The Gately Report: Malwarebytes Plans 'Explosive' Partner Community Growth in 2022
Hackers fooled Apple and Meta into handing over customers' personal information.
shutterstock
Channel Futures: Why did you want to take this top channel leadership role with Malwarebytes? How will your previous experience with WatchGuard Technologies come into play in this new role?
Brian Thomas: There are many reasons why I decided to choose Malwarebytes as the next step in my career. The massive total addressable market that’s in front of us right now, coupled with where Malwarebytes has positioned itself today in the endpoint security market. You take that, plus a relatively new MSP program. You could almost consider it in its adolescence. It was founded in February of 2020, so this being now a two-year-old program, I just saw there to be many, many ways that I could bring on not only a great team, but add a ton of value in expanding the program from where it is today. And I’m very excited to do that.
From a WatchGuard perspective, the last year-and-a-half was the Panda Security acquisition. So I was very familiar with the endpoint security space and helped migrate everything in North America right from the Panda Security business over into the WatchGuard portfolio. And then what became WatchGuard Cloud all integrated right on the Panda Security side. So I think that experience over the last year-and-a-half leading up to the Malwarebytes new role and assignment really prepared me for what I’m doing today.
CF: What can partners expect from you in the coming months and what’s at the top of of your to-do list?
BT: We’re on track and we want to do $25 million globally in monthly recurring revenue (MRR). We want to grow our footprint of what is 2,000 MSPs and MSSPs today to over 4,000 MSPs globally. We are doubling the size of our team. We are doubling the size of our MSP-focused marketing and support organizations. And we’re signing on a lot of two-tier MSP strategic partners. So we are bringing on key remote monitoring and management (RMM) [providers], aggregators, distributors, service providers and master MSPs that function in a two-tier model. That’s going to be a huge component of this year, all ramping in the next few months.
CF: What’s fueling the need for everything you described as far as what’s you’re planning on doing?
BT: Honestly, it’s customer demand. We have so many SMBs that obviously know the Malwarebytes name. We have so many consumers that know the Malwarebytes name. And we have such a sterling reputation within the consumer market and the SMB market. This is one of the things that one view grew out of, one view being our MSP platform. It literally grew out of customer demand. They are purchasing through MSPs at an unprecedented rate because they do not want to manage their their IT infrastructure or their security infrastructure. And MSPs address that gap for them.
CF: Do MSPs along with other partner types have individual pain points, individual needs, etc.?
BT: For the past year, Malwarebytes has been developing a new partner experience center. That’s going to be huge, and it’s coming out in just a few short months. Our partners will be able to access training, request MDF, register opportunities and track their tier status. That was really the core of your question, with their tier status being important and self-servicing all of their assets. And with that tiering status, they’ll be able to access all of their benefits within the partner experience center in our brand-new partner portal. What we’re seeing more than anything is that MSPs are flocking to our program today.
CF: Malwarebytes recently released its 2022 Annual Threat Report, which showed a massive COVID-19 bounce in cyber threats. Is there a message there for partners?
BT: Yes, I definitely think so. I think the message is very succinct as well. And that is where there was definitely a COVID-19 bounce. And that COVID-19 bounce I think more than anything is tied to everyone was hunkered down during the pandemic, especially in those early months. Everything shut down. And that includes a lot of cybercrime. Everyone in any industry was definitely at a point where they didn’t know what the next steps would be and what month those next steps would be decided. I think for cybercriminals in particular, they started coming out of the woodwork after we were about a year post-pandemic or post-initial pandemic, and you can see that very much reflected in the numbers.
CF: What do you find most worrisome about the current threat landscape? And therefore, how is Malwarebytes keeping its partners and their customers safe?
BT: I actually harken back to 60% of breaches were linked to a vulnerability where an available patch had not been applied and how Malwarebytes deals with that. And again, we’re specifically talking about vulnerability and patch management, but I think this in a way answers your question the way we address it or the way that Malwarebytes protects their clients. And this is available to both MSPs and SMBs, their downstream clients. Actionable intelligence attack surface reduction, easy deployment reports and alerts, and increased control, all of that helps solve the problem. And if that’s 60% of the breaches, that’s a huge component of the breaches that we can attempt to solve for them.
CF: Is there anything that we didn’t touch on that you would like to add?
