The Gately Report: Arctic Wolf Partner Forecast, Microsoft-Mandiant Latest
Plus, an interview with Rubrik's new channel chief.
![Person holding crystal ball Person holding crystal ball](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt46893084d0efc8ad/6524363953c26e7db24d8299/Person-Holding-Crystal-Ball.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Arctic Wolf recently announced its new EMEA headquarters in Newcastle. Will that benefit Arctic Wolf’s partners globally? If so, how?
Arctic Wolf’s Bob Skelley: We’ve got a growing presence in Europe … and we opened a security operations center in Frankfurt, Germany, last November. We launched our team in EMEA almost a year ago, and we’ve built up several sales teams, channel support resources, and we’re building security triage expertise and our security operations center (SOC). We’ve brought a lot of resources into the region and so it’s time to put a headquarters there, too.
And for us, this is more about putting some roots down in the market. We wanted to select an area of the region that really gave us access to some great talent. And Newcastle, in particular in the northeast of the U.K., has been really developing the tech talent pool over the last several years. It’s just a great place, especially now with more decentralized workforces than ever before. Newcastle just looks like it’s going to be a great home for us. It’s going to create hundreds of jobs over the next three years in the region, and like I said, it establishes some roots and and gets us in the market. And in terms of the partners, now our partners in the region have a headquarters and a real grounded organization within the market that they that they can engage with.
CF: Deloitte recently ranked Arctic Wolf one of the fastest-growing tech companies in North America. What’s fueling that growth? What role are partners playing?
BS: What’s fueling the growth is the security landscape, but not just that. It’s really our approach to security. We don’t believe that there’s an issue with the tools and the capabilities that are in the marketplace. What we do feel is that there is some inefficiency around operations and there’s an effectiveness problem. We believe that security operations are the key to solving that. So an organization that provides 24/7 oversight to all the different security tools that are in your environment … and identifying threats very quickly if they’re in your environment and then having a way to mitigate that and control that threat very quickly. So part of the growth is because security is a very hot segment. But part of it is because our approach is unique and it’s different, and customers are telling us that it’s a better way.
We’re 100% channel; we’re not channel-first. So all of our activity is working with the channel. We find a partner to work with us on that. We work closely with partners to do demand generation and to identify new customers that they can bring to us. So all of our work, all of our engagement, all of our go-to-market is around the channel. You couple a great solution, the unique approach that we have with security operations and a 100% channel model, and it’s a really great blend of capabilities that we’re able to bring the table for our mutual customers.
CF: In terms of threat landscape, what’s most worrisome?
BS: I think the simple answer for me on this is threat actors don’t take days off. They never stop looking for new ways to compromise companies. They never stop looking for a different approach. That’s always worrying us as a security company. We want to always stay ahead. We want to always be on the forefront of identifying how threat actors are penetrating organizations, and we want to always make sure that we’re doing our best for our customers to mitigate threats and end cyber risk.
CF: Ransomware is everywhere, with attacks making headlines globally. What’s Arctic Wolf doing to help its partners and their customers stay safe?
BS: The biggest thing is our approach to security, back to that security operations capability. The average dwell time on a security threat actor is over 200 days in an environment before it’s identified that they’re in there and doing malicious things. We identify that a threat actor is in the environment within minutes to hours. There’s not a lot of damage they can do when you’re all over that breach that quickly. So the biggest thing we can do to stop ransomware is continue to be proactive, to continue to identify threats very quickly before they can do real damage and take control of real assets within the customer’s environment, and make sure that we’re doing everything we can from our managed detection and response (MDR) to our managed risk solutions, which look for ways that you can continue to identify and improve your security posture.
We have two dedicated concierge security team members aligned to every customer. Their job is above and beyond just identifying when threats are coming in. Their job is to continually look for ways that they can improve your security posture and take you on a security journey. So we think because we’re bringing customers through this journey of continuous improvement and continually looking for ways to get better in terms of their security posture, we’re doing a lot to prevent customers from getting breached in the first place.
