Basil Shahin, Regional Sales Director at Corelight told Reseller ME about the company’s expansion strategies and gave insights on how channel partners can enable their customers to have advanced threat hunting capabilities.
What were some of the biggest highlights at Corelight this year?
Corelight experienced significant business momentum over the past twelve months, expanding into EMEA and META with regional offices and support teams in UK and Dubai. In addition, the company launched the Corelight Cloud Sensor for AWS and Azure making it possible for threat hunting teams to use a consistent downstream analytics stack and find attackers regardless of the environment. Other product enhancements include the launch of Corelight Fleet Manager for accelerated deployment, configuration, and ongoing administration of Corelight Sensors across the enterprise whether they are physical, virtual or cloud-based; a new Splunk app to better facilitate network-based threat hunting in Splunk; and the Corelight Encrypted Traffic Collection (ETC) offering rich and actionable insights for encrypted traffic. Corelight also closed a $50 million Series C funding round in October, paving the way for increased investment in product development, research, sales, and marketing efforts.
Can you tell us about your expansion in the Middle East and Africa?
This is a very exciting year for Corelight in the Middle East and Africa region. We have opened our regional office for the META region in Dubai as well as added sales, pre-sales, and customer success teams. We have acquired new customer logos as well as expanded existing customers in the region. We have participated in major conferences in the region including GITEX and other security events. We have also appointed three new distributors for the region including Redington across META (Middle East, Turkey, Africa), Gulf IT for GCC focus, and New Order Group for Africa. We have also signed up with strategic partners across the region to allow us to accelerate our channel go to market strategy.
Can you elaborate on the business objective and channel strategy?
Corelight provides a comprehensive channel program, aimed at accelerating growth in enterprise and government sales across all verticals. The Corelight channel program is designed to work with trusted partners in the enterprise data, networking and security space, as well as partners with expertise in selling into large government agencies and enterprise commercial space to bring Corelight’s powerful network traffic analysis, threat hunting, and forensics capabilities to their customers. Corelight believes that partners are a critical part of the security strategy of our mutual customers. We have designed our partner program with specific partnership levels, criteria, and benefits tailored to meet each partner’s business goals. Partnering with innovative providers in their areas of expertise provides outstanding value and a wide range of solutions for our customers around the world. Corelight distributor partners extend our reach and help solution providers and MSSP partners deliver NTA solutions. Distributor partners provide sales training, technical and sales support, and account management to their select resellers. Distributor partners also offer credit services, marketing support, logistics, and access to dedicated sales representatives.
How is Corelight encouraging partners to enable their customers to have advanced threat hunting capabilities?
We are committed to providing partners with the highest level of support to market, design, sell, and deliver industry-leading Network Traffic Analysis (NTA) solutions while achieving the highest degree of customer success. The end-user typically is a threat hunter and is looking at the data through an analytics platform such as a SIEM platform and doesn’t interact directly with the Corelight sensor, which sits in the network sending data to the security team. We provide a very rich set of data – roughly 400 network traffic data elements – that can be used to understand attackers, where they’ve been, what they’ve done, who they are, what other things might be related to a particular incident. From a sales point of view, we’re not trying to displace or change the behavior of the customer. We’re adding an ingredient to the security stack that will make the end-user more effective. This is where a strong security partner can play a big part in putting together this stack for the customer with their existing experience in security analytics platforms such as SIEMs or adding Corelight to their existing customers who recently added a SIEM solution.
What are the opportunities for MSSP providers to enhance their SOC stack using network-based data-driven analysis and evidence?
MSSP providers have a great opportunity to work with Corelight. Corelight is designed to integrate with many popular SIEM solutions, therefore, allowing easy integration for MSSP providers as well as their customers. We also offer on-premise, cloud-based, and virtual sensors. This provides great flexibility for deployment. Corelight licenses are sold as a subscription. This aligns very well with many MSSP’s end-user operational expense model where they charge the customer on a subscription basis as well.
What can regional organisations expect from Corelight in 2020?
With representation in the META region, organisations can expect a significant level of focus and attention that is only possible with local teams. We will be launching a new distributor/channel program specifically for EMEA in early 2020 to equip our partners to identify and deliver Corelight’s solutions to ultimately lower risk and increase efficiency. Corelight will continue to build on the secure, trusted foundation of the open-source Zeek (formerly Bro) network security monitoring platform to deliver additional benefits to end-user organisations and to our partner ecosystem.