The Gately Report: Cerberus Sentinel Acquisition Spree Benefits MSPs, MSSPs
Plus, a Kansas MSP shuts down cloud services due to a cyberattack.
![Acquisition Fish Acquisition Fish](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt9f35309a0d2f89c6/65241d94619d1472ade786a6/Acquisition-Fish.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Cerberus Sentinel has acquired numerous companies in the past year or so. How do those acquisitions fit into the company’s overall business and channel strategy?
Cerberus Sentinel’s Jerald Dawkins: One is just a consolidation. It’s like there’s a good organization out there, they’ve got a lot of talent and we can bring them in. And that’s a kind of a consolidation … play. The second one is an adjacent acquisition. When I say adjacent, it’s like this world is always changing, so we’ve got to stay ahead of the game. We’ve got to stay ahead of the curve. So there are some adjacent opportunities … to make sure that we are always innovating and staying ahead. Ultimately, we want to be the place where cybersecurity talent comes, thrives, builds, continues to innovate, continues to evaluate the space that we’re in and really provide that level of service to our customers.
CF: Cerberus Sentinel uplisted to the Nasdaq in January, and then joined the Russell 2000 Index this summer. What has this meant to the company? Have partners benefited from it?
JD: To me, the Nasdaq uplisting and joining the Russell 2000 just validates who we are, the message that we’re bringing to the market, and people like it, they understand it and they respect it. People realize we’re not solving the cybersecurity challenge just with more products on the marketplace. It takes people, processes and technology. The people are always hard to find and the processes necessary to build around these technologies in these cybersecurity stacks is critically important, and they’re also extremely expensive to invest in.
It’s also extremely expensive to maintain as you grow. New regulations are coming out. New standards are coming out. New technologies are coming out. So how do you stay ahead? So the message that we’re bringing to the market is, “Hey, we’re focused on cybersecurity. Cybersecurity is here to stay.” How do you demystify all that complexity and ultimately just provide a very simple service to the client, which needs to be secure and needs an ROI on the spending on it? And that’s the future of MSPs and MSSPs, to be more effective, more efficient, and honestly to have more visibility to the client with regard to their security, as well as the MSP’s and the MSSP’s security. That’s where we’re trying to help out the channel to be extremely successful in what they’re bringing to the market.
CF: Cerberus Sentinel is now offering XDR. Is that providing new opportunities for partners? If so, how?
JD: One of the challenges that MSPs have is they need a security operations center (SOC). So that’s a key force within Cerberus, providing a 24/7 security-focused operation that crosses a lot of different technologies and applications. For an MSP to build that up themselves is extremely expensive. So we want to provide that partnership to our clients that scans that whole parameter on cybersecurity. It isn’t just a tool; it’s got to be a partner again. It’s a soccer field, and we’re putting in the players that you need and we’re subbing in the players that you need, that you need access to — and so that’s where we want to help support that. Let us support those MSPs to provide those extremely valuable services to those end users and have a more secure industry, a more secure client base. That’s when we move the needle.
CF: Have your products and services evolved to keep up with the changing threat landscape? If so, how?
JD: As an MSP or even an MSSP, you’re somewhat confined to your vertical. The best part about Cerberus is the breadth of knowledge and the expertise that we’re bringing in. We’re bringing in some great talent, some unbelievable talent, extremely intelligent — and it’s global. I’ve got my partners down in Chile that are amazing people that are doing amazing things, and they bring a lot of ideas and talent. My passion is bringing in this talent, bringing in these ideas. Let’s nurture it. Let’s push the envelope and see how we can move beyond the status quo. We’re assembling our team of experts, and that’s what you’re seeing in the news. We’re going to have the best talent across the board to handle the cybersecurity space.
The other thing that we’re doing is [determining] how we can best support our partners. How we can deliver services. How we can better enable actionable intelligence and actionable cybersecurity. And part of that is staying ahead of the curve and being innovative in our space.
CF: What’s your take on the current threat landscape? How are you helping your partners and customers stay safe?
JD: I think the threat landscape is kind of multifaceted. Sometimes when you say, what’s the current threat landscape, maybe you want to have a conversation about ransomware, the latest vulnerability out on the market — and you’re getting technical. But I would say another threat landscape is political. It’s standards, it’s Cybersecurity Maturity Model Certification (CMMC), what’s going on with the political landscape and laws, and industry standards that are getting pushed down. So I’ve got to look at that as a threat landscape.
