The world of IT security is a vast and complex space. As the number and ingenuity of threats increases on an almost exponential basis, organisations are hard put to ensure the safety of their systems and data.
Which is why today, more than ever, IT organisations are looking to partner with service providers who can help them identify their vulnerabilities, and craft solutions to keep them safe.
Over the past one-and-a-half years, Axiz Advanced Technologies has built up a security practice that challenges the traditional distribution go-to-market style which focuses on the sale or licencing of security products.
Business unit manager Alesandro Postiglioni explains that the security practice aims to add value by being a trusted partner for the entire transaction. This means being involved with the partner from the start of the customer engagement, through the consulting and sales process and beyond to after-sales service.
“Resellers find that they are inundated with the vast number of technologies and vendors out there,” Alesandro Postiglioni, IT security business unit manager at Advanced Technologies, says. “You simply can’t expect one person to be an expert on all of them.
“This is where we come in: we are the experts in security. Partners can call us, and we will assist them.”
The Advanced Technologies security practice has aligned itself to Tier One vendors in the IT security space. But it goes beyond the usual commitment to its vendors by adding professional services, sales and technical training – all aimed at offering the market an end-to-end security solution.
“We have aligned ourselves to the best-of-breed security vendors,” Postiglioni explains. “We have made sure that these vendors don’t compete against each other, but are complementary. This means we can put together a complete end-to-end security solution that works for the customer’s specific requirements.”
“Security can’t be a bolt-on,” he stresses. “It has to be embedded throughout the customer’s IT environment.
“We like to talk about the IT security story. It starts with a vulnerability scan and health assessment of the whole system. Before you can recommend or sell a solution you have to understand where the end users’ pain points are.
“We aim to understand the customer’s environment: where they are currently, where they are in terms of a security maturity model, and what needs to happen to get them to the position where they can be as secure as possible.”
Pre-sales security consultant Rudolph van Rooyen, says his team acts as a trusted adviser to customers, performing a risk analysis and determining the remediation process required to improve their security position.
“It’s not just a product,” he states. “When we consult to customers we present a full report that shows the highest risks and the solutions we recommend. We can go on and do the implementation as well.
“We can also do training boot camps for customers, based on their needs.”
When it works with the end user customer, the Advanced Technologies team represents the reseller partner.
“All of these functions and services are carried out in conjunction and through our channel,” says Postiglioni. “We don’t work with end users directly.”
Advanced Technologies aims to recruit, enable and grow partners, and to provide the support and services that will let them proactively sell, support and manage security solutions.
“We can provide services on behalf of our partners, but we are also committed to helping them grow their own skills and resources as well.
“We are moving beyond the traditional box-moving function to becoming true facilitators.”
Security trends
Ransomware was the big threat in 2016 and, although its being overtaken by other issues this year, it can still prove fatal for organisations that are targeted.
“It was a massive problem last year,” says Van Rooyen. “How it works is cyber-crooks encrypt your local files and folder and demand a payment to unencrypt them. We heard of countless instances of ransomware last year.”
The good news is that there are ways to unencrypt files without having to pay the ransom, he says. “There are a couple of ways we can assist if an organisation’s files have been encrypted. In fact, I have yet to hear of a company that actually paid the ransom.”
Organisations can protect themselves from ransomware threats just by following security best practices, Van Rooyen adds. “There are several ways to prevent ransomware from happening. But, at the end of the day, if you don’t have ransomware protection today you are being irresponsible.”
Another issue that is worrying organisations today is the soon-to-be-promulgated Protection of Personal Information Act (PoPI).
“This Act talks about how companies have a responsibility to protect personal data,” says Van Rooyen. “And there are some challenges that they need to be aware of.
“Instead of the normal way of looking at security – which is preventing people from outside coming in – PoPI means you have to prevent the people already inside the network from getting data out. The focus now is on preventing critical data from leaving.”
Postiglioni cautions that this is the tip of the iceberg when it comes to intellectual property in general.
“With bring your own device (BYOD), any device can link into the professional network. This means the perimeter is now wherever your users wander to. And the ever-expanding network is much more complex, with more vulnerabilities than ever before.”
Internet of Things (IoT) is an emerging technology trend, and one that may open up hundreds, thousands, even millions of new security vulnerabilities. Analysts tell us that literally billions of devices could be connected to the IoT within a few short years, adding to security concerns.
“We are starting to see IoT become mainstream in the mining and manufacturing industries,” Postiglioni points out.
As more companies embrace cloud computing, security in the cloud is starting to become an issue.
“Cloud security is a big focus now,” Postiglioni says. “Everyone is starting to move to the cloud: we are seeing more transactions taking place in the cloud; social media is exploding so more personal information is out there; and the field of social engineering is a huge security vulnerability.
He sees Advanced Technologies’ job as educating and enabling partners as their customers transition to these new technologies, and to help them ensure their systems are as secure as possible.
The product line-up
Axiz Advanced Technologies has partnered with vendors offering a combination of software and hardware security solutions. Between them they are able to build solutions that cover the entire spectrum of IT security, including cloud perimeter, end point and virtualisation.
The vendors and their solutions are:
McAfee: This is a recent addition to the Advanced Technologies stable, offering perimeter security, end-point security, software and Web security.
CheckPoint: This line-up offers a combination of perimeter and virtualisation security, running on an appliance or on virtual machines. It also provies firewall, ADC threat detection, end-point, Web and email security.
InfoBlox: This vendor secure the core network services, offering IP address management, DNS and DHCP and DNS security.
ForcePoint: Secures the perimeter with a firewall, also providing web, email and end point security.
SolarWinds: As a network performance monitor, SolarWinds monitors all network activities, also providing IP address management, conflict management, database performance analysis, event management and patch management.
NetTrace: For asset tracking and management, NetTrace tracks where the asset is and where it is going. If there is a theft, the device can be tracked and the thief’s profile can be examined. NetTrace, which is embedded in the chip, can also lock the device and wipe data, rendering the device dumb.
Curve: This is a multi-factor authentication tool, which added pattern-based algorithms to the regular user name, password and OTP regime.
OpenGear: offering out of band management, OpenGear gives users another means of accessing the network, offering network redundancy, VPN and terminal console services.
Fortinet: As an implementation partner, Advanced Technologies offers firewall, email, web and WAN security to its professional services portfolio.
As part of its service portfolio, Advanced Technologies partners with SensePost for ethical hacking, vulnerability scans and penetration testing.
“We chose to partner with SensePost because, in IT security, we don’t believe we should be the judge and the jury,” says Postiglioni. “We cannot independently align certain solutions and strategies were we have also done the assessment.
“SensePost is product agnostic. They are there purely to render services and provide their own reports detailing weaknesses, including social engineering, and assessing how how easy it is to hack into specific users. They supply the partner with a report and then we can then work with the partner to close the gaps.”
Postiglioni believes that the range or vendors and services in the Advanced Technologies portfolio lets the distributor bring the full IT security story to market.
“With these solutions, we are able to enable, develop and grow our partners, giving them the tools and the support they need.”
The security software solutions are available as either perpetual licences or as managed service offering.
In the latter case, the customer doesn’t own the software, but rents it on a pay-per-use model, based on consumption. The AxizCloud Portal will play in this area, with partners leveraging the cloud platform.
Advanced Technologies also makes its demo centre available to partners, who can log in and show their customers all the solutions in a working environment.