The Gately Report: Delinea Focused on Expanding Partners' 'Wallet Share,' Zoom Shells Out for Bug Bounties
Delinea is charting a course for Japan later this year.
![Full wallet Full wallet](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt5644f0950b827ba9/652430d4b528be7938152938/Full-Wallet.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Last week, Delinea announced increasing worldwide channel momentum. What’s driving that momentum and is it likely to continue through this year?
Delinea’s Damon Tompkins: What’s driving the momentum is the market itself. There’s a lot of appetite for PAM solutions, and increasing consciousness about identity security and the need for better controls around privileged accounts and really all accounts, all identities. And also in addition to that, there is an invigorated commitment to our channel partners with Delinea. We’re making increased investments in both the team as well as programs around our channel efforts, particularly around service delivery through our channel partners, as well as efforts to further incent our salespeople to be working with our ecosystem of partners.
CF: Delinea ended 2021 with more than 1,400 new customers, and annual recurring revenue grew 35% year over year. What role did partners play in that in that growth?
DT: Partners played a huge part. So in the Americas, for instance, about half of all of our business is conducted with a channel partner, whether through distribution and fulfillment, or for incremental additions to our direct selling motion. So our salespeople are incented to work with our channel partners. They’re encouraged to partner with their channel account sellers. We have an entire team of channel folks that help us work with a myriad of partners.
The other thing that’s driving it is a greater need for expertise around service delivery through the partners, and a lot of VARs are just that. They add a lot of value around specific domain expertise for our clients, being able to help them adopt our products in a way that is in alignment with their needs sets and their use cases. And then lastly, our organization sells 100% by way of the channel in international. So in EMEA and APAC, 100% of our business is done and conducted with channel partners. And we’re exploring ways to further incent our salespeople in the Americas to potentially even sell more than half of our business through partners.
CF: Last month, Delinea announced new cloud suite capabilities. Do these new capabilities benefit partners?
DT: The cloud suite capabilities were a product of the merger of two companies, Thycotic and Centrify, and it came from the Centrify portion of that business. And Centrify’s channel business wasn’t quite as robust, so we’re making more and more investments into that channel with these products. We think that the combined company channel is much more robust together. And so we’re bringing these products to our channel partners. The other thing that’s interesting about these products is that they do require a degree of subject-matter expertise that our partners can bring to the table. So organizations that may not have a specific cybersecurity focus per se, but do consulting or service delivery around Active Directory capabilities, will be very interested to see these products. So we’re getting into new audiences like cloud architects and Active Directory administrators, and this provides a new landscape for our partners to go and sell to.
CF: When it comes to PAM, what separates Delinea from other PAM providers?
DT: One of the hallmark things about the organization is that we orient around this concept of usable security. And so the idea is that if products are too complex, and they require too much ongoing maintenance and service delivery to keep them up and running, that they become unusable. So we think that our products are better by design. We have an ethos of ease of use, ease of adoption, fast time to value, and we want to make sure that there are high degrees of customer success around our products. If you look at a lot of our competitors’ products, they tend to be legacy products. They’re a lot older. They require considerably more ongoing sweat equity to keep them up and running. And so we think long-term it adds more complexity to the security equation, and that ultimately means they’re more brittle and less likely to be adopted than our products.
And then in the not-so-distant future, we’ll be making announcements around a cloud-based platform where each of our applications will act as a discrete application that’ll snap into a common cloud framework and allow organizations to control plane by way of SaaS to be able to manage both assets on premises or in a cloud that would be completely unique in the market.
CF: What do you find most worrisome about the current threat landscape?
DT: I was talking to a colleague of mine and a lot of the same sort of core concepts or issues associated with PAM today are really no different than they were say 20 or 25 years ago. Those same fundamental questions [about access] I think really challenge organizations here 25 years later. But the big difference today is that the attack surface has grown exponentially. With the adoption of distributed computing or cloud computing, IoT and BYOD, all these sort of macro trends that have occurred over the last 15 years, now you have more and more surface area where more privilege exists, and it just makes it that much more challenging for organizations.
