The Gately Report: Deep Instinct Focuses on Expanding Market for Deep-Learning Platform
Plus, ALPHV claims responsibility for the massive MGM Resorts ransomware attack.
![Deep Instinct market expansion Deep Instinct market expansion](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltbf5c21a0df34564e/6537c8249fc9ad181680d16d/Target-Business.jpg?width=700&auto=webp&quality=80&disable=upscale)
sutadimages/Shutterstock
Channel Futures: How has your previous experience with Zscaler, Zerto and VMware come into play in this new role?
Jim Ortbals: It’s been a good foundation … all the way around. I joined Deep Instinct from Zscaler directly. I led a global service provider business, so all the service providers that partnered with Zscaler, as well as leading and building the new MSSP program that Zscaler has been pushing, and was the original creator of the global distribution program.
So you look at a lot of those different routes to market and it’s very similar to what we have. We have a strong MSSP footprint here. We do leverage distribution extensively with our reseller partners and how we use them and leverage them, and new partner acquisition as well as the value-added side of what they bring to the table.
And then certainly service providers have a big reach and focus into a lot of accounts globally. That’s had a big influence on some of the new partner focus, newer partners we want to focus on. And then I look back at some of the business at Zerto and VMware, and a lot of that was focused on large enterprises as well, and software, specifically not as-a-service, but software. And although both did big as-a-service business, this type of sales approach when you’re selling software is similar to how you work with the partner community and the value that they bring to the table. So I’d like to think that those past three roles have had some very big influences on what we’re going to be able to do and what good looks like.
CF: Last month, Deep Instinct released a study showing a significant increase in cyberattacks fueled by generative AI. Is there a message in this study for Deep Instinct partners?
JO: They are getting asked consistently from customers, how do I address AI? I love leveraging AI from a productivity perspective, whatever it may be, but how do I leverage AI to fight AI, the negative characteristics of that. There’s the good that comes with it, but there’s always somebody that’s going to weaponize it in some form or fashion. We believe with the deep-learning platform, we’re able to use AI to fight AI, and looking at not just the known threats out there that everybody can say they do a great job with, but because of our deep-learning platform and the revolutionary aspects of it, we’re able to address those unknown threats, the threats that a lot of the existing solutions in the market can’t do. And that’s, again, leveraging the deep-learning component of AI to do that. So it’s allowing them to to figure out how to have a good talk track when their customers are asking, “How do I successfully implement and how do I successfully protect against the outcomes of AI?”
CF: When it comes to AI and generative AI in cybersecurity, do partners have a lot of questions? Do they need a lot of information to clarify what it’s good for and how they can use it?
JO: I think mostly in general, everybody’s still trying to figure out what their overall messaging and strategy is out to their customer base. A lot of times the customers are looking to the partner community as their trusted advisor, their neutral advisor on this. Like, “Hey, I’ve got every vendor and OEM coming in the world to tell me why they’re the best, and we’ve been doing business together and you’re supposed to be a bit of a neutral layer.” So the opportunity for integrators and VARs, etc., is to be that somewhat neutral party to help identify, articulate and develop an AI strategy for said customer. So from a partner perspective, they’re looking right now to be as educated on this across the board, not just on one particular vendor or one particular solution, but across the board so that they can take a cohesive, integrated approach into a customer and just say, “Hey, it’s not how does this vendor leverage AI in some form or fashion into a product, but rather this is your AI strategy and there aredifferent variants, different types of solutions that plug into that, that cover everything or at least as much as you can today.” In my engagements with partners, they’re like a sponge. They have tons of questions. They’re trying to absorb it all and then figure out where they go from here in an overarching strategy that may encompass a lot of different technologies.
CF: What sort of growth and expansion is Deep Instinct experiencing, and what role are partners playing in that growth?
JO: We’ve had some recent announcements in the managed detection and response (MDR) space, like with eSentire. They’re a huge MSSP globally and we’re excited about what they’re bringing into market very shortly for the endpoint space. That’s a really exciting solution that we worked closely with them to develop, and we’re going to continue to see some expansion in that space. Specifically on the enterprise space, we’re working with some of the world’s largest brand-name companies and we see tremendous amount of growth there.
