The Gately Report: eSentire Partners Get Threat Intelligence Practice Builder
Plus, a new report shines a light on gender disparities in cybersecurity.
![eSentire partners get threat intelligence practice builder eSentire partners get threat intelligence practice builder](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blte4de15c007a0be11/655dcab9f7d0b3040ad5a3e7/Threat-Intelligence.jpg?width=700&auto=webp&quality=80&disable=upscale)
LeoWolfert/Shutterstock
Channel Futures: eSentire has launched a new technology innovation center in India. Will eSentire partners benefit from this? If so, how?
Bob Layton: They will benefit from this. The India center is meant to facilitate closer collaboration and knowledge sharing between our product and engineering teams worldwide. And that means that our partners will benefit from a more cohesive and integrated approach to solution development, implementation and support. That's going to just mean smoother engagements and superior outcomes for all of those end customers that our partners bring to us. So it is really a big investment for us to get a pool of global talent together in one place that was going to be a center of excellence. This is our first innovation center. What we have are our clusters of engineers and developers around the world. But this is really developing that center of excellence there, which starts to tap into available talent around AI and other types of things that are around threat intelligence and threat sharing.
CF: What’s the latest with eSentire’s e3 partner ecosystem? Anything new coming for partners this year?
BL: The [channel-specific product] is the first of what you'll see is a new path for eSentire creating channel-specific products. The channel has given us proximity to so many net-new customers over the last several years that we needed to really double down in a product fashion, and our innovation center in India tucks in with this. But this is about us creating products and services that our partners can take, co-brand and sell directly into the market.
CF: Is eSentire growing? If so, what role are partners playing in that growth and expansion?
BL: eSentire is growing. I can tell you anecdotally that we're outpacing the growth of many of our peers and competitors that we track, both public and private companies, and our partners are playing a significant role in that. Across the last 10-12 quarters, we have more than doubled our partner contribution to sales, meaning we have more than 60% of all of our sales going through our channel today, which is a far cry from what it was three-and-a-half years ago. So the partners are significant in our growth and expansion. And outside of North America, our routes to market are 90% channel-led.
CF: Who are some of your competitors and what’s helping eSentire stay ahead of them?
BL: Well, there are a couple of things. We've been trying to take friction out of the whole process of buying and delivering cybersecurity for partners. So our competitors are all of the folks that you hear about in the news that get out and broadcast the acronym MDR — all the usual household names.
Here's an example of where we're taking friction out of the process. We have a partner right now in Australia and they already fulfill all of their Microsoft licensing through Tech Data. Well, we launched offerings in Tech Data several months ago in Australia and now the partner is telling us this is easy because [they] can cut one purchase order to Tech Data for not only all [their] Microsoft licensing, but also attaching all of the security management around that.
Another example would be our partners that are here in North America. Many of them don't have the talent or the money to hire top end-cybersecurity specialists in house, so we augment their team by coming in and co-selling. We really stand behind that partner's brand and allow them to push their brand forward. We're that subject-matter expert that they wish they had on staff. So we're finding that they're bringing more opportunities to us. We're seeing them interact with our partner program more vigorously with deal registrations, and our incentive programs and rewards programs. So all of this is really starting to pan out and tells us that we've really hit the mark on what the partners are looking for.
CF: AI in cybersecurity is a hot topic. How is eSentire incorporating AI into its cybersecurity?
BL: This is where we're really pulling together the automation, the orchestration to really scale what our SOC analysts are doing and our threat hunters. We had some articles about seven months ago in Forbes that were great examples of what our threat research unit was doing in tracking down cybercriminals around the world, trying to stop the threats literally at their source, not just simply waiting for them to attack our customers. But with AI, we see that this is not a trend that's going to stop. With us accessing the talent in India that has cloud-native security experience and generative AI experience, not just in India around our new center of excellence, but in our other pockets of engineers, we're putting more and more automation into it. That's why we're able to deliver through our Atlas platform the ability to stop and disrupt threats in minutes. And in fact, we boast a mean time to contain of 15 minutes or less.
CF: What sort of feedback are you receiving from partners? What do they want and need from eSentire?