Another key threat landscape that I think is impacting a lot of people is an insurance threat landscape. There were a lot of technical problems, and people found holes in some of the complexity, especially moving to the cloud, and now the attack surface has changed. The insurance companies were doing a lot of payouts, and now they are trying to shift. So it’s trying to stay on top of the changing landscape just around cyber insurance.
That brings up my other threat landscape, a vendor threat landscape. As a vendor or as an MSSP, you’re trying to deliver services to somebody and they’re asking you questions because they’re trying to get their own insurance. They’re saying, “What level of insurance do you have? And we need you to answer these types of questions.” You’re going to fail in this space if you continue to ignore the compliance and the cybersecurity side of things, and think all you can do is have this product. Because of that vendor threat landscape, they’re going to move to somebody that’s more sophisticated that can deliver those services. So you have to stay ahead of that curve.
CF: What can partners expect from Cerberus Sentinel in the coming months and into 2023?
JD: I think where Cerberus is really going to excel in the coming months and years is as a partner. We’re going to be a partner to you to enable you to fill the gaps that you didn’t otherwise fill to provide additional capabilities and services that are required in today’s changing world for you to be successful. And so we’re going to be extremely partner-focused. We’re going to be an extremely interactive client experience. We’re focused on really being that partner and making sure that everybody’s clear in terms of inputs and outputs. And part of that, too … is delivering that quality service to your client to make sure that this output is actionable intelligence. Those are key areas that we’re investing in, making sure that the information we’re giving you is actionable and making sure that we’re a strategic partner for your cybersecurity program.
In other cybersecurity news …
Kansas-based MSP NetStandard this week suffered a cyberattack, causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint and CRM services.
According to an email sent to MyAppsAnywhere customers shared on Reddit, the company detected signs of a cyberattack on Tuesday morning and quickly shut down cloud services to prevent the attack’s spread.
According to the Reddit post, no additional information on the extent of the impact nor time to resolution can be provided.
“We are engaged with our cybersecurity insurance vendor to identify the source of the attack and determine when the environment can be safely brought back online,” it said.
NetStandard couldn’t be reached for comment.
Aaron Turner is CTO of SaaS Protect at Vectra.
“When it comes to incidents like what has been announced with MyAppsAnywhere, put yourself in the shoes of an attacker,” he said. “What would be the most efficient way to gain unfettered access to your target? If the target organization is relying on an MSP, then testing their security through a series of probes would be the best place to start. Not only would you get access to the intended target, but the frosting on top of the compromise cake would be access to any of the MSP’s other customers’ environments.”
As the digital supply chain gets longer and more complicated, and with the current economic environment forcing more organizations to rely on MSPs for IT service delivery, there likely be more attacks like the one with MyAppsAnywhere, Turner said.
“MSPs should be working to improve their operational security capabilities,” he said. “MSP customers should be leaning in to perform due diligence about their MSP’s security capabilities. This attack path will likely become a highway as more organizations outsource IT service delivery due to the current economic conditions.”
Microsoft tops Vade‘s list of the top 25 most impersonated brands in phishing attacks. Facebook came in second, followed by Crédit Agricole, WhatsApp and Orange.
With 11,041 unique phishing URLs, Microsoft is the top target for brand impersonation. The popularity of Microsoft 365 among SMBs and enterprises has made the company a lucrative target for phishers hoping to steal data from Microsoft 365 applications, according to Vade.
Additionally, compromising a Microsoft 365 account allows hackers to conduct internal attacks, such as distributing malware, launching ransomware attacks, and manipulating users into participating in business email compromise (BEC).
According to Vade’s Phishers’ Favorites report, the first quarter saw the most phishing attacks, with 81,447 unique phishing URLs detected, compared to 53,198 in the second quarter. For most brands, the phishing increase in Q1 was drastic. Among the most notable increases, Google phishing increased 873%, Apple phishing increased 737% and Instagram phishing increased 683%. Microsoft phishing increased 266% in the quarter, while Facebook phishing declined 12%, making Facebook the only brand in the top 25 to see a quarter-on-quarter decline in Q1.
Financial services brands saw the most impersonation of any industry represented in the report. The financial services industry had a total of eight brands in the top 25. Cloud followed with six brands on the list. The e-commerce/logistics and telco industries each had four brands in the top 25, followed by social media with three.
