The Gately Report: Barracuda MSP Cybersecurity Update, Russian Cyber Threats, Cloudflare M&A
Sanctions against Russia bring new cyber threats to businesses.
Shutterstock
Channel Futures: Last year, Barracuda acquired Skout Security to enter the XDR market. How is entering that market beneficial to Barracuda’s MSP partners?
Barracuda’s Neal Bradbury: XDR is the next evolution of managed detection and response. We see that a lot of MSPs will need to strengthen their security offering by adding a SOC and being able to bring in all the different feeds from the different security solutions that they’re using. Imagine you’re an MSP and you’ve got all these customers and you get all these solutions deployed. How do we help them sift through the noise and filter through all the different alerts to find out what’s a true positive and what is not? So for us, we see this as the the future of helping an MSP transition to being security-centric, being able to offer cyber as a service.
A lot of MSPs are not going to be able to go and build the 24/7 SOC themselves. There is a cost ratio there that a lot of MSPs won’t go down that path, so they will partner. And Barracuda with its acquisition of Skout Managed XDR is setting ourselves up to be that trusted partner that can help them offer this service.
CF: Barracuda has announced three new regional data centers in France, United Arab Emirates and India to help with the growing demand from customers to protect their data locally. Will that provide new opportunities for partners? If so, how?
NB: As we look at the different regions of the world where we have partners, channel partners alike, there’s a need to have data centers that are local for various reasons, whether that’s for data privacy reasons or certain countries don’t want the data to leave for those data privacy reasons. And so for us, this is an investment of being able to support different regions where Barracuda has a focus as we go through 2022. We see this as being able to support our growing customer and partner bases in those territories.
CF: In December, Barracuda announced three new email protection plans, which scale to meet customers’ evolving threat protection needs. Will partners benefit from this?
NB: The MSP business has not transitioned yet to the new packages. Barracuda, and the channel and the reseller side of Barracuda have. At the end of the day, it’s to streamline our product offerings and bring the products together. It was really an alignment of the good-better-best type of a thought process instead of having a lot of different packages. This is our next evolution of our security email: email security bundling as we go forward.
CF: In terms of threat landscape, what do you find most worrisome right now?
NB: Obviously, email is the one that we always lean on, especially as we work with MSPs that serve SMBs. It is the most commonly exploited threat vector. So we continue to invest in our technologies to help them there. We also put out threat advisories to help our MSPs stay up to date and be aware of what’s happening in the world.
This week, we had some of unfortunate news that’s happening … on the geopolitical side. We put out some threat advisories because we were getting asked by customers and partners, “What does it mean? Are you seeing increased activity from certain parts of the world, etc.?”
CF: What are MSPs’ primary pain points? How is Barracuda addressing those?
NB: Over the last couple of years, you’ve seen a lot of businesses digitally transform for various reasons, work from home, COVID-19 or whatever it’s been. So MSPs have also had to really digitally transform and support that. So it’s no longer just having to support an endpoint, or having to protect email or support networks. Data is going more so to say Azure or Office 365, and so they need to be able to build security solutions that support that. As they’ve started to build more and more solutions, they need to make sure that those are staying up to date. It can be worrisome for partners, and Barracuda hopefully helps them there with our solutions as they start to bring them all together.
Also, the other piece that keeps them up is the time to respond. Everyone in security [says] “it’s not if, it’s when,” which can be true. But the time to respond to an incident is incredibly important, minutes versus days, versus weeks, versus months. We’ve onboarded some MSPs, and you start deploying endpoint security for it and it finds stuff. You don’t want to be that end user under that partner, but at the end of the day, they’ve made the call, they’ve invested in us and we help them remediate. But you do find stuff that the customers don’t even know that they have. So I think that’s one of those pain points for the MSPs and hopefully we’re here to help.
CF: How is Barracuda staying ahead of the competition?
