The Gately Report: Trend Micro Charts Growth with Cloud Ecosystem Partners
Ivanti has discovered a new, disturbing trend in ransomware.
![Business growth chart Business growth chart](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltbdd09ef83166586c/6524379751b6a5399bb16de0/8-Business-Growth.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: What does being included in the latest Gartner Peer Insights Voice of the Customer report for endpoint protection platforms mean to Trend Micro and its partners?
Jon Clay: I’ve been with Trend Micro for 25 years and I’ve seen changes over time. But one of the core areas that we’ve always worked toward is to help our customers and help our partners. We’ve been a partner-focused company for as long as I’ve been here and I think getting that recognition actually from our customers and our partners is great to see because that’s them saying we’re doing the job that we should be doing, which is helping them attain their goals and what they want to do, minimizing their risk, etc.
Louise McEvoy: We find it really important having that outside party vendor validate what it is that we’re doing. It’s not enough to say, ‘Hey, we’re doing really well.” But for an organization like Gartner to say to our partners that we’re doing really well in this endpoint stuff, you really need to take notice of that. That really resonates well with our partners because it isn’t just us saying it or we’re not paying for it. This is an award that we’re getting because of what it is that we’ve done. So it’s very important to partners, for sure.
CF: Trend Micro initiated Get IT Girl! back in 2019 to empower and uplift women in the tech industry. What have been some of the milestones in that effort?
LM: I can speak to that personally. Especially in cybersecurity, there is this gap in skills and we’re trying to help shorten that gap. But we also recognize there’s a gap when it comes to our female population in technology, whether it comes from we just haven’t done an outreach to that community or whatever it might be. So we’ve partnered with a company called Girls In Tech, and they’re also closely aligned with AWS.
And personally, I can speak to that because I’m a mentor to some girls who are part of Girls In Tech. They formally put one executive in a company with a girl who is looking to get into technology or who might be in technology but wants to expand her career and who wants a mentor in this world. So I’ve been mentoring some females in Girls In Tech, and what’s interesting is one of those females joined Trend Micro in one of our graduate programs. We have a program called Certification Program in IT Security (CPITS). Because I met this person, I encouraged her to look around, and looking around means hey, there might be a program here at Trend Micro that might be of interest to you. And she got accepted and is now part of the community here at Trend Micro. I’m really proud of that, and I think it’s a well-needed community for a group of people who may not feel comfortable joining a certain part of a company where they don’t have the skill set just yet.
JC: It’s not just on the technical side, although we’ve done “capture the flags” with groups of women who want to get into the technical side. We’ve done that in North America and South America. We do programs in the Middle East, everywhere around the world. There are 4 million open jobs in cybersecurity around the world. We need more people, and so there’s a great opportunity. I think it’s a fabulous industry for anybody to to participate in. So we welcome anybody and everybody. But definitely we are working very hard to try and attract women into tech and partnering with Girls In Tech is helping us do that.
CF: In terms of the threat landscape, what’s most worrisome in 2022?
JC: Obviously ransomware is a massive issue. It’s been a problem for years. It’s going to continue to be a problem, especially because it is targeting now more businesses. Consumer ransomware is there, but it’s very small just because the profit isn’t in it. I can’t leverage $1 million against grandma after I encrypted her files. So businesses big and small are going to have to deal with the ransomware threat in 2022. There’s also supply chain. As we saw with SolarWinds and Kaseya, software supply chains are concerning right now and they can be compromised and utilized in attacks. So that’s also going to be a challenge.
And then lastly, there’s the use of vulnerabilities and exploiting of vulnerabilities. We’re seeing more and more of this where they’re weaponizing those vulnerabilities much faster than ever before. So when when a newly disclosed vulnerability hits, especially in critical applications like Exchange or Office 365 or any of the ones that the businesses are utilizing, they’re going to weaponize it very fast and utilize it in an attack. So organizations are going to have to deal with that.
LM: From a partner side of the business, they really do have to understand where these threats reside so they can talk to their end customers. We’re doing a great job talking to the end customers, but our partners have to have that same knowledge-base language and lingo so that they can get through to their own customers. It’s not just a simple click on an email and it might do some damage. This is big. This is super pervasive and their customers have to recognize that they’re there. There are so many vulnerabilities and our partners really do have to understand where all of those vulnerabilities exist.
