The Gately Report: Palo Alto Networks, Channel Partners Primed for Strong 2022
The REvil ransomware gang has been shut down in a Russian raid.
![Big Arm Big Arm](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt78ffeaf834c8844f/652438a1d2ee245c7c541a24/Big-Arm.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: In terms of the threat landscape, what’s most worrisome in 2022?
Palo Alto’s Karl Soderlund: There are three things that worry me in 2022, and some of these are kind of a continuation of 2021, but it’s relevant. One is just the sheer number of disparate security technologies that customers have in their environment. They work independently. Unfortunately, this opens up a lot of attack surfaces. It introduces blind spots for customers and there’s a threat there. So that’s a complex problem that we have. Palo Alto Networks is trying to work with our partners and customers to help them with that.
No. 2 would be the amount of manual processes that are still involved in security operations. The more human operators we have, the more opportunity there is for errors, mistakes, misconfigurations and again opening ourselves up for attacks.
And then the third is the the global talent shortage for cybersecurity that’s out there in the market space right now. There are too little resources to make sure that these technologies that customers are buying are getting deployed correctly and in the manner that they were built. So I see those as the three most complex problems that we’re going to face moving forward. And if I think about Palo Alto Networks, what we’re doing to help with that is quite a bit for our partners. So we’re trying to bring simplicity to a complex problem.
CF: What are customers looking for from their partners?
KS: When it comes to vendor consolidation and doing more with less, customers are looking for a holistic solution, someone who can … meet all of their needs from end to end to increase their security posture. That’s the platform that Palo Alto Networks brings to the table. So I think from a technology standpoint, you’ve seen us bring a lot of innovations to the table, both organic and inorganic, to help with that and then interlock them all in.
Secondly, I think calendar year 2022 is going to be the year of automation when it comes to security operations. Machine learning (ML) can detect anomalies faster and more consistently than any human operators. And I think that message is clear now to customers, and people are gravitating toward that at record numbers right now. We see that as a great opportunity for them to increase their security posture.
And third, when I think about our partner community, we use a term called increasing the services economy here at Palo
Alto Networks. There’s more opportunity for partners to wrap their version of services into the sale than ever before, and that can be everything from presales consulting, through deployment and full-blown managed services, really thinking about life-cycle management of these technologies. So when we think about filling in that talent gap, that’s a big part of it.
CF: What are you hearing from partners in terms of their most pressing needs?
KS: I’ve been with Palo Alto Networks for five years now and I’m responsible for the NextWave Partner Program as well as the worldwide channel sales. And what I’m hearing a lot of right now is that there is a constant need for enablement and training, both technical and sales. So if you go back to that challenge regarding end users consolidating their infrastructure on a single platform, that single platform doesn’t mean single technology. It’s a lot of technology that’s there, and with that technology, it becomes complexity.
We’ve introduced a platform called Amplify to our partners, which has thousands of assets to help them learn in a lot of different formats. So depending on what your style is and how you digest information best, we have tools and resources for you. Our annual partner survey gave us some feedback that it was the No. 1 improvement that we’ve made to our program, so we’re really leaning in. My belief is before you look at sales as an indicator, the first leading indicator of the success of the channel partner program is are partners investing in training, and if they invest in that training, they’ll bring in opportunities and those opportunities will lead to sales.
The second thing that I’m seeing that’s top of mind for them right now is this is a complex technology, not Palo Alto Networks, but the cybersecurity industry. And with that, there’s a need for specialization. So last year, we rolled out a specialization program as part of NextWave. We’re increasing and adding more specializations. And the need and the demand from partners is they do not want to be master generalists. They know their value to the customer base is the more specialized they are and the more value they have, the more profitable they are. So it’s a win for the end user because their experience and their security posture increases. It’s a win for the partners because there are more opportunities and there’s more profitability. And it’s a win for Palo Alto Networks because it allows us to scale. And as we introduce new technologies, we can bring them to market quickly through our partner base.
CF: Ransomware is massive, with new attacks on a daily basis. How is Palo Alto Networks helping its partners and their customers stay safe?
KS: I think the way we’re looking at it is on a proactive basis. I think a lot of times when you think about cybersecurity, everything we read about in the papers is reactive. What we’re trying to take is a proactive stance to cybersecurity. So instead of waiting until the attack has happened, how do we take a preventive stance, and build an infrastructure and a platform that will prevent these attacks and allow them to identify them early. So again, going back to automation, leveraging ML, leveraging artificial intelligence (AI), all of these have been technologies that we brought into the family recently, again organically and inorganically. And I think that’s how we’re going to try to stay one step ahead of the bad guys today, which is a constant challenge. But we’re up for the task.
CF: Are Palo Alto Networks, and your partners and customers, still dealing with the impact of the pandemic? Is that an ongoing situation?