BT: The only thing I would add is tied to 2022 and the goals that we’ve set forth, which are ambitious, but they’re absolutely realistic. Explosive growth of our partner community is a major, major initiative for Malwarebytes this year. And we’re focused specifically on the profitability side associated with Malwarebytes‘ security portfolio and our expanded integrations. We want to make sure that we are integrated in every path to market, and those paths to market or those conduits that our MSPs and VARs use today, we want to make sure that we are available through all of them.
In other cybersecurity news …
Apple and Meta, the parent company of Facebook, reportedly provided customer data to hackers masquerading as law enforcement officials.
That’s according to Bloomberg, citing three people with knowledge of the matter.
Apple and Meta reported provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Requests usually are only provided with a search warrant or subpoena signed by a judge, according to the people.
Meta spokesperson Andy Stone sent us the following statement:
“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse. We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”
Apple sent us part of its law enforcement guidelines addressing this:
“If a government or law enforcement agency seeks customer data in response to an emergency government & law enforcement information request, a supervisor for the government or law enforcement agent who submitted the [request] may be contacted and asked to confirm to Apple that the emergency request was legitimate. The government or law enforcement agent who submits the [request] should provide the supervisor’s contact information in the request.”
Lisa Plaggemier is interim executive director of the National Cybersecurity Alliance (NCA).
“Apple has made a lot of positive noises about privacy and security over the last couple of years, but yet, cyber bad actors have still managed to find a way through,” she said. “This goes to show that no organization – public or private – is above reproach and no employee anywhere should think they’re not a potential target. And with that, this incident needs to refocus all technology stakeholders on the importance of collaboration and of heightening our detection, response and reporting efforts through cooperation.”
In addition, to cope with consumer trust issues stemming from this, Apple and Meta need to engage in a dialogue with their customers that provides them with a transparent view of what has happened, what remediation efforts are ongoing and what preventative steps will be taken in the future, Plaggemier said.
“Masquerading as a legitimate party is one of the oldest tricks in the book for cybercriminals,” she said. “However, breaches like this bring this tactic to a whole new level and underline just how sophisticated cybercriminals have become. So while this may not have planted any new seeds in the mind of how bad actors can look to execute breach activity, it certainly has provided them with unneeded encouragement to be as bold as they can be.”
Demi Ben-Ari is CTO and co-founder of Panorays, a security and risk management company. He said the personally identifiable information (PII) obtained is “more than enough to single out, locate and target listed individuals.”
“The attackers can use these identifiers to target people with smaller-scale phishing or social engineering tactics, or they could sell the data on the black market,” he said. “Either way, the user loses. From a corporate perspective, this attack reaffirms the lack of training and cybersecurity awareness within both organizations, a scary thought given how far reaching they are. It also reinforces that regardless of the size of an organization, everyone gets hacked. And for Meta, this incident just gives users even more ammo to distrust their ability to keep people’s data safe and trust will continue to erode.”
Reports have noted these sorts of attacks have been going on for more than a year at this point, Ben-Ari said.
“I think this is just the first time we’ve seen it succeed on such high-profile targets,” he said. “It’s quite likely they’ll continue for a couple of reasons. The first is that it works. The second is that it’s a relatively low-tech social engineering attack that’s easy to execute, assuming the target doesn’t know any better or isn’t trained to vet these requests more stringently.”
Lacework’s latest quarterly Cloud Threat Report found threat actors are broadening the scope of their efforts to gain illicit access to cloud data and resources.
In addition to increased targeting of cloud platforms beyond AWS, Microsoft Azure and Google Cloud, malicious actors are rapidly adapting new attacks to target organizations in the cloud.
The report highlights vulnerabilities across four areas of cloud security. Those are cloud security posture; vulnerability and software supply chain; runtime threats and linux malware; and proactive defense and intelligence.
Based on anonymized data across the Lacework platform from September 2021 through February 2022, key findings of the report include:
Cloud security mistakes are an open door for threat actors. Seventy-two percent of cloud environments monitored had insecure configurations, providing a warm welcome for attackers to gain initial access, establish persistence, escalate privileges and impact protected data across clouds.
Your data is not safe in any cloud. Despite being the largest cloud service providers, AWS accounts make up only 16% of overall hosting account resales, while lesser known companies like HostGator and Bluehost make up half. On average, the price of a compromised AWS account is roughly $40, with corporate accounts being offered for as low as $300 and upwards of $30,000.