CF: Last spring, Trend Micro launched a revamped partner program with a cloud-first focus. What’s the status of the program? How’s it helping partners?
LM: With lockdown, and the disruptions in the industry and in our lives, etc., there’s a channel transformation happening. It’s also happening in sales and in marketing, but specifically in channel. It’s not just about, “I’m going to take a renewal; I’m going to add my points and there you go, I’m not going to see you for another year.” Sometimes that’s what happens. Or “I’m going to be part of the Trend Micro sales motion and I’m going to be a fulfillment partner.” That’s about adding value. And where does that value come into play? Well, it really is around cloud. It really is around SaaS. So we’re not looking at just partners who are fulfillment. We’re looking at partners who understand the underlying infrastructure of a cloud-based business, of that platform, of those buckets and everything that needs to be configured.
So we revamped the partner program with an eye to where are our partners and customers are buying. They’re buying in the cloud, through marketplaces and through these online storefronts, and they can just do a click and buy. Sometimes that’s going to take out the partner. So what happens in the channel business? We have to revamp; we have to transform. That means we have to look at how the partner is specifically adding value in that transaction. Well, when we talk about the skills gap, you see the cybersecurity skills gap in every industry. Those partners have the skills, so let the partners do that effort and become that subject matter expert as it relates to that end customer’s cloud buy. So we’re specifically driving our channel business to the cloud, whether it be through education, certification and rewarding them for that cloud-based business. We still have that traditional channel model because it still exists. But I’ve got an eye to the future and how our customers are buying, and we need to make sure that we fill that gap with partners who have skills in that cloud-based purchase. So we really transformed our program with an eye to the future. It’s actually existing right now, but we’re trying to go leap years ahead of that, too.
CF: What are customers looking for from their partners?
LM: We had a customer who’s a large online retailer. And a year went by and the partner went in and said, “OK, your renewal is this much plus X percent upcharge.” Unbeknownst to us and that partner, in that customer’s environment was one of these cloud-based partners. They were really strong in AWS skills. They didn’t realize what was going on in there. They looked at this and [said], “Wait a second, this isn’t configured, this isn’t secured. You need to tighten this up.” So what could have been a traditional renewal actually became a very large, brand-new enterprise deal because they recognized that it’s not simply about a renewal. It’s about looking at that infrastructure and where that end customer is doing business, and how they’re managing all their different systems, endpoints and networks. It’s a complicated business. So what are they looking for? They’re looking for that expertise, that knowledge, and not just going in at the end of the year saying, “Hey, I’m going to renew your license,” but “Hey, I’m going to add value. I’m going to show you where you’re not secure and we’re going to work on this together. It really is a community effort to make sure we’re all secure because I might shop at this online retailer. You don’t want your information exposed, whether it be at a retailer or whatever it is. We’ve got to be all in this together.
JC: We’ve seen a huge amount of growth in our MSP partners and we’re seeing managed services becoming more and more utilized. And again, this is a value-add that I think a lot of partners can take advantage of and access because the skills shortage inside an organization is pretty high, especially in threat hunting areas.
So we’ve been supporting that community for a long time, and building improved tools and capabilities, whether it’s the purchasing of the product through an MSP model, to managing our products. So if you’re an MSP, you can manage multiple Trend Micro customers from a single vantage point. So we’re giving them the tools to be able to provide that value to the organization. We just want them to be able to service the customers better. We don’t have a lot of the resources available to do that for our customers, so we rely on the partners tremendously to help bring that capability to them.
CF: What are you hearing from partners in terms of their most pressing needs?
LM: It’s that skills gap. They need to keep on top of everything that’s going on, everything that’s changing. So we have all kinds of certifications. We let them shadow some of our sellers or technical people. It’s keeping on top of everything that’s going on in a changing environment. There’s a lot to learn in cybersecurity. Things happen super quickly. We want to make sure we handhold our partners through every step of that business and any change that happens.
JC: I would also say they’re asking for education on the threat landscape regularly. So keeping abreast of what the attack groups are doing and what tactics they’re utilizing. We’re providing all of that, whether it’s through our blogging, videos, webinars or whatever means. We’re providing that information so they understand what’s happening. They go in and they want to be the experts and should be the experts to the customer, the trusted advisor. Education is a big part of it.
CF: Ransomware is massive with new attacks every day. How is Trend Micro helping its partners and their customers stay safe?