So while I know there’s a lot of emphasis right now on state actors and that type of attack, which certainly is troubling in itself, we still see that a lot of the issue is just good old, basic human behavior. Making sure they have strong passwords and that you’re enforcing those passwords. And then also doing that for non-human accounts, like service accounts or credentials that exist within the CI/CD pipeline is another area that people have to be very mindful about managing those credentials. It’s just simply the increased amount of privileged sprawl that exists out in organizations’ environments. They are causing a lot of challenges for companies and organizations of all all types.
CF: Amid the continuing channel momentum, what are you hearing from partners? What are their most pressing needs?
DT: What we hear a lot from partners is that there’s as much interest in selling and performing value-added services as there is in selling products. So a lot of our most prized channel partners have a sizeable service delivery arm. And so we’re working with them to do greater degrees of certification around our products. So what we hear more and more about is having greater levels of participation not only in the sales process, but in the post sale of delivering services around the products.
CF: What are your goals for Delinea’s channel in 2022?
DT: I’d like to see us continue to have double-digit growth. We have about a 35% year-over-year growth in the channel. I think we can get that to 40% and beyond, especially with the certification programs and some of the efforts that we’re doing around compensation neutrality for our salespeople. We’d like to expand the share of wallet with our partners. So gather a greater degree of consciousness within our partners so that they’re focusing on the privilege issue and promoting our products as much, if not more, than others in their portfolio. And then scale-up our service delivery capabilities through greater degrees of certification with key partners throughout the ecosystem. And lastly, I’d say entering into some newer markets. So we’re going to be charting a course into Japan in 2022 in the back half. And so we think the partners are going to play a huge role in that effort. And then also deeper partnerships in the Middle East, Africa and some of the nascent markets that we serve.
In other cybersecurity news …
Zoom last year awarded security researchers with $1.8 million for helping identify and resolve over 400 bugs through its private bug bounty program.
Zoom works with more than 800 security researchers globally via the HackerOne platform. Zoom’s bounties range from $250 up to $50,000. It has awarded a total of $2.4 million in bounty payments and swag since the program’s inception.
Roy Davis is Zoom’s lead security engineer.
“When the pandemic hit in early 2020, Zoom meetings reached 300 million daily meeting participants in just a few short months,” he said. “Staying ahead of emerging and potential cyber threats became a priority and required continuously strengthening the security and integrity of the platform to keep Zoom’s users secure. As Zoom’s security surface continued to harden, we raised our maximum bounty amount to accurately reflect the time and effort invested by the researchers. Over the past year, Zoom was able to attract and partner with top researcher talent to bolster its security posture.”
To support existing researchers and attract new ones, Zoom also implemented several key updates to its bug bounty program last year. It moved away from a static bounty range based only on the severity of the vulnerability reported and implemented a bounty menu. This menu provides researchers with specific bounty amounts based on the type of vulnerability found and the demonstrated impact it may have on Zoom’s users and infrastructure.
In January 2021, Zoom raised the top end of the bounty table to $50,000 for a single report and the bottom end to $250.
Zoom also introduced a public vulnerability disclosure program (VDP). It allows anyone, not just established security researchers, to submit vulnerability reports to Zoom.
“We’ve learned and grown so much in 2021, and we’re excited to expand these efforts and work with more ethical hackers in 2022,” Davis said.
Hunters, a security operations center (SOC) workflow management platform, has launched a partner certification program to extend the value of its growing ecosystem and create new opportunities for partners.
As part of the program rollout, the company also launched its new Hunters partner hub, an online portal that provides an all-in-one partner experience.
Hunters’ SOC platform allows security teams to automatically identify and respond to incidents that matter across the entire attack surface. Global enterprises, including Fortune 500 companies, use Hunters as their main SOC platform, replacing their security information and event management (SIEM).
Hunters’ recent $68 million Series C funding round helped the company focus on accelerating its partner strategy.
Chris Sullivan is Hunters’ head of alliances and partners.
