The Gately Report: Proofpoint Tracking Ukraine Crisis for Partners, Customers; New Darktrace Division
Critical infrastructure entities are under increased threat from the Ukraine conflict.
![Ukraine flag Ukraine flag](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt6e8bd226a498de5a/65243416911d6ee69ce4ca8c/Ukraine-Flag.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: How are partners benefiting from Thoma Bravo’s acquisition of Proofpoint? Any changes in how they work with Proofpoint, opportunities, etc.?
Joe Sykora: [The acquisition] has been great, We’ve increased resources for our partners. That includes additional resources in the field globally for our partners. We’ve also rolled out additional programs as well. We exited the year with around 4,000 employees and we have another 500-600 planned for this year. So we’re definitely in growth mode. So I think for our partners; it’s been a good addition, if you will. It’s going well.
CF: How many partners does Proofpoint have and has that been growing?
JS: If you look at our specializations, for example, information protection, it’s only like 25 partners globally. So it’s a very focused program and we do run a focused partner strategy on the enterprise side. We also have our MSP program. So our MSP platform and program have been growing quite a bit. We’ve got roughly 10,000 MSPs today, and that is where we’re seeing the biggest growth. We have grown our partner base. We had a great 2021. We had great growth as an overall company and going through the partners. Obviously, our partners grew with that.
CF: Proofpoint recently released its 2022 State of the Phish report. It showed increases in email-based phishing and email-based ransomware attacks. Was there a message in this for Proofpoint’s partners?
JS: Absolutely. The bad guys are still out there and they’re increasing their efforts. So I think actually in the report you saw about 77% of the people that were involved experienced some type of email ransomware over the last year. And you saw an 18% increase in business email compromise (BEC). So I think now more than ever, we need to make sure that our partners are protecting their customers, and we’re helping our customers and our partners do that.
CF: Proofpoint’s 2021 financial results showed a V-shaped recovery with revenues and billings growing more than 20%. What role did partners play in this recovery?
JS: We are a channel-first company. So obviously when you see the growth numbers that we publish, that’s going through our channel partners. Some of our partners more than doubled with us. So we saw extreme growth rates, 30% and above, and even on some of our top partners who have been growing with us for awhile. So it was definitely a V-shaped recovery. We didn’t know if it was going to be a U or V, and we definitely experienced the V. So things are continuing to move forward.
CF: In the current threat landscape, what do you find most worrisome?
JS: There’s a lot, right? We stay active with the current threats and our threat research [and] we emphasized [in the State of the Phish report] that things are not improving. Today, last week, forever, there are always going to be incidences going on.
We’re a little bit elevated right now because we’re paying attention to what’s going on in Eastern Europe. And we’ve got to be real about that. So we do have a few things that we’ve implemented here and we create awareness as well. So it’s also awareness for our customers, our partners and even internally that it’s really important to take a look at what’s coming across your email and making sure you don’t click on the wrong thing. So the need for security awareness and training is another thing that we do with our partners. It’s more relevant than ever.
CF: What are you hearing from partners in terms of their most pressing needs?
JS: There are a couple of things they want. They want access to our technology and that’s something that we improved last year … so giving our partners access to everything we do, and making sure they can demo and use the technology. We actually do have a new rapid risk assessment for our partners that we just released. We are listening to them and we heard them, and we offer that as well. And then the other thing is our protection. So if you look at what partners want, they want to know that they have protection and the ability to make profits. So along with protection, we rolled out a new deal registration incumbency program on Jan. 1. And then with the specializations, that gives our partners the ability to build practices of their own.
CF: What are your goals for Proofpoint’s channel in 2022?
JS: In 2022, it’s all about execution. I joined Proofpoint at the very end of December 2020, so I’ve been here a little over a year and we did a lot of foundational work. So for 2022, it’s execution around some of those changes that we made with our main programs. And then we’ll continue to release and add people to our specialization so they can build the entire practice around them. I’m always a big routes-to-market guy, so I want to let our partners consume our technology the way they want to consume it. Also, ease of doing business with Proofpoint is another big one for me as well.
Darktrace has formed a new division to serve the U.S. Department of Defense (DoD), the intelligence community, federal civilian agencies and national critical infrastructure to strengthen their defenses with self-learning artificial intelligence (AI).
Darktrace Federal includes subject-matter experts in critical infrastructure security and former members of the U.S. intelligence community who drove cyber operations at the CIA and supported the National Security Agency (NSA) and DoD. The team will assist federal agencies and military organizations to identify and disrupt cyberattacks across digital environments and infrastructure.