NB: Email bundling is one of the ways that we’re innovating, helping MSPs and channel partners go to market with more advanced email security solutions. One of the things that was added in one of the levels of the bundles is … you can basically send feeds of data from the email security stack to other XDR platforms. So we’re not trying to lock in the MSPs if they’re on our email security, but they’ve got another SOC or another XDR. That’s one of the ways that we’re innovating to help our customers.
On the MSP side specifically, we’re innovating on the remote monitoring and management (RMM) side. We are using SentinelOne with the Skout Managed XDR, but we’re also going to be leveraging SentinelOne within Barracuda RMM to provide some additional capabilities for MSPs there. And as we start to leverage SentinelOne and we use the RMM for us to help with our security assessment tools, one of the things is the minute after you run an assessment, it’s now stale, so you really need to be continually assessing the security posture of a customer. So you’ll see us continue to innovate on the Barracuda side and for our MSPs to help them go down that path.
CF: What are your goals in terms of Barracuda’s MSP business in 2022?
NB: On the MSP side, it’s to help MSPs become more security-centric. And the way that we’ll end up doing that is leveraging Skout and being able to provide the capability of that 24/7 SOC, allowing them to integrate the different security solutions that they use into the XDR and doing that on a global scale.
CF: As far as an MSP, do you not need to become an MSSP in order to provide all of the security that a customer might need?
NB: Traditionally, if you go back a couple of years, MSSP was really [about] companies that focused on enterprise. It was those that wanted to outsource their SOC and they literally only did their SOC. MSPs are now trying to [focus on] security and may want to transition into adding that second S. But an MSP is very good at what they do. They might have a specialty in health care and allowing doctors’ offices to be efficient. They may have a specialty in accounting firms. So for them to throw out their vertical expertise or throw out really the trusted adviser and the business optimization aspects of what they do as an MSP … to transition to total security, well, someone still has to do that work. So what I see end up happening is the security solutions are going to be another tool, another service that they can offer. But they don’t necessarily have to transition their whole business into being an MSSP.
When we say MSP to MSSP, there’s this whole security-first mentality as they add a solution to their portfolio or how they go about assessing their portfolio, where it’s more about security-first. And so I do believe they don’t necessarily don’t have to add the second S to offer security to their customers.
In other cybersecurity news …
New U.S. sanctions triggered by Russia invading Ukraine could prompt Russian ransomware attacks on businesses.
According to CNN, a senior FBI cyber official asked U.S. businesses and local governments to be mindful of the potential for ransomware attacks as the crisis deepens.
U.S. officials continue to say there are “no specific, credible” threats to the U.S. homeland tied to tensions with Russia over Ukraine, but they are preaching vigilance.
Sam Curry is Cybereason‘s chief security officer.
“With more Ukrainian government agencies under a barrage of cyberattacks that are not likely to cease in the coming days or weeks, this is another reminder for public and private organizations to shore up their defenses from cyber adversaries,” he said. “There is no silver bullet or magic potion that will solve the cybersecurity challenges ahead for organizations.”
To minimize possible damage and to assess preparedness, Curry said organizations should consider the following steps when preparing for the possibility of a cyberattack impacting their business:
Be on high alert. Call the employees or associates that you call for in a crisis and have them ready because they may get called in multiple directions in a crunch. If you don’t have anyone on your staff filling this role, call any cyber people you know and seek their advice.
Identify the critical services that are single points of failure for your business. If they go down, the business stops. Have a plan for what to do if they go down. This doesn’t have to be perfect, but think now about what to do if email goes away or a customer portal or customer relationship management (CRM) tool is locked.
Minimize new, risky projects. The retail industry generally freezes IT in the holiday shopping months. It’s all about keeping the business running for a few months and then after the crunch, developing new capabilities. This also includes minimizing use of anything not needed for business for awhile on work systems, like social media, except for marketing personnel, games, etc.
Know where your people are, how they will connect and work, and ensure that services that do this are ready, including VPNs and productivity suites. Have a plan and communicate it to people in the event that the internet and services aren’t available.
Also this week, the websites of Ukraine’s government, foreign ministry and state security service were down in what the government said was the start of another massive denial of service (DoS) attack.