JC: So we’ve been building a new way of providing Trend Micro solutions to customers and through partners. We’re looking at a couple of areas. No. 1 is through SaaS models. The benefit there is that we manage any updates, we manage any patches because that’s one of the biggest gaps that organizations have. Patch management is a challenge for everybody. So we take that off the table for them.
Second, we have been developing our extended detection and response (XDR) capabilities. It’s not just giving them a million alerts on a regular basis. It’s actually looking at all those alerts and then identifying which alerts are critical or not. So we’re giving them the visibility into protecting that. We’re seeing the ransomware attack being detected early before the ransomware is actually being deployed. So our ransomware numbers are going down significantly in terms of detections because we’re actually blocking the attack before it even gets to that stage for our customers, which is what needs to happen today.
Speaking of ransomware …
Ivanti has released the results of its Ransomware Year End Report that it conducted with Cyber Security Works and Cyware. The report outlines why the ransomware battle continues to be an asymmetric war.
Ransomware groups are continuing to grow in sophistication, boldness and volume while in tandem the number of vulnerabilities being used to deliver ransomware also continues to increase.
The data also confirms a disturbing trend. Ransomware groups are targeting unpatched vulnerabilities and weaponizing them in record time to instigate crippling attacks.
Other Key Takeaways:
Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups, with 65 new vulnerabilities tied to ransomware last year.
Ransomware groups continue to find and leverage zero-day vulnerabilities, even before the vulnerabiliteis are added to the National Vulnerability Database (NVD) and patches are released.
Ransomware groups are increasingly targeting supply chain networks to inflict major damage and cause widespread chaos.
Ransomware groups are increasingly sharing their services with others, much like legitimate SaaS offerings.
Srinivas Mukkamala is Ivanti’s senior vice president of security products.
“Ransomware groups are continuing to leverage any gaps in software weaknesses, from scouting for yet-to-be recognized vulnerabilities to those that fly under the radar, weaponizing them in record time,” he said. “The top five software weaknesses … account for almost 40% of all vulnerabilities tied to ransomware.”
Ivanti’s ransomware research uncovered 125 ransomware families between 2018 and 2020, and identified 32 new families in 2021.
“With 157 ransomware families exploiting 288 vulnerabilities, we can expect to see ransomware groups poised to wage rampant attacks in the coming years,” Mukkamala said. “As mentioned, unpatched vulnerabilities are the main attack vectors used to gain entry into an internal network. We can expect to see ransomware groups expanding their focus to not just single unpatched instances, but to combinations of vulnerabilities, vulnerable third-party applications, technology protocols, and even insider recruiting as a means to launch an attack.”
This year will also bring additional widespread use of exploit kits by threat actors, he said. Exploit kits are automated tool kits that contain a collection of exploits that can be used to easily manipulate a variety of vulnerabilities.
“Organizations need to place an increased emphasis on cyber hygiene,”Mukkamala said. “Automating cyber hygiene will become increasingly critical. As environments continue to get more complicated, security incidents caused by unpatched vulnerabilities will continue to soar due to the rapid shift to the cloud required to support the everywhere workplace the pandemic produced. Hyperautomation in patch management will be the most important proactive measure that organizations can take to protect their technology.”
Discovered last month, Log4Shell quickly became infamous as the vulnerability of the year. Although the Apache Foundation released a patch for this vulnerability shortly after its discovery, it continues to pose a huge threat for individuals and organizations.
During the first three weeks of January, Kaspersky products blocked 30,562 attempts to attack users using exploits targeting the Log4Shell vulnerability. Almost 40% of these attempts were detected within the first five days of this month.
If it’s exploited on a vulnerable server, attackers gain the ability to execute arbitrary code and potentially take full control over the system. This vulnerability has been ranked 10 out of 10 in terms of severity.
Since it was first reported, Kaspersky products have detected and prevented 154,098 attempts to scan and attack devices through targeting the Log4Shell vulnerability. Most of the attacked systems were located in Russia, Brazil and the United States.
Evgeny Lopatin is security expert at Kaspersky.
“Indeed, we are seeing many attempts to scan the networks for this vulnerability, as well as attacks,” he said. “I’d like to note that these statistics include both attacks and scans. This number of scans indicates not only the ease of exploitation of this vulnerability, but also the fact that the volume of vulnerable software out there is very high.”