Log4j remains a significant threat, and malware is adapting quickly. Thirty-one percent of malware infections observed by Lacework researchers use Log4j as the initial infection vector. What’s more, Muhstick, the malware family most commonly observed in the wild, can incorporate vulnerabilities like Log4j into their code within 48 hours, reinforcing that this threat will remain an issue over the long term.
James Condon is Lacework’s director of threat research.
“While cloud security isn’t getting worse, our investigations highlighted a marked increase in crimeware involvement in cloud-focused operations and improved capabilities,” he said. “The enhanced business model has extended the offerings of underground markets, allowing for more sharing and reselling of information, access and tooling.”
The security landscape continues to evolve as threat actors become more sophisticated and adept at targeting cloud vulnerabilities in particular, Condon said.
“From Log4j to the escalation in Lapsus$ attacks, high-profile security incidents are heightening security awareness for thousands of enterprises,” he said. “These attacks are a glaring reminder that we cannot overlook the basics of security.”
No security posture is perfect, but there is a lot more companies can be doing to protect themselves, Condon said.
“The latest string of attacks are a good example because they have something in common,” he said. “They leverage user credentials, and abuse those permissions for personal and financial gain. Organizations need to pay attention to two critical things in any security posture: authentication (who are you) and authorization (what can you do). These can seem like basic best practices, but it’s shocking how many organizations aren’t taking these steps. As we see in the latest threat report, attackers are taking advantage of the lack of focus on securing consumer and corporate accounts alike.”
Hackers stole about $625 million in cryptocurrencies from a gaming-focused blockchain network that supports the popular video game Axie Infinity in one of the largest crypto hacks of all time.
Hackers stole more than $615 million worth of Ethereum and USDC from the Ronin Network, a sidechain of the Ethereum blockchain.
The Ronin Network is used as a bridge between the video game and blockchains, essentially to transfer cryptocurrency in and out of the game. Ronin Network developers discovered the hack Tuesday morning, six days after the theft when an individual user reported being unable to withdraw their money.
“The attacker used hacked private keys in order to forge fake withdrawals,” Ronin Network said. “We are working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed.”
James McQuiggan is security awareness advocate at KnowBe4.
“Cybercriminals always go after the money, whether with ransomware against organizations or through cryptocurrency exchange sites, bridges or crypto-wallets,” he said. “With cryptocurrency using blockchain and cryptography, financial transactions are all electronic and thus are susceptible to cyberattacks, vulnerabilities or attempts to bypass the security controls. Whether reverse-engineering the cryptography or looking for a backdoor to gain access, cybercriminals continue to find ways to circumvent controls to steal money for their financial gain and ruin the customers’ portfolios.”
The downside to cryptocurrency is the lack of government-protected funds and relying on the organization’s human element of strong cybersecurity practices, McQuiggan said.
Cytracom this week announced ControlOne. Available only to channel partners in the United States and Canada, the ControlOne cloud-based, secure network platform unifies connectivity and security, transforming how MSPs build, manage, and secure modern cloud networks.
The ControlOne platform allows MSPs to replace legacy corporate networks and introduce a new, more secure cloud network built for today’s work from anywhere workforce.
Zane Conkle is Cytracom’s co-founder and CEO.
“Nothing like ControlOne will exist on the market today,” he said. “This cannot be purchased anywhere else. I believe it will give our partners a competitive advantage. MSPs that are leading with security are outgrowing their peers at exponential rates, and ControlOne allows MSPs to go to market and lead with security, and do so confidently while at the same time reducing the time it takes for them to deploy and manage these services.”
The key components of ControlOne’s platform include:
Software defined perimeter
Secure Remote Access
Unified threat management
Insightful intelligence
Security posture management
“Our road map for ControlOne is aggressive, and we will continue to not only roll out new security and connectivity capabilities, but we’re also extend the capabilities that we have today and as we continue to learn more,” Conkle said. “The threat landscape is constantly changing, and that’s a key part of ControlOne. We’re highly tune to that. Our analysts on staff are constantly looking at that and forming the best ways to mitigate those risks while at the same time looking at the broader market to understand what are the best practices and how can we apply those here.”
A new Acronis global report shows half of organizations are still allocating less than 10% of their IT budgets to cybersecurity.
The report surveyed over 6,200 IT users and IT managers from small businesses to enterprises across 22 countries. It exposes some of the most critical shortcomings appearing in cyber protection practices today.
Major findings include:
While 78% of organizations globally run as many as 10 different solutions for data protection and cybersecurity, 76% experienced downtime due to data loss, a 25% increase from 2021.