David Jemmett is Cerberus Sentinel‘s CEO.
“[This] is further proof that all organizations and the world’s citizens need measures to protect their most critical assets: infrastructure, sensitive information, intellectual property, identity and privacy,” he said. “We need to work together to establish true cultures of security in organizations both public and private to stop threats from any source in their tracks and ensure resiliency.”
This week, Cloudflare announced it is acquiring Area 1 Security for $162 million in cash and stock. The two companies will provide a holistic zero trust solution.
Area 1 Security’s cloud-native platform works with any email offering. It stops phishing attacks by preemptively discovering and eliminating them before they can inflict damage in a corporate environment.
To learn more about what this will mean for partners, we spoke with Matt Harrell, Cloudflare’s global head of channels and alliances.
Channel Futures: What will this acquisition mean for Cloudflare’s partners? Will it create new opportunities for them? Can you give some examples?
Matt Harrell: Area 1 is a channel-first company. It launched a reseller program to widen its market reach across all market segments and today has more than 100 channel partners. For our existing partners, which include everyone from Swisscom in EMEA to Mitsui Knowledge Industry in APAC, to worldwide SIs like Accenture, IBM, Rackspace and Wipro, this integration is giving them unique access to a complete zero-trust solution. Currently, no other cloud-native zero trust provider has a fully integrated approach to securing all of an organization’s applications including email, the largest cloud application. Now, our partners will have all of the benefits of Cloudflare’s platform plus a robust email security offering.
CF: How will this beef up Cloudflare’s zero-trust platform?
MH: Email is one of the largest attack vectors on the internet, which makes integrated email security critical to any true zero-trust network. To us, the future of zero trust includes an integrated, one-click approach to securing all of an organization’s applications, including its most ubiquitous cloud application — email. We block an average of 86 billion cyber threats each day, giving us unique threat intelligence data that can allow us to more effectively filter out targeted phishing attacks (spear phishing) and other security threats that legacy email security solutions and API-only email security offerings can miss. Meanwhile, Area 1 has long taken a pre-emptive approach to email security to stop phishing campaigns during the earliest stages of an attack cycle. By combining Area 1’s highly scalable technology and years of experience in email protection with Cloudflare’s global network, we will provide a holistic zero-trust solution that customers can enable through Cloudflare’s global edge in just one click.
CF: Will this acquisition give Cloudflare and its partners a competitive advantage? If so, how?
MH: We were a customer of Area 1’s for years before we acquired them, so we know firsthand how brilliantly their offering works. Together with our global network, we expect we’ll be delivering to our partners the fastest, most reliable email security solution on the market. This is especially important today, as email continues to be the single greatest threat to businesses not to mention where most attacks begin. In January 2021, there were more than 245,000 phishing attacks, according to the Anti-Phishing Working Group, the highest number of reported attacks in a single month.
CF: What will this acquisition mean for Area 1 Security’s partners?
MH: For Area 1’s partners, it means getting the unique opportunity to have a complete zero-trust solution at a time when email attacks are on the rise. This new, comprehensive email security offering is an industry first, giving partners a major competitive advantage in the email protection space.
Companies are spending an average of $6 million annually on ransomware mitigation resources.
That’s according to CBI‘s new research report, “The Cost and Consequences of Ransomware.” Ponemon Institute conducted the research.
Eighty percent of companies surveyed have experienced a ransomware attack, despite spending millions on ransomware mitigation resources.
According to the research, the average IT security budget for 2022 is about $24.4 million. Of that, 25% is expected to be spent on preventing, detecting, containing and resolving ransomware attacks.
Only 32% are confident in their security controls, indicating the need to use more effective approaches to prevent ransomware attacks.
Shaun Bertrand is CBI’s chief services officer.
“It’s hard to remain confident when we see the success that ransomware threat actors continue to have,” he said. “Every day there is another organization that has made headlines for being compromised with ransomware. In addition, organizations are still challenged in many areas like risk visibility, phishing attacks and their ever-changing topology. Despite the investment in ransomware protections, organizations still face a grueling uphill battle.”
