Dell expands endpoint security portfolio through collaboration with CrowdStrike and Secureworks

Dell has had an endpoint security partnership with Cylance, and that remains in effect, but this new one around Dell SafeGuard and Response solutions is considerably deeper and becomes the jewel in Dell’s endpoint security crown.

Brett Hansen, vice president and general manager of client software and security solutions at Dell

Dell has announced Dell SafeGuard and Response, a new endpoint security portfolio that extends the extent of endpoint security protection they are able to offer. The new portfolio is based on a collaboration with AI-driven security vendor CrowdStrike, and is able to leverage CrowdStike’s capabilities to bring in Secureworks’ threat intelligence and incident response technology as well.

“We felt the need to develop this portfolio because of three big macro trends shaping the cybersecurity market,”  said Brett Hansen, vice president and general manager of client software and security solutions at Dell.  “Less sophisticated companies who don’t have a SIEM or SOC are feeling these trends more profoundly. First, a few years ago, we talked about malware a lot. It’s still a serious problem, but now about a third of successful attacks are non-malware like identity theft, and through PowerShell scripting. The second macro trend is the lengthy duration between compromise and discovery – that’s the scary time. The third is the continuing and acute cybersecurity skills shortage which makes it difficult for most organizations to attract and keep these experts.”

Dell first addressed this issue in late 2015 through a partnership with Cylance, which also uses AI-based technology to prevent attacks. That partnership remains in force, but Hansen said that the one with Crowdstrike goes much further.

“CrowdStrike, like Cylance, has machine learning technology that is excellent at stopping malware,” he said. “However, CrowdStrike adds a second element in that their foundation is upon intelligent detection of anomalous behavior. This is something that isn’t in Cylance, which is all about protection. This additional capability makes possible the addition of Secureworks, who have integrated their monitoring activities into the CrowdStrike cloud. Secureworks needs that intelligent detection, which is the magic that CrowdStrike provides here. Secureworks’ threat intelligence and incident response abilities lets them deal with the sheer volume of attacks that makes it difficult to uncover the needle in a haystack that is the highly sophisticated threat actor. That’s Secureworks’ business.” Secureworks was acquired by Dell in 2011 and spun out again into a separate company in 2016, although Dell retains a majority of the ownership.

Hansen said that Dell SafeGuard and Response is aimed primarily at midmarket companies, although it can support enterprise scale deployments. Those enterprises are, however, more likely to have in-house cybersecurity expertise that midmarket companies do not.

“All these solutions scale up, and Secureworks secures some of the largest organizations,” he said. “However, we are focusing this on organizations who are targeted because they don’t have the expertise and don’t have tools integrated together like this. They need protection against that one attack in three that is non-malware based. They need an EDR [Endpoint Technology and Response] technology. This is also priced for the midmarket, especially compared to the $125-150k a year that a cybersecurity employee costs, if they are able to retain them. They can get this protection through this at a much lower price.”

Four solutions are available in the portfolio.

“The first three are more of a good-better-best trio,” Hansen said. “CrowdStrike Falcon Prevent  is their next-gen lightweight antivirus solution, which fits when all you want to do is upgrade your antivirus. It’s a good option for that. The ‘better’ solution adds EDR, with CrowdStrike Falcon Prevent and Insight to deal with the risk of non-malware based attacks. Then, comes the ‘best,’ an integration of Secureworks Managed Endpoint Protection with CrowdStrike Falcon Prevent and Insight and Device Control, where the Secureworks monitoring center is integrated with the CloudStrike forensics cloud. Unless you have your own SOC, wouldn’t you want this added capability? And even if you do have a SOC team, do they have the time and skillset for everything? This provides someone looking over their shoulder and checking.”

The fourth offering in the portfolio is Secureworks Incident Management Retainer. If a serious security incident happens, Secureworks will deploy its On-Demand Incident Response Specialist Team to respond to and mitigate the incident.

“This one doesn’t fit into the good-better-best,” Hansen said. “It’s an instant response package, which is something that customers said that they wanted. It’s really good insurance for them.”

A majority of the Dell security business sells direct, although Hansen said that the channel business had more than doubled since the Cylance partnership began.

“My expectation is that this will probably be in that same area,” he said. “For partners, it’s a real opportunity to expand their portfolio and be an important part of customers’ endpoint security.”

Hansen said that the partnership will significantly expand CrowdStrike’s brand recognition and their addressable market.

“The bulk of their partners are specialist security vendors like Optiv,” he indicated. “This partnership with a non-security entity is unique to their relationships. It’s a significant investment on their part in both their technology and their Go-to-Market to invest in this effort. We provide them access to a much larger proportion of the marketplace, taking a best-of-breed endpoint security solution to a larger underserved part of the market – midmarket companies that do not have robust cybersecurity.”

Dell SafeGuard and Response will be available globally in March 2019 through Dell, who will also resell the CrowdStrike Falcon platform.