The Gately Report: Sherweb MSP Partners Fueling Cybersecurity Growth, More on Synopsys' WhiteHat Security Buy
Synopsys and Tenable say their latest acquisitions will benefit their partners.
![Growth Growth](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt6358df8218c957c8/65242d1a2de618076b2c0171/5-Growth.jpg?width=700&auto=webp&quality=80&disable=upscale)
Channel Futures: When it comes to cybersecurity, what are MSPs and their customers most in need of from Sherweb? Are there particular types of tools, products, services, etc.?
Sherweb’s Jim O’Driscoll: One of the things I’ve seen even in my past was a lot of people, a lot of corporations, when they get their new cybersecurity insurance checklist, that ends up driving conversations with us as an MSP around the need to be able to say, ‘Yes, yes and yes’ to the following. So do they need a backup for their Microsoft environment? Do they need a backup for their Office 365 accounts? So all things that maybe they weren’t thinking about previously and now … they are stark yes or no on the cybersecurity insurance checklist.
We’re trying to make sure we’re positioning and adding products to our marketplace that can help customers do that, that are also simple to deploy because they don’t want to do a huge project. It’s usually a timely thing. So our Office Protect Alliance is a Sherweb-built product that’s all about securing the Microsoft 365 tenant. So that’s something we talk to our customers about quite a bit.
CF: With ransomware and cyberattacks making big headlines, is it easier for Sherweb and your MSP partners to have that conversation and convince businesses of all sizes that they need to do more to protect themselves?
JO: It’s always an investment by a partner. So I think from an MSP standpoint, MSPs are well aware that the conversations have to occur and different levels exist when you get to the end users from an MSP perspective. Some are willing to invest and some or not. But I think more and more are because they’re just so aware now. Is it brand damage? Is it losing their abilities? It’s always the degree because you can spend umpteenth dollars to get it and there’s always going to be some level of exposure. So it’s finding the right level for each customer where they’re willing to invest in it. But you can’t ask them to spend more than what they’re making. They’re not all enterprise accounts. So SMB has a certain level of tolerance. But I think that’s all filtered into business where people are aware now, both personally and professionally, that it’s a requirement.
CF: What do you find most worrisome about the current threat landscape?
JO: It’s the ransomware. It’s always the fear that the customers are going to come in one morning and boom, they’re going to have a note saying, ‘Hey, we’ve encrypted all your data and now you owe us X.’ Did they copy it? What have they done with it? So we are very aware of that. And I’ve seen that in my previous life. You see it all the time happening to smaller companies as well now. And then it’s, how do you help them not be in that predicament. So ransomware is top of mind for everyone because even if it shuts down a small part of their business … it could be anything where all of a sudden now they’re not producing what they need to produce on a daily basis. And the recovery is not easy, let’s put it that way.
What dovetails with that is trying to find people right for IT teams. It’s very hard; it’s very competitive right now. Wages are going up. So even companies that do have a solid IT team, they’re starting to see where it’s harder and harder to keep some of those IT people because they can jump around and make more money elsewhere. So that’s another thing that we provide, helpdesk support and just keeping their IT infrastructure up to speed, and monitoring and managing it on their behalf.
CF: What are your goals for Sherweb’s channel in 2022? Can we expect to see changes under your leadership?
JO: Obviously our goal is we always want to support our MSPs. We want to make sure that we’re not just selling them something, and then “click here” and consume it. We want to support them, help them with training. We have a partner university where they can get trained on any of our services that we offer. We work very closely with them on different programs so they’re taking advantage of all the Microsoft incentives and whatnot, making sure they ’re up to speed. So with the new Microsoft commerce experience as an example, we spend a lot of time with our MSPs so they truly understand it and could explain it to customers, and even talk to their customers with them.
I would say under my leadership, I just want to continue to build on that. So how do we scale that? Plus, we have a heavy presence in Canada. So with COVID-19, a lot of things got shut down. So it’s easy to say you’ll see us out there more often now, but that’s pretty simple because everyone will be out more now. But we want to be talking to our MSPs and we’re going to be talking to new MSPs. We’re looking to aggressively grow our base of customers. And it doesn’t mean we get all of their services, but we do think we provide a unique customer experience for our MSPs and we want to continue to build on that.
CF: Does Sherweb offer MSPs everything they need to when it comes to beefing up their cybersecurity?
