The Gately Report: Centripetal Brings Vast Threat Intelligence to Cyber Fight
Plus, the feds offer a massive reward for information on the Hive ransomware gang.
![Centripetal threat intelligence Centripetal threat intelligence](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt3843ff5ccda858c6/65b02beb83f500040a0e3652/Cybersecurity.jpg?width=700&auto=webp&quality=80&disable=upscale)
Thapana_Studio/Shutterstock
Channel Futures: Centripetal launched its global partner program in November. What’s been taking place since then? Are partners embracing it?
Dave Silke: It was the first global partner program we've had as a company. Even though the company has been around for nearly 15 years, we decided that we needed to put a strong partner program in place for a couple of different reasons.
One, partners understood that we are a partner-first company, we go to market through our partners, and we wanted to provide clarity and direction for all of our partners globally. The other thing that was happening was the company was expanding. We were expanding in terms of size in the United States and also into Europe — in the United Kingdom and Ireland primarily. And because of that expansion, it was really important that we had a consistent program for partners in place. And I think the overall reaction has been great. There's been a lot of positive feedback from partners on both sides of the Atlantic in relation to just knowing how they can work with us as a company. And I think that's really important.
CF: What types of partners does Centripetal work with and what does it offer them?
DS: The types of partners we work with could be an MSP. That is your kind of traditional IT VAR that's looking to provide cybersecurity as an additional service. We see a lot of partners that are in the IT space and they're offering managed services, but they may not necessarily have cybersecurity.
As a company, we have a very low threshold when it comes to certification. A lot of the work in terms of deployment and management of our service is done by Centripetal. So if a partner is looking to enter the cybersecurity space and looking to provide a managed service offering to their customers or prospects, we can provide that as a ready-made solution for those partners. But we also would work with MSSP partners who may already have some cybersecurity service offering in place, but they're not looking at proactive use of cyber threat intelligence, which is what we do.
So it could be an additional service for some partners that are looking for something that's unique and something innovative, and it's something different. And then in other circumstances, we may work with ISPs, really making sure that we're using threat detection and prevention proactively as they roll out internet to their customers.
CF: Is Centripetal gaining new MSPs, as it’s more important than ever for them to offer cybersecurity to their customers?
DS: If you're any type of a reseller or partner, if you're not offering cybersecurity as a service to your customers, you're going to get left behind. It has to be a question that any IT company is asking their partner, which is "How am I going to secure my network? How am I going to secure my access?
So more and more, the conversation we get back from partners, typically those partners that may not necessarily have offered cybersecurity as a service in the past, they're looking to find out how can they provide that layer of protection back to their customers. We certainly spend a lot of time making sure that any partner who's onboarding with us as a company, that deployment is easy. They can get up and running fairly quickly, and offer that cybersecurity as a service to customers in a relatively short period of time.
CF: What sort of growth is Centripetal experiencing and what role are partners playing in that growth?
DS: We service our customers through partners. We are a partner-first company, and I think that's become more and more important because the partner typically understands the complete topology of the customer far better than any one vendor experiences.
In the education sector, both higher education and K-12 in the United States, we've seen phenomenal growth driven by partners who not just specialize, but have a fairly significant customer base in that particular vertical. They understand the needs of the customer. They understand the infrastructure networking requirements, but they also understand the entire topology in terms of how they would need to work with their customers. And similarly in Europe, we see a lot of partners who focus on higher education and health care that will look to Centripetal to provide an additional layer of security to those customers that they may not necessarily be able to get. So we're seeing a lot of growth in those vertical segments where the partner has a real deep understanding of the customer, and they see a need for an additional layer of security that's required.
CF: Is the evolving threat landscape shaping Centripetal’s overall business, product and channel strategies?
DS: Unfortunately, the landscape is ever evolving. And I think what we're seeing is just the evolution of threats, just the scale and speed of that is just changing so dynamically. AI has had a significant impact. The bad actors have the ability to automate threats. They may not necessarily be looking at any particular organization, but they're looking at vulnerabilities. And those are automatically identified.
