Used in more than 80 countries, Pervade Software’s solutions are leveraged by a wide audience of private and public sector clients, as well as partners ranging from independent consultants to global managed security service providers. Here, John Davies, managing director, discusses the company’s premium position in the global and UK marketplace, the challenges it faces when approaching potential clients and keeping up with industry trends.
There is a tremendous amount of competition in the sector – how does Pervade Software stand out from its competitors?
Right now, there are dozens of IT monitoring systems on the market, and pretty much all of these systems are built on relational databases – meaning they can only deal with one or two data types each. By definition, log systems only handle logs and configuration systems – as you can probably guess – only deal with configuration files. Both data types are wildly different and it is far too difficult to handle log data and configuration files in the same database. Therefore, you have two separate products: one to look at your logs, and the other to look at your configuration files and this issue is repeated across other data types such as asset management, vulnerability, file integrity, database, application performance, network monitoring etc.
We stand out from our competitors because we have developed a brand new database that can process all data types which has won major industry recognition; it’s the only one of its kind and nothing like this has ever been done before. So, we compete with all other data monitoring systems on the market because we can do the job of multiple systems in one. What’s more, we can correlate data that is normally dealt with in multiple systems providing faster and more in-depth forensics capabilities. This is not limited to IT data types either; we handle industrial control system SCADA data just as easily.
We also stand out because we have a unique compliance tracking capability. Obviously, because we can handle all data types, we can audit all devices to collect any evidence for every technical control in any standard or policy including logs, config, asset etc. Furthermore, we have added the ability for contributors to log in and answer non-technical compliance questions such as “Do you have a policy?”, “Do you keep records, if so provide a copy” etc. which means that all evidence of compliance can be tracked in a single configurable system and this is also unique.
What challenges does Pervade Software face when approaching new clients and driving new developments?
Our first challenge is that people do not believe that it can be done. The industry has always had a wide array of monitoring systems and people are used to the fact that, if they want full visibility across their whole infrastructure, then they have to have four, five, or even six monitoring systems in place – when we waltz in and say “it doesn’t have to be that way”, people are naturally suspicious, especially because we are a relatively new and unknown player in the market. We almost always have to run proof of concept evaluations, which we are perfectly happy to do.
The second challenge is that, even when people do believe what we can do it, it’s too much of a paradigm shift; too much of a change for them to implement. We’re only really attractive to early adopters at this stage in our growth and even then we tend to deploy our software alongside their existing systems, to plug any gaps in their monitoring capability or automate compliance tracking for a specific certification, and then we work on displacing their other expensive systems over time.
Can you detail the main differences between the OpAudit and the OpView solutions?
OpView is the monitoring system – basically an optimised view of your IT infrastructure and security, viewing everything in one system.
OpAudit is the compliance tracking system – optimizing the way that you work towards becoming compliant, prove your compliance to auditors and maintain your compliance through time, with all evidence available in a single set of screens.
We sell them as two separate products, but actually, they run from the same central server and are part of the same system.
We believe this reflects that fact that it is becoming more and more difficult to separate IT Security from IT Compliance. The increasing cyber threat means that everyone’s customers are demanding proof that their systems are secure and gaining certifications ranging from Cyber Essentials, IASME, ISO27001, PCI-DSS right up to NIST 800-53 is by far the best of way of demonstrating that you have the right controls on place to be as cyber secure as possible.
As a company, is it challenging to keep up with and introduce new trends?
For us it’s a piece of cake as we have developed a platform that is based on a portal architecture, which makes it incredibly extensible. One of the benefits of our software is that new features or functionality needed in response to new cyber threats or compliance demands can be added as a “widget” rather than needing core code changes. So we can keep up with the fast-moving security industry much better than our competitors. Also, their solutions can only handle certain data types, which means that they simply cannot deal with new attack vectors that are designed to be invisible to their systems. For example, the new generation of attacks that leave no logs, which makes them invisible to an SIEM system regardless of how much money it cost.
You’re primarily based in Cardiff, so how is Pervade Software performing in other areas of the UK as well as internationally?
Our software is currently being used in over 80 countries and we have to deal with all queries from these countries, which, of course, come with challenges. What we’re trying to do as a business is develop a collection of channel partners located in different countries – such as system integrators, compliance consultancy firms and so forth. We need partnerships to continue our growth and to further integrate our solutions internationally and we are actively looking for these partners right now.
In your opinion, do you believe industry events such as the Security IT Summit are beneficial to generating new business?
Yes – what many big conference style events do is appoint big-name speakers to present, leading to many industry professionals attending but mainly to sit in on these speaking sessions. This doesn’t help companies like us at all – if I were to set up a roll-up banner and sit at a table, people are only going to visit my stand during the coffee breaks or if they’re bored. The major expos are not much better because there are now so many vendor stands that people are completely swamped by the range of solutions they are seeing and it is difficult to differentiate
Comparing these events to the Security IT Summit, where meetings are scheduled beforehand and suppliers are guaranteed to be able to talk to serious buyers. It’s a much more beneficial use of my time. As a small company with an innovative new solution, I’d prefer to have longer more in-depth discussions than five minute sound bytes on a stand.
Learn more about Pervade Software here