JO: I don’t know that anyone can have everything that is needed. I think we have a number of the elements, be it our online backup service, some of the security offerings that we’ve built and the name brands that we provide. It’s an area that we want to continue to add to because it always changes, and then different people offer different things. So how do we consistently enhance our level of service, be it our cloud services or just helping them architect? It could be something as simple as working with our MSPs on how they architect one of their customers in the cloud to reduce the risk to that environment, just making sure some of the best practices are followed.
So I think it’s a continually evolving thing where if ever you think you’re ahead of the security game, you’re usually not. So we’re always looking to meet with different vendors, understand their offerings. How do they fit in and how do we provide more choice to our MSPs because they also have their own ideas as to what works and what fits best in their product suite. So we’re trying to make sure we give them those options.
CF: If an MSP wants to become an MSSP, can Sherweb help them?
JO: So can we turn someone into an MSSP just with our own product offerings? No, I don’t think so. I think those true MSSPs out there consume different piece parts to build out their own services and bolt them on. They usually have one specific thing. They have a service offering and then they bolt different products onto it and that’s going out under their brand. And it’s just tools they’re using to monitor, manage and notify. So we do work with MSSPs? Yes, that can be our Office 365 Protect product that we’re working with them on … and at the same time, we also offer other name brands that they can fit into their product portfolio. So yes, we do that. We would be enabling components of the solution they’re building.
In other cybersecurity news …
Synopsys is acquiring WhiteHat Security, which rebranded to NTT Application Security last year, for $330 million in cash.
NTT Security acquired WhiteHat in 2019 and is now selling it to Synopsys. Synopsys should finalize the acquisition in the third quarter.
So what will this mean for partners of both companies? We asked Jason Schmidt, general manager of Synopsys‘ software integrity group.
“Expanding our partner program has been a strategic priority for our business unit over the past 18 months, and we’re already seeing very positive momentum on that front,” he said. “The acquisition of WhiteHat Security will add significant application security testing capabilities that are highly complementary to our existing portfolio, which will in turn strengthen our overall value proposition for our partners and their customers. As an example, WhiteHat Security’s strengths in dynamic application security testing (DAST) will complement our strengths in static application security testing and software composition analysis, providing our partners and their customers with a more comprehensive offering. WhiteHat Security has also historically maintained a vibrant channel program and partner ecosystem, so we expect that will further contribute to the great momentum in our partner business.”
This acquisition will strengthen Synopsys’ competitive advantages significantly by accelerating the expansion of its SaaS platform, expanding what is “considered one of the industry’s broadest application security testing (AST) portfolios,” Schmidt said.
“This in turn will give our partners the opportunity to have more strategic relationships with their customers,” he said.
Until the acquisition is closed, Synopsys and WhiteHat will continue to operate as two separate companies with respect to partners, Schmidt said.
“Synopsys has an active and rapidly expanding partner community, and we will continue to make that a significant part of our go-to-market (GTM) strategy,” he said. “Once the deal is closed, we will be communicating further information about our integration plans.”
Craig Hinkley is WhiteHat’s CEO. He said once the deal closes, WhiteHat Security/NTT Application Security will join Synopsys’ software integrity group division.
“Post closing, the name NTT Application Security will not be used given that the business is being sold by NTT to Synopsys,” he said. “Any decision on the future structure and operating model of the business will be made post-closing.”
Also in this week’s cybersecurity M&A, Tenable is scooping up Bit Discovery for $44.5 million. The deal should close this quarter.
Bit Discovery provides external attack surface management (EASM). Combining Tenable’s cyber exposure solutions with Bit Discovery’s EASM capabilities will provide customers with a differentiated 360-degree view of the modern attack surface – both inside out and outside in – to identify and eliminate areas of known and unknown security risk.
Glen Pendley is Tenable‘s CTO.
“From a partner perspective, this acquisition will open up a lot of doors by improving our entire product portfolio,” he said. “It’s not just a standalone product that we’re bringing to market. After closing, Tenable will leverage Bit Discovery’s EASM solutions across its entire portfolio – from enterprise VM to Nessus, from cloud to OT to identity – boosting security effectiveness dramatically. Customers will have the ability to assess the security posture of their entire attack surface with one integrated solution and understand each of these in the context of an attack path, which might exist from external systems to critical assets or any other part of the enterprise. By covering both external and internal assets, Tenable will provide a comprehensive view of vulnerabilities and cyber risk, allowing customers to prioritize remediation efforts and minimize cyber exposure.”