IronNet researchers have observed an active cyber crime syndicate launching a new phishing-as-a-service (PhaaS) platform, selling phishing kits to cybercriminals who specialize in social engineering scams.
Known as Robin Banks, this threat actor provides ready-made phishing kits primarily targeting U.S.-based financial companies, as well as numerous companies in the United Kingdom, Canada and Australia, according to an IronNet blog.
Financial institutions advertised on the website include Bank of America, Capital One, Citibank, Wells Fargo and more. They also offer templates to phish Google, Microsoft, T-Mobile, as well as international companies like Lloyds Bank of England, Netflix in Canada, and Commonwealth Bank in Australia.
In mid-June, IronNet researchers observed a large-scale campaign using the Robin Banks phishing kit, targeting victims via text and email. The goal behind this campaign was to access credentials and financial information pertaining to Citibank, in addition to Microsoft account credentials.
Based IronNet’s investigation of the threat actor, this campaign proved very successful. Numerous victims had account information sold via the dark web and various Telegram channels.
Roger Grimes is data-driven defense evangelist at KnowBe4.
“There is nothing any business can do better than to defeat social engineering and phishing to reduce their risk to cybercrime,” he said. “Every organization should focus more on defeating social engineering and phishing, and less on other types of attacks that are far less likely to happen. It is because nearly every business fails to adequately focus on social engineering as the No. 1 attack vector, by far, that allows hackers and their malware creations to be so successful. Every business needs to create more and better defense-in-depth policies, technical defenses and education to defeat social engineering.”
Social engineering is involved in 70-90% of all malicious data breaches, Grimes said.
“And yet we continue to treat it as just one of the many ways we can be hacked instead of the primary way we are hacked,” he said. “Hackers love that we continue to be distracted by far less popular hacking attacks and continue for decades to not focus that much on fighting phishing and social engineering.”
Exploitation is underway for one of the trio of critical Atlassian vulnerabilities that were published last week, affecting several of the company’s on-premises products, according to Rapid7. Atlassian has been a focus for attackers, as it was less than two months ago that Rapid7 observed exploitation of a vulnerability in Confluence Server and Confluence Data Center.
The most critical of the three vulnerabilities was quickly exploited in the wild once the hard-coded password was released on social media, according to Rapid7’s blog. This vulnerability only exists when the Questions for Confluence app is enabled and does not impact the Confluence Cloud instance. Once the app is enabled on affected versions, it will create a user account with a hard-coded password and add the account to a user group, which allows access to all non-restricted pages in Confluence. This allows a remote, unauthenticated attacker to browse an organization’s Confluence instance.
It didn’t take long for Rapid7 to observe exploitation once the hard-coded credentials were released, given the high value of Confluence for attackers who often jump on Confluence vulnerabilities to execute ransomware attacks.
Mike Parkin is senior technical engineer at Vulcan Cyber.
“When the hard-coded password vulnerability on Atlassian’s Confluence Server was revealed, many security professionals, myself included, recommended patching as soon as possible because this was something threat actors were going to start leveraging immediately,” he said. “Seeing them go after this vulnerability in the wild now is exactly what was expected. If you have already patched, great. Still check to make sure it wasn’t exploited before the patch. If you haven’t patched, do so, now.”
Rick Holland is CISO and vice president of strategy at Digital Shadows.
“Confluence has had no shortage of headlines,” he said. “Unfortunately, this isn’t a software vulnerability, but a conscious decision to hard-code a password for ease of use. Hard-coded passwords significantly increase the likelihood of exploitation, especially when the passwords become widely shared. If you play soccer, hard-coded passwords are own goals. Adversaries score enough goals alone. We don’t need to put the ball in our own net. Never use hard-coded passwords. Take the time to set up proper authentication and minimize future risks.”
A new survey by Delinea of IT security decision makers shows 60% believe their overall security strategy doesn’t keep pace with the threat landscape, and they’re either lagging behind, treading water or merely running to keep up.
The survey included 2,100 respondents in more than 20 countries.
While 40% believe they have the right strategy in place, 84% of organizations reported that they have experienced an identity-related breach or an attack using stolen credentials during the previous year and a half.
Ninety percent of respondents said their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. In addition, 87% said it is one of the most important security priorities for the next 12 months.