CF: What are your partners’ primary pain points and how is Arctic Wolf addressing those?
BS: I think the best way to answer that is to take a step back and talk just for a moment about the type of solution provider that we’re working with. One of the things that we decided to do very early in our channel strategy was to reach out to those traditionally infrastructure partners that maybe didn’t have a security practice before they talk to us and leverage the Arctic Wolf solution and our ability to deliver on the partner’s behalf as a way to provide a path to building a security business practice for that partner. And the reason I say that’s important is because the things that they worry about are a little bit different than a company that might have a robust, full-blown security business practice within their organization. Partners worry about how they are going to continue to add complementary tools and solutions to the portfolio that complement what Arctic Wolf has enabled them to enter in terms of a market niche. They worry about how they transform their organization’s compensation model to accommodate recurring revenue streams.
In many cases, what we’re doing with them is the first time that they’ve really built a robust, annual recurring revenue stream for their organization. And they have to think differently about compensation for their sales team. They’re worrying about how they’re going to build the talent and skill set within their current team around being able to position, tell a security story, identify the right, ideal customer profile and help identify where there’s a really good fit for the security solutions that they’re presenting. That’s what I’m hearing from them as far as business issues. And of course, they all have cybersecurity issues for their customers, and so that’s something we all worry about with our customers and that’s always out there as well.
CP: In terms of the competitive landscape, have your competitors changed over time? How does Arctic Wolf stay one step ahead of that competition?
BS: Yes, it has evolved, and it’s evolved because we’ve added new solutions. We’ve expanded the envelope of capabilities that we’re bringing to our customers, and as a result, there are different competitors that enter the marketplace when we go to manage risk, for example, then when we’re doing MDR. And so it’s plentiful and numerous, but I would say it’s companies that do things similar to us. So if they’re in MDR, we’re competing with them in the MDR space. If they’ve got a managed risk portfolio, we’re competing with companies in managed risk now. We have managed awareness, so we’re bringing training and enablement capabilities to employees at our customer locations so that they can learn to be better protected, and aware and safe in terms of cybersecurity threats. That’s because oftentimes it comes in through the employees and through all sorts of different vectors like phishing or identity management, and things like that.
Another is managed cloud operations that we’re doing. And now, of course, there’s our latest acquisition position around incident response. So we have different competitors in each of those, depending on the market segment and the focus of our products. But then there’s also a competitive landscape around the security strategy that a customer may have. So some customers may have a do-it-yourself mentality where they’re going to try to hire, train, manage, enable and grow their own security professionals within their organization, and try and do it themselves. So that’s also a competitive pressure that we have to overcome with some customers.
CF: What are your 2022 goals for the channel?
BS: We’re continuing to look for enhancement to our partner program. We introduced a new partner program last June. As we come up on the first anniversary of that program, we’re looking at potential enhancements and new capabilities that we can introduce into that partner program to enrich it, make it better and continue to give partners more value.
Another thing that we’re really trying to do for our partners in our new fiscal year is really enrich the training experience. Today we have some curriculum that lives on our web portal and it’s good. It’s solid curriculum, but we want to change the game.
Also, how do we grow the business together? How do we make investments around marketing initiatives and brand generation? So all of these things are enhancements and new things that we’re bringing to our channel community in the new year.
In other cybersecurity news …
All eyes are on Microsoft as the hottest cybersecurity headline this week has been the software giant’s reported interest in acquiring Mandiant, which rebranded from FireEye last fall.
Microsoft might look to acquire the cybersecurity research company to bolster its products, and help protect customers from hacks and breaches.
In the meantime, Eric Parizo, principal analyst of Omdia’s cybersecurity operations intelligence service, said while such a deal would be a highly expensive proposition for Microsoft, likely in excess of $4 billion, it would be a strong move that ultimately benefits both organizations.
