Ingram Micro Security Summit Highlights Human Element of Cybersecurity
Eighty-five percent of breaches have involved a human element.
![Human element of cyber world Human element of cyber world](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt912b43cb927a070c/65244eaa64972c0d7dde0df0/Human-element.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Adam Bellows is Ingram Micro’s senior manager of vendor management. He said with today’s advanced threats, it’s going to take more than one security product to keep the bad guys out.
“Customers are going to need to look at a framework approach in order to secure today’s ever-changing environment,” he said. “And once they do that, there’s going to be a number of vendor solutions they’re going to need to support their customers.”
Ingram Micro has the “deepest” security line card in the channel, Bellows said. It’s managing 80-plus vendors that run from security assessments to managed SOC-as-a-service offerings.
It works with channel “powerhouses” like Fortinet, Proofpoint, Tenable and F5, and a number of new, emerging vendors like Arctic Wolf, Okta and BeyondTrust, Bellows said.
“We feel with our expertise, our resources and our vendor line card, we can help our partners sell net-new vendors, wrap net-new services around it, and ultimately increase their profitability and add stickiness with their end customers,” he said.
Cheryl Rang is Ingram Micro’s director of advanced solutions. She said the distributor’s data center strategy would be nothing without security.
“When I think about what Ingram Micro is doing in the data center space, it’s all about selling the stack,” she said. “It’s starting from where the data’s located, in the cloud, at the edge or a mixture of both. And the data has evolved so rapidly from being in a centralized data center infrastructure into spread out. All of those different endpoints and areas are just open, meaning more and more security attack areas.”
Ingram Micro has an “immense” group of individuals helping with its data center strategy and going to market following top trends, Rang said.
“It’s things like artificial intelligence (AI), IoT infrastructure, all with the underpinning of security beneath it,” she said. “So making sure Ingram Micro is always there by your side to help augment your services capabilities around data center is really important.”
Randy Irvine is Ingram Micro’s director of sales and market development. He said the distributor supports the as-a-service trend, and is focused on providing security solutions for MSPs and MSSPs.
“What it comes down to is Ingram can help fill those security gaps from a solutions standpoint when it comes to helping protect you and your end customers’ environments,” he said. “We do this by leveraging our vast array of financial service programs in partnership with some of our leading security vendors, such as Fortinet, Sophos and Trend Micro, to bring you tailor-made solutions to the MSP and MSSP model.”
Ingram Micro gives MSPs and MSSPs, and their clients a lower cost of entry for security solutions as the payments become spread out rather than up front, Irvine said.
“Ingram Micro gives you and your customer the flexibility to provide the right solution at the right pricing model,” he said. “So when it comes to security as a service, think flexibility, lower cost of entry, and allowing Ingram to take part in making you that trust advisor.”
Michael Beyhl is Ingram Micro’s senior security consultant. He talked about why identity and access management (IAM) is important. IAM is a framework of policies and technologies for ensuring the right users have the appropriate access to technology and resources.
It provides access to devices, applications, files, folders and different networks.
“Every organization should have some level of an IAM strategy in place, whether it’s a small mom-and-pop shop with five users or a Fortune 500 company with thousands of employees,” Beyhl said. “IAM is essential for keeping users, systems and networks secure.”
The key components of IAM are:
Identify federation, where a single identity is used across different domains.
Strong authentication, where users must confirm they are who they say they are. This is through multifactor authentication (MFA).
Account management and provisioning. That ensures end user accounts are created, given permissions, changed, disabled or even deleted. The process is automated.
Access control, where policies provide or disable access for a specific user, group or role.
Regulatory compliance.
The basic concept of zero trust is “never trust, always verify,” said Jacob White, technology consultant at Ingram Micro. He outlined five steps for implementing zero trust:
Identify the protect surface. Determine your most business-critical items.
Map the transaction flows. You need to see who or what is connecting to your data, assets, apps and services (DAAS).
Implement a zero trust architecture. This refers to the installation and implementation of security controls to improve the visibility of DAAS and user connection to DAAS.
Create a zero trust policy, a set of instructions for all users.
Monitor and maintain. That means making sure everything is working as intended and you’re keeping up with your ever-evolving organization.
