IPSec: Building an enterprise security practice by mistake

Managed security service provider, IPSec, has been in the IT security game for more than 17 years, with a heavy focus on the mid market.

Yet during this time, the company has witnessed an increasing number of requests from the top end of town to assist with managing environments.

IPSec sales director, David McDonald, said the company has traditionally focused on the mid-tier of 500 to 5000 seats, while pushing up into companies with 15,000 users - yet big business often requests that the MSSP addresses issues created by other integrators and vendors.

“We get dragged into it all the time because of our services levels and expertise," he said. "It is all about fixing problems. We get called in as the ambulance to fix a lot of problems that get left behind."

McDonald explained that these problems often occur when the incumbent partner conducts a deployment but does not follow through with the appropriate service levels, which can create an issue of accountability between the customer, partner, and vendor.

“We will do that when we are needed but only when we are protected because of the relationship between the procurement team and the vendor," he added.

“That dynamic is not good for someone like us so we quite often fly under the radar and stay away from that.

“There is also an issue of bang for buck, there is a lot of effort required to go after a CBA or similar sized organisation, for my company, it’s not there.

Playing to your strengths

McDonald explained that while the MSSP will take on work such as this under the right circumstances, the company does not pursue such opportunities because enterprise customers often don’t want the level of service IPSec provides.

“Trying to sell to an Australian or New Zealand bank which has 150 security professionals is a waste of my time," he added.

"However, to a mid sized bank that has 10 to 15 operational and service level people, there is a niche I can get into there because my service level is required and appreciated. We want to do the services, that’s what the company is about, we are 70 per cent services.

“We don’t want to be the box dropper, we don’t want to be those guys that just come in and say, 'here you go, if you have a problem call the vendor and we will see you in five years for the refresh'.

“I see it more in Sydney than in Melbourne, there are a lot of guys who just want to drop the box and let the vendor worry about it, we do not work like that. All the programs we have put together, especially with our guard service using LogRhythm, are tailored to delivering service levels required to get the smarts out of the technology.

“A lot of these customers don’t have the resources in house to get the benefit out of the technology and for us to come in and have a service overlay, that’s where we are seeing the most value."

Market maturity

McDonald said the market has matured considerably during the past two years, with customers beginning to look beyond firewalls and antivirus to more advanced solutions such as security information and event management (SIEM).

“I have never seen anything as hyped in the market as SIEM since spam filtering,” he said.

LogRhythm A/NZ director of sales, Simon Howe, said that since he joined the company in early 2014, the level of understanding of security risk in the Australian market has increased significantly.

“There is an enormous difference today in the maturity of the discussion with the typical customer," he added.

“What was originally a discussion about log management and maybe SIEM, is now absolutely about SIEM and even advanced analytics or holistic analytics.

“The market has matured in its understanding of what is required and therefore it has matured in its understanding of the technologies that can defend against threats.

“We have four senior decision makers from different banks coming to our events because they are interested in the SIEM conversation.

“It is attracting interest from enterprise and large government agencies that already have first generation SIEM technology.

McDonald said there are two elements of the security market and two types of customer.

“There is the newer customer who understands they need to do something about cyber security and it needs to be an advanced technology," he added.

“You also have those legacy first generation users which are now recognising the blind spots and that traditional technologies are not enough.

“If you have an IT budget of X then the IT security budget will be maybe 10 per cent of that, most of which is taken up with operational stuff like antivirus and spam filtering.

“So you are left with about ten per cent of ten per cent of an IT budget to which you can sell the really cool stuff.

"To get the bang for buck out of that, there are so many new vendors now vying for that like LogRhythm, Carbon Black, Darktrace, FireEye and Menlo. Most should be using at least two of these guys but the budget is just not there.

“When we sit in front of an end user that we have built up trust with and they ask me what to do with the limited budget. I always recommend some sort of SIEM technology to get the best out of what they already have,” he added.