Channel companies rely on firewall and antivirus solutions for the bulk of their security business and revenue, according to a CompTIA survey of 400 IT channel executives.
More advanced security solutions—security information and event management (SIEM) solutions, for example—are farther down in the rankings.
The report revealed companies are also heavily reliant on the brand strength of the products they sell rather than touting their own security credentials and expertise.
Firewall is the top seller at 44 percent of large companies (50+ employees) and 40 percent of medium-sized companies (20-49 employees), but just 26 percent of small companies (1-19 employees).
Conversely, 27 percent of small companies say that antivirus is their best-seller, compared to 19 percent of medium-sized companies and 15 percent of large companies.
"One of the primary reasons more sophisticated security solutions rank lower than firewalls and antivirus solutions is that customers have not started asking for more sophisticated solutions," Seth Robinson, senior director of technology analysis at CompTIA, told eWEEK. "While most companies are starting to realize that security needs to change, they are still discovering what that change will look like. Most demand still has firewall and antivirus as a high priority, with other pieces starting to be added."
He explained channel firms that are driving more proactive discussion with customers will need to build expertise around other security products and processes so they can help build the appropriate solutions.
The report also notes that the challenge for solution providers is figuring out how to be prepared for what customers need tomorrow.
Security products alone aren’t enough. New processes—risk analysis, compliance management and cloud provider evaluation—also must be part of the security mix.
"Channel companies with a product background can explore some of the new security technologies, such as DLP (data loss prevention), IAM (identity and access management), and SIEM (security information and event management)," Robinson said. "It is possible that future solutions will include components that come from different firms with different specializations, so not all security products will necessarily have to come from a single source. These products will all need to be monitored, something that lines up well with the MSP business model."
He noted there also is opportunity to own security processes—compliance is a key example—as many businesses, especially smaller ones, do not have the resources to keep up with the regulatory environment.
"Compliance specialists can take over that activity and keep their clients in the clear," Robinson said. "Finally, workforce education is becoming increasingly important. Human error is a primary factor in security breaches, and companies will be looking for ways to mitigate this risk as the workforce uses more and more technology."