For more of our agentless solutions like Deep Instinct Prevention for Applications, we have a solution that we’re going to be doing a press release a little later next month that I can’t go into too much, but it’s going to be focused on storage and some of the things that we do around that and what we’re doing there. So I think we’re going to continue to see some of the use cases expand with what we can do from a deep-learning perspective and taking a prevention-first approach to cybersecurity. Don’t just detect and remediate, or try to contain the blast radius, but what if we can stop it first and prevent it from writing to disk, writing to memory, whatever it may be? And this is, I believe, and what we’ve heard from customers and partners, a bit of a revolutionary approach. So that’s where we’re going to see expansion into the partner types that can address those types of concerns and address those customer segments, and being very strategic in where we go with eSentire or maybe some similar types of partners.
CF: Is Deep Instinct attracting new partners? If so, what’s bringing them to Deep Instinct?
JO: The biggest thing I saw when I was telling people I was making a move or after I landed was the proactive reaching out of, “Oh, this looks really interesting; it’s been a little while since I got updated on Deep Instinct, can you tell me more about it?” And they were blown away by what they heard. Or with others, it was, “Hey, do tell me more; this idea of prevention first is rather novel. And so we are seeing a tremendous influx of partners that are interested in learning more about how we do what we do and how they can make money with what we do.
So it’s been a bit of twofold. One, “Hey, I need to have a very comprehensive and cohesive, and articulate AI strategy,” and then the other one is, “OK, that’s great, now how do I monetize it?” And so there have been a lot of discussions about that and that’s been good. And we believe we’ve got a great partner program with the Stratosphere program.
CF: Many organizations are dealing with tight budgets. How is Deep Instinct helping partners meet their needs?
JO: That’s always the challenge, making sure that you have a solution that not only can address their needs or exceed what they need, but also something that they can afford, or fit into a budget. And for us, it’s looking at helping them try and understand all the infrastructure they have to go in to support some of the similar use cases that we address, and look at everything that they touch and show what we can do in the footprint we can.
And then there’s certainly a path to ROI on one hand, but there’s also an improvement on your total cost of ownership as well. So we do a lot of that calculating as we sit down with customers to understand, 1) what the need is as we’re going through the discovery phase, and then 2), as we move into more of the validation and whatnot, we’re running through the technical evaluation, and when we get to a stage like that with a customer, we find the business accelerates, the sales cycle accelerates pretty quickly. That’s because once they see it and they can actually prove some of the things we’ve talked about, No. 1, and then when they put pen to paper to try and figure out how it does return on the investment for them and the total cost of what it looked like. It quickly becomes becomes, “OK, now let’s move toward finalizing what the business case looks like.”
CF: What do you find most dangerous about the current threat landscape?
JO: The pace at which it’s evolving. And that’s where AI just in general cuts both ways. The threat landscape is tremendously accelerating. The different vectors where threats are coming in is getting wider and wider. I’m not a CISO, but I know it’s keeping them up at night. And the threat of ransomware, malware, etc., is out there right on the periphery every day, all day. We used to talk about zero-day; now we’re talking about zero hours, zero-minute and zero-second-type threats.
And it’s always been not a question of if we’re going to be hacked, it’s we’re going to be hacked. That’s always been a bit of the rub, and we want to try and change that narrative. For us, on the flip side, let’s try and move from, “Hey, how do I contain?” to let’s try and figure out a prevent-first strategy. Let’s reduce the noise and reduce the number of potential threats, and then when something does happen, you have a robust set of tools for that specific instance instead of just the volume of stuff that comes in and constantly having to chase ghosts, which makes everybody exhausted, makes the security operations centers (SOCs) overrun, so on and so forth.
CF: What can partners expect from Deep Instinct in the months ahead?
JO: We’re going to continue to provide a very margin-rich opportunity for partners on the resale side. Deep Instinct has an industry-leading margin profile out there so partners can earn, with the proper deal registration, approvals, etc., 30-35%, which is absolutely fantastic. That’s not discount. That’s actually margin. So there’s an opportunity for very rich margins.
And then as we move into the next fiscal year, our fiscal year runs February to January, we’re looking at adding in some additional tweaks to that to allow for greater transparency and the potential for different types of deal registrations. Again, recognizing not everything is always going to be partner-sourced, there may be other opportunities for things like teaming, etc., which are very important to partners so that it’s not a very narrow definition. It’s rather, “Hey, there are different opportunities for us to engage in.” The value that comes with those types of engagements should be rewarded accordingly. So we’re going to see some more evolutions around that as well.