KS: I would answer that differently based on what geography in the globe we’re discussing. If we’re discussing in Asia Pacific, yes, every day they’re dealing with that, and it’s affecting how they’re going about and doing business. In EMEA, it’s been a little bit of a wave similar to the United States, where we think it’s gone down and it’s winding down, and then it turns back up and winds down, and it turns back up. So I think all of us, at least from my perspective, have settled into the notion that the pandemic is going to be something that we’re dealing with for the next year as well, not knowing to what level, but we’re prepared to support our customers and our partners in that manner.
So what does that mean? That means if we can be on planes and in person onsite, we will be. If not, if we need to support them virtually and remotely, we’ll do that. The good news is we’ve had a couple of years to really prepare, and build an infrastructure and a go-to-market strategy that supports that, so we’re fully prepared to support our customers and partners.
CF: What are your goals in terms of Palo Alto Networks’ channel sales in 2022?
KS: I always stay away from financial numbers, but what I will say when I look at my leading indicators and when I look at the health of the business, I look for, one, a high level of activity from our partners and those are things that I track, like the amount of deal registrations, the amount of folks that are submitting opportunities, looking to see where our pipeline is growing. Is it growing in just firewall or growing in our adjacent security areas as well? So really, there are multiple indicators that I track for the health of the business. And I think that’s more internally from Palo Alto Networks.
When we think about our partners, we look at the customer satisfaction scores that we track with our end-user base. And I’m really proud to announce that if I look over the past 36 months, our customer satisfaction scores through our partner community have been increasing regularly, which means going back to what I said about enabling. They’re being educated, they’re being trained, they’re working closely with our teams, there’s an alignment in the field and we’re really solving problems out there. So we feel as though there’s a tremendous amount of momentum in the system right now going into 2022, and our partner community is excited.
In other security news this week …
The Federal Security Service (FSB) of the Russian Federation says it shut down the REvil ransomware gang.
More than a dozen members of the gang have been arrested following police raids at 25 addresses, according to a Russian security agency press release.
The agency seized over 426 million rubles ($5.6 million), $600,000 in cryptocurrency and 500,000 thousand euros, computer equipment, crypto wallets used to commit crimes and 20 luxury cars purchased with money obtained from crimes.
The FSB serves as Russia’s internal intelligence agency. It conducted its operation at the request of U.S. authorities, which were notified of their results.
REvil was behind the ransomware attacks on Kaseya, Colonial Pipeline and meat supplier JBS USA last year.
Joseph Carson is chief security scientist and advisory CISO at ThycoticCentrify.
“REvil are a well-known ransomware gang that has caused havoc for many organizations around the world so it is unsurprising that they would be a target,” he said. “Many hackers around the world are using their skills for good. And this includes government hackers who work vigorously to defend society from cybercrime. So targeting REvil will likely be a statement that governments will work together to stop cybercriminals at the source.”
Chris Morgan is senior cyber threat intelligence analyst at Digital Shadows.
“The fact that the FSB targeted REvil, who have not been publicly active in conducting attacks since October 2021, is also significant,” he said. “Chatter on Russian cybercriminal forums identified this sentiment, suggesting that REvil were ‘pawns in a big political game,’ while another user suggested that Russia made the arrests ‘on purpose’ so that the United States would ‘calm down.’ It’s possible that the FSB raided REvil knowing that the group were high on the priority list for the United States, while considering that their removal would have a small impact on the current ransomware landscape. These arrests could also have served a secondary purpose, as a warning to other ransomware groups. REvil made international news last year in its targeting of organizations such as JBS and Kaseya, which were high-profile and impactful attacks. A very public series of raids could be interpreted by some as a message to be mindful of their targeting.”
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are warning critical infrastructure network defenders to be ready to detect and block incoming attacks by Russian-backed hacking groups targeting organizations from U.S. critical infrastructure sectors.
“Russian state-sponsored advanced persistent threat (APT) actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware,” the alert said. “The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments, including cloud environments, by using legitimate credentials.”
In some cases, Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted networks with destructive malware.
Tim Wade is technical director of Vectra‘s CTO team.
“I can’t recall a time in my life when Russia wasn’t aggressively probing western resolve, ranging from tactical incursions into air space to pulling strategic economic levers,” he said. “This activity is just a continuation of that longstanding tradition, and I read this advisory as another periodic reminder of the background radiation of global politics. If you’re operating critical infrastructure and are under the impression that you aren’t squarely in an operator’s crosshairs, you’re wrong.”
Rick Holland is CISO and vice president of strategy at Digital Shadows.
“When defending against sophisticated Russian adversaries or any group, you must have a security monitoring infrastructure that provides situational awareness to detect and respond to intrusions,” he said. “You must have sensors in place to capture malicious activity. You must also retain those logs for retroactive threat hunting as you develop and acquire new intelligence. Defenders should conduct an annual gap analysis of their monitoring capabilities and quickly plan to mitigate any collection gaps.”