As a company, we've invested in intelligence, not just AI, but also augmented human intelligence in our analysis to make sure that we use intelligence in all of the cybersecurity offering that we can provide. So I think the greatest change in the overall landscape has just been the depth of scale and speed of the evolution of those attacks for multiple different spaces. And I think the one thing that our customers, and then by default the partners, have to face is that you can't fix the problem with people. It cannot be the singular solution. So if partners are, for example, offering a managed service, security operations center (SOC) or security information and event management (SIEM), they have to augment that with intelligence because otherwise they'll just never be able to understand the threats at the scale and speed by which they're attacking their customers. And that's really critical.
CF: What’s the latest in terms of feedback from partners? What are their latest concerns and needs?
DS: I think one of the questions they'll ask is there are so many cybersecurity solutions, so many other solutions, so how do we make sure that we provide the best layer of solution back to our customers? In a lot of cases, the customers don't necessarily know what to ask for. They may be asking for extended detection and response (XDR) or managed detection and response (MDR), or they may have a question of, "How do I manage the threats that are coming from email traffic?" And our view is that you should be very proactive in the elimination of threats before they enter your network right from the beginning.
The solution that we will provide sits in front of your firewall. It complements a lot of the cybersecurity solutions that you have in place today. And our job at Centripetal is to make sure that we block those threats from entering the network before they come in. So a lot of the questions we'll get from partners will just be around the explanation of the types of technologies that a partner needs to be able to use. There'll always be questions about the profitability in terms of cybersecurity. Do I offer that as a service? Do I offer it as a single offering? And I definitely think more and more partners are looking at offering it as a managed service back to their customers primarily because there are so many other solutions and there are so many things that they have to figure out. It's up to the partner to be able to figure that out for the customer and provide that as a managed service.
I do think one of the things we're getting asked more and more from partners is, "Can I consolidate the overall cybersecurity offering? Can I provide that as a managed service back to my customers? How can I make sure that I stay on top of the evolving technology and intelligence, and really act as a consultant back to the customer?" That's probably the most important job as a partner.
CF: What do you find most surprising and dangerous about the current threat landscape?
DS: I think what we find not surprising, but concerning, would be the scale and speed, just the enormous amount of threats that customers and enterprises are facing. And I think there's almost a misunderstanding that if I'm a hospital or a university, that there is a threat actor out there that's identifying me individually and targeting me. In a lot of cases, that's happening automatically. It's happening because there is a weakness that's been detected. And all that person is is an IP address, but there's a weakness there and that evolves very quickly.
MOVEit Transfer and Log4J would be good examples. There are indicators of compromise that we would have seen maybe three or four months before the CVE or patch was even issued by anybody who's doing remediation action. And that time is so important. So the scary thing is, it's constantly evolving, and it's evolving at a scale and speed that no one individual or, in my view, any enterprise can manage. You have to have a cybersecurity posture that incorporates intelligence, the proactive use of intelligence. You need to make sure that you're maintaining your email posture. You need to make sure that you're managing even the training and behavior from the individuals that are using your network.
CF: What can partners expect from Centripetal in 2024?
DS: The whole partner program is based on three tenants. One is intelligence. It's making sure that partners understand that we've spent the last 15 years understanding the role of intelligence, not just AI, but overall intelligence in terms of how it is that we use intelligence to protect your network.
The second is expertise. It's expertise that comes from Centripetal, but also from the partner in terms of the partner's knowledge of the customer's network. But it’s also our expertise in terms of the proactive use of intelligence to protect a customer's network. And the third thing is just the exponential growth. We really believe that offering Centripetal as a managed service from a partner to a customer is very innovative, it's different, but it provides a really unique revenue opportunity for partners. But most importantly it offers a protection opportunity for partners to their customers. So what you'll see from us is continued global growth and expansion, more and more utilization of intelligence, and proactive use of intelligence as we look to protect networks. And you'll see us continue to be a partner first-driven organization.