Since the statistics included the scans as well, the gradual decline of them can be explained by two things, Lopatin said. First, users started updating vulnerable software. Second, researchers have already scanned the objects they are interested in and are reducing their activity in this area.
“We can assume that the activity of both researchers and cybercriminals in regards to this vulnerability will continue to decline in 2022, but due to the ease of exploiting Log4Shell and the widespread nature of vulnerable software, the instruments for exploitation of Log4Shell are [here] to stay in the arsenal of cybercriminals for a long time,” he said. “And users who haven’t updated their software and do not use security solutions will continue be at high risk of attacks.”
Vectra AI has acquired Siriux Security Technologies, a provider of identity and SaaS posture management. Vectra can now enable customers to securely configure and detect active threats in cloud identity and SaaS applications, including Microsoft Azure AD and Microsoft 365.
Vectra provides artificial intelligence (AI)-driven threat detection and response for hybrid and multicloud infrastructures, including public cloud, SaaS, network and identity. Siriux extends Vectra’s coverage even earlier in the threat life cycle. It provides a layer of analytics to assess complex identity and SaaS configurations, closing the loopholes that allow access to attackers.
Randy Schirman is Vectra’s channel chief.
“The ability to create a clear picture of an organization’s Microsoft 365 security posture along with recommendations, coupled with Vectra’s traditional world-class detection and remediation capabilities, offers partners an incredible one-two punch in terms of value creation and consultative selling,” he said. “This acquisition opens up the full spectrum of sales possibilities, from creating initial awareness/visibility all the way through remediation service offerings. “
Vectra channel partners now have an “incredible” opportunity to enhance their brand value and to extend both directions in the sales process beyond product delivery, Schirman said.
“Whereas others might be able to address a portion of the end users’ journey, Vectra partners are with them throughout,” he said. “As a result, additional customer service wraps are available, customer consultative selling is extended and brand differentiation occurs. We are incredibly excited to share more with our partners and to enhance their overall go-to-market (GTM) offerings.”
Financial terms of the Siriux deal have not been disclosed. As a part of the transaction, Siriux will operate under the Vectra brand and leadership.
The National Cyber Security Alliance (NCSA) on Friday is celebrating Data Privacy Day. The day serves as a reminder that safeguarding personal information needs to remain a top priority throughout 2022.
Joseph Carson is chief security scientist and advisory CISO at ThycoticCentrify.
“The notion of real privacy is perhaps something that no longer truly exists,” he said. “Internet-connected device usage has exploded in recent years, bringing huge changes to our society. But this has come with risks as we’re all tracked and monitored 24/7. It means we need to consider not just data privacy, but the safeguards that govern how data is collected and processed.”
Thanks to stricter regulations, the public now has greater say in how their data is used, Carson said. However, regulatory bodies need to continue to pressure companies and governments to maintain good cybersecurity practices, incorporating the principle of least privilege to protect collected data and provide users with transparent access to such data.
“Our personal data is becoming more and more profitable,” he said. “And many will begin to ask how citizens will be incentivized, or perhaps paid, for their data. What will the future hold for personal data ‘renting?'”
Luke Kenny is lead security principal at Trustwave.
“Data privacy isn’t just about day-to-day data protection and compliance anymore,” he said. “Organizations need to approach data privacy with an assume-breach mindset. How swiftly and effectively an organization can respond to a crisis like a data breach greatly affects short-term and long-term data privacy efficacy. Companies need to be conducting regular crisis simulations across their entire organization, not just IT and security disciplines, to ensure they can effectively respond to an incident and mitigate impact.”
Keith Neilson is technical evangelist at CloudSphere.
“In the United States alone, there are several disparate federal and state laws, some of which only regulate specific types of data like credit or health data, or specific populations like children,” he said. “Combine these regulations with the many different international laws that aim to ensure data privacy, such as General Data Protection Regulation (GDPR), and compliance for companies with global operations becomes an extremely complex undertaking. Data Privacy Day serves as a reminder that cyber asset management should be a top priority for every organization. Enterprises cannot ensure compliance and data security unless all assets are properly known, tagged and mapped in the cloud.”
To avoid jeopardizing sensitive company or customer data, organizations must take the first step of cyber asset management to secure visibility of all cyber assets in their IT environment and understand connections between business services, Neilson said. This includes identifying misconfigurations and automatically prioritizing risks to improve overall security, allowing for real-time visibility and management of all sensitive data.
