By Kathy Gibson – Cybersecurity is one of the biggest challenges facing organisations today: studies indicate that the number of attacks is growing on an almost daily basis, while the cost of a breach is scaling new heights.
But, while there is more pressure than ever on businesses to guard against threats, they are facing the twin challenge of massive skills and resourcing shortages.
Reseller partners are increasingly stepping into the breach, helping their customers to develop a sound security posture and even to manage the day-to-day security operations.
But resellers are also feeling the pinch when it comes to skills, so distributor Mustek aims to provide a broader range of these services to its resellers by building a specialist security service.
The first step in this strategy is Mustek’s acquisition of Cyberantix, a supplier of security operations centre (SoC) as a service.
Mustek has bought Sizwe IT Group’s 70% share in Cyberantix for R20-million. The remaining 30% of the company is owned by NIL Data Africa.
Cyberantix focuses on providing cybersecurity services including realtime monitoring, incident detection and response, together with defence solutions.
For Mustek, the acquisition gives it a base for diversifying its portfolio, adding value to the services it offers its reseller partners.
Who is Cyberantix?
Cyberthreats have always been a challenge for organisations, but have become something of an epidemic in recent years.
Morne Terblanche, GM and founder of Cyberantix, explains how he came up with the idea to form the business four years ago: “At that time, a lot of companies were trying to build their own SoCs – and were realising that it is an expensive exercise and really hard to do with the limited skills that we have in South Africa.”
So Terblanche set out to provide a SoC as a managed service provider (MSP). “Everything in our environment is available to customers on a services model, so they pay from opex (operational expenditure) rather than capex (capital expenditure) – this is very important to customers.”
It means customers get access to best of breed technology and skills at a predictable cost.
Offering peace of mind, Cyberantix has ISO/IEC 27001 certification for information security management.
Best of breed technology is one part of the equation, but it’s human skills that make the difference in security management, Terblanche points out.
This is where the NIL Data Africa’s 30% ownership of the company is invaluable: as a training company, it can offer students internships in Cyberantix at the end of their training – and Cyberantix gets access to talented young workers.
“So we take in new interns every six months,” Terblanche explains. “It means we get access to skills and the interns get the opportunity to get on-the-job training with some of the best experts in the industry.
“At the end of their internships, we either take them on as full-time employees or find jobs for them with customers or partners.”
This win-win arrangement also has a broader benefit for the industry and country as a whole, Terblanche says, getting more skills into the market.
Security considerations
Running a SoC is a complex business, so rock-solid processes are vital. This is why Cyberantix’s ISO/IEC 27001 certification is important, says Dr Pierre Jacobs, the company’s head of operations and compliance.
Keeping customers’ data in-country is also important for issues of data sovereignty and residency, so the entire Cyberantix hosting platform is housed within South Africa’s borders.
“From a technology perspective, we felt that we must be proudly South Africa,” says Dr Jacobs. “It’s also important from a security point of view that customers’ data doesn’t leave the country.”
Because the Cyberantix SoC is housed in South Africa – and available to customers 24/7- it can offer a wealth of managed security services.
And services is the operative word here: Terblanche stresses that all of the technology within the SoC is offered to customers as a service. “Anything we bring into the SoC, we make it available as a service. This means customers never have to build their own, which can get very expensive.”
Importantly, Cyberantix can also ingest any technology that customers are already using – and offer it back as a service – so customers don’t have to worry about managing, monitoring, or even renewing any legacy or specialised technology.
“We are saying that, whatever processes you are using already, we will take them and deliver them back to you as a service,” Terblanche elaborates.
“So if you already have a SIEM (security information and event management) system, we can take that into the SOC, put 24/7 eyes on it, and make it really easy for customers to benefit from it,” he says. Cyberantix customers range from government entities and financial institutions to legal and energy firms. “We make provision for customers ranging from the smallest entity to the biggest enterprise,” Terblanche says.
This is important, both for Cyberantix’s current operations and Mustek’s plans for the future, with the ability to offer SoC as a service as a packaged service that reseller partners can sell on to their customers as a managed service.
A predictable framework
The company also helps customers to achieve a positive security posture and Dr Jacobs has put in place frameworks in this regard.
“We looked at what we could add to the platform to include most of the controls that customers would need,” he explains. “It was important to add as many services as possible under a single contract and monthly service fee so customers are assured of predictable billing.”
The services need to include things like quarterly penetration testing and compliance reports – activities that many companies find onerous or too expensive, or even forget entirely.
So Cyberantix can add these services as part of their SLA (service level agreement), billed over 12 months and carried out regularly.
The second part of the framework is helping customers with human risk management. “The human factor is one of the biggest risks in an organisation,” says Dr Jacobs. “And so we have added it to the platform as a module – where we give training in phishing attacks, scan the dark web, and ensure there is a policy management repository.
“All of this is offered as a service.”
The last component of the framework – one that is often an issue for platform-based services – is invoicing.
“A lot of platforms have unpredictable invoicing,” Dr Jacobs explains. “SIEMs are billed as events per second, or the number of events ingested into the SIEM, or your disk usage. These can all spike up the invoice.
“So we’ve come up with a model where customers always get predictable invoicing. There is a single price over 12 months, billed per month, based on the device count.”
The SoC as a service and other services can be consumed from Cyberantix’s data centre as a fully managed and hosted service, or customers can host it in their own environment with Cyberantix taking care of the management.
Consulting too
A relatively recent offering from Cyberantix is consulting, based on frameworks developed by Dr Jacobs.
These include ransomware recovery, third-party disk management integration into business continuity, cybersecurity operations enhancement toolkits, and a toolkit to assist board members to communicate cyber risk in both internal and external environments.
The company plans to soon make these frameworks available on a digital platform.
Into the future
Looking forward, Cyberantix and Mustek hope to offer more SoC services via the reseller channel.
The company’s flexible and scalable solutions, together with Mustek’s reach, will also enable expansion into Africa, Terblanche says.
Cyberantix will continue to operate as a separate company. “From an operational point of view, nothing will change,” he says. “We already work with reseller partners, but will be enhance our reach.”
Because Cyberantix OEMs its own platform, resellers can either white label its offering or act as a referral agent.
For resellers already offering managed services, this is an opportunity for them to add cybersecurity services without having to add skills or resources.