LookingGlass sees new CS-4000E enterprise network security platform as strong channel play

This platform, the CS-4000E, is a version of the CS-4000 the company has been selling to government customers, priced lower for the enterprise. Looking Glass has begun to recruit a channel, and sees the platform’s ability to cover the whole threat intelligence spectrum as a strong incent for partners.

Chris Coleman_LG DR 300x450

Chris Coleman, LookingGlass’ CEO (Photo Courtesy Christopher DeVargas/Greenspun Media Group)

Threat intelligence vendor LookingGlass Cyber Solutions has announced its new CS-4000E network security platform, together with an updated suite of threat mitigation applications. The new platform is focused on the enterprise market, a level down from the government market where LookingGlass has been selling its CS-4000 platform. The new offering is also well suited to the company’s channel, which it is in the process of developing.

LookingGlass was originally founded by ex-NSA people who wanted to take the ability to map the Internet at a global scale and overlay threat indicators and risky behavior on top of that typology,” said Chris Coleman, LookingGlass’ CEO. To develop the business potential of this, they took their first venture funding in 2012. Coleman joined in 2013 and became CEO shortly afterwards.

LookingGlass spent 2014 growing out its install base, and 2015 was all about key acquisitions and securing the funding rounds to support them. The acquisitions included one that provided the world’s largest botnet tracking capability.

“We are now a very different company from a year ago, with a complete solution set from phishing detection to active threat intelligence fabric and active mitigation,” Coleman said. Their customers range from very large, including Fortune 50 companies and large federal government agencies, all the way down to medium sized businesses.

“We compete in a very fragmented market,” Coleman said. “Gartner looks at it as three separate markets — Threat Intelligence Management, Threat Mitigation and Machine Readable Threat Intelligence. We complete against a lot of different players in those areas, but we are the only one that offers the full set of capabilities across all three.”

The CS-4000E is a multi-function DPP inline network security platform which serves all three capabilities.

“It’s a new platform that provides the same rigorous security of the CS-4000, but we have been able to lower the cost of the CS-4000E platform to more of an enterprise price point, compared to the CS-4000, which is more designed for government requirements,” Coleman stated. “We have also taken applications that have been successful and packaged them on the platform.”

The three applications are LookingGlass DNS Defender, NetDefender and NetSentry, the latter of which has been used by LookingGlass internally, but is being made available to customers as a commercial product for the first time.

DNS Defender provides dynamic threat defense by blocking the very first communication between embedded malware and the command and control servers using access control lists provided by either LookingGlass’ ScoutVision threat intelligence management or the customer.

NetDefender is a unique solution which enables multiple and independent advanced malware defenses to work together to stop attacks sooner by harnessing LookingGlass DPP on the CS-4000E for traffic steering and inline threat mitigation.

“It creates a very robust single point of mitigation and inspection, because you no longer have to worry about what sensors will do to the mitigation,” Coleman said.

NetSentry is a high performance, network intrusion detection system that processes up to 40 Gbps of network traffic in a single appliance running multiple SNORT instances.

“It allows users to run SNORT securely at a very high speed in our platform,” Coleman said.

All these capabilities can work in unison, he added.

Many companies in this space sell direct, and that has been LookingGlass’ historical model, with partnering bringing them customers rather than providing value-added services. That is now in the process of change, however.

“We are starting to enter the channel phase of our go-to-market strategy,” Coleman said. “Many vendors in this space aren’t channel ready, but our solution set is broad enough now that we can go to the channel with it.”

Coleman emphasized that being able to offer a complete solution across the threat intelligence spectrum should prove attractive to partners.

“In today’s fragmented threat intelligence market, being able to offer an end-to-end solution, without having to deal with different vendors and trying to tie it all together, is a plus,” he said. “The reason we believe we are ready for the channel is we can now offer that end-to-end solution from a single company without them having to piece things together.”

Coleman indicated that while they are not looking to create a large channel, they are actively looking for the right partners in North America, as well as Europe, the Middle East and Asia.

“There is a lot of growing interest overseas, including government interest, that the channel will help us address,” he said. “The channel is a little ahead in Asia-Pac now.”