Posts

Press Release:

OPAQ Customer Nyhart Receives 2019 CSO50 Award for Security-as-a-Service Deployment

Employee Benefits Firm Replaced Hardware and Software with Cloud-Delivered Network Security to Achieve Superior Protection, Performance and ROI

 

OPAQ, the network security cloud company, today announced that customer Nyhart, a privately held employee benefits and actuary service company, has been recognized with a prestigious 2019 CSO50 Award from IDG’s CSO for its managed security project. Nyhart was selected for replacing its hardware and software security infrastructure with the OPAQ security-as-a-service platform to achieve Fortune-100 grade protection from threats, higher network performance and lower IT operating and management costs.

The annual CSO50 awards recognize a select group of organizations for security projects that have demonstrated outstanding business value and thought leadership. Nyhart will be honored at a special awards dinner on April 10 during the CSO50 Conference + Awards at the Talking Stick Resort in Scottsdale, Arizona. A full list of the CSO50 Award honorees is posted online at: https://bit.ly/2za5PCv.

“Following a series of acquisitions, we recognized the need for more advanced protection against cyber threats than we were able to implement and manage with our in-house resources, so we set out to find an alternative,” said Dave Sherman, CIO of Nyhart. “The OPAQ Cloud has allowed us to replace a complex set of individual products with a single cloud service. As an added benefit, our locations are now connected over OPAQ’s high-speed, encrypted SD-WAN instead of much slower and more expensive MPLS links.”

Nyhart is headquartered in Indianapolis with offices in Chicago, Atlanta, San Diego, Houston, Denver, Kansas City and St. Louis. The company had been growing rapidly, both organically and through acquisitions, and its small IT department was stretched very thin supporting eight offices, with more planned domestically and internationally. A sprawling patchwork of networks, devices, applications and mobile users had become too complex to manage and protect. Nyhart eliminated an array of hardware and software products with OPAQ’s fully automated and orchestrated cloud platform.

“Like most midsize enterprises, Nyhart has limited security resources and expertise,” said Kenneth Ammon, Chief Strategy Officer of OPAQ. “The OPAQ Cloud enables Nyhart to consume Fortune-100 grade protection as a utility so they can invest in growing their business.”

The OPAQ Cloud protects Nyhart with best-of-breed security that includes fully integrated next-generation firewall, endpoint protection, web application firewall and Cloud SIEM capabilities. OPAQ’s fully encrypted SD-WAN also eliminates trade-offs between protection and performance across all of Nyhart’s distributed locations since more than half of the company’s traffic never touches the Internet.

“This year’s class of CSO50 award winners raise the bar on security innovation,” said Amy Bennett, executive editor, CSO. “While delivering business value and demonstrating thought leadership are the metrics on which they are measured, the greater value is in the peer-to-peer sharing of ideas across a range of industries, across company sizes, for-profit and not-for-profit, public and private. The magic really happens on the stage at the CSO50 conference when these projects are brought to life in presentations and panel discussions. It is an honor to give them the recognition they deserve.”

 

About the CSO50 Awards
The CSO50 Awards recognizes 50 organizations for security projects and initiatives that demonstrate outstanding business value and thought leadership. The CSO50 Awards are scored according to a uniform set of criteria by a panel of judges that includes security leaders and industry experts. The 2019 awards will be presented at the CSO50 Conference + Awards, April 8- 10, 2019, at the Talking Stick Resort, Scottsdale, Arizona.

About CSO
CSO is the premier content and community resource for security decision-makers leading “business risk management” efforts within their organization. For more than a decade, CSO’s award-winning web site (CSOonline.com), executive conferences, strategic marketing services and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Communications, Inc. Company information is available at www.idg.com.

Why FourV and OPAQ Joined Forces

I’m pleased to be writing this post as a member of OPAQ Networks, following the announcement today that FourV Systems has become part of the OPAQ family. Our two companies share a common focus — empowering MSPs and MSSPs with security automation to help them gain greater visibility and control while substantially simplifying the management of their customers’ network and security architecture.