Bit Discovery is Tenable’s fifth acquisition.
“Looking at Tenable’s past acquisitions, we’ve been working to cover as much of the attack surface as possible, but there was one obvious gap, and that was interconnected assets,” Pendley said. “Gaining insight into every part of a business’ digital footprint is an essential part of any effective cybersecurity program. And with the number of critical internet-facing services, it’s never more critical. But the problem is that most organizations don’t have full visibility into what assets they have on the internet, and it’s difficult to make those assessments at scale. Looking at Bit Discovery’s powerful EASM solution, Bit Discovery eliminates this problem by continuously monitoring the internet, allowing customers to rapidly discover and identify all externally facing assets that could become exploitable targets by cybercriminals. And it’s not just about discovering assets at scale and quickly, but organizations also need high-efficacy data, which Bit Discovery provides.”
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints.
Microsoft issued an alert on the vulnerabilities.
The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution. Moreover, the Nimbuspwn vulnerabilities could potentially be leveraged as a vector for root access by more sophisticated threats, such as malware or ransomware, to achieve greater impact on vulnerable devices.
The patches for these vulnerabilities have been deployed, Microsoft said.
“Users of Network Dispatcher are encouraged to update their instances,” said Jonathan Bar Or of the Microsoft 365 defender research team.
Bud Broomhead is CEO of Viakoo, a provider of automated IoT cyber hygiene.
“Nimbuspwn is another example of how threat actors have shifted attack vectors to open source and Linux-based exploits,” he said. “By their nature they are harder to remediate and often have an extended vulnerability period because traditional solutions for detection and remediation may not apply, and because there are multiple Linux distributions (over 600) there [with] many patches needing to be applied.”
Privilege escalation by exploiting Nimbuspwn requires urgent action, Broomhead said. Not only can this lead to remote code execution but also data exfiltration, planting of deepfakes and distribution of ransomware.
“This highlights how current mechanisms around identity and access management can be thwarted by threat actors, which should be a push to organizations to extend their zero trust initiatives to all devices, including Linux and IoT systems,” he said.
Mike Parkin is senior technical engineer at Vulcan Cyber.
“Any vulnerability that potentially gives an attacker root-level access is problematic,” he said. “Fortunately, as is common with many open-source projects, patches for this new vulnerability were quickly released. While susceptible configurations aren’t uncommon, exploiting these vulnerabilities appears to require a local account and there are multiple ways to mitigate them beyond the recommended patching. There is currently no indication that these vulnerabilities have been exploited in the wild.”
And speaking of Microsoft, the software giant and illegal streaming sites were the most impersonated brands in phishing attacks in 2021.
That’s according to recent findings by Atlas VPN. Furthermore, the retail and government sectors experienced the most significant growth in phishing attacks last year.
Cybercriminals impersonated Microsoft product pages in nearly 37% of phishing attacks last year. Microsoft has a wide range of products used by millions of users globally who could become potential victims of a phishing attack.
Threat actors imitated illegal streaming websites in almost 14% of phishing attacks. Illegal streaming websites are generally dodgy because they don’t have good security. However, when cybercriminals put their hands on them, it is a disaster waiting to happen.
COVID-19 themed phishing attacks accounted for more than 7% of social engineering scams. COVID-19 related phishing websites can be especially deceptive to internet users as they are relatively new.
Cybercriminals impersonated Telegram in almost 7% of phishing attacks. At the same time, Amazon-related phishing attacks accounted for nearly 6% of social engineering attacks.
Vilius Kardelis is cybersecurity writer at Atlas VPN.
“Phishing attacks require the user to recognize and evaluate the potential danger,” he said. “However, people are prone to making mistakes, and a well social-engineered attack could trick almost anyone. Therefore, being aware of how phishing attacks work is essential when mitigating threat risks.”
The retail and wholesale industry suffered 436% more phishing attacks in 2021 than in 2020. When phishing attacks target retailers, the actual losses are consumer trust and brand reputation.
Phishing attacks on the government sector increased by 110% in 2021. State-sponsored threat actors usually perform cyberattacks against the government.
The finance and insurance industry experienced a 101% jump in phishing attacks in 2021. On the other hand, the phishing rate in the health care industry dropped by 59%.
The Russia-linked Stormous cybergang reportedly breached the servers of Coca Cola, the world’s largest soft drink maker, and stole about 161 gigabytes of data.
