451-researchThere are an excessive number of security tools and services on the market today, but threat intelligence services are arguably one of the top tools that enterprises of all sizes can leverage to stay one step ahead of cybercrime, prevent data loss, and reduce their overall security risk. Beyond the traditional security tools, an outside-in threat intelligence approach to cybersecurity efforts is increasingly being looked at by enterprises, in order to proactively track enemies and attackers, hunt threats, and address impending business risk.

LookingGlass Cyber Solutions offers a broad portfolio of threat intelligence-driven services that address threats throughout the cyber-threat lifecycle, giving organizations the ability to monitor external threats and operationalize their response. The company debuted its first ever partner program for managed security service providers (MSSPs) last year – saying it is empowering partners to deliver security as a service with customizable threat intelligence services.

The 451 Take
LookingGlass has grown via several acquisitions to become one of the emerging specialists in threat detection, management and mitigation. While a number of other firms provide niche offerings in this space, few provide such a broad portfolio. In addition, the company’s new MSSP partner program is showing promise as a route into monetizing ‘as a service’ opportunities, especially as partners start leveraging its products and services in innovative ways, growing business with the existing customer base, while providing differentiation when competing for new customers.

Founded in 2006, Reston, Virginia-based LookingGlass is a combination of several well-established companies that it acquired. The privately held firm was originally launched by a group of individuals who were part of an intelligence community project formulated to map everything connected to the internet. With permission from the US government, the group took the technology from the project and overlaid it with threat intelligence data to create the basis for LookingGlass.

Since that time, LookingGlass has acquired and incorporated several companies – including botnet-monitoring firm Kleissner and Associates, deep-packet-processing platform provider CloudShield, and most recently, Cyveillance, an open source threat intelligence supplier. LookingGlass now has 300+ staff and provides threat intelligence services to enterprises of all sizes, with several services tailored for SMBs.

Products and services
LookingGlass believes the threat intelligence market is fragmented, not only in terms of industry vendors and providers, but also in terms of the market’s approach to operationally implementing threat intelligence in an effective manner. LookingGlass states that its services portfolio addresses this issue by providing an integrated approach, delivering four key facets of threat intelligence: analysis and response, management, mitigation, and threat data (more specifically, machine readable threat intelligence, or MRTI). The services LookingGlass offers in each of these areas are integrated, and designed to work together to enable enterprises to operationalize threat intelligence, with features for detecting, understanding and prioritizing the threats and attacks that impact their environments.

LookingGlass markets itself as a threat-centric security company, and believes that enterprises of all sizes can benefit from the value of threat intelligence – provided it consists of high-quality data, is specific to the enterprise, is usable in their environment, and is easy to implement and integrate. LookingGlass believes it is one of the few companies that can deliver in all of these areas while providing a granular level of contextualization. At first glance, the company’s portfolio of products and services appears to cover the scope of threat intelligence well. In the area of threat mitigation, LookingGlass offers NetSentry for intrusion detection, NetDefender for security orchestration, DNSDefender for DNS protection, and ScoutShield Threat Intelligence Gateway. Threat intelligence management is delivered through ScoutVision (threat management), ScoutInterxect (threat correlation) and ScoutPrime (threat analysis).

The company also offers Cyber Threat Center, which provides an interface to manage data collection, as well as Virus Tracker, a botnet-monitoring system. LookingGlass offers several threat intelligence services, including threat and attack surface analysis, response and mitigation, special investigations, vendor threat assessment and cybersecurity awareness training. The company provides several MRTI feeds, ranging from phishing to malicious C2 domains to malicious URLs, to help correlate external threat activity with internal systems.

MSSP partner program
Last year, Laurie Potratz, VP of global channels and alliances for LookingGlass, was tasked with creating a unified partner program bringing together the assorted programs from the company’s acquisitions. During that process, Potratz discovered that service providers – both managed service providers (MSPs) and MSSPs – were interested in adding LookingGlass’ offerings to their portfolios, but as a service rather than as a more traditional resale option.

The company says these service providers were looking for ways to expand their security services portfolios, differentiate themselves in the marketplace, and create new revenue streams. Potratz discovered that most of the MSSPs were offering the typical security services – firewall management, endpoint protection, patching, vulnerability scanning, etc. – all of which take an ‘edge inward’ approach. Adding threat intelligence to their service portfolios would enable providers to start delivering services focused on what’s happening outside the firewall, including activities and data in social media, hacker channels, and on the dark web.

The company launched its MSSP partner program at the end of 2016, enabling partners to provide customized threat intelligence services. The program offers two options: a ‘pay as you grow’ revenue-sharing model, which helps MSSPs mitigate their up-front costs with low initial investment and quick deployment, and a traditional OEM resell model.

While LookingGlass has not yet reported the number of partners in its new MSSP program, it does state that growth has been strong to date, and that it is seeing keen interest from MSPs and MSSPs alike. The partner program touts both standardized and customizable threat intelligence services that appear to be quick and easy to deploy. LookingGlass described several examples of partners utilizing the partner program to create custom services.

For example, LookingGlass shared that several of its MSSP partners are leveraging its Executive Threat Assessment to deliver value down to the individual executive level, protecting the executive, his or her family, as well as the company. Partners turn this into a monthly service – not only assessing the customer’s executive staff, but also its new hires and acquisition targets.

Other partners have leveraged the company’s threat intelligence feeds to provide monthly high-level, industryvertical threat reports to their customers at no charge. This differentiating value-added service also leads to new business as those customers start inquiring and asking for threat information more specific to their own businesses.

A number of companies in the security space offer threat intelligence products and services, but LookingGlass contends that most are niche offerings or point products, and do not address the full scope of a complete threat intelligence framework providing full orchestration and management.

Competitors offering point product’s in this space include anti-phishing specialists Area 1 Security, social mediamonitoring company Brandwatch, DNS firewall provider ThreatSTOP, and threat analysis and visualization platform Blueliv. Threat intelligence platform providers such as ThreatConnect, IBM, Symantec, SurfWatch Labs, Recorded Future and ThreatQuotient compete with LookingGlass’ full threat intelligence approach.

SWOT Analysis

The company’s full suite of threat intelligence products and services combined with its new MSSP partner program should result in growth in a new space for LookingGlass.

Delivering to the service provider space is a significant change from traditional reselling. While it appears that LookingGlass has structured the partner program well to address this space, we have yet to see how well it handles the operational demands for this sector as the number of providers continues to grow.

The greenfield space addressed by the company’s new MSSP partner program should provide further revenue and customer opportunities. If this endeavor proves successful, LookingGlass could consider other partner-program opportunities, with offerings tailored to providers that may service other vertical or niche markets.

Many MSSPs are burdened by the number of tools they have already invested in and not fully leveraged. And the marketplace, full of vendors with additional tools and services, is pulling security service providers in a number of directions, resulting in confusion and frustration. With its new MSSP partner program, LookingGlass will need to clearly communicate and demonstrate its value proposition to both MSSPs and MSPs to see continued program growth.

Aaron Sherrill, Senior Analyst

Rory Duncan, Research Director, European Services

Download the Original article here