“The Mandiant strategy post-FireEye is to scale its business primarily through the Mandiant Advantage SaaS platform to deliver unmanaged services like threat intelligence, security validation and automated defense, coupled with its widely known managed services offerings,” he said. “It is a sensible strategy, but Mandiant’s challenge is that for Advantage to meet its expectations, the company must court a critical mass of new SMB customers, an area it has not focused on in the past. Selling unmanaged services to SMBs is a much different proposition than selling managed services to large enterprises.”
Meanwhile, few companies have had more success selling to companies of all sizes, including SMBs, than Microsoft, Parizo said.
“The software giant could immediately plug the Mandiant offerings directly into its sales organization and quickly upsell many Windows and Microsoft 365 customers on Mandiant security offerings,” he said. “Such an acquisition would also immediately give Microsoft one of the industry’s most prestigious managed services organizations, an area today where it must largely rely on partners. Mandiant’s technology could also potentially enhance Microsoft’s own security solutions, such as Defender and Sentinel. Finally, after decades of being lukewarm on cybersecurity, such a move would leave no doubt about Microsoft’s commitment to being an industry leader in cybersecurity solutions and services, a perception it has been increasingly eager to foster.”
Also this week, Mandiant and SentinelOne announced a new strategic alliance to help organizations reduce the risk of data breaches and strengthen their ability to mitigate cyber threats. The alliance enables Mandiant’s incident responders’ use of SentinelOne’s Singularity extended detection and response (XDR) platform to investigate and remediate breaches.
This week, Rubrik, the data security provider, announced it has hired Ghazal Asif, previously with Google, as vice president of global partners and alliances.
At Google, she was the head of channel partners in EMEA for Google customer solutions. She led channel go-to-market (GTM) strategy and execution for the region.
We spoke with Asif about why she wanted to join Rubrik and her plans in this new role.
Channel Futures: Why did you want to take this role with Rubrik?
Ghazal Asif: This was an incredible opportunity to join a company that was built to address the world’s most pressing data security challenges. Rubik’s world-class leadership team and amazing data security solutions that meet cybersecurity concerns every business faces today made this a position that I couldn’t pass up.
CF: How will your previous experience with Google, Cybereason and more come into play in this new role?
GA: Google has extraordinary scale and is known for building outstanding teams. At Cybereason, I had a front-row seat into understanding the challenges CISOs face, and the importance of cyber resilience. These insights will help me better understand the issues that Rubrik partners are working to address for their customers.
CF: What’s your take on Rubrik’s channel strategy and partner program? Are you planning to make any changes?
GA: I’m lucky to be joining an incredibly talented team that is committed to building a strong partner ecosystem and deep partner relationships. I am looking forward to learning from and closely partnering with our team to continue to drive best-in-class customer and partner satisfaction.
CF: What are Rubrik’s partners’ biggest pain points and how will you be addressing those?
GA: Ransomware is an existential threat for business. Rubrik partners are focused on providing cyber resiliency for their customers’ businesses. Rubrik will continue to make investments in our data security products to give our partners the best data security solutions to help keep their customers’ businesses safe.
CF: How will you help give Rubrik and its partners a competitive advantage?
GA: Rubrik is uniquely positioned to address the industry’s biggest data security challenges, including ransomware recovery. Our partners rely on us to deliver the latest data security solutions to help keep their customers safe in the face of rising cyber threats. We are laser-focused on the success of our partner community and will continue to invest in our partner strategy. Through continued growth and engagement with our current and future partner ecosystem, we will empower our partners and their customers to become unstoppable.
An F-Secure survey of 7,200 internet users in nine countries found that 60% report they increasingly find themselves worrying about online security and privacy even if nothing is wrong.
That share rises to 67% for those working from home over the last year. Remote workers report higher levels of feeling overwhelmed by online life than others. As a result, they’re also avoiding new technologies, and changing their online habits in greater numbers.