Sally Kenyon Grant joins the company as vice president of Darktrace Federal. She’ll lead initiatives supporting U.S. government cybersecurity operations for compliance, auditing, policy, budget, acquisition and deployment. She has more than 30 years of government experience in Washington, D.C.
“Darktrace is a unique example of a self-learning AI technology that is proven to work in detecting, responding and investigating sophisticated, nation-state threats in real time in critical organizations before damage is done,” she said. “There has been no better time to join Darktrace Federal as its self-learning AI responds with machine speed and surgical precision to interrupt attacks before they can disrupt vital government services.”
The rapidly evolving conflict in Ukraine enhances the cybersecurity risks emanating from Russia, making threat detection and response an even more urgent priority for critical infrastructure entities.
The FBI has warned businesses to watch for potential attacks as retaliatory cyberattacks are likely to follow global sanctions against the Russian government.
Bill Moore, Xona‘s founder and CEO, spoke with us about key emerging best practices that critical infrastructure entities can deploy to enhance their defense.
Channel Futures: Are critical infrastructure entities highly sought after by attackers associated with the conflict in Ukraine? Are they therefore more at risk?
Bill Moore: All of the largest companies or entities in the world have critical infrastructure. Manufacturers and energy companies have plants with critical operational technology (OT). Transportation companies, including maritime and rail, utilize industrial controls. Even financial institutions utilize data centers that rely on temperature-controlled environments, which rely on industrial-controlled HVACs and fire suppression systems.
Attackers that are focused on financial aspect are looking for vulnerable critical systems where the organization can be held hostage through ransomware. They are looking for low-hanging fruit, which can be IT or OT systems. Nation-states, or attackers associated with the Ukraine conflict, employ advanced methodologies that automatically heighten risk to every organization and its critical infrastructure.
CF: Are most critical infrastructure entities not prepared for the types of attacks happening and that will be happening in the days ahead? If so, how?
BM: Most of these entities have critical infrastructure entities that are very vulnerable to even garden variety phishing/malware. Recent successful attacks on a Florida water treatment plant, Colonial Pipeline and Toyota manufacturing plants illustrate the problem.
CF: How quickly can critical infrastructure entities enhance their cyber defenses? Do they need to act as quickly as possible?
BM: Fortunately, critical infrastructure entities can enhance their cyber defenses with a simple and secure OT access control solution that protects and isolates access to vulnerable OT systems and protocols. These entities need to act as quickly as possible as there are internet tools such as Shodan that can be used to find and expose critical infrastructure systems.
CF: If an entity is attacked, what’s the proper course of action to minimize damage?
BM: Leverage incident response tools and consultants to immediately assess, isolate and remediate any compromised systems.
CardinalOps, a threat coverage optimization company, has secured $17.5 million in Series A funding led by Viola Ventures. Existing investors Battery Ventures, Glilot Capital, Symbol and security industry investors also participated in the funding round.
This brings CardinalOps’ total funding to $24 million. This latest round will fuel aggressive global expansion in go-to-market (GTM) and product innovation activities.
In addition, Phil Neray has joined the company from Microsoft as chief marketing officer and vice president of cyber defense strategy.
Founded in early 2020, CardinalOps is led by entrepreneurs whose previous companies were acquired by Palo Alto Networks, HP, Microsoft Security, IBM Security and others.
Michael Mumcuoglu is CardinalOps’ CEO and co-founder.
“Channel partners like MSSPs/MDRs play a key role in our global expansion plans,” he said. “They’re looking to scale their businesses while supporting multiple security information and event management/extended detection and response (SIEM/XDR) solutions like Splunk, Microsoft Sentinel, IBM QRadar and CrowdStrike with limited staff. Organizations aren’t getting the value they expect because configuring these solutions is still a largely manual, ad-hoc and error-prone process, which leads to risky gaps in threat coverage and unnecessary costs from more and more log sources being ingested without actually contributing to detecting threats. So we’re seeing market traction from MSSPs/MDRs and other cybersecurity solution providers looking to optimize their customers’ SIEM/XDR deployments with automated, AI-driven recommendations from our cloud-based platform.”
This week, Toyota supplier Kojima Industries, which provides plastic parts and electronic components to the auto giant, was affected by a cyberattack. That caused Toyota to temporarily shut down operations.
On Feb. 26, Kojima discovered an abnormality on one of its file servers. After rebooting the system, the abnormality was confirmed to be a virus and it included a threatening message. Full details of the attack are still emerging.