The report uncovered other significant takeaways relating to organizations’ approaches to and experiences with ransomware incidents:
Seventy-five percent are concerned about the ransomware risks posed by third parties, but only 36% of organizations evaluate their third parties’ security and privacy practices.
The average ransomware payment is approximately $1 million.
The report found that companies are spending $170,000 per ransomware incident on staffing alone, with an average of 14 staff members each spending 190 hours on containment and remediation activities. The report also uncovered a significant lack of trust in the ransomware alerts respondents receive as nearly one out of two weekly alerts are considered unreliable.
Fifty-three percent of companies who experienced an attack paid the ransom. The most common reason given was to avoid operational downtime. Of those that didn’t pay, 39% said they had an effective backup strategy. However, 55% of organizations felt that full and accurate data backups are not enough to properly mitigate a ransomware incident, likely because, in 41% of cases, sensitive data was also exfiltrated during the attack.
“There are two things organizations can do more effectively to protect themselves,” Bertrand said. “The first is to understand that ransomware attacks are evolving. From data leakage to denial of service (DoS), the adversaries are changing their approach. Organizations can stay ahead of the curve by better understanding the anatomy of these changes, and establishing effective controls and countermeasures. The second thing organizations can be do better is to not try to boil the ocean when it comes to preventing and detecting attacks. There are hundreds, probably thousands of techniques, tactics and procedures (TTPs) that malicious adversaries can leverage. Instead of trying to protect against every single technique an adversary may use, organizations should conduct threat modeling exercises to narrow down the most probable TTPs and focus detection and prevention resources on those more viable attacks.”
Kaspersky released its financial cyberthreats 2021 year in review report, finding that attacks are becoming increasingly corporate- rather than consumer-focused.
Kaspersky experts report a continuation of this decade’s emerging trend of banking Trojans targeting corporate users. Between 2020 and 2021, corporate users’ share of banking malware attacks rose by almost 2% and increased a significant 13.7% between 2018 and 2021.
While 2021 saw an expansion in threats to financial organizations on a global scale, there was a continuation of the downward trend of PC and mobile malware previously seen in 2020. In fact, the number of users who encountered PC malware decreased by 35% – from 625,364 in 2020 to 405,985 in 2021.
Oleg Kupreev is a security expert at Kaspersky.
“Successful financial attacks directed at corporate users often impact the whole organization, not just a single user,” he said. “And, from our experience, large botnets, such as Emotet, do not target particular users or companies, but instead go for the low-hanging fruit, penetrating any organization that they can and later determining whether it is worth expanding its attacks further. The growth of attacks on corporate users demonstrates that good security measures and high levels of security awareness are integral to the safety of organizations.”
In addition, Kaspersky noticed a growing number of business email compromise (BEC) attacks. In the fourth quarter of 2021, the company’s products prevented more than 8,000 of these attacks, with the greatest number happening in October. According to Kaspersky, while some attempts are highly targeted, others are sent from free email accounts and are designed to reach as many victims as possible, hoping to trick a small percentage.
Joseph Carson is chief security scientist and advisory CISO at Delinea.
“It comes as no surprise that BEC is on the rise,” he said. “At a time when employees continue to work remotely, it’s more difficult than ever to verify with a colleague whether the request is legitimate. When it appears to be urgent, most people will fall for such scams. The major challenge with BEC security incidents is that you have to provide evidence that your account was indeed compromised and the incident was not just human error. With cybercriminals being really good at hiding their tracks, such evidence can sometimes be very difficult to gather.”
A strong privileged access management (PAM) solution can help reduce the risk of BEC by adding additional security controls to sensitive privileged accounts along with multifactor authentication (MFA) and continuous verification, Carson said.
“As with all companies’ culture today, it is important that cyber awareness training is a top priority and always practice identity proofing techniques to verify the source of the requests,” he said.
Kaspersky released its financial cyberthreats 2021 year in review report, finding that attacks are becoming increasingly corporate- rather than consumer-focused.