CF: Is intelligence giving Centripetal and its partners a competitive advantage?
DS: It's beginning to give us a competitive advantage. We're seeing that in the growth. I think our heritage in terms of the IP and R&D investment into intelligence over the last 15 years is definitely proving a significant advantage now. You may have companies that are using singular pieces of threat intelligence for analytics and understanding what is happening in the network. We use the collective intelligence of multiple organizations to proactively shield customers from those threats as they emerge, and in a lot of cases, months in advance of when the CVE or the patch are actually issued. So yes, it is providing a competitive advantage. And I think it's going to provide partners with a competitive advantage. And that's going to become very important as we move forward.
In other cybersecurity news …
The U.S. Department of State announced a reward of up to $10 million for information on the identities or locations of leaders of the Hive ransomware group.
It’s also offering $5 million for information leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate in Hive ransomware activity.
The Hive ransomware variant targeted victims in over 80 countries, including the United States. Beginning in late July 2022, the FBI penetrated Hive’s computer networks, obtained its decryption keys and offered them to victims worldwide, preventing victims from having to pay up to $130 million in ransoms demanded.
“We will continue to work with allies and partners to disrupt and deter ransomware actors that threaten the backbone of our economies and critical infrastructure,” the department said.
According to Recorded Future, the group targeted 1,500 victims since emerging in June 2021. U.S. Attorney General Merrick Garland said the group targeted schools and hospitals during the COVID-19 pandemic.
Roger Grimes, data-driven defense evangelist at KnowBe4, said it’s “always great to see a large reward offered for a big cybersecurity group and its members.” If nothing else, it has to add stress into every existing and new encounter they have.
![KnowBe4's Roger Grimes KnowBe4's Roger Grimes](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt236f02df26931ea1/6538fc7adc1309e272ca34cc/Grimes-Roger_KnowBe4.jpg?width=700&auto=webp&quality=80&disable=upscale)
KnowBe4's Roger Grimes
“I've been in cybersecurity for over 35 years and have seen perhaps nearly a dozen rewards offered for various malware writers and ransomware gangs, and I don't think I know of a cybersecurity reward that has been paid,” he said. “The biggest reason is that the culprits often live in other countries that don't fall under our legal jurisdictions and don't cooperate with us. Additionally, hackers in other countries often pay for protection to everyone from the local cops to the top politicians.”
In addition, many nations’ leaders “enjoy the chaos” created by their country's hackers against their adversaries, Grimes said.
“Every second their adversary is dealing with preventing and responding to ransomware is a resource and time not dedicated to investigating and hacking them,” he said. “So I don't think rewards by themselves work that well, at least alone. But any pressure we can put on malicious hackers to not do what they do, or at least as much, is a good thing."
Ransomware gangs reached an unprecedented milestone in 2023, surpassing $1 billion in extorted cryptocurrency payments from victims, according to Chainalysis.
In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools and government agencies. Major ransomware supply chain attacks were carried out exploiting file transfer software MOVEit, impacting at least 2,620 organizations and 77.2 million individuals, according to Emsisoft. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.
Last year marked a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks, a significant reversal from the decline observed in 2022, according to Chainalysis.
“The ransomware landscape underwent significant changes in 2023, marked by shifts in tactics and affiliations among threat actors, as well as the continued spread of ransomware-as-a-service (RaaS) strains and swifter attack execution, demonstrating a more efficient and aggressive approach,” it said. “The movement of affiliates highlighted the fluidity within the ransomware underworld and the constant search for more lucrative extortion schemes.”
Threat actors continue to innovate and adapt to regulatory changes and law enforcement actions, but 2023 also saw significant victories in the fight against ransomware with collaboration between international law enforcement, affected organizations, cybersecurity firms and blockchain intelligence, Chainalysis said.
Ransomware gangs reached an unprecedented milestone in 2023, surpassing $1 billion in extorted cryptocurrency payments from victims, according to Chainalysis.