After learning of the disruption, Toyota suspended operations of 28 lines at 14 different plants in Japan to prevent further damage.
Jeannie Warner is Exabeam‘s director of product marketing.
“Toyota reports roughly 400 tier-1 suppliers who are directly connected to Toyota’s Kanban production (inventory) control system,” she said. “Whether or not the attack on Kojima was motivated by geopolitical events remains to be seen. But Toyota’s response to the threat set the precedent on how companies should be acting in the event of a security incident with one of their partners in the supply chain. Toyota did the smart thing and shut down, and investigated its network to examine all connection points. The truth is that a network is only as secure as its patch level combined with what network access it has provided to various systems. Subcontractors in the supply chain may not have all of the resources of their larger counterparts to defend against attacks.”
The details surrounding the attack are still unclear, Warner said. However, Kojima has reported key signs of ransomware.
“If indeed the attack was ransomware deployed by nation-state actors, Toyota’s response demonstrated a valuable point,” she said. “Our greatest hope in defeating highly coordinated cyber threats is to become united in fending off multifaceted attacks. Toyota’s insight into the disruption on Kojima likely prevented more devastating consequences. I’m pleased to see organizations working together to mobilize against cyber adversaries across supply chains.”
This week, Toyota supplier Kojima Industries, which provides plastic parts and electronic components to the auto giant, was affected by a cyberattack. That caused Toyota to temporarily shut down operations.
On Feb. 26, Kojima discovered an abnormality on one of its file servers. After rebooting the system, the abnormality was confirmed to be a virus and it included a threatening message. Full details of the attack are still emerging.
After learning of the disruption, Toyota suspended operations of 28 lines at 14 different plants in Japan to prevent further damage.
Jeannie Warner is Exabeam‘s director of product marketing.
“Toyota reports roughly 400 tier-1 suppliers who are directly connected to Toyota’s Kanban production (inventory) control system,” she said. “Whether or not the attack on Kojima was motivated by geopolitical events remains to be seen. But Toyota’s response to the threat set the precedent on how companies should be acting in the event of a security incident with one of their partners in the supply chain. Toyota did the smart thing and shut down, and investigated its network to examine all connection points. The truth is that a network is only as secure as its patch level combined with what network access it has provided to various systems. Subcontractors in the supply chain may not have all of the resources of their larger counterparts to defend against attacks.”
The details surrounding the attack are still unclear, Warner said. However, Kojima has reported key signs of ransomware.
“If indeed the attack was ransomware deployed by nation-state actors, Toyota’s response demonstrated a valuable point,” she said. “Our greatest hope in defeating highly coordinated cyber threats is to become united in fending off multifaceted attacks. Toyota’s insight into the disruption on Kojima likely prevented more devastating consequences. I’m pleased to see organizations working together to mobilize against cyber adversaries across supply chains.”
Proofpoint is looking out for its partners and customers, and ensuring their needs are met as the crisis in Ukraine intensifies.
That’s according to Joe Sykora, Proofpoint’s senior vice president of worldwide channels and partner sales. Russia’s invasion of Ukraine has been accompanied by a barrage of cyberattacks on computer networks and internet-based disinformation campaigns.
Proofpoint’s Joe Sykora
“Proofpoint doesn’t have any offices [in Ukraine] so it isn’t affected by anything locally,” Sykora said. “But obviously we have customers across the globe. So we need to make sure we have increased awareness for our customers and we’re always tracking our employees. We’re one big family so we’re making sure that we’re taking care of anyone who needs help, and we are aware and making sure everyone at the company is aware around what’s going on.”
Last month, Proofpoint acquired data security startup Dathena. With this acquisition, Proofpoint strengthens its cloud-based security solutions by adding artificial intelligence (AI)-based data classification to its information and cloud security platform. The acquisition increases Proofpoint’s presence and investment in Asia. Dathena is based in Singapore.
What’s in Store for Proofpoint Partners in 2022
In a Q&A with Channel Futures, Sykora talks about how Proofpoint partners will benefit from this acquisition. He also talks about how Proofpoint partners contributed to the company’s 2021 rebound.
Channel Futures: How will the Dathena acquisition benefit Proofpoint’s partners?
Joe Sykora: We’re pretty excited. It’s going to increase our overall information protection strategy. We actually rolled out an information protection specialization for partners at the end of last year. So this will help complement it because with them, obviously, data classification and data discovery are important pieces. So we combine that with our data loss prevention (DLP) solutions and everything else for partners. It kind of just completes the overall package for our partners that are doing that.
Scroll through our slideshow above for more from Proofpoint and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like