»

Stacks of security

The local cyber security market is booming, says Sophos, and is seeing growth of about 14% year-on-year.

 

The local cyber security market is booming, says Sophos, and is seeing growth of about 14% year-on-year.

Pieter Nel, Sophos Pieter Nel, Sophos

Three-tier architecture is just the way things have always been done, but it’s now becoming clear that this state of affairs can’t continue, especially since the advent of cloud.

The cyber security market is booming, and Sophos, one of the largest companies out there, says it’s seeing global growth of 7% year-on-year.

Meanwhile, the local market is seeing double that growth, says Pieter Nel, Sophos regional head.

He says he’s seen the South African market evolve over the years, from one using a single antivirus product, and then a standard firewall and intrusion protection system, to one where it’s now typical that organisations will have a stack of different products providing different layers of security.

Sophos was founded in 1985, and listed on the London Stock Exchange in 2015, giving it a market cap of about £1 billion at the time, which was the largest to date IPO for a UK software company. It now has revenue of about £570 million, and employs over

3 000 people globally, and often ends up in Gartner’s magic box for endpoint protection.

It also has at least eight datacentres around the world, and South African companies are given the option to connect back to Europe or the United States.

Nel says, however, it always suggests using Europe because it’s more GDPR-compliant.

Partner’s choice

It only works with distributors, of which it has two in South Africa, First Distribution and Duxbury Networking.

“Any purchase that happens must be those two distributors, and partners can’t deal directly with us. So it’s the partner’s choice who they want to deal with.”

He also says it assists with certain large accounts, in conjunction with the distributor, and that it would help a partner grow its business, such as visiting end-user customers, as well as mounting educational events.

He adds he doesn’t believe there is enough end-user education being undertaken by vendors, as evidenced by the user still being the biggest risk on any network.

“We show them what threats are out there in the market, and will make them aware of what not to click on, or how social engineering is taking place with phishing attacks.”

Sophos focuses on the SME, mid-market and the enterprise, as well the education market, and it’s the last of these that has unique challenges, says Nel.

“Private schools have unique compliance needs, for example, security for students is critical.”

He says the challenge with YouTube is that it uses encrypted traffic, which is ‘high risk for students, because everything will be visible, including pornography and other adult content’.

To address this, the company has created a dedicated content filter.

Sweet spot

It also has a basic endpoint product for consumers, Sophos Home, but doesn’t bill for it. He says it’s offered as a value-add to corporate clients, so that those using its product in office can have a similar security experience at home.

Meanwhile, it’s the SME and mid-market, or ‘anything under 5 000 users’ where the company’s sweet spot is.

Its partner programme, meanwhile, is designed to ensure that partners are comfortable sharing information, and when they register deals, they’re properly protected, and are protected when the deal comes up again for renewal.

Its partner programme is organised using the well-trodden ‘metal’ tiers of authorised, silver, gold, and platinum.

The last two levels receive direct support from Sophos and distributors. Still, the lower levels are not neglected, and make up a third of the company’s local business.

What about moving up the ladder?

“You have to promote value-add back to end-customers. Without the skills, you can’t move up in status. Certifications, and certain managed services, must be in place. So it’s not all about revenue, it’s also about looking after, supporting, and servicing your customers.”

Certifications are provided either online or in the classroom, at least twice a quarter. One of the reasons why education and certification is so highly stressed is that it’s easy to make a hash of things, for example, during installation of a network. Here, not following best practice can mean the difference between a breach or a secure solution. All it takes is to leave a port open.

One born every minute

Nel says its SophosLabs reckons 400 000 new pieces of malware are ‘being born’ every day, for which it’s clearly impossible to write patches.

“So we changed our mentality, and we’re now using AI technology. We’re not based on signatures anymore, and look, instead, at file behaviour. Why would a file come in, have a different action without giving the user a command? That’s how you know it’s malware.”

Another challenge is what Nel calls ‘dark data’.

“Most firewalls will show, for example, that 47% of the data is generic data, but you don’t know what the traffic is. And it’s because of all the applications being born today. If you think about it, most firewalls can only take about 2 000 to 8 000 applications, but there are millions out there. How do you manage that data?”

Its solution, he says, is to get the endpoint to talk to the firewall.

He also says it’s important to have good relationships with other security vendors.

“We don’t bash anyone, because a breach can happen to anyone. If it happened to us, we don’t expect them to bash us,” he says, adding that some global vendors have, indeed, been hacked, and their code stolen.

He says many SMEs can’t afford a yearly security budget, but are still expected to be compliant. These businesses may well be able to afford a monthly fee for a managed security service run by a partner. This would also typically include a back-up solution, which is now de rigeur in the time of ransomware.

He says the company is also going to be launching a managed endpoint, detection and response solution.

“It will all connect back to our central platform. It can be a switch, in fact, anything that’s pushing out an IP. This gives the customer a SOC (security operations centre) environment based on our Infrastructure-as-a-Service.

“It’s something we’re very excited about. I can’t tell you when it’s going to take place, but know that it’s coming up soon.”