The National Cyber Security Alliance (NCSA) on Friday is celebrating Data Privacy Day. The day serves as a reminder that safeguarding personal information needs to remain a top priority throughout 2022.
Joseph Carson is chief security scientist and advisory CISO at ThycoticCentrify.
“The notion of real privacy is perhaps something that no longer truly exists,” he said. “Internet-connected device usage has exploded in recent years, bringing huge changes to our society. But this has come with risks as we’re all tracked and monitored 24/7. It means we need to consider not just data privacy, but the safeguards that govern how data is collected and processed.”
Thanks to stricter regulations, the public now has greater say in how their data is used, Carson said. However, regulatory bodies need to continue to pressure companies and governments to maintain good cybersecurity practices, incorporating the principle of least privilege to protect collected data and provide users with transparent access to such data.
“Our personal data is becoming more and more profitable,” he said. “And many will begin to ask how citizens will be incentivized, or perhaps paid, for their data. What will the future hold for personal data ‘renting?'”
Luke Kenny is lead security principal at Trustwave.
“Data privacy isn’t just about day-to-day data protection and compliance anymore,” he said. “Organizations need to approach data privacy with an assume-breach mindset. How swiftly and effectively an organization can respond to a crisis like a data breach greatly affects short-term and long-term data privacy efficacy. Companies need to be conducting regular crisis simulations across their entire organization, not just IT and security disciplines, to ensure they can effectively respond to an incident and mitigate impact.”
Keith Neilson is technical evangelist at CloudSphere.
“In the United States alone, there are several disparate federal and state laws, some of which only regulate specific types of data like credit or health data, or specific populations like children,” he said. “Combine these regulations with the many different international laws that aim to ensure data privacy, such as General Data Protection Regulation (GDPR), and compliance for companies with global operations becomes an extremely complex undertaking. Data Privacy Day serves as a reminder that cyber asset management should be a top priority for every organization. Enterprises cannot ensure compliance and data security unless all assets are properly known, tagged and mapped in the cloud.”
To avoid jeopardizing sensitive company or customer data, organizations must take the first step of cyber asset management to secure visibility of all cyber assets in their IT environment and understand connections between business services, Neilson said. This includes identifying misconfigurations and automatically prioritizing risks to improve overall security, allowing for real-time visibility and management of all sensitive data.
Recruiting and working with more cloud ecosystem partners are key to Trend Micro reaching its channel sales goals in 2022.
That’s according to Louise McEvoy, Trend Micro’s vice president of U.S. channel sales. Cloud “ecosystem” partners are able to reach more customers and provide more cloud security expertise.
Trend Micro‘s Smart Protection Network (SPN) stopped 94.2 billion cyber threats heading for consumer, government and business customers in 2021. The volume of detections represents a 42% increase over the number recorded in 2020.
Last month, Trend Micro announced has been included in the customer’s choice quadrant of the latest Gartner Peer Insights Voice of the Customer report for endpoint protection platforms.
Trend Micro Attracting Many Cloud Ecosystem Partners
In a Q&A with Channel Futures, McEvoy and Jon Clay, Trend Micro‘s vice president of threat intelligence, talk about Trend Micro’s channel business and what’s most worrisome about the 2022 threat landscape.
Channel Futures: What are your goals in terms of Trend Micro’ channel sales in 2022?
Trend Micro’s Louise McEvoy
Louise McEvoy: If I were to say where are we trying to grow the business more and more, I’m looking at those partners who have deep cloud skills, deep AWS, Azure and Google Cloud Platform (GCP) skills, who really understand the customer’s buying behavior. And we’re recruiting this new type of partner called cloud ecosystem partners. They’re all around well-architected framework reviews. They understand that deep underlying architecture and how to configure an end customer’s environment so that it’s secure.
Trend Micro’s Jon Clay
We’re seeing a lot more of these partners come on board and partners we had never heard of before. And they have a downstream list of customers where it’s almost like an MSP model, but in very much a cloud environment. We’re putting a lot more focus there because we’re seeing that these partners are able to reach customers and sometimes we don’t even know they exist, but they have this model because they they are tightly connected with a specific community or environment. So we’re looking at those types of partners more and more.
Scroll through our slideshow above for more from Trend Micro and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like