Tom Gaffney is F-Secure security consultant.
“Steps everyone can take to secure themselves and their privacy when they work from home include updating their devices and software, ensuring their personal devices have security software installed, and some other basic infosec measures,” he said. “But keeping your personal and professional online activities separate from one another may be as important as any of these tips. Restricting what sort of things you do on each device and during which times can be an essential way to ease digital anxiety.”
Jasmine Henry is field security director at JupiterOne.
“Security teams should work with HR and people leaders to scale up education initiatives on secure remote behaviors and existing security controls to mitigate remote worker anxiety,” she said. “Remote workers should feel empowered by their security teams and educated to make secure choices when working from home.”
Security teams should educate their remote workers on existing controls that have been scaled to remote work settings, including VPN, device management, endpoint protection, data loss prevention and more, Henry said. In addition, security teams should clearly and continuously educate their remote teams on what is expected for remote workers to be responsible and follow acceptable use policies.
John Bambenek is principal threat hunter at Netenrich. He said when people have to badge in, have security guards or the other obvious things to protect the security of the building, they will feel more secure. Remote workers must contend with the feeling of separation, which also creates a feeling of separation from corporate security.
“Moving forward, employers should make sure that they give users tools to protect themselves, even at home, and that such protection is visible, but not obstructive to their work,” he said.
The FBI issued a warning for mobile carriers and the public of the increasing use of subscriber identity module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.
From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.
SIM swapping is a malicious technique where criminal actors target mobile carriers to gain access to victims’ bank accounts, virtual currency accounts and other sensitive information. Criminal actors primarily conduct SIM swap schemes using social engineering, insider threat, or phishing techniques.
Social engineering involves a criminal actor impersonating a victim and tricking the mobile carrier into switching the victim’s mobile number to a SIM card in the criminal’s possession. Criminal actors using insider threat to conduct SIM swap schemes pay off a mobile carrier employee to switch a victim’s mobile number to a SIM card in the criminal’s possession. Furthermore, criminal actors often use phishing techniques to deceive employees into downloading malware used to hack mobile carrier systems that carry out SIM swaps.
Once the SIM is swapped, the victim’s calls, texts and other data are diverted to the criminal’s device. This access allows criminals to send forgot password or account recovery requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number. Using SMS-based two-factor authentication, mobile application providers send a link or one-time passcode via text to the victim’s number, now owned by the criminal, to access accounts. The criminal uses the codes to login and reset passwords, gaining control of online accounts associated with the victim’s phone profile.
Roger Grimes is a data-driven defense analyst at KnowBe4.
“SIM swapping attacks have been going on for over a decade and have likely resulted in billions in stolen cryptocurrency and other financial crime,” he said. “The U.S. government … has been recommending against using any [text], phone number or voice-call based multifactor authentication (MFA) since 2017. President Biden’s 2021 zero trust executive order also told defenders not to use it, along with other easily phishable MFA, like one-time codes and push-based MFA. Unfortunately, that describes probably 90% of MFA used by people today.”
Text-based MFA has to be the most popular MFA option used on the internet, and most of the time people do not have a choice of whether to use it, Grimes said. Their bank, vendor or service says they have to use it.
“And, let me say again, the U.S. government has said not to use it since 2017,” he said. “The better question to ask is why so many services and vendors are still using [text]-based and phone number-based MFA five years after the U.S. government said not to use it? Why are we so slow and broken?”
The FBI issued a warning for mobile carriers and the public of the increasing use of subscriber identity module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.
From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.
SIM swapping is a malicious technique where criminal actors target mobile carriers to gain access to victims’ bank accounts, virtual currency accounts and other sensitive information. Criminal actors primarily conduct SIM swap schemes using social engineering, insider threat, or phishing techniques.