“We have some partner interest/demand around learning more about the Hunters value proposition for their customers focused on improving their SOC, particularly around technology modernization and licensing flexibility,” he said. “Our new program will enable partners to help their customers have a new conversation. That conversation will help their customers understand they can modernize their SOC approach with the Hunters SOC platform, and how they can leverage our cloud-scale approach to automate and correlate all of their security telemetry from a central security data lake — and give customers a true sense of their security threat posture.”
Block, formerly Square, has confirmed a data breach involving a former employee who downloaded reports from Cash App that contained customer information.
The company detailed the data breach in a U.S. Securities and Exchange Commission filing. On April 4, it reported learning a former employee downloaded certain reports of its subsidiary Cash App Investing on Dec. 10 that contained some U.S. customer information.
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” it said. “The information in the reports included full name and brokerage account number (this is the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some customers also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.”
The reports did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information, Block said. They also did not include any security code, access code, or password used to access Cash App accounts. Other Cash App products and features, and customers outside of the United States, were not impacted.
“Upon discovery, the company and its outside counsel launched an investigation with the help of a leading forensics firm,” Block said. “Cash App Investing is contacting approximately 8.2 million current and former customers to provide them with information about this incident and sharing resources with them to answer their questions. The company is also notifying the applicable regulatory authorities and has notified law enforcement.”
Future costs associated with this incident are difficult to predict, Block said.
“Although the company has not yet completed its investigation of the incident, based on its preliminary assessment and on the information currently known, the company does not currently believe the incident will have a material impact on its business, operations or financial results,” it said.
Erich Kron is security awareness advocate at KnowBe4.
“This situation stresses the need for a well-defined employee offboarding process, and possibly even the dangers of shared passwords within organizations,” he said. “Without a strong offboarding process, accounts that should be disabled can easily be missed, leaving them open for abuse by ex-employees. Shared passwords are equally as dangerous, especially if they are not changed immediately after an employee leaves. It is not uncommon for ex-employees to feel entitled to information, including that of customers they worked with, or of intellectual property they worked on. Not removing access to this information quickly and efficiently can lead to employees returning to take it.”
Cado Security says it has discovered a new malware that specifically targets Lambda.
Lambda is a compute service offered by Amazon Web Services (AWS) for running code, server and OS maintenance, capacity provisioning, logging and operating numerous backend services. According to Cado Security, this cloud service is now at risk of infection by the malware strain.
Matt Muir is a security researcher with Cado Security.
“Cado Labs routinely analyzes cloud environments to look for the latest threats,” he said. “As part of ongoing research, we found the first publicly known case of malware specifically designed to execute in an AWS Lambda environment. We named this malware Denonia, after the name the attackers gave the domain it communicates with. The malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls. Although this first sample is fairly innocuous in that it only runs cryptomining software, it demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, and is indicative of potential future, more nefarious attacks. From the telemetry we have seen, the distribution of Denonia so far has been limited.”
AWS sent us the following statement:
“Lambda is secure by default, and AWS continues to operate as designed. Customers are able to run a variety of applications on Lambda, and this is otherwise indistinguishable to discovering the ability to run similar software in other on-premises or cloud compute environments. That said, AWS has an acceptable use policy (AUP) that prohibits the violation of the security, integrity or availability of any user, network, computer or communications system, software application, or network or computing device, and anyone who violates our AUP will not be allowed to use our services.”
Moreover, the software described by the researcher does not exploit any weakness in Lambda or any other AWS service, it said. Since the software relies entirely on fraudulently obtained account credentials, it is a “distortion of facts to even refer to it as malware because it lacks the ability to gain unauthorized access to any system by itself.”
John Bambenek is principle threat hunter at Netenrich.
“While it has been common for attackers to target automated environments to run cryptomining software, this is the first time that I’ve see Lambda targeted,” he said. “It comes as no surprise as many organizations have no real controls on development cloud resources and cryptomining is low-hanging fruit for hackers to monetize lax DevOps security.”
While Amazon secures the Lambda environment and the customer secures their code and account credentials, the question is how are account takeovers handled, Bambenek said.