“You want to treat every connection as a potential threat, and minimize that threat or eliminate it entirely,” White said. “Instead of a trusted zone and a non-trusted zone, we work to eliminate trust from our security. This helps to defuse the issued created by allowing trusted connections to be abused by attackers or insider threats.”
Melanie DelValle is Ingram Micro‘s director of customer finance. She said partners can be successful in helping their customers update their cybersecurity despite budget constraints.
“Often we’ve seen headlines where there have been significant settlements that have been made from companies not having the right security solution,” she said. “But how often have you heard from your customers that they’re not able to do any upgrades because it’s just not in the budget? I would like to suggest that you change your approach as a seller. Your clients are often faced with many competing priorities for their precious budget. By having a conversation with your clients to understand their business objectives, you can help speed your sales cycle and ultimately deliver your customer the right solution.”
In 2020, many companies were faced with a number of challenges, from having to adopt work-from-home solutions to being closed for a number of different reasons, DelValle said.
“Yet, what we saw in financing is we had a 40% year over year increase in customers who were financing security solutions,” she said.
White said phishing attacks are pretty convincing, and attackers are more committed to phishing because it works.
“The No. 1 way attackers got into a customers’ network is through phishing,” he said. “So if it ain’t broke, don’t fix it.”
That’s where security awareness training can make a difference, White said.
“We need to do a better job of protecting our workforce from malicious emails and what we’re doing now is clearly not enough,” he said. “Security awareness training helps users get more educated on what a phishing attack looks like and keeps threats out of their boxes.”
The most effective method is test, train and retest, White said.
“If a user goofs and clicks on a sample message by mistake, train that user from an appropriate training module from a platform, and then in a few weeks retest that user … to see if the training stuck,” he said. “If not, train them again. Keep going until you start to see your stats improve. Don’t let your users play the phishing game with the bad guys. You will lose and the penalties for losing are not fun.”
White said phishing attacks are pretty convincing, and attackers are more committed to phishing because it works.
“The No. 1 way attackers got into a customers’ network is through phishing,” he said. “So if it ain’t broke, don’t fix it.”
That’s where security awareness training can make a difference, White said.
“We need to do a better job of protecting our workforce from malicious emails and what we’re doing now is clearly not enough,” he said. “Security awareness training helps users get more educated on what a phishing attack looks like and keeps threats out of their boxes.”
The most effective method is test, train and retest, White said.
“If a user goofs and clicks on a sample message by mistake, train that user from an appropriate training module from a platform, and then in a few weeks retest that user … to see if the training stuck,” he said. “If not, train them again. Keep going until you start to see your stats improve. Don’t let your users play the phishing game with the bad guys. You will lose and the penalties for losing are not fun.”
Thursday’s Ingram Micro Security Summit focused on the human element of cybersecurity and all of the opportunities afforded to the distributors’ channel partners.
Eighty-five percent of breaches have involved a human element and 61% involved credentials, according to Ingram Micro. That’s why leaving the human element to chance while securing your environment can have disastrous consequences.
Ingram Micro’s Eric Kohl
Eric Kohl is Ingram Micro‘s vice president of cybersecurity and data center. He said based on recent news, the cybersecurity industry “just gets crazier and crazier.”
“With the ransomware epidemic and the pandemic, it’s absolutely terrifying,” he said. “So to be able to sit in this seat at Ingram Micro in between our partner community and our vendor channel partners is just an amazing place to be.”
Security Strategy
Ingram Micro’s security strategy is simple, Kohl said.
“We want to help our partners to be more proactive and profitable, and highly trusted security advisors,” he said. “And we live up to that each and every day. Everything we do rolls up to that strategy. We have a talented go-to-market team, from operations to financial solutions, to sales, to order management, and hundreds of cybersecurity practitioners led by our Delta Force team.”
Ingram Micro takes a framework approach to create, build and deliver multi-vendor, comprehensive cybersecurity solutions, Kohl said.
“And we’ve got an award-winning portfolio with an ecosystem of cybersecurity services and solutions that’s really unmatched in the industry,” he said. “Bottom line, you should never, ever have to say no to a need from your client around cybersecurity with Ingram Micro in your corner. We want to help you be more profitable, highly trusted security advisors.”
Scroll through our gallery above for more from the Ingram Micro security summit
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like