Social engineering involves a criminal actor impersonating a victim and tricking the mobile carrier into switching the victim’s mobile number to a SIM card in the criminal’s possession. Criminal actors using insider threat to conduct SIM swap schemes pay off a mobile carrier employee to switch a victim’s mobile number to a SIM card in the criminal’s possession. Furthermore, criminal actors often use phishing techniques to deceive employees into downloading malware used to hack mobile carrier systems that carry out SIM swaps.
Once the SIM is swapped, the victim’s calls, texts and other data are diverted to the criminal’s device. This access allows criminals to send forgot password or account recovery requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number. Using SMS-based two-factor authentication, mobile application providers send a link or one-time passcode via text to the victim’s number, now owned by the criminal, to access accounts. The criminal uses the codes to login and reset passwords, gaining control of online accounts associated with the victim’s phone profile.
Roger Grimes is a data-driven defense analyst at KnowBe4.
“SIM swapping attacks have been going on for over a decade and have likely resulted in billions in stolen cryptocurrency and other financial crime,” he said. “The U.S. government … has been recommending against using any [text], phone number or voice-call based multifactor authentication (MFA) since 2017. President Biden’s 2021 zero trust executive order also told defenders not to use it, along with other easily phishable MFA, like one-time codes and push-based MFA. Unfortunately, that describes probably 90% of MFA used by people today.”
Text-based MFA has to be the most popular MFA option used on the internet, and most of the time people do not have a choice of whether to use it, Grimes said. Their bank, vendor or service says they have to use it.
“And, let me say again, the U.S. government has said not to use it since 2017,” he said. “The better question to ask is why so many services and vendors are still using [text]-based and phone number-based MFA five years after the U.S. government said not to use it? Why are we so slow and broken?”
Arctic Wolf channel partners have a lot to look forward to in 2022, including its acquisition of Tetra Defense, partner program updates and more.
That’s according to Bob Skelley, Arctic Wolf’s senior vice president of global channels. Last week, Arctic Wolf completed its acquisition of Tetra Defense. The company provides cyber risk management, incident response and digital forensics.
Last month, Arctic Wolf announced the establishment of its EMEA headquarters in Newcastle, England, following a period of continued expansion and rapid growth for the business across the region.
According to Reuters, Arctic Wolf plans to go public in the second half of 2022.
When asked about this, Arctic Wolf sent the following statement:
“We continuously evaluate our financing alternatives. As a matter of policy, however, we never publicly comment on our financing plans or rumors about our company.”
New Partner Opportunities with Tetra Defense
In a Q&A with Channel Futures, Skelley talks about latest developments with the company and how they impact partners.
Channel Futures: What does Tetra Defense bring to Arctic Wolf and how will partners benefit?
Bob Skelley: When you think about the Arctic Wolf solution, we’re all about identifying a security breach as quickly as possible when it happens and then mitigating that, helping the customer identify how it got in there and putting in measures to make sure that a threat actor can’t enter their environment again. So it’s all about visibility. It’s all about managing and detecting security threats, managing risk. But sometimes customers have breaches … and Tetra Defense comes in with response to that. And it’s all about making sure that we get in. We help that customer solve any of the breach issues that they’ve had, mitigate any kind of damages, recover and get their business back up and running and productive again as quickly as possible. So it’s really a complement to what we’ve done historically.
And when you think about the opportunity for partners, now they have a company and a partner that they already work with that they can bring incident response needs to. If they have customers that have breaches or are compromised in some way, they have an opportunity to bring that to Arctic Wolf and and leverage that capability for their customers. In addition, there are opportunities for that channel ecosystem to then help that customer after the incident is resolved, and after the customer is back up and running, and fully productive again. There’s an opportunity to then visit with that customer and talk about how we strengthen their security posture. And how we bring other capabilities to the table that will enhance their security and really strengthen their defense systems.
Read the rest of the Q&A in the slideshow above. It also features the latest on Microsoft potentially buying Mandiant, and a Q&A with Rubrik’s new channel chief.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like