The second takeaway is that these actors use common, but effective tactics, Holland said. Although these groups have sophisticated capabilities, they also rely on low-hanging fruit tactics and techniques. While it isn’t sexy, effective security hygiene like patching known vulnerabilities on external services raises the advisory costs and makes their job harder.
“The advisory doesn’t mention the current Russian-Ukraine tensions, but if the conflict escalates, you can expect Russian cyber threats to increase their operations,” he said. “Cyberspace has become a key component of geopolitics. Russian APT groups aren’t at the top of the threat model for all companies, unlike the critical infrastructure providers mentioned in the alert, but could end up being collateral damage.”
The Federal Communications Commission (FCC) has shared a proposal for stricter requirements for companies to disclose data breaches. According to the proposal, companies would be required to notify customers affected by inadvertent breaches, and it would get rid of the one-week waiting period before disclosure.
FCC chairwoman Jessica Rosenworcel shared the proposal. She said the updates would better align the commission’s rules with recent developments in federal and state data breach laws covering other sectors.
“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information,” she said. “But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers. Customers deserve to be protected against the increase in frequency, sophistication and scale of these data leaks, and the consequences that can last years after an exposure of personal information.”
Lisa Plaggemier is interim executive director of the National Cybersecurity Alliance (NCA).
“While the entire cybersecurity world likely has something to gain from these new requirements, individuals and the public sphere will likely stand to benefit the most,” she said. “To say that digital is a staple of daily life for individuals would be a massive understatement. And with so much of our lives now conducted via digital means the security of our data and information is paramount. Unfortunately, because of the fragmented reporting structures that are in place, it can be tough for individuals to keep up with relevant breach information, determine whether they are impacted and ultimately what steps they need to take. Therefore, these revamped reporting requirements will likely help to foster a more clear process by which individuals can have clearer access to information and thus make better decisions around their cybersecurity.”
In terms of the public sphere, creating a successful cybersecurity environment requires each stakeholder to collaborate as closely as possible, Plaggemier said. These new guidelines look to lay the framework for better cooperation among the FCC, FBI and other government agencies, which will help put the government in a better place when it comes to cybersecurity planning and response.
The proposed guidelines would prompt companies to “think about their cybersecurity operations in new ways, and will help them better prioritize and identify where their potential weaknesses are and how to fix them,” she said.
As the omicron variant spreads, Check Point Research (CPR) sees a surge in fake PCR/antigen test certificates, primarily sold on Telegram, an instant messaging platform.
According to the research:
The price has doubled from $100 in 2021 to $200 in 2022.
It takes the vendor one day to make.
The vendor claims to register the fake PCR test with a hospital database, claiming to have a relationship with the hospital.
Check Point researchers had a conversation with a fake test vendor on Telegram. The vendor claims to be able to register the fake test with Kingwood Emergency Hospital (Texas) and NYC Health + Hospitals.
Liad Mizrachi is security expert at Check Point Software Technologies.
“I’m not sure it’s exclusively a cybersecurity problem, but a problem that cybersecurity has been dealing with for a long time — verification, authenticity — hence the solutions exist in the cybersecurity space and can be used to solve this issue,” he said. “For example, by applying the same principles used to verify website secure sockets layer(SSL)/transport layer security (TLS) certificates, we can create a trust system where any test result center needs to be known and sign all the tests with a unique key that can be verified everywhere.”
Governments are starting to understand the potential damage and the risk that fake certificates are posing and taking actions, Mizrachi said. This of course creates a fear with the potential buyers.
“From what we see so far, the raising of fake tests certificates is similar to what we saw happening with the fake vaccination certificates in the past year,” he said. “The pandemic, like any other major event, creates the perfect ground for scammers and threat actors to operate. In the case of the pandemic, the impact is much more significant. First they had a long time to prepare and create those scams. And the fear from a global, long-term event is something that touches each and every person worldwide, [which] of course helps.”
Huntress is donating $100,000 to the Dutch Institute for Vulnerability Disclosure (DIVD), a platform supported by volunteers for security researchers to report vulnerabilities.
DIVD played an important role in a number of high-profile incidents over the last year, Huntress said.
The donation is being used in two ways. Half will support DIVD’s continued growth, enabling the group to hire its first full-time staff and do more work. The other half will be used to start a DIVD-led bug bounty program to create a financial incentive for individuals to effectively disclose vulnerabilities and discoveries specific to MSP and SMB IT tools.
Kyle Hanslovan is Huntress‘ CEO and co-founder.
“After the difficult year this industry had in 2021, we’re looking for new ways to support MSP and SMB cybersecurity outside of the work we’re already doing,” he said. “DIVD is an excellent organization and it was a no-brainer to support their mission and this new bug bounty program. We’re hoping our contributions represent the start of a broader community effort that’ll include many vendors and industry leaders. There’s a lot we can do, whether it’s contributing financially, increasing focus on code quality, ramping up cybersecurity education, etc.”
