Cyxtera adds offense to defense gameplan with Immunity acquisition

Cyxtera, formed last year by integrating CenturyLink’s 57 data centres with four security companies, has a large minority of its sales go through channel partners, who also stand to benefit from the addition of Immunity’s penetration testing and adversary simulation capabilities.

Chris Day, Cyxtera’s chief cybersecurity officer

Miami-based Cyxtera Technologies, which offers cybersecurity and colocation services globally through a network of 57 data centres, has added an entirely new capability to their solution set. They are acquiring Immunity, a privately-held solutions provider based in Miami Beach, and a partner of Cyxtera and its antecedent companies. The deal is expected to close this quarter. The acquisition is significant because Immunity focuses on offense-oriented cybersecurity like penetration testing and adversary simulation, which provides a complement to Cyxtera’s defensive security portfolio.

Cyxtera was formed in May 2017 when two private equity firms acquired CenturyLink’s 57 global data centers and associated colocation business, and integrated them with four cybersecurity companies already held – Cryptzone, Catbird, Easy Solutions, and Brainspace. The idea was to create a large company focused on all aspects of secure infrastructure. Their one limitation was, however, the lack of in-house offense-oriented cybersecurity.

“We did not have this capability at all before – it’s all net new for us,” said Chris Day, Cyxtera’s chief cybersecurity officer. “We had worked closely with the Immunity team in various incarnations for over a decade. It was a capability we decided that we wanted to have in-house.”

Immunity’s Canvas assessment tool allows penetration testing and hostile attack simulations to be conducted, and is widely recognized as a superior tool of its type. Innuendo is an advanced penetration testing tool for modeling data exfiltration attacks.

“Innuendo is a very advanced implant capability, designed to be used for adversary simulation,” Day said. “it is designed to be great offensive tool, but we can use it in a different way to protect customers,  testing out network segmentation and SOCs.”

Day said that Immunity’s penetration is particularly advanced within that market.

“It really is different from other penetration testing, because they are known for doing a lot of their own vulnerability research,” he said. “That lets us do specific custom work for customers. For instance, they  have done some significant research on infrastructure vulnerabilities that will soon be made public, that were discovered as part of this work.”

Day also stressed that being able to do both offensive and defensive cybersecurity offers tangible advantages.

“It’s really about capability, and it’s about proof,” he said. “When we help a customer secure their network, being able to do very sophisticated penetration test is an important element. We can design a network and architect it, but we need to put it to a real test. Without it, you never know. We were bringing Immunity in before in many cases and had them use Innuendo just for that reason. It gave us a great deal more comfort.”

Having Immunity in house will also let Cyxtera get a lot more out of them than they have been able to do up to now.

“We both were doing things that are sensitive, that we can now fully share and vice versa,” he said. “They have already showed us work they have been doing that is not public yet, that they would never have shared before. So there will be tighter integration on both sides of the house, and more control on my end over how the road maps are going, to align them with our interests much more directly.”

The human capital being acquired with the deal also brings major additions to Cyxtera.

“An offense-focused engineer is very different from an incident response person or a hunting person,” Day said. “This will fill out our roster with some very advanced skillsets.”

Cyxtera services a fairly broad range of customers, from the very large to the comparatively small, and the acquisition should provide new value for both.

‘Our data centre footprint means that we have some very large customers, but we also have ones who have a single rack,” Day said. “There’s a lot of breadth there. While this will enhance our array of services and range of offerings for larger customers, they can still be relevant for smaller ones. Smaller companies don’t need the same capabilities as the Fortune 100, but they still may have a compliance framework, can use consulting services to help them get aligned and benefit from a light penetration test to make sure it works.”

Cyxtera has a large direct sales force, but also has an active channel, and a young channel program that was created in September 2017 and includes distributors, master agents and managed service providers. Partners can resell colo services, and are able to get certified on and resell Cyxtera’s existing products and services, including AppGate SDP network security, AppGate Insight asset discovery and visualization, and threat analytics.

“A majority of our sales are still direct, but our partners are significant, and some of our biggest sales have come in through the channel,” Day said.

Channel partners will have full access to the Immunity solutions.

“Immunity has a few channel partners, but the majority of their sales have been direct,” Day said. “A lot of their consulting services come through word of mouth, especially among the larger companies like the big financials. They don’t really have a sales force.”

The channel should take well to the Immunity products and be able to significantly expand their use.

“These solutions should be fairly intuitive for them,” Day noted. “Canvas is a well-established product, which is easy to understand. It’s not a complicated sell. You just download it from the site. Innuendo is a little more complex.”

Cyxtera has a significant presence in Canada, including data centres in Markham and Mississauga in the Greater Toronto area, as well as ones in Montreal and Vancouver.