FourV’s patented GreySpark solution provides continuous security metrics, compliance monitoring and reporting. And the OPAQ security-as-a-service platform integrates comprehensive enterprise-grade security capabilities with a private software-defined network backbone. Together, we’re delivering the single most effective and efficient tool that MSPs and MSSPs can use to:

  • Identify what security controls should be prioritized;
  • Manage and enforce best-of-breed network security controls; and
  • Demonstrate and communicate the value of security services to technical and non-technical decision makers

Beyond this natural technology “fit”, several other factors convinced FourV’s management that we could achieve goals more quickly as part of OPAQ.

OPAQ’s platform is built to address a market that we at FourV also believed is both underserved and critically important – the midsize enterprise. These companies often find challenges in applying the personnel and financial resources needed to acquire, deploy, and manage the type of security infrastructure required to properly fend off today’s advanced threats. OPAQ’s cloud platform levels the playing field, packaging their best-of-breed security platform in a way that is accessible for midsize enterprises while also making it simple for service providers to manage.

OPAQ’s leadership team and support teams are also extremely experienced in our space. Glenn Hazard and Ken Ammon certainly ‘get it’ when it comes to the intersection of business and technology needs of service providers and the midsize enterprises they support.

The FourV solution serves as a complementary addition to the OPAQ cloud platform. An assessment of the security operations performance and compliance maturity is often the first step MSPs and MSSPs need to take with their clients in order to provide trusted recommendations to reduce risk and exposure. We could not be happier that we are now a part of an organization whose platform enables those MSPs and MSSPs to meet the needs of their clients by giving them the ability to instantly deploy and manage enterprise grade security.

Want to learn more? See how simple it is to get started with OPAQ.

Game-Changer: What OPAQ’s Selection of Palo Alto Networks Really Means

We’re thrilled to have announced our partnership with Palo Alto Networks, which opens up tremendous opportunities for our MSP, MSSP, and VAR partners to deliver enterprise-grade security-as-a-service from the OPAQ Cloud.

This is a huge deal. This agreement furthers OPAQ’s mission to provide fully integrated networking and enterprise-grade security as a simple, cloud-based service. It means that OPAQ partners are empowered with:

  • A subscription model designed to make enterprise-grade security affordable and accessible to midsize enterprises. The traditional approach to security has put enterprise-grade security that midsize enterprises need out of their reach because it’s too costly and complex to manage. The OPAQ Cloud is a game changer – it makes enterprise-grade security accessible and affordable to midsize enterprises. This means new, lucrative revenue opportunities for partners.
  • Fortune 100-grade network security that’s known and trusted. The OPAQ Cloud integrates best-of-breed security capabilities that are powered by known, trusted security technologies, such as Palo Alto Networks, and other industry leaders and unique OPAQ intellectual property.
  • Cloud network engineered for speed, strength, and flexibility. OPAQ owns and operates its own private network backbone. In addition to integrating best-of-breed security capabilities into the fabric of the platform, OPAQ optimizes the speed and performance of network traffic by leveraging transit and peering relationships with world-class providers.
  • Single interface designed for simplified management, compliance, and reporting. The OPAQ 360 portal provides a single pane of glass where all customer security policies and network traffic can be centrally managed and enforced — all without the cost and complexity associated with managing dozens of security products from multiple vendors.

We chose Palo Alto Networks because they are a proven technology leader in next-generation security technologies. Bringing Palo Alto Networks into the OPAQ Cloud makes enterprise-grade network security much more accessible for midsize enterprises and manageable for solution providers supporting midsize enterprises.

For more information on OPAQ’s partnership with Palo Alto Networks, read the press release here.

OPAQ Cloud Named Best Network Security Solution by Gov Security News

We are pleased to report that the OPAQ Cloud platform was recently named best (Platinum) Network Security/Enterprise Firewall solution in the 2017 GSN Homeland Security Awards for cybersecurity excellence.

The Awards are hosted by Government Security News (GSN) to recognize excellence and leadership in the Cyber Security and Homeland Security sectors. Winners were selected based on a combination of technological innovation, ability to address a recognized government IT security need, and flexibility to meet both current and future needs. Category winners were ranked with Platinum, Gold and Silver designations.

The OPAQ Cloud is tailored to meet the unique needs of State and Local governments, which face the same sophisticated security threats, like ransomware, as larger federal agencies, but tend to lack the resources and technical experts to adequately protect their networks.

