Sign In
Free Newsletter
Joe Morin’s resume already included a litany of stops throughout the Silicon Valley in the technology and cybersecurity sectors, working for firms such as Zscaler, Barracuda Networks and Comodo. “It’s been built so it’s affordable by every organization on the planet, we’re customer-centric and we’re high-touch,” Morin said.
Adaptability is one reason CyFlare is an attractive option for small- and mid-sized businesses, as well as large enterprises. The firm is able to provide security for the system in place, not just for a specific product. That means the client isn’t required to buy a host of new products.
“Our platform is to enable integration with a lot of vendors, rather than just a few,” Morin said.
He said competitors may have limited choices in terms of product brand “and that’s what their clients are forced to use. What we’re seeing is clients have a little of everything and they need a company that can attach to that and work with it but still provide that guiding light.”
But he still believed there was a need in the marketplace for a new cybersecurity firm, one that could excel at integrating tools and automating procedures to decrease risk and provide peace of mind.
So, he launched CyFlare in 2018, and the recently released Inc. 5000 list of fastest growing private companies in America provides proof that his instincts were correct.
CyFlare, headquartered in Victor, earned the No. 739 slot on the list after revenue growth of 854 percent over the past three years.
There are three factors for the success, according to Morin: price, customer service and a close relationship with clients.
That type of agility is one reason CyFlare is growing its client base.
“We can attach the products that clients already have, whereas a lot of other security providers will say you need this and this and this,” Morin said. “For us, it’s ‘Let’s just leverage the stuff you’ve got, and if you have gaps we can augment with other solutions that we sell and service.’ ”
Performance is another reason CyFlare is growing. The firm ranked 79th on Channel Futures MSP 501 list of the world’s top managed service providers for 2022.
With a staff of 23 (and actually close to 30 including contractors), CyFlare has become the cyber police force for just shy of 200 clients.
“For the past five years we’ve just been focusing on 24-7 security operations, where we monitor client networks, their systems, their cloud, their infrastructure and the applications that they use,” Morin said. “We’re kind of like digital police, always watching for the bad guys and letting clients know if something’s going on, and then working with them after the fact. We’ve seen some pretty hairy stuff.”
And the cybercriminals are getting more sophisticated, and more relentless. Which is why CyFlare has ramped up its own product base.
“We realize just watching and waiting for bad guys — that’s a losing proposition,” Morin said. “So, we’ve done a lot to build our own proprietary technology, and we’re trying to make it a little simpler for clients, and give them guidance on how to shore up their defense so that they’re not sitting around waiting for bad things to happen. That way they’ve got a much better than coin-flip chance of avoiding it all together.”
But that’s not how CyFlare sells itself. Morin said it’s imperative to be realistic. For a great many companies, it’s not if but when a breach will occur.
“It’s 100 percent true,” Morin said. “We’ve had some clients say, ‘Well, what’s the guarantee if I were to procure your services?’
“The guarantee is you’re going to get breached; the difference is, we’re going to see it, most probably and most ideally in early-stage reconnaissance, so you can see them poking around before they really break through your front door or back door.”
That’s because regardless of security features, defending against human error is very difficult.
“There’s 5,000 clicks a day on average from any given knowledge worker and it just takes one click to bring the whole infrastructure down, so it really is just a matter of when,” Morin said.
Thus, no one can guarantee a firm is attack-proof.
“Defensibility is the new goal,” Morin said. “It’s not about blocking everything; it’s about making sure the organization is defensible. That means you can get cybersecurity insurance, that means you can go tell a customer a bad day happened, you’ve done X-Y-Z, here’s how it happened. That’s a key thing for leaders to understand, (that) defensibility should be the target.”
[email protected]/(585) 653-4020