As Kevin Brown remembers it, the security market was consolidating at a rapid pace two years ago. Those in the end point detection and remediation space were buying out companies in managed detection and response, traditional consultancy houses were moving into managed security services (MSS) and a raft of other partnerships and mergers were being announced.
Brown himself had just been appointed MD of BT Security and, three months later, attended the 2019 RSA conference in San Francisco where, for the first time, he met BT’s roll call of what was then more than 20 strategic partners. And it was during those first encounters with key security allies, that Brown discovered the increased complexity emerging in the market.
“My takeaway when I left San Francisco was ‘my God this market is consolidating at such a rapid pace’,” he recalls. With 2,500 vendors at his fingertips, it was clear that his new role would demand a new strategy.
“I always look at this through two lenses to say, one is how I’m supporting customers as an MSS provider and there’s another lens to say I’m actually customer too by the fact that I have to protect BT. Therefore, how do we simplify the route for our customers to get best choice and, for ourselves, how do we make sure we can go deeper with a few selected partners?”
It’s a perspective that led BT to commence what Brown describes as “probably the biggest technology review process we have ever run”, taking in everything from the investment and partner strategies of potential providers, to their compliance, marketing and customer records — particularly across BT’s diverse markets of the UK, US and EMEA region.
“It was a real end-to-end review, took months to go through, but it enabled us to come out with some clear categories of suppliers,” Brown explains.
Announcing the new line-up at the end of August, Microsoft, IBM and Cisco were all named strategic partners for BT Security, meaning “they are strategic to BT and also strategic to security”, Brown says.
McAfee, Palo Alto Networks and Fortinet were selected as critical partners, with each providing a range of services and products for the global portfolio, as well as providing holistic support to commercial and operational activities.
These partners will also co-develop a roadmap of security solutions to “reflect evolving customer demands and integrate the latest developments in security automation”, BT said at the time.
“Then we dropped down to recognise that there are some niche players. They have capabilities that perhaps don’t offer the breadth, but they are still relevant to our ecosystem,” Brown says, citing Skybox, Forescout, Zscaler, Check Point, CrowdStrike, Okta, Qualys, Netscout and F5.
With the security review now concluded — and marking two years in the role in November — Brown’s observation of the marketplace today is that providers remain at the helm.
“First of all, on choice, for a customer there is almost too much choice. It is very easy to be attracted to the latest shiny release, but actually do you really understand the value that is going to bring to your current security ecosystem?” He adds: “What I also see in the market is there are a lot of point solutions but there are gaps, and those gaps, as we see at the moment, are the vulnerabilities that customers are having to deal with. Somebody who has taken a DIY approach may draw on McAfee or Fortinet individually, but there is no point of integration, so you have gaps. We know particularly if you take DDoS and ransomware at the moment, everybody is just trying to make hay while those gaps appear.”
The volume game
While BT’s managed services cover the gaps for its own customers, those behind the rising number of attacks have certainly been making hay in 2020.
Recalling the headline stats, Brown notes a 667% increase in email scams, a 400% increase in brute force attacks and a more than 100% increase in ransomware. On a day-to-day basis at BT, teams deal with around 4,000 attempted attacks on national infrastructure.
While you can’t ignore the Covid factor, “it’s a volume game”, Brown says. In turn, organisations have recognised that a volume approach demands robust defence from a specialist provider. It’s one of two trends shaping how and where BT Security has positioned in the shifting marketplace.
The other is the evolution of security “from the coconut to avocado approach”, to use the technical terms. The coconut was the defined perimeter approach that characterised MPLS networks. So long as nothing came through, things were OK. With the arrival of cloud and SD-WAN that perimeter was gone, “and it’s this sort of avocado approach now, which is you need to identify what it is you’re going to protect”.
Brown explains: “That stone in the middle, that could be the crown jewels, your active directory, where the key data to your business is stored. That’s the thing you need to protect then you’re going to layer it out.”
With the network edge now more likely to be at an employee’s kitchen table or local coffee house, another factor must be weaved into the security fabric: persona-based activity.
“As we all strive to treat all our colleagues the same, when it comes to cyber security, I’m sorry but that principle goes out of the window,” Brown says.
In response, he has re-thought the traditional approach to resources, throwing out the rule book when it comes to the customary 25% year-on-year growth, to focus instead on the mix of people, processes and technology, and how to leverage the three in combination.
Brown says: “When I look at resources, I also look at the role of technology and therefore the skills we have. How do we make sure they are focused on the right activities?”
And when it comes to securing networks? “The primary threat to network security is seeing it as network security,” says Brown. While historically networks were built with security as a bolt on, today’s cloud-based networks present a whole new ability to protect.
“It can no longer be seen as traditional networking. You’ve got cloud adoption and then this thing that people generally forget called physical security, and then let’s not forget the people aspect,” Brown continues.
“Cloud presented an opportunity to change that and have security by design, but it is only just starting to come to fruition in a lot more detail now.”
Guard dog to guide dog
When he took on the role of MD, Brown’s goal was to “really make security intrinsic in everything we do”.
In a company with 102,000 employees — 3,000 of whom are on the security team — infusing anything in the culture is a mammoth task, but a mere two years later and Brown has a series of achievements to reflect on. From the upskilling of non-security staff to the “human firewall” initiative, he says: “It has become really infectious because the stance we take is that we are the protectors.
“It’s no longer just a compulsive basic training on security and tick.”
Confirming his pride, Brown adds: “I want my parents when they connect to the internet to have the comfort that somebody is there doing the hard work and protecting them.”
However, there’s a secret to Brown’s approach. Before joining BT, he was 20 years into a successful career in law enforcement, which spanned major crime, serious crime and intelligence — he even headed a collaborative murder investigation team.
“Many of the skills that I picked up and used in 20 years of policing were equally as transferable to the private sector, particularly into cyber and security because it’s about risk, decisions and intelligence. It’s about understanding those who are seeking to attack you,” Brown says.
Yet his approach isn’t simply to inspire 102,000 employees to think like a team of murder detectives, instead it’s to foster collaboration, not just between teams and departments but beyond the organisation, too. In 2017, for example, BT became the first telco to sign information sharing agreements with Interpol and Europol to fight cybercrime on a global scale.
Taking the message further, Brown is a member of the World Economic Forum’s (WEF) project to tackle cybercrime and has authored multiple papers on the topic, with another due imminently.
“I can see my role and that of my teams’ is really to be the chief security officer, or the person in charge with providing security in an organisation, making them the enabler of business outcomes.
“That transition from security where, unfortunately, it was branded for a good few years as always being that guard dog that answers ‘no, what’s the question?’, to I want them to be the guide dogs,” Brown explains. He continues: “This is how we can achieve those business out comes to almost being the heroes of the organisation, because security has made that business transformation happen.”