Coke has confirmed in a statement to BleepingComputer that it’s aware of the reports about a cyberattack on its network and is investigating the claims. It launched its investigation after the Stormous gang said it successfully breached some of the company’s servers and stole the data.
Stormous listed a cache of the data for sale on its leak site, asking 1.65 Bitcoin, which converts to about $64,000.
Anurag Gurtu is StrikeReady‘s chief product officer.
“Well, time will tell if we are seeing a wave of Russian-backed threat actors compromising big organizations such as Coca-Cola,” he said. “Known for its website defacement and information theft, the Stormous ransomware gang represents itself as a group of Arabic-speaking hackers. The group has been active since 2021, and recently announced its support for the Russian government and its intention to attack Ukrainian government institutions.”
This ransomware provides the actor with the ability to upload custom payloads to the affected server via open-source resources such as Pastebin and remote upload, Gurtu said.
“Since the actor can modify encryption and decryption keys, as well as copy ransom messages in the wild, the actor’s capabilities, which include dropping malware, encryption and sending a ransom note, can be hard to identify,” he said. “In addition, the actor’s ransomware is PHP-based [an open-sourced scripting language], so it is easy to modify on the fly.”
The Russia-linked Stormous cybergang reportedly breached the servers of Coca Cola, the world’s largest soft drink maker, and stole about 161 gigabytes of data.
Coke has confirmed in a statement to BleepingComputer that it’s aware of the reports about a cyberattack on its network and is investigating the claims. It launched its investigation after the Stormous gang said it successfully breached some of the company’s servers and stole the data.
Stormous listed a cache of the data for sale on its leak site, asking 1.65 Bitcoin, which converts to about $64,000.
Anurag Gurtu is StrikeReady‘s chief product officer.
“Well, time will tell if we are seeing a wave of Russian-backed threat actors compromising big organizations such as Coca-Cola,” he said. “Known for its website defacement and information theft, the Stormous ransomware gang represents itself as a group of Arabic-speaking hackers. The group has been active since 2021, and recently announced its support for the Russian government and its intention to attack Ukrainian government institutions.”
This ransomware provides the actor with the ability to upload custom payloads to the affected server via open-source resources such as Pastebin and remote upload, Gurtu said.
“Since the actor can modify encryption and decryption keys, as well as copy ransom messages in the wild, the actor’s capabilities, which include dropping malware, encryption and sending a ransom note, can be hard to identify,” he said. “In addition, the actor’s ransomware is PHP-based [an open-sourced scripting language], so it is easy to modify on the fly.”
Sherweb is seeing a steady increase in its cybersecurity business due to its MSP partners’ need to beef up their capabilities.
That’s according to Jim O’Driscoll, Sherweb’s vice president of sales. He’s in charge of all Sherweb sales in North America and globally. Before joining Sherweb in January, he was president of Commerx.
“We’re very focused on MSPs,” he said. “That is kind of our sweet spot and that’s where a lot of our efforts are. We have over 6,000-plus partners at this time.”
O’Driscoll said cybersecurity already is a significant part of Sherweb’s business.
Sherweb’s Jim O’Driscoll
“What’s fueling that?” he said. “I would say it’s the MSPs themselves, because they all obviously have security requirements and they’re looking for their partners to be able to help them with different service offerings, different choices and positioning, and whatnot. Is that online backup? Is that a security product that they can either resell as a service or build it into one of their services? That’s where we’ve positioned and that’s where we’re seeing our growth with our customers, because there’s no MSP out there who can just say, ‘Sorry, I don’t do security.’ Even though it’s a very complex animal, we all have to be part of it.”
New Trend Micro Partnership Benefitting Sherweb MSP Partners
Sherweb recently partnered with Trend Micro to offer more cybersecurity choices for MSP partners. O’Driscoll said this is part of Sherweb’s effort to build out its security portfolio.
“In my past life, I worked directly for an MSP,” he said. “Obviously all MSPs are not all security, security operations centers (SOCs) and whatnot. But there is a certain level of you have to be able to provide some level of security for your customers. So we’re just consistently looking to add new products into our marketplace so our MSPs have multiple choices as to what products they’d like to consume and choose for their customers. That’s in general what we’ve been doing. We’re just constantly adding new partners and new products, either based on customer feedback to us or based on things we think our partners will consume and be able to position with their end users.”
See our slideshow above for more from Sherweb and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like