A six-year effort to expand into cyber security as the traditional managed services market faded is paying off for Palmerston North-based Advantage.
And one partnership in particular is driving that momentum.
Over the last six years or so, security services have grown from less than five per cent of Advantage's revenue base to around 40 per cent and growing, Advantage managing director Brad Pearpoint said.
"It will be around 60 per cent by the end of next year," he said. "It's where a significant part of our future is."
The traditional part of the business was still strong and managed services were still needed, Pearpoint said.
"In terms of what managed services look like these days it’s very different. It's cloud centric but people still need assistance with that."
Advantage also has its own data centre facility and while private cloud and hosting were definitely legacy, that part of the business showed "reasonable" growth in last 12 months, Pearpoint told Reseller News.
Most of that was around disaster recovery for organisations otherwise adopting cloud.
The vast majority of organisations Advantage dealt with were happy with Australia as a cloud location but cyber threats such as ransomware attacks was driving demand for local disaster recovery.
With new local cloud regions becoming available, Pearpoint said he was sure a lot of cloud workloads would also migrate back on-shore over coming years.
Advantage has a number of cyber security partnerships but 85 per cent of clients had SentinelOne somewhere in the mix.
"We can’t find anything better and we did quite an in-depth review," Pearpoint said. "They have an exceptionally good partnership model."
That was especially the case during go-to-market, he said, with very open communications. A lot of vendors claimed that but SentinelOne "walked the talk".
That was matched by a strong development roadmap.
"Although the technology is very good today, where they are going in the market is where we believe the market is going," Pearpoint said.
With a powerful convergence of tools covering endpoint detection and response (EDR) and security incident and event management (SIEM) and moving into extended detection and response (XDR), there was product there today.
Augmented by acquisitions, that was exactly where Advantage wanted to go.
Advantage was also also a long-time LogRhythm partner and that was still a big part of its offer along with various firewall products.
Consulting around security and risk was a growing part of what the company delivered along with incident response, again centering on SentinelOne for "when it all goes horribly wrong".
With around 70 people, Advantage was not a big team, so partnering with vendors who delivered automation was important to just for coverage and service but for profitability as well.
"We do a lot with that amount of people," Pearpoint said. "We don't need to rely on having all of the people staring at screens."
Smart automation and escalation tools, a lot based on SentinelOne and in house work, were key.
"Automation and escalation are absolutely a core part," he said. "The technology piece about multi-tenantabilty and the APIs they had available and the way the technology works from an efficiency point of view all played into the reason why we chose them."
The team only has to address an alert rate 85 to 90 per cent lower on the new EDR than it did on its previous one, without actually missing anything, he said.
Advantage's acquisition of Nspire late last year had bedded down well, Pearpoint said. Nspire had some exceptionally good staff and that bolstered Advantage's capabilities, especially in networking.
"It allowed us to add a fourth part to our bow: managed services, datacentre, security and then that core networking across large enterprises."
Most back-end systems had been integrated and the front-end teams over the next six months would work less as separate businesses and more as units of the same business.
Attrition across both Nspire staff and customers had been minimal.
"Nspire customers are quite excited about the opportunity with the rest of our business," Pearpoint said.
The threat landscape hadn't changed greatly over the last year or so with the exception of supply chain threats, which could be harder to detect because they did not have to come from a direct supplier.
"We've definitely done a lot of work with organisations over the last 12 months trying to understand that supply chain risk and put in some mitigations around that." Pearpoint said.
"Hygiene is still the cause of most things: things not being patched, not knowing where your assets are, not using the correct level of security tools.
"That is baseline where security maturity needs to be today and some are not quite at that level yet. The ones that are, it's usually a supply chain issue."
Security policies also had to be enforced.
"The cloud obviously makes things easy, it also makes it very easy to lose control."
As to success stories, Pearpoint said over the Christmas 2022, a large e-commerce vendor found themselves breached.
Not wanting to take the entire business down at such a busy time of year, Advantage was called in and used SentinelOne to segment the company's environment, ring-fencing the affected part and then fixing it.
Business carried on during the busiest time of year.