In other cybersecurity news …
Ransomware-as-a-service (RaaS) group ALPHV, also known as BlackCat, claimed responsibility for the massive MGM Resorts breach in a post on the dark web, according to Check Point Research (CPR). The attack impacted operations at numerous hotels and casinos on the Las Vegas strip, including the MGM Grand, Bellagio, Aria, Mandalay Bay and more.
ALPHV is one of the major RaaS threat groups, responsible for nearly 9% of all published victims in the past 12 months on dark web shaming sites, according to CPR. They are preceded only by Clop and Lockbit.
In the past 12 months, ALPHV published the identity of around 400 victims who refused to pay the ransom, with more than half based in the United States.
In August, CPR observed 918 average weekly cyberattacks per organization in the leisure/hospitality industry globally, with 396 occurring in the United States. It was the 11th most attacked sector in the first half of 2023. ALPHV has targeted victims across multiple sectors including manufacturing, health care and legal.
Sergey Shykevich, CPR threat intelligence group manager, said the MGM Resorts attack is yet more proof of the growing trend of ransomware attackers focusing on data extortion and targeting of non-Windows operating systems.
“The model of RaaS continues to be very successful, combining strong technological infrastructure for the attacks, with savvy and sophisticated affiliates that find the way to penetrate major corporations,” he said. “We can only speculate on what their next move may be, but what we do know is that organized groups like ALPHV are not afraid to publish data if their demands are not met. Regardless of their decision, MGM should keep hotel guests and visitors informed on what information may have been obtained. It is another cautionary tale for all organizations to regularly check their access controls and make sure they have end-to-end security processes in place.”
Before the MGM Resorts attack, Caesars Entertainment reportedly also was hit with ransomware and paid half of a $30 million ransom, according to Bloomberg. In that attack, hackers used a social-engineering scheme, in which a person pretending to be an employee contacted the company IT help desk to have a password changed, according to people familiar with the matter.
Emily Phelps, director at Cyware, said if organizations take away anything from the Caesars ransomware attack, let it be a reminder that human behavior is one of the most common vulnerabilities threat actors exploit.
“Technologies change rapidly, human behavior doesn’t,” she said. “Improving security awareness must be an ongoing effort, and it is only the beginning. To minimize social-engineering risks, it’s important to also ensure you require multifactor authentication (MFA), ideally using different types of authentication such as a passphrase and an authenticator app. Threat intelligence is critical to recognizing potential risks before they can cause harm.”
Dave Ratner, CEO of HYAS, said social engineering is one of the most successful ways bad actors breach an environment, and one of the hardest gaps to close.
“Continued user training is needed, but this must be complemented with defense-in-depth strategies that assume breaches will occur and detect the initial telltale signs of a breach, the digital exhaust indicating anomalous activity, so that the attack can be stopped before it expands and impacts operational resiliency,” he said.
And speaking of ransomware, trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is behind recent service outages preventing trucking companies from managing their fleets.
Michelle Ferris, ORBCOMM’s vice president of corporate communications, sent us the following statement:
“On Sept. 6, ORBCOMM experienced a ransomware attack that is temporarily impacting our FleetManager platform and BT [truck management] product line, which is used by some of our customers to track and monitor their transportation assets. Upon discovering the issue, industry-leading external cybersecurity experts were retained to conduct a thorough investigation. Importantly, all of our other systems and service offerings remain completely operational, and customers are using them as normal. We remain in contact with all impacted customers and will continue to provide timely updates as our recovery and investigation processes progress.”
James McQuiggan, security awareness advocate at KnowBe4, said disrupting trucking fleets doesn’t just harm the victim organization, but cascades across supply chains, organizations and industries.
“Given the heavy reliance on just-in-time freight logistics, a trucking outage can quickly spiral, delaying vital supplies for agriculture, manufacturing, hospitals, retailers and more,” he said. “The effects rapidly become a societal problem versus an isolated incident. Bolstering cyber defenses along the supply chain is critical to limiting broad disruption. Ensuring that security culture is a substantial part of all organizations is one step toward reducing the risk of a cyberattack and causing damage to data, infrastructure and brand.”
Dragos has received a $74 million Series D funding extension, bringing its total funding to $440 million.
Dragos provides cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments. The extension funding was led by strategic operating and investing firm WestCap.