BL: Our partners are really reflecting back what they're hearing from their own customers. And overwhelmingly, what we hear is security is really difficult to do if you don't have anyone helping you. And a lot of times customers are coming to partners, and the partners are saying, "I don't really know what to do either; I've known security for awhile, but I don't know how to solve these people's problems." So they're coming to us and saying, "What can you do if someone is already invested in a logging platform, if they're already invested in an endpoint product? What if they're already in the cloud −AWS, Google, Azure − pick your platform? Ee're able to meet customers where they are on their security journey and add value very quickly. So our partners are picking up on that. Customers are starting to become completely delighted, and that's why you're seeing it show up in platforms like Gartner, G2 and where we were on the Forrester Wave for EMEA recently in that leaders quadrant. That's the proof in the market that we're doing the right things.
We launched our eSentire Agent, which is based on some intellectual property that we acquired about two years ago. We've taken all of the digital forensics and investigative response that is usually post-breach, and we've built it into a detect, protect and respond model on the endpoint proactively. So what that means for customers is now you don't have to go out and deploy an incident response agent post-breach. Your endpoint is already that go-to platform. We already had a winning combination with our acquisition of CyFIR about two years ago. Now we've brought that down into an endpoint product. So again, we're making it easier for customers and partners because now they're choosing an endpoint that also includes digital forensics, because you have to assume breach and you have to have a zero-trust mindset. At some point, something's going to go bump in the night, so by doing this, you don't have that lag time of going and deploying, and isolating and doing all the triage, whether it be for insurance reasons, litigation reasons or just simply trying to get that threat actor out of the environment.
CF: Is the current threat landscape shaping eSentire’s business, product and channel strategies? If so, how?
BL: I think this ... goes back to us creating channel-specific products and also to the eSentire Agent. So I'll share a story with you. And this just happened in the last 10 days. We had a customer that was compromised and they wound up having to pay the ransom — or they chose to pay the ransom [before they became an eSentire MDR customer]. And one of the companies that they also owned then wondered, "Are we safe? Is the threat actor already into our network as well?" So they opted to go with the eSentire Agent, and we were able to provide a rapid deployment of that in a matter of a day so that they could actually understand what was going on in the environment proactively, so that they knew that they were not going to be exposed to any of that ransomware themselves.
CF: What do you find most surprising and dangerous about the current threat landscape?
BL: What I think is most surprising and dangerous is that it has not slowed down. I've been in cybersecurity and technology for the last 25 years, whether it was on the infrastructure side, with giant ISVs or with service providers, or owning a VAR myself, and it is not slowing down. It's picking up speed. At some point, I would have imagined that software packages and updates, and all of that would have gotten more sophisticated, but we're still chasing uninformed users making poor decisions, and we're also still doing that whole Patch Tuesday thing with our software packages. And so in the end, the only sane thing to do is to get into a really good, orderly subscription for MDR like eSentire.
CF: What can partners expect from eSentire the rest of 2024?
BL: For the remainder of 2024, look for products that are informed by the partners in the field, the feedback that they've given us and the experience they're looking for, like our threat intelligence, where we're able to create something for them to go and create an offering [from]. Look for more frictionless commerce. Look for more offerings being packaged up and put into distribution, as well as cloud marketplaces. Again, we're trying to meet our partners and their customers where they want to do business. We find that whether it's partners who already fulfill their Microsoft licensing through Tech Data, which is the largest clearinghouse in the world for Tech Data licensing, or whether it's a partner serving a customer who wants to use some of their AWS credits and do a channel partner private offer (CPPO) transaction through AWS Marketplace, we're building offerings and commercial models so that we can meet our partners and customers there. That's a big thing for them to look for this year.
In other cybersecurity news …
Women in CyberSecurity (WiCyS) has released its 2023 State of Inclusion in Cybersecurity Report in collaboration with DEI firm Aleria.
This first-of-its-kind study discerns the real causes of disparities in the experiences of women in cybersecurity. The assessment was completed by collecting data from more than 1,000 employees, including approximately 35% men and 65% women, representing more than 20 different organizations.
The report uncovers widespread gender disparities in the cybersecurity workplace. Women encounter exclusion at twice the rate of men, signaling a pressing need for industry-wide cultural and procedural changes to enhance inclusivity. The report also highlights that women are five times more likely to report exclusion from direct managers and peers, pointing to a critical area for organizations to address in creating a more supportive and inclusive work environment.
Additional key findings include:
The top four categories of exclusion faced by women are respect, career and growth, access and participation, and recognition. Women report 350% more exclusion in recognition and 250% more in respect than their male counterparts.
The exclusion index for women is substantially higher across all categories, with distinct disparities, especially in recognition (450% higher) and respect (250% higher).