The massive WannaCry cyberattack that infected computers in at least 150 countries several months ago is a good example. In the aftermath, many State IT officials said they often don’t have enough money to effectively fight sophisticated cyber threats. And the scale of that attack made them even more concerned.

Doug Robinson, executive director of the National Association of State Chief Information Officers (NASCIO) went on the record to say: “This is a big wake-up call because it is cyber disruption. States and local government need to address this because it’s a serious threat. We have urged states to take action immediately.”

There are many security products that try to do some really great things for state and local governments. However, many products and management systems are isolated and do not talk to each other.

This is why automation and orchestration are becoming a game-changing necessity for state and local governments. Leveraging automation can help state and local governments effectively detect and respond to threats at speed. This is what the OPAQ Cloud is designed to do — and it’s why we were honored with the GSN Homeland Security Award.

To find out more about the GSN Homeland Security Award, see the announcement. To learn about the OPAQ Cloud and the benefits of security-as-a-service visit https://www.opaqnetworks.com/solution.

IT Security Professionals Take a Stand: Why They’re Divorcing Themselves from the Security Product Ball and Chain

Business executives despise security – it’s often viewed as an impediment to growth and innovation – but they know they need it. On the other hand, IT security professionals thrive on security and an ecosystem of roughly 1,500 security product and services vendors that compete in a Zoolander-like fashion show, puckering up and striking poses every few minutes to show off their latest wares.

What organizations really need is a set of security functionality that works together to reduce the attack surface and reduce risk. This has traditionally been delivered through a multitude of products and services cobbled together with duct tape and fishing line, resulting in a massively complex and costly infrastructure. In addition to the massive costs, this approach continues to fuel the need for impossible-to-find security experts who can manage and maintain the infrastructure.

What more and more organizations are now realizing is that, rather than receiving the needed security functionality through an array of products and services, they can instead receive it from the cloud. Security-as-a-service not only frees up time for IT security professionals to focus on more strategic business initiatives, but it also reduces costs for business executives seeking to maximize every dollar invested in security.

As a result, what we’re seeing is an influx of IT security professionals picking up bolt cutters and snapping the chains of their traditionally product-centric approach to security. This shift is supported by a market study conducted by analyst firm 451 Research, where they sought to gain insight into the challenges and opportunities more than 300 US mid-tier companies face with respect to network security.

What’s Wrong with More Security Products and Services?
Nothing. As long as you have the personnel expertise, budget and time to dedicate to testing, procuring, integrating, refreshing and managing them. According to the study, more than 82% of respondents claimed they devote between 20 to 60 hours per week of in-house staff resources procuring, implementing and managing network security. The average mid-market organization invests an average of $461,000 per year on IT security, and nearly 40 percent of the total budget is spent on network security. These businesses also expect to increase spending on network security by an average of 10.9% over the next 12 months.

The reality is most mid-tier organizations lack the resources to keep up with this approach. Cloud, mobile and IoT adoption are only making this challenge more difficult.

Despite significant investment in network security, 63% of the respondents expressed having little to no visibility and control over all their distributed network, especially mobile devices, remote users, IoT devices and third parties.

According to the study, tackling these challenges are typically between 3-5 employees dedicated to IT security. This handful of employees are spending many hours managing the various traditional IT security products and services required to protect the network. Many organizations also rely heavily on contractors and part-time employees, as well as MSSP providers, which adds complexity to daily coordination efforts.

What’s keeping these organizations from advancing? 62% cited legacy IT. Challenges presented by legacy IT and personnel shortages are forcing organizations to look for new solutions to solve the network security and resource conundrums.

Nirvana: Automation and Centralized Security Control – From the Cloud
IT security professionals are increasingly looking to cloud-based services and new technologies to address business requirements and security challenges. In fact, two-thirds of the respondents indicated that they strongly prefer using a cloud-based security solution from a security-as-a-service provider for managing or co-managing their security. More than 70% of the respondents indicated they prefer security-as-a-service over on-premises or MSSPs.

The urgency around this shift is strong. More than 85% of the respondents in the study indicated that network security-as-a-service is “important” (within 12 months) or “critical” (within three months). Branch office enablement and optimization and threat management were cited as the main priorities for a swift shift to a network security-as-a-service solution.