However, three-quarters also believe they’ll fall short of protecting privileged identities because they won’t get the support they need. This is largely due to a lack of budget and executive alignment. Sixty-three percent said their company’s board still doesn’t fully understand identity security and the role it plays in enabling better business operations.
Joseph Carson is Delinea‘s chief security scientist and advisory CISO.
“While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks,” he said. “This means that the majority of organizations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them.”
The report sheds light another dangerous oversight. Only 44% of organizations manage and secure machine identities, while the majority leave them exposed and vulnerable to attack.
“Cybercriminals look for the weakest link and overlook non-human identities — particularly when these are growing at a faster pace than human users — greatly increasing the risk of privilege-based identity attacks,” Carson said. “When attackers target machine and application identities, they can easily hide, moving around the network to determine the best place to strike and cause the most damage. Organizations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT superuser accounts which, if compromised, could bring the entire business to a halt.”
A new survey by Delinea of IT security decision makers shows 60% believe their overall security strategy doesn’t keep pace with the threat landscape, and they’re either lagging behind, treading water or merely running to keep up.
The survey included 2,100 respondents in more than 20 countries.
While 40% believe they have the right strategy in place, 84% of organizations reported that they have experienced an identity-related breach or an attack using stolen credentials during the previous year and a half.
Ninety percent of respondents said their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. In addition, 87% said it is one of the most important security priorities for the next 12 months.
However, three-quarters also believe they’ll fall short of protecting privileged identities because they won’t get the support they need. This is largely due to a lack of budget and executive alignment. Sixty-three percent said their company’s board still doesn’t fully understand identity security and the role it plays in enabling better business operations.
Joseph Carson is Delinea‘s chief security scientist and advisory CISO.
“While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks,” he said. “This means that the majority of organizations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them.”
The report sheds light another dangerous oversight. Only 44% of organizations manage and secure machine identities, while the majority leave them exposed and vulnerable to attack.
“Cybercriminals look for the weakest link and overlook non-human identities — particularly when these are growing at a faster pace than human users — greatly increasing the risk of privilege-based identity attacks,” Carson said. “When attackers target machine and application identities, they can easily hide, moving around the network to determine the best place to strike and cause the most damage. Organizations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT superuser accounts which, if compromised, could bring the entire business to a halt.”
Cerberus Sentinel has been on quite the acquisition spree, expanding its talent and capabilities to help MSPs and MSSPs beef up their cybersecurity capabilities.
That’s according to Jerald Dawkins, Cerberus Sentinel’s CTO. Cerberus Sentinel is a managed compliance and cybersecurity provider.
Earlier this month, Cerberus Sentinel completed the acquisition of CyberViking, a cybersecurity company based in Georgia and Oregon. CyberViking specializes in application security services, and incident response and threat hunting. It also assists in the creation and management of security operations centers. They have advised many Fortune 100 companies across the globe.
Cerberus Sentinel has also acquired Creatrix, True Digital Security, Atlantic Technology Systems and more. In addition, it expanded internationally with the acquisition of Arkavia Networks in Chile.
In January, Cerberus Sentinel joined the Nasdaq exchange and in June it joined the Russell 2000 Index, a stock market index that tracks the performance of 2,000 small-cap U.S. public companies.
Helping MPS, MSSPs Meet Increasing Demand for Cybersecurity
In a Q&A with Channel Futures, Dawkins talks about how Cerberus Sentinel works with MSPs and MSSPs. He also talks about the strategy behind the acquisition spree.
Channel Futures: Cerberus Sentinel helps MSPs with cybersecurity and helps MSPs become MSSPs, right?
Cerberus Sentinel’s Jerald Dawkins
Jerald Dawkins: Absolutely, yes. If I’m working with an MSP, it’s about how we can offer services to support your end clients. So we can fill certain gaps or provide services to our partners to enable their clients to meet that regulation and to get a job. Security is as much a sales tool as it is protecting the cyber resilience of the business. But it’s not just about throwing more and more tools. It’s not just about getting the tool. It’s about being effective with the tool. And sometimes I go into organizations and they’ve got five tools that all do the same thing. It’s just that they’re not being managed well.
So that’s where we want to provide support to our partners, both in terms of how they’re leveraging security tools, how they’re providing security to their entities and for their entity to ensure that we’re on the soccer field and we’re playing the game. I want to beat the other team and the only way to do that is security as a team sport working together.
See our slideshow for more from Cerberus Sentinel and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like