Security Roundup: MSP Opportunities, Netsurion, Check Point, Dome9
MSPs have no choice but to move into managed security services, and they're already losing customers to MSSPs.
A big topic of conversation at this month’s Channel Partners Evolution was how MSPs can take advantage of the massive cybersecurity opportunity and meet customers’ increasing demand for more advanced protection.
We spoke with Netsurion and SSE Network Services during the conference about the challenges MSPs face as they increase their cybersecurity arsenals.
Guy Cunningham, Netsurion’s vice president of channel sales and alliances, said the sales agent and MSP communities are his company’s target markets from a channel perspective. His company is in the process of combining its two brands: Netsurion’s Secure Connectivity and EventTracker endpoint and network security.
Netsurion’s Guy Cunningham
“One of the things that MSPs are going to find over the next three to five years is that security has to become part of their lifeblood,” he said. “They have to figure out how to incorporate that into their offerings. The second difficulty is that there’s a significant skills shortage, it’s predicted that by 2021 there’s going to be 3 million unfilled cybersecurity jobs, so a small MSP is not going to be able to compete for the talent or be able to afford the talent. So they’re going to have to partner with somebody who’s got the scale to be able to hire those people and retain those people to provide those security skills. So we’ve really positioned ourselves well for that.”
Netsurion can provide managed network, and security incident and event management (SIEM) to an MSP so they don’t have to staff for it, and can focus on managing the customer relationship, Cunningham said.
MSPs have no choice but to move into managed security services, and they’re already losing customers to MSSPs because they’re not meeting their cybersecurity needs. And there’s more pressure to offer advanced security such as threat detection.
“That requires eyeballs on glass and looking at activity, and they just don’t have the time for it in their own individual businesses,” Cunningham said. “Our technology can be installed on all the infrastructure in a customer’s network, so that’s workstations, laptops, servers and firewalls. We’re going to look at all the activity across that. The end user is the biggest weak point, but the target is going to be at the server where the sensitive information is — but they don’t necessarily try to attack the server directly. They’re going to come in through the back door and work laterally across the network until they can find a way to get in. So being able to see north-south, east-west traffic is really important.”
SSE Network Services is a step above a MSP and a step below a MSSP, and relies on its MSSP partnerships, and its tools and techniques to meet customer demand, said Greg Thornton, its vice president of network and security services.
“We don’t have security operations center (SOC), for instance … so we’ve found a very good partner that we’ve gone with that does ours,” he said. “Security is at the very front of our focus in everything we do. We have to keep our networks reliable and safe, and we have to know that …
… the right people have access.”
SSE completed its cybersecurity journey about two years in advance of all the discussion that’s taking place now, Thornton said.
SSE Network Services’ Greg Thornton
“I think 2018 brought a lot to the forefront,” he said. “We’ve gotten a lot more publicity on breaches and hacks, and ransomware, and PDFs that install malware … so that’s all come out and that’s forced the MSP into the security aspect. I would say we are far in advance of them because we’ve been practicing it for longer than most are. You’re going to be making better decisions if you think security is what you should be doing and not what you have to be doing.”
Making the move to cybersecurity is a “difficult journey” in the sense of “time versus changes versus understanding,” Thornton said.
“I think the hardest part of the journey is understanding what you’re getting into,” he said. “You’ve almost got to set your mark of where you want to be and just go until you get there. To get into security, it’s a people-intensive process or it’s a technology-intensive process, but no matter how you look at it, it’s very expensive. We spent to the tune of $250,000 to tighten up before we could ever launch it to our customers.”
Check Point Makes Strategic Acquisition with Dome9
Check Point Software Technologies has acquired Dome9, a cloud-security startup that enables adoption of public cloud services on multicloud environments.
The acquisition enhances Check Point’s Infinity architecture and its cloud security offering with advanced active policy enforcement and multicloud protection capabilities.
Keep up with the latest channel-impacting mergers and acquisitions in our M&A roundup. |
Dome9 customers use its platform to secure multicloud deployments across Amazon Web Services (AWS), Microsoft Azure and Google Cloud. It provides cloud-native security capabilities including intuitive visualization of security posture, compliance and governance automation, privileged identity protection, and cloud traffic and event analysis.
Check Point’s Peter Alexander
“Dome9 provides significant enhancement to the Infinity architecture for cloud environments, so our partners can help their customers bridge between enterprise and cloud environments,” said Peter Alexander, Check Point’s chief marketing officer. “Dome9 also helps the partner become more of a trusted adviser to the customer by ensuring the operational security of cloud usage, as it constantly scans and remediates the security of all cloud assets in use. Many of the security breaches we hear of involving customer data or IP stolen from the cloud involve incorrectly configured cloud security; Dome9 ensure continuous compliance.”