Only 10% of users back up daily, 15% back up once or twice a week and 34% back up on a monthly basis. Forty-one percent rarely or never back up their data.
Over half of all personal IT users lost data at least once in 2021, while 26% lost it multiple times.
Even highly publicized, and effective, cyberattack vectors like crypto jacking and DoS/DDoS are discounted by a significant percentage of personal IT users — 43% aren’t concerned or aware of crypto jacking, and 36% aren’t concerned or aware of DoS/ DDoS attacks.
Organizations in the United States and Canada are less certain if their data has been tampered with, at 75% and 71% respectively. They fall slightly behind the global average.
Roughly one-third of organizations in Brazil, Canada and the United States have experienced downtime due to a cyberattack in the past year.
Candid Wuest is Acronis‘ vice president of cyber protection research.
“As the entire world is increasingly at risk from different types of attacks, accelerating to universal all-in-one solutions is the only way to achieve truly complete cyber protection,” he said. “Attackers don’t discriminate when it comes to means or targets, so strong and reliable security is no longer an option. It’s a necessity.”
A new Acronis global report shows half of organizations are still allocating less than 10% of their IT budgets to cybersecurity.
The report surveyed over 6,200 IT users and IT managers from small businesses to enterprises across 22 countries. It exposes some of the most critical shortcomings appearing in cyber protection practices today.
Major findings include:
While 78% of organizations globally run as many as 10 different solutions for data protection and cybersecurity, 76% experienced downtime due to data loss, a 25% increase from 2021.
Only 10% of users back up daily, 15% back up once or twice a week and 34% back up on a monthly basis. Forty-one percent rarely or never back up their data.
Over half of all personal IT users lost data at least once in 2021, while 26% lost it multiple times.
Even highly publicized, and effective, cyberattack vectors like crypto jacking and DoS/DDoS are discounted by a significant percentage of personal IT users — 43% aren’t concerned or aware of crypto jacking, and 36% aren’t concerned or aware of DoS/ DDoS attacks.
Organizations in the United States and Canada are less certain if their data has been tampered with, at 75% and 71% respectively. They fall slightly behind the global average.
Roughly one-third of organizations in Brazil, Canada and the United States have experienced downtime due to a cyberattack in the past year.
Candid Wuest is Acronis‘ vice president of cyber protection research.
“As the entire world is increasingly at risk from different types of attacks, accelerating to universal all-in-one solutions is the only way to achieve truly complete cyber protection,” he said. “Attackers don’t discriminate when it comes to means or targets, so strong and reliable security is no longer an option. It’s a necessity.”
A major initiative for Malwarebytes this year is massive growth of its partner network. The company is aiming for $25 million globally in monthly recurring revenue (MRR).
That’s according to Brian Thomas, Malwarebytes’ new vice president of worldwide MSP and channel programs. Previously with WatchGuard Technologies, he took this new role in December.
This month, Malwarebytes expanded its Nebula cloud-native endpoint protection platform to include two new modules. Those include vulnerability assessment and patch management. Together, these capabilities help organizations stop security breaches.
The expansion is particularly beneficial to Malwarebytes MSP partners, Thomas said.
Malwarebytes’ Brian Thomas
“Sixty percent of breaches last year were linked to a vulnerability where an available patch had not been applied,” he said. “Therefore, it’s our opinion that this critical gap in protection poses a massive threat, particularly for SMBs, which are what our MSPs and what our partners service. They’re critical to improve security postures. And this is really the next step in adding to our portfolio.”
Responding to the Ukraine Crisis
In terms of the ongoing Ukraine crisis, Thomas said Malwarebytes is “incredibly sensitive” to the situation.
“We’re in constant contact with the employees in our Estonia office, as well as the ‘Malwarenauts,’ as we call them, in Ukraine and Belarus,” he said. “Many Malwarenauts in the EU have offered their homes to refugees fleeing Ukraine. And as a company, we have donated to Doctors Without Borders, Save the Children and then Mercy Corps.”
Malwarebytes is offering free three-month consumer licenses, and Premium + Privacy to the people of Ukraine and affected neighboring countries.
“We will also be offering six months of free licensing and onboarding of our endpoint detection and response (EDR) to ensure Ukrainian organizations are protected,” Thomas said.
Scroll through our slideshow above for more about Thomas’ Malwarebytes partner community expansion plans, and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like