it’s been fantastic this week, a ton of big announcements, a lot of activity, but a really good energy about the show. It feels like it’s … back and stronger than ever.
CF: What does this latest RSA say about the current state of the industry?
JT: I would say it’s a very interesting time for the security industry. There’s just been so much going on; so much has changed.
And that’s been a big theme of all of the keynotes consistently. What they’re really saying is, “Hey, the world has changed.” Things like hybrid work are here to stay. The way that we do stuff is dramatically changed. IT and tech tends to evolve at … [their] own pace and I think the last two years have been a real forcing function. And so cyber needs to do that, to deal with that. Who knew there was going to be a war in Ukraine with Russia? Who knew there was going to be a global pandemic? So we’re seeing cyber react, and it’s reacting very quickly. … [RSA CEO] Rohit Ghai did a great keynote where he was talking about how you almost need a crisis to foster transformation. And I think we’re seeing that.
Scroll through our slideshow above for more from Taylor and more happenings at RSA Conference USA.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like