In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools and government agencies. Major ransomware supply chain attacks were carried out exploiting file transfer software MOVEit, impacting at least 2,620 organizations and 77.2 million individuals, according to Emsisoft. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.
Last year marked a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks, a significant reversal from the decline observed in 2022, according to Chainalysis.
“The ransomware landscape underwent significant changes in 2023, marked by shifts in tactics and affiliations among threat actors, as well as the continued spread of ransomware-as-a-service (RaaS) strains and swifter attack execution, demonstrating a more efficient and aggressive approach,” it said. “The movement of affiliates highlighted the fluidity within the ransomware underworld and the constant search for more lucrative extortion schemes.”
Threat actors continue to innovate and adapt to regulatory changes and law enforcement actions, but 2023 also saw significant victories in the fight against ransomware with collaboration between international law enforcement, affected organizations, cybersecurity firms and blockchain intelligence, Chainalysis said.
Centripetal Networks arms its partners with vast amounts of threat intelligence to thwart cybercriminals’ ever-changing tactics.
That’s according to Dave Silke, the company’s CMO. Centripetal recently made major headlines after a federal jury in Virginia ordered Palo Alto Networks to pay the company $151.5 million in damages after finding it violated the company’s patent rights. Palo Alto Networks said it plans to appeal.
With this in mind, we take a closer look at Centripetal. The company provides threat intelligence-powered cybersecurity.
“Intelligence has always been a focus at the company,” Silke said. “A lot of the intellectual property development and R&D over the last 10 years has been focused on the area of intelligence and the understanding of how intelligence needs to be used proactively to protect customers. So as a company, we work with about 250 suppliers of cyber threat intelligence. We take one of the largest collections of data in the world into a solution that we call CleanInternet, that can sit on-premises or in the cloud. And we use an awful lot of intelligence, including artificial intelligence (AI) and machine learning (ML) to be able to use that solution at machine-level speed. So as we recognize a threat coming into a network, we can automatically shield a customer from that threat using the intelligence.”
People Augment Threat Intelligence
Centripetal also augments that intelligence with people, Silke said.
![Centripetal's Dave Silke Centripetal's Dave Silke](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt4933e73f9c2e816f/65c7aeb0ef13d60407adcd14/Silke_Dave_Centripetal_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
Centripetal's Dave Silke
“So in a lot of cases, as part of our managed service, there will typically be an analyst that is assigned to each of our customers, and that analyst will utilize intelligence, but they'll also utilize their human intelligence in terms of being able to understand the customer's network, understand potential weak points within the customer's network," he said. "And one of the most important jobs is to be able to communicate back what those threats are so they can have a conversation. In the majority of cases, the solution that we're using is using intelligence. It's using both AI and ML. But very importantly, it's also using that human intelligence to make sure that we provide that analysis back to any of the customers and have that conversation with them.”
AI Prompts Fear, Questions
There’s still a lot of fear and questions in the channel when it comes to AI and cybersecurity, Silke said.
“I think you have to augment your solution with AI and not be afraid of it, because if you're afraid of AI, you're just going to get left behind,” he said. “So a lot of partners will ask, ‘How do I utilize AI as part of my cybersecurity solution to protect customers?' Because you have these automated attacks. And our answer to that would be, we can provide you with a fully managed service that utilizes AI and the development that we put into our security as a vendor, and we can help you on that journey.”
It’s important for partners to understand all aspects of AI – the positives, negatives and concerns – because ultimately the customer is going to have that conversation with the partner, Silke said.
“It's unlikely to be the vendor, but we would be very open,” he said. “We would do a lot of communication with not just our customers, but with our partners about the evolving cybersecurity landscape, the evolving threats and also the understanding of how do I use intelligence, and is it something that I need to be afraid of, or is it something that I need to endorse and use. We'll be really open, especially with our partners, to make sure that we take the time to explain all facets of intelligence when it comes to cybersecurity.”
Scroll through our slideshow above for more from Centripetal and more cybersecurity news.
About the Author(s)
You May Also Like