The Series D funding extension will bolster Dragos’s ability to make ICS/OT cybersecurity more accessible around the world. This year, Dragos has already expanded across Western Europe and the DACH region, building on its established presence in the United Kingdom. This summer, Dragos entered into an agreement with Macnica to provide Dragos’ cybersecurity solutions in Japan, signifying Dragos’ expansion in Asia-Pacific beyond its presence in Australia and New Zealand.
In August, the company signed a three-year memorandum of understanding (MOU) with the Cyber Security Agency of Singapore (CSA) to support the country’s efforts to defend against cyberattacks to its operational technology and critical infrastructure. Dragos also continued to grow its footprint in the Middle East through its established presence in the Kingdom of Saudi Arabia and United Arab Emirates.
“The funding will support go-to-market initiatives to meet growing demand and fund accelerated expansion in key growth markets including North America, Europe, the Middle East and Asia-Pacific, and across diverse industries including electric, oil and gas, chemical, manufacturing, pharmaceutical, food and beverage, water, transportation, mining and building automation,” said Jon Pringle, Dragos’ vice president of U.S. channel. “Absolutely key to our success are partners, so the investment will help fuel our work with partners as part of our overall go-to-market strategy. Market demand for OT cybersecurity is accelerating globally as threats evolve and as countries introduce regulations for critical infrastructure and other industrial organizations.”
Dragos has received a $74 million Series D funding extension, bringing its total funding to $440 million.
Dragos provides cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments. The extension funding was led by strategic operating and investing firm WestCap.
The Series D funding extension will bolster Dragos’s ability to make ICS/OT cybersecurity more accessible around the world. This year, Dragos has already expanded across Western Europe and the DACH region, building on its established presence in the United Kingdom. This summer, Dragos entered into an agreement with Macnica to provide Dragos’ cybersecurity solutions in Japan, signifying Dragos’ expansion in Asia-Pacific beyond its presence in Australia and New Zealand.
In August, the company signed a three-year memorandum of understanding (MOU) with the Cyber Security Agency of Singapore (CSA) to support the country’s efforts to defend against cyberattacks to its operational technology and critical infrastructure. Dragos also continued to grow its footprint in the Middle East through its established presence in the Kingdom of Saudi Arabia and United Arab Emirates.
“The funding will support go-to-market initiatives to meet growing demand and fund accelerated expansion in key growth markets including North America, Europe, the Middle East and Asia-Pacific, and across diverse industries including electric, oil and gas, chemical, manufacturing, pharmaceutical, food and beverage, water, transportation, mining and building automation,” said Jon Pringle, Dragos’ vice president of U.S. channel. “Absolutely key to our success are partners, so the investment will help fuel our work with partners as part of our overall go-to-market strategy. Market demand for OT cybersecurity is accelerating globally as threats evolve and as countries introduce regulations for critical infrastructure and other industrial organizations.”
As Deep Instinct has expanded beyond endpoint with its deep-learning platform, its addressable market has grown, providing more opportunities for partners.
That’s according to Jim Ortbals, Deep Instinct’s vice president of global channels. He joined Deep Instinct on May 1 and is focused on growing the company’s channel program, supporting existing partners and forging new relationships.
Deep Instinct’s Jim Ortbals
“The four months or so has gone by very quickly,” he said. “For me, it’s been listening to a number of partners, understanding how our programs work well with them, where there’s areas that they would like to improve. and then doing an evaluation, as well, of our partner ecosystem itself and seeing where there may be some gaps in coverage regionally, locally or the types of partners that we want to work with. So a little bit of listening, inspecting and just trying to get my arms around everything that we’re doing through our partner community.”
Deep Instinct Working with Large SIs
In the past, Deep Instinct was centered around working with partners that had a strong endpoint practice because the company grew out of the endpoint space, Ortbals said.
“And as we have continued to evolve and leverage our deep-learning platform, and expanding beyond just the endpoint, from the agent environment to an agent-listen environment, we’re seeing the addressable market for us expand substantially,” he said. “And with that comes a need for identifying how you can reach into a customer set that is infinitely larger. So we’re doing a lot of work in the large enterprise space now. In the past, we did some business with large enterprises and we did a lot of business in the midmarket-SMB through whether it’s an MSP community, as well as a lot of resellers. And as you get into those large enterprises, the partners that you work with tend to be more big SI types. So for us, that’s where a big, big area of focus is as we move forward as well.”
Scroll through our slideshow above for more from Deep Instinct and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like