The data shows a glass ceiling effect, with 48% of women experiencing issues related to career and growth, significantly more than the 26% of men who report similar experiences.
Individuals with disabilities and those with intersectional identities experience levels of workplace exclusion comparable to, or even exceeding, those related to gender, emphasizing the compounded impact of multiple differing identity traits.
Inclusive practices increase employee satisfaction, productivity, engagement and loyalty by significant margins, concurrently enhancing organizational revenues and retention, while reducing costs and risks.
"This report underscores the tangible impact of inclusive policies,” said Paolo Gaudiano, Aleria’s chief scientist. “Organizations have a clear opportunity to significantly boost their financial results and employee satisfaction by addressing these disparities. Our analysis suggests that a company with $1 billion in revenue could be losing approximately $23 million annually due to differential treatment of women and people of color. This highlights the critical financial incentive companies gain from an inclusive workplace."
Callie Guenther, senior manager of cyber threat research at Critical Start, said women in cybersecurity often feel marginalized due to a predominance of male colleagues, which can lead to a sense of isolation and underrepresentation. This is compounded by instances of unconscious bias, where women's contributions are often undervalued and/or overlooked.
“To navigate and overcome gender-related biases, the importance of finding mentors and allies within the field, both male and female, who can provide support and guidance - cannot be understated,” she said. “Building a strong personal brand and showcasing expertise through speaking engagements, publications and active participation in cybersecurity communities can also help counteract stereotypes and establish credibility. Additionally, ongoing education and certifications are key strategies for women to reinforce their qualifications and assert their competence in the face of gender-related biases.”
Organizations and the cybersecurity community can foster a more inclusive environment by implementing and enforcing comprehensive diversity and inclusion policies, Guenther said.
![Critical Start's Callie Guenther Critical Start's Callie Guenther](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltb022da9a5ec3e9d3/6537d38521cb172455a0d9ac/Guenther-Callie_Critical-Start-2023.jpg?width=700&auto=webp&quality=80&disable=upscale)
Critical Start's Callie Guenther
“This includes offering mentorship programs specifically for women, promoting work-life balance through flexible work arrangements or support for childcare, which disproportionately impacts women, and ensuring equal opportunities for advancement and leadership roles,” she said. “Additionally, celebrating the achievements of women in cybersecurity and increasing their visibility as speakers, panelists and leaders in the field can inspire others and demonstrate the value of diversity within the industry.”
Hen Amartely, director of product marketing at DoControl, said women in cybersecurity often face challenges in having their contributions recognized.
“There have been times when my work on projects or initiatives has been overlooked or attributed to male colleagues,” she said. “It's important for women to advocate for themselves in these situations, whether by speaking up in meetings, documenting achievements or seeking out opportunities to showcase their work independently.”
Balancing a career in cybersecurity with family responsibilities can be particularly challenging for women, Amartely said.
“Navigating demanding work schedules while prioritizing family commitments requires careful planning and support from both workplace policies and personal networks,” she said. “Flexible work arrangements and understanding colleagues can make a significant difference in helping women manage this balance effectively.
A LastPass employee recently was targeted in a phishing attack in which threat actors impersonated the company’s CEO, Karim Toubba, using deepfake technology.
Mike Kosak, senior principal threat analyst at LastPass, detailed the attack in a blog.
“In our case, an employee received a series of calls, texts and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp,” he said. “As the attempted communication was outside of normal business communication channels, and due to the employee’s suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally.”
There was no impact to LastPass, Kosak said.
“However, we did want to share this incident to raise awareness that deepfakes are increasingly not only the purview of sophisticated nation-state threat actors and are increasingly being leveraged for executive impersonation fraud campaigns,” he said. “Impressing the importance of verifying potentially suspicious contacts by individuals claiming to be with your company through established and approved internal communications channels is an important lesson to take away from this attempt. In addition to this blog post, we are already working closely with our intelligence sharing partners and other cybersecurity companies to make them aware of this tactic to help organizations stay one step ahead of the fraudsters.”
Toby Lewis, global head of threat analysis at Darktrace, said the prevalence of AI today represents new and additional risks. The ability to use AI to generate more convincing emails is a growing concern, giving attackers the power to increase the effectiveness of their targeting campaigns. Arguably, however, the more considerable risk is the use of generative AI to produce deepfake audio, imagery and video, which can be released at scale to manipulate and influence the electorate’s thinking.