The common thread between business executives and IT security professionals is that network security remains a significant business priority. The shift to security-as-a-service is not only about fleeing a complex and costly problem. It’s also about making a smart, strategic move to a delivery model that is strong and sustainable.

Receiving Security From the Cloud: Why Cloud Maturity is Driving Security Transformation

For well over a decade, the cloud has garnered much hype and attention – and for good reason. For organizations bold enough to leverage it, the cloud has delivered staggering results including faster service delivery, reduced costs and greater agility.

Organizations have matured in their adoption and use of cloud services from email and HR Software-as-a-Service solutions to leveraging Infrastructure-as-a-Service providers to create new solutions and value for customers.

From the day the term cloud computing was coined, security has consistently been cited as a primary concern by organizations when considering moving business functions to the cloud – and it’s not hard to see why.

Utilizing yesterday’s bolt-on security as you implement your cloud strategy is extremely problematic. Not to mention the cloud era has coincided with a litany of other tech trends—Bring Your Own Device (BYOD), Internet of Things, and increasing levels of telework for example—that have made cybersecurity extremely challenging for businesses large and small.

These trends have erased the traditional concept of a security perimeter, causing IT professionals to patch one “leak” in the security dam as six more spring up. It’s an eternal and exhausting struggle, and one that hasn’t had an easy solution.

That is why we’ve formed OPĀQ Networks, which is an important evolution in network security and how security is delivered.

Security Is Still a Human Issue

The companies that can afford to find and retain security talent perform much better than those that can’t. However, the bottom line is that even for the most resource-rich, security-focused companies, there will never be enough security expertise.

There are quality security solutions out there that can provide protection in certain areas, but products are only useful if people have the time, budget and expertise to properly manage them.

Studies show the average large enterprise has anywhere from 3 to 5 network security products. Considerable amounts of time and expertise need to be put into the evaluation and management of a company’s security stack. Not to mention all of the selected products will have patches, updates and licenses that will need to be managed. And after all is said and done, a substantial number of security breaches occur due to poorly implemented policies and improperly implemented security products.

In 1997, I co-founded NetSec and helped pioneer the Managed Security Services Provider (MSSP) business model. We helped many companies with their security by providing outsourced monitoring and management of security devices and systems until I sold the company in 2005. The reality is that, even as the experts, NetSec and many other MSSPs struggled to keep pace with the highly diverse product base and distributed control of our clients’ network and security infrastructure.

Security-as-a Service: Tightening Control, Simplifying Networks

The answer to the human issue is to bring network security into the cloud age. Rather than deploying and managing point security products utilizing distributed and disjoint policy, network security controls should be tightly integrated into the network and managed through a single policy control point. Security from the cloud can be extended to the location, user and device on demand.

This post on the Securosis blog by Mike Rothman does a good job of illustrating compelling use cases for security-as-a-service:

  • Optimized Interconnectivity: You might have 85 stores which need to be interconnected, or possibly 2,000 employees in the field. Or maybe 10 times that. Either way, provisioning a secure network for your entire organization can be highly challenging – not least because mobile employees and smaller sites need robust access and strong security, but fixed routes can negatively impact network latency and performance.
  • Security by Constituency: One interesting extension of the policies above would be to define slightly different policies for certain groups of employees, and automatically enforce the appropriate policies for every employee. Let’s consider a concern about the CFO’s device. You can put her and all the folks with access to sensitive financial data in a special secure network policy group.

At NetSec, we provided the best security possible at the time, but there were technological and physical limitations to what we could offer. And the MSSP model hasn’t dramatically changed. Distributed security products bolted on to a network managed by a separate team results in endless false alarms and incomprehensible policy. The legacy perimeter protection approach was difficult then and near impossible within today’s hybrid cloud environments.

The growth capital OPĀQ Networks announced today will help us accelerate our research and development, operations, and customer growth in the commercial market. This is a tremendous step towards finally tackling the human issue head-on. It’s an issue that has been at the heart of security challenges for decades. And because of the maturity of cloud, now’s the time you’ll see positive disruption in how security is received.