Dome9 customers today include many Fortune 1000 enterprises, global SIs and MSPs.
“Combining forces allows us to offer the most comprehensive platform to protect customer cloud deployments as they grow and evolve,” said Zohar Alon, Dome9’s co-founder and CEO.
Grim Cybersecurity Predictions for 2019
More than 4 billion records were compromised in just the first half of this year, 559 of which occurred in North America. This number reflects a …
… 133 percent increase when compared to the first half of 2017.
So what will this number look like by June 2019? Executives and researchers at threat intelligence company DomainTools shared their predictions for the future of the cybersecurity landscape.
The nature of cyberwarfare is changing as Russia has led the way in the use of targeted cyber actions as part of larger objectives, and now other nation states are looking to follow the same playbook, said Sean McNee, DomainTools’ senior data scientist.
DomainTools’ Sean McNee
“While a direct cyberwar is not on the horizon, there will continue to be smaller proxy cyberwars as part of regional conflicts where larger nation-state actors provide material support to these smaller conflicts,” he said. “These regional conflicts will be testing grounds for new tactics, techniques and procedures (TTPs) as larger nation states determine how cyberwarfare integrates into their larger military objectives. Nation states will also start experimenting more this year in adding ‘disinformation’ campaigns as part of their cyberwarfare efforts. The goal of these campaigns is to mask the nation-state performing the attack by using the TTPs of a different nation state as part of their attack.”
The success of nation-states at using social media to influence elections in some countries will embolden them to expand their influence to other areas, McNee said.
“We expect nation-states to target corporations with a new set of goals: manipulation and control,” he said. “Instead of infrastructure destruction or data exfiltration, the goal is long-term data manipulation to affect public perception and financial performance. Results can be the undermining of strategic deals, introduction of supply-chain inefficiencies, and increased employee churn. This leads to missed quarterly earnings, with nation-state friendly actors benefiting from shorting the stock, or leads to nation-state friendly competitors taking over in the marketplace.”
And as breaches continue to impact individuals’ personally identifiable information and companies continue to falter in their approach to security, the public will start to hold companies more responsible, said Corin Imai, DomainTools’ senior security advisor.
“It will be a chicken-or-the-egg situation, with some companies seeing the writing on the wall and acting first to protect their brand, and other companies waiting for the fallout to see what the damage is,” he said. “This is currently happening and will continue to do so.”
Fugue Unleashes Compliance Suite to Avert Breaches
Fugue has unveiled its Compliance Suite to make it easier for enterprises to validate cloud infrastructure against security and compliance policy to prevent data breaches.
Included in the Fugue 1.8 product release, the suite allows cloud infrastructure and security teams to automatically identify compliance violations. This allows them to establish trusted infrastructure baselines that can be replicated, shared, scaled and …
… continuously enforced.
It includes prebuilt, policy-as-code libraries for the following compliance regimes: the National Institute of Standards and Technology (NIST); the Center for Internet Security (CIS); the Health Insurance Portability and Accountability Act (HIPAA); and the General Data Protection Regulation (GDPR).
Phillip Merrick, Fugue’s CEO, tells us that understanding how compliance regimes apply to cloud infrastructure can be challenging for the enterprise, and implementing effective offerings to ensure compliance is an even greater challenge. Its partners include SIs, MSPs and IT consultancies.
“That’s why Fugue’s Compliance Suite gives our partners a competitive advantage,” he said. “Our partners can now use prebuilt policy-as-code libraries to automatically identify cloud infrastructure that violates compliance.”
NetScout Attacks Threats with Arbor Edge Defense
NetScout Systems this week introduced its Arbor Edge Defense (AED), a new security offering it says redefines the perimeter cybersecurity stack and serves as the first and last line of defense against multiple types of inbound and outbound threats.
NetScout AED can be deployed as a physical appliance or virtual network function. It sits outside the firewall, between the enterprise or data center and the internet. A processing engine provides blocking of malicious traffic matching indicators of compromise (IoCs).
It can make other perimeter defenses more effective by protecting them from distributed denial of service (DDoS) attacks, and offloading the overhead associated with applying millions of IoCs to traffic streams, according to NetScout.
“Data-center and network architectures are becoming increasingly distributed, straining traditional perimeter enforcement points,” said Jeff Wilson, IHS Markit’s research director for cybersecurity. “At the same time, targeted campaigns are now backed by internet-scale intrusions like NotPetya. The unique combination of stateless filtering, rigorous curation of threat intelligence, and ingestion of third-party feeds allows NetScout to block outbound threats with the same level of confidence as the inbound DDoS attacks they’ve been blocking for years.”
Read more about:
AgentsAbout the Author
You May Also Like