Software security vendor Checkmarx continues building out channel with addition of Fishtech Group

Checkmarx makes application security testing software that covers the entire software development lifecycle, and over the last several years has evolved from a direct model from one that aims to get as close as possible to all of their new business coming through the channel.

Application security testing vendor Checkmarx, which has begun to build out its channel aggressively over the last two years, has signed a key new strategic partnership with Fishtech Group, which becomes a Checkmarx reseller.

Checkmarx plays in the space that Gartner calls Application Security Testing and which Checkmarx describes as software security.

“It addresses a need that organizations have, which is the need to secure their software, said Bernd Leger, Checkmarx’s Chief Marketing Officer. “Software is the backbone of digital transformation. More and more companies today are getting product to market faster, making much faster builds. We help them reduce and manage the risks related to bringing their software to market.” Gartner has them as a Leader in their quadrant, along with MicroFocus, Synopsis, IBM and CA, the latter of which is the Veracode business they acquired in 2017.

Checkmarx’s headquarters are in Israel, with U.S. headquarters in Paramus,  New Jersey. They have close to 500 employees, with 120 in the U.S.

“We have been growing at a 70 per cent pace year-over-year, the fastest growing company in the space, and have been doing it at scale,” Leger said.

Checkmarx has been in this business since 2006, starting off around source code in the static analysis market and subsequently adding additional components around the testing phase and development parts in order to address the entire software development lifecycle. Their Software Exposure Platform is designed to help customers release secure software, faster.

“We focus on the developers, because the developers are the ones who introduce risk, so we make sure they are able to develop software in a secure way,” Leger said. “We have solutions for the training of developers that address that issue as well.”

The application security testing market began in the enterprise, and that is still its sweet spot, although it has moved downmarket somewhat as more companies develop their own software and use open source. The industry also began with a strong direct selling bias, and that was the case with Checkmarx for most of their history.

“We started selling through channel partners in North America in 2015, and were doing between 3-5 per cent of our business that way then,” said Rick Riccio, Checkmarx’s Director of North American Channels. “In 2016, we built a channel program and started recruiting, growing the channel business further. Even though the company itself has been growing very rapidly, the amount of channel business is up to 30 per cent. Our goal now is to get the channel business up to 50 to 55 per cent of the whole, and to do that, we have been able to recruit some of top security partners.”

Riccio said that FishTech Group is one of those. A new venture from Gary Fish, the company’s CEO, following the merger of his last one with Accuvant to create Optiv, FishTech is headquartered in Kansas City, Missouri, and has a presence in the U.S. Northeast, Southeast, and in California.

“They are a significant addition, who looked at us and decided to go with us,” Riccio stated. “We now have between 75 and 80 partners in North America, and it is a very strong channel.”

Managed services are not yet a focus, although Riccio said that Checkmarx has looked at it.

“In 2019, we will look at it some more, considering both the opportunity and our priority to make sure that our customers are well taken care of,” he said. “It’s a way that we may go as we build out the channel further.”

Going forward, Riccio said that deeper training for partners is a priority.

“We are coming out with professional services training, and will also be training both their engineers and their sales staff more to better enable them,” he stated. “We want to get to as close to a 100 per cent channel mode as we can with our new business.”

Checkmarx just deepened their expertise around DevSecOps with the acquisition of Mississauga ON-based consultancy Custodela, has a significant customer base in Canada as well.

“We do a lot of business in Canada,” Riccio said. “We have two salespeople there and going to grow that out further. We have added some new Canadian partners, and now have close to 10 who are primarily focused on the Canadian market. They do a good job for us, and Canada is an important space for us.” The Canadian partners include Scalar Decisions Inc., Teramach, MNP, HoneyTek Systems, and Softchoice.