Cyber Observer makes push into North American cyber hygiene market with Merlin International

Merlin will run Cyber Observer’s sales and distribution in North America, in addition to leading their $8 million Series B funding round.

Israeli cybersecurity vendor Cyber Observer has rebooted their go-to-market strategy in North America. They have engaged Merlin International as their rep for the U.S. and Canada, with Merlin handling their sales, marketing and distribution. Merlin is also handling Cyber Observer’s Series B Funding round of $8 million – which will largely go to fund this push into the North American market.

“Cyber Observer has been around for about seven years, starting out in IT monitoring, and pivoting to this space about three years ago,” said Seth Spergel, Vice President, Emerging Technology, at Merlin. They have been significant in Europe, Israel, of course, and Asia Pacific, but they haven’t had a significant presence in the U.S. They had one contract sales person there. Now, they aren’t exactly coming out of stealth, but they are making a lot of noise, in relaunching how they go to market in the U.S. and Canada.”

Cyber Observer describes their offering as the industry’s first comprehensive internal cyber hygiene platform.

“Cyber hygiene is a term that is becoming more in vogue,” Spergel said. “The tools are typically external vendor risk management, and internal vulnerability assessment. We see both of these as useful, but Cyber Observer goes after a third piece – understanding how your tool configuration works and whether they are set up optimally. We haven’t seen anyone else do that.”

Spergel said that while other tools will note, for example, that Splunk didn’t pick something up, they won’t indicate why, such as that auto-updates were turned off.

“Cyber Observer makes sure that everything is tuned correctly,” he indicated. “It also measures all the individual tools against vendor best practices and industry standards like NIST and PCI. So the customer can see how the tools are configured, but also if something is missing. It would give them a lower PCI score because they are missing pieces.”

Spergel said that while other vendors also describe themselves as doing cyber hygiene, they aren’t true competitors.

“Customers have heard the same language, but when you explain the approach to them, they usually say that it’s something they have been doing manually,” he noted.

The sweet spot for this is mid-size to larger enterprises.

“Large scale enterprises have a lot of tools to be measured, but so do the mid-sized ones, although they won’t have as many tools,” Spergel said. “We sell to MSSPs as well. You do need to have some element of cybermaturity to get value from this. If you don’t have that, you won’t know what you are looking for.”

Merlin International will take Cyber Observer to market in the U.S. and Canada.

“Merlin is a different kind of company,” Spergel said. “We are 21 years old, and were originally a government contractor that started to resell software. Two years ago, we spun off our services business to focus on product and focused on strategic relationships with security companies like Okta, Forescout and Netskope. We act as their rep in the government market, and leverage our federal sales team to help them sell into the markets we serve.”

The relationship with Cyber Observer is broader than this, however.

“We have taken over their entire sales operation in US and Canada,” Spergel said. “We have a hybrid model, as we have our own sales team, but we are going with channel partners to sell this. We are happy to act as a distributor.” They plan to work with both large security-focused partners, as well as some more regional ones.”

Merlin’s other role here, the principal investor in Cyber Observer’s funding round, is contractually separate from the distribution agreement.

“Each one is a carrot for the other, however,” Spergel noted.