At last week's InfoSec Europe event in London, we were able to sit down with a few members of the team from Ziften.
The company recently announced its formal expansion into the Europe market, riding on the back of a partnership with Microsoft to integrate Ziften's endpoint detection and response (EDR) platform with Window Defender ATP.
Ziften senior vice president of marketing Roark Pollock says that up until this year the company has been primarily North America-based. However, the company has always had plans to make moves into the Europe and Asia markets, and the Microsoft partnership has accelerated them.
“We're really using the Microsoft relationship as a way to spur that growth and get started in these regions with an almost risk-free situation. We've got effectively a pipeline in place from day one. Once we're in then we can start to build our channel partners,” says Pollock.
Pollock believes the endpoint security space at the moment is very fragmented, resulting in it being difficult to distinguish real points of differentiation between companies, which is an opportunity.
“I adamantly believe that Microsoft can change the dynamics of the endpoint security space. We are already seeing that a lot of what were traditionally isolated endpoint security products are now coming together with newer detection and response capabilities to become full endpoint suite,” says Pollock.
“Microsoft have really just scratched the surface of the endpoint security market in my opinion, as they have the potential with Ziften by their side to really turn the market upside down. I think a lot of the bigger vendors are going to disappear with the rise of Microsoft's endpoint security, which is why I believe it's better to be a Microsoft partner than a direct competitor.
Pollock also touched on the debate of threat prevention vs detection.
“Traditionally businesses would build as much prevention as possible and then worry about detection afterwards by adding it on as necessary, but they're now realising they will never be able to hit 100 percent prevention, so they are positioning themselves so they can detect and respond to things that get past that initial net,” says Pollock.
“If you're patching your systems and taking care of your endpoints, it doesn't matter what gets on there. If you're not patching, then you're leaving yourself exposed. It's just like locking the doors in your house. I don't have 24/7 surveillance and guards on my property but locking the doors is prevention nonetheless.
Pollock asserts Ziften remains committed to the mid-market enterprise.
“In a large enterprise you've typically got a number of specialised teams that focus on particular jobs like security operations, DevOps, and IT operations,” says Pollock.
“Whereas in the mid-market it's often a job shared by 1-3 people. We've done endpoint detection and response for a long time, but the core of our business was really founded around being able to take some of the jobs done by these specialised teams and put them into a single platform, enabling our customers to take advantage of these tools.