There aren’t enough incentives for bug bounties and security research within the MSP/SMB community today, Hanslovan said.
“And skilled researchers are instead poking holes in software from places like Apple and Microsoft where they know they’ll be paid well for their efforts,” he said. “DIVD is trying to help balance the scales a bit and create that incentive for our community.”
Devo Technology, a cloud-native logging and security analytics provider, has launched its new technology alliance partner program, the latest addition to the Devo Drive Partner Program.
Check Point Software Technologies, Cybereason, Corelight, Cribl, CyCognito and Cyware have joined the new program as inaugural members. The program nables Devo and technology partners to build joint solutions that enhance the value of each other’s products and allow customers to increase their security operations center (SOC) efficiency, maximize their security tools, and achieve visibility across their organization.
Program benefits include:
Funding to drive go-to-market activity and engagement.
Access to Devo’s development environment and resources.
Ongoing access to enablement and education.
Upesh Patel is Devo Technology‘s senior vice president of corporate development.
“The new program will give ISVs a structured way to integrate their products with Devo and also give them access to co-marketing activities like webinars, seminars, collateral and more, helping them promote their products with Devo and our customers,” he said. “Partners can expect to benefit from future product innovation that will fundamentally shift how security teams interact with data and a larger community of security expertise. Devo and our technology alliance partners will also have the benefit of co-marketing activities to help drive visibility for their offering and reach new customers.”
Devo Technology, a cloud-native logging and security analytics provider, has launched its new technology alliance partner program, the latest addition to the Devo Drive Partner Program.
Check Point Software Technologies, Cybereason, Corelight, Cribl, CyCognito and Cyware have joined the new program as inaugural members. The program nables Devo and technology partners to build joint solutions that enhance the value of each other’s products and allow customers to increase their security operations center (SOC) efficiency, maximize their security tools, and achieve visibility across their organization.
Program benefits include:
Funding to drive go-to-market activity and engagement.
Access to Devo’s development environment and resources.
Ongoing access to enablement and education.
Upesh Patel is Devo Technology‘s senior vice president of corporate development.
“The new program will give ISVs a structured way to integrate their products with Devo and also give them access to co-marketing activities like webinars, seminars, collateral and more, helping them promote their products with Devo and our customers,” he said. “Partners can expect to benefit from future product innovation that will fundamentally shift how security teams interact with data and a larger community of security expertise. Devo and our technology alliance partners will also have the benefit of co-marketing activities to help drive visibility for their offering and reach new customers.”
Ascending to the Nasdaq 100, Palo Alto Networks is in a strong position to help its channel partners gain new opportunities and prosper in 2022.
That’s according to Karl Soderlund, Palo Alto Networks’ senior vice president of worldwide channel sales. The cybersecurity vendor works with resellers, distributors and MSSPs.
Palo Alto Networks recently joined the Nasdaq 100. It’s the top 100 largest domestic and international non-financial companies on the Nasdaq exchange based on market capitalization. The vendor was added as part of the index’s annual reconstitution.
In addition, Palo Alto Networks has joined the Microsoft 365 Networking Partner Program to provide direct and efficient connectivity for Microsoft 365 users. This is through its Prisma Access service, facilitating what the company calls an optimal user experience aligned with Microsoft’s connectivity principles.
What’s In Store For Palo Alto Networks Channel Partners in 2022
Palo Alto Networks’ Karl Soderlund
In a Q&A with Channel Futures, Soderlund talks about these developments and what’s in store for partners in 2022.
Channel Futures: What’s the significance of Palo Alto Networks joining the Nasdaq 100? What does it mean to partners?
Karl Soderlund: It means a lot to us, we’re really proud to join the Nasdaq 100. Many of our customers and our partners are among the great companies that participate. We believe the inclusion of Palo Alto Networks really reconfirms our transformation to being the cybersecurity partner of choice for organizations around the globe. So we’re very proud and happy to be to be part of that.
CF: How will partners benefit from Palo Alto Networks joining the Microsoft 365 Networking Partner Program? Does it create new opportunities for them?
KS: It will absolutely benefit our partners. The reality is with how massive the Microsoft 365 base is out there. The opportunity to increase our customers’ security posture is at record levels and the need is there. So being part of this partner program will give us that opportunity to meet that need. There’s a great opportunity for our partners to not only promote this into their customer base, who are Microsoft environments, but also look at other opportunities beyond that. So whether it be inclusive of adding services to it, looking at other areas to protect and secure the network, it’s just another opportunity for our partners to come in with a world-class solution with two world-class partners that are together.
Scroll through our slideshow above for more from Soderlund and more of this week’s cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like