![Darktrace's Toby Lewis Darktrace's Toby Lewis](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltfc1105320a061f87/65d4f0b9c6dcca040a93825d/Lewis_Toby_Darktrace_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
Darktrace's Toby Lewis
“While the use of AI for deepfake generation is now very real, the risk of image and media manipulation is not new, with photoshop existing as a verb since the 1990s,” he said. “The challenge now is that AI can be used to lower the skill barrier to entry and speed up production to a higher quality. Defense against AI deepfakes is largely about maintaining a cynical view of material you see, especially online, or spread via social media.”
A LastPass employee recently was targeted in a phishing attack in which threat actors impersonated the company’s CEO, Karim Toubba, using deepfake technology.
Mike Kosak, senior principal threat analyst at LastPass, detailed the attack in a blog.
“In our case, an employee received a series of calls, texts and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp,” he said. “As the attempted communication was outside of normal business communication channels, and due to the employee’s suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally.”
There was no impact to LastPass, Kosak said.
“However, we did want to share this incident to raise awareness that deepfakes are increasingly not only the purview of sophisticated nation-state threat actors and are increasingly being leveraged for executive impersonation fraud campaigns,” he said. “Impressing the importance of verifying potentially suspicious contacts by individuals claiming to be with your company through established and approved internal communications channels is an important lesson to take away from this attempt. In addition to this blog post, we are already working closely with our intelligence sharing partners and other cybersecurity companies to make them aware of this tactic to help organizations stay one step ahead of the fraudsters.”
Toby Lewis, global head of threat analysis at Darktrace, said the prevalence of AI today represents new and additional risks. The ability to use AI to generate more convincing emails is a growing concern, giving attackers the power to increase the effectiveness of their targeting campaigns. Arguably, however, the more considerable risk is the use of generative AI to produce deepfake audio, imagery and video, which can be released at scale to manipulate and influence the electorate’s thinking.
![Darktrace's Toby Lewis Darktrace's Toby Lewis](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltfc1105320a061f87/65d4f0b9c6dcca040a93825d/Lewis_Toby_Darktrace_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
Darktrace's Toby Lewis
“While the use of AI for deepfake generation is now very real, the risk of image and media manipulation is not new, with photoshop existing as a verb since the 1990s,” he said. “The challenge now is that AI can be used to lower the skill barrier to entry and speed up production to a higher quality. Defense against AI deepfakes is largely about maintaining a cynical view of material you see, especially online, or spread via social media.”
eSentire partners soon will gett a channel-specific product to create their own service around threat intelligence.
That’s according to Bob Layton, eSentire’s chief channel officer. eSentire is a pure-play managed detection and response (MDR) provider. Its 24/7 security operations center (SOC), staffed by security analysts, hunts, investigates and responds in real-time to known and unknown threats before they become business-disrupting events.
Last month, eSentire launched its first standalone cybersecurity product, eSentire Threat Intelligence.
“We’re combining a number of things,” Layton said. “We're combining automation and AI, and we're trying to scale the expertise of all of our threat intelligence that we gather through our SOC analysts, our threat intelligence teams, and get that out to the market, to our partners and to customers. What's coming next is us creating a channel-specific product around this threat intelligence so our partners can take this threat intelligence as sort of a feed, and then they can create their own service off of it to go back out to their customers, which we think is going to be really, really amazing.”
eSentire Partners To Get New Opportunities with Customers
eSentire is thinking of this channel-specific product as a partner practice builder where partners can take it and go back to all of their customers, whether they sold them Palo Alto Networks Cisco, Check Point Software Technologies, Fortinet or any other type of edge security device, “and we can start to move that threat intelligence that we've researched out to all of those devices, which just cuts out some of the noise and risk in all of those environments,” Layton said.
![eSentire's Bob Layton eSentire's Bob Layton](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt1b8dc6604aa9f158/661d34c9cd33dce931637985/Layton_Bob_eSentire_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
eSentire's Bob Layton
eSentire partners should have access to the channel-specific product within the next 60-90 days, he said.
“It's available to our end-user customers now, but we're going to be coming up with an entire launch around the value proposition for partners,” Layton said. “Imagine taking in this threat intelligence, and then you get to create your own branded service, SI-incorporated threat intelligence where you can go back and add value to all of those customers that you've been serving, in some cases, for decades.”
Scroll through our slideshow above for more from eSentire and more cybersecurity news.
About the Author(s)
You May Also Like