“Amazon believes that’s the customer responsibility, and many organizations believe Amazon should have some checks in place,” he said. “Either way, it’s probably a no-brainer for Amazon to simply detect and prevent cryptocurrency mining in their environment (except for those instances specifically designed for it).”
Distributor Pax8 this week announced a new global agreement with Check Point Software Technologies‘ email security group, formerly Avanan, to offer a security solution for cloud-based email and collaboration suites for MSPs.
Check Point’s patented API approach to email security blocks malicious and phishing emails before they reach the inbox. Embedded within the cloud suite, Check Point secures the entire suite from phishing, malware, data leakage and ransomware, specifically focusing on the most sophisticated attacks that others miss.
Check Point announced its acquisition of Avanan last August.
Check Point prevents attacks in all lines of business communication, such as Microsoft 365, Google Workspace, Slack, Dropbox and more. With its MSP management portal solution, MSPs have a multitenancy view into their email environments, along with a monthly, usage-based billing system, no commitments and full automation.
Ryan Walsh is Pax8‘s chief operating officer.
“Emails are still the No. 1 attack vector for malware delivery, ahead of RDP scans and software exploits,” he said. “Check Point has developed a unique way for MSPs to protect their networks from harm caused by phishing. Their technology is a powerful addition to MSPs’ technology stacks because it is cloud-ready and well-integrated into environments that MSPs already use. It also provides an innovative way for their customers to manage email security.”
Distributor Pax8 this week announced a new global agreement with Check Point Software Technologies‘ email security group, formerly Avanan, to offer a security solution for cloud-based email and collaboration suites for MSPs.
Check Point’s patented API approach to email security blocks malicious and phishing emails before they reach the inbox. Embedded within the cloud suite, Check Point secures the entire suite from phishing, malware, data leakage and ransomware, specifically focusing on the most sophisticated attacks that others miss.
Check Point announced its acquisition of Avanan last August.
Check Point prevents attacks in all lines of business communication, such as Microsoft 365, Google Workspace, Slack, Dropbox and more. With its MSP management portal solution, MSPs have a multitenancy view into their email environments, along with a monthly, usage-based billing system, no commitments and full automation.
Ryan Walsh is Pax8‘s chief operating officer.
“Emails are still the No. 1 attack vector for malware delivery, ahead of RDP scans and software exploits,” he said. “Check Point has developed a unique way for MSPs to protect their networks from harm caused by phishing. Their technology is a powerful addition to MSPs’ technology stacks because it is cloud-ready and well-integrated into environments that MSPs already use. It also provides an innovative way for their customers to manage email security.”
Rebranding ThycoticCentrify to Delinea has been a risk that’s paid off. The company and its partners are thriving in privileged access management (PAM).
That’s according to Damon Tompkins, Delinea’s chief revenue officer. In February, ThycoticCentrify, which formed when TPG Capital acquired Thycotic and Centrify in 2021, rebranded as Delinea.
Delinea and its partners provide PAM solutions. It caters to any size of business.
Delinea’s Damon Tompkins
“I think a lot of people had strong feelings about the brand identities of both Thycotic and Centrify,” Tompkins said. “And so taking the best elements of those brands and fusing them together into Delinea was really a challenging goal. We’ve had a lot of success with it. I think the new sort of feel of the company and the style of communication is much crisper and much cleaner. I think it’s helpful for Delinea partners. And I’d say that there’s been a lot of warm reception around the rebrand.”
Standing with Ukraine
Delinea is being directly impacted by Russia’s invasion of Ukraine, Tompkins said. Art Gilliland, Delinea ’s CEO, posted a blog saying his company stands with Ukraine.
“We have a team of around 50 developers that were in the Ukraine,” Tompkins said. “We’ve been in close contact with them throughout the entire crisis. Our perspective is that we stand with the Ukrainian people. And we made a decision, a business decision, to completely cease all operations and working with organizations in Russia and Belarus.”
Scroll through out slideshow above for a Q&A with Tompkins and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like