Kaspersky experts report a continuation of this decade’s emerging trend of banking Trojans targeting corporate users. Between 2020 and 2021, corporate users’ share of banking malware attacks rose by almost 2% and increased a significant 13.7% between 2018 and 2021.
While 2021 saw an expansion in threats to financial organizations on a global scale, there was a continuation of the downward trend of PC and mobile malware previously seen in 2020. In fact, the number of users who encountered PC malware decreased by 35% – from 625,364 in 2020 to 405,985 in 2021.
Oleg Kupreev is a security expert at Kaspersky.
“Successful financial attacks directed at corporate users often impact the whole organization, not just a single user,” he said. “And, from our experience, large botnets, such as Emotet, do not target particular users or companies, but instead go for the low-hanging fruit, penetrating any organization that they can and later determining whether it is worth expanding its attacks further. The growth of attacks on corporate users demonstrates that good security measures and high levels of security awareness are integral to the safety of organizations.”
In addition, Kaspersky noticed a growing number of business email compromise (BEC) attacks. In the fourth quarter of 2021, the company’s products prevented more than 8,000 of these attacks, with the greatest number happening in October. According to Kaspersky, while some attempts are highly targeted, others are sent from free email accounts and are designed to reach as many victims as possible, hoping to trick a small percentage.
Joseph Carson is chief security scientist and advisory CISO at Delinea.
“It comes as no surprise that BEC is on the rise,” he said. “At a time when employees continue to work remotely, it’s more difficult than ever to verify with a colleague whether the request is legitimate. When it appears to be urgent, most people will fall for such scams. The major challenge with BEC security incidents is that you have to provide evidence that your account was indeed compromised and the incident was not just human error. With cybercriminals being really good at hiding their tracks, such evidence can sometimes be very difficult to gather.”
A strong privileged access management (PAM) solution can help reduce the risk of BEC by adding additional security controls to sensitive privileged accounts along with multifactor authentication (MFA) and continuous verification, Carson said.
“As with all companies’ culture today, it is important that cyber awareness training is a top priority and always practice identity proofing techniques to verify the source of the requests,” he said.
Barracuda Networks is keeping an eye out to make sure MSPs and their customers aren’t negatively impacted by any cybersecurity threats associated with Russia invading Ukraine.
That’s according to Neal Bradbury, senior vice president of Barracuda MSP. Barracuda has improved its MSP cybersecurity offering with new capabilities to help MSPs build advanced security services for their customers.
Last year, Barracuda acquired Skout Security to enter the fast-growing extended detection and response (XDR) market. It has now integrated Barracuda Email Protection with Skout Managed XDR. This enables Barracuda MSPs to provide their customers with email cybersecurity capabilities within the Skout XDR platform.
In addition, a new alliance with SentinelOne provides both Barracuda Skout Managed XDR and Barracuda remote monitoring and management (RMM) with additional endpoint protection functionality. MSPs can now buy and use the SentinelOne solution with Barracuda’s Managed XDR service.
Addressing MSPs’, Customers’ Concerns
In a Q&A, Bradbury gives an update on how Barracuda helps MSPs address their customers’ evolving cybersecurity needs.
Channel Futures: Now that Russia has invaded Ukraine, is that impacting Barracuda, its partners and their customers? Are there any precautions in place?
Barracuda MSP’s Neal Bradbury
Neal Bradbury: We are continually watching 24/7 with the security operations center (SOC) to stay vigilant, and make sure that we are protecting our MSPs and our customers under our MSPs. If something was to happen or we started to see increased activity, it would allow us to respond. An example would be log4j. We started to get a lot of requests of, what does this mean and what do we do? So you started to see the SOC response to those type of requests to educate the MSPs and help them look to see if anything was vulnerable, and help them through that. Unfortunately, what’s happening in our world with Russia and Ukraine, if something does happen and you start to see some increased activity, the solutions are designed to be able to help and compensate accordingly.
Scroll through our slideshow above for more from Barracuda and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like