The Gately Report: ESET Research Plays Key Role in Solutions for Partners, LA School District Ransomware Attack
There are lessons to be learned from the Los Angeles Unified School District ransomware attack.
Shutterstock
Channel Futures: ESET’s recent research found North Korean APT group Lazarus’ new campaign targeting job seekers. What’s significant about that campaign?
ESET’s Tony Anscombe: We’re now seeing where people’s identities and theft are taking place, where somebody is being dragged into an interview process, for example, with somebody with a job that’s actually fake, and listening. These are significant because they’re identity theft. They’re taking money off of the individuals. It’s disruptive in a market where there are huge resourcing issues, and lots of people do move around and do look for jobs in the cybersecurity industry because there is such a shortage of people. So they exploit it.
They exploit hot topics at that moment in time, so it’s a little unfortunate. But people looking for employment need to be exceptionally cautious. They need to be sure the company they are talking to is real. And I would be old-fashioned in my protective manner here and say use the phone, call the company.
CF: What’s the latest in terms of ESET’s partner program? Anything new for MSPs and VARs? Anything on the horizon?
ESET’s Ryan Grant: I think the partner program in general continues to evolve. When you look at the way it’s set up, I think there’s a couple of key things. The margin profile is pretty lucrative for our partner base depending on where they are with their requirements from ESET’s perspective. But partners can make up to 40 points of margin with ESET, which is fantastic. And one of the things I think that’s unique to ESET is we provide incumbency protection. So if you’re a partner and you’re securing new business, it’s really important for us at ESET to make sure that those partners are protected from an incumbency standpoint. So when that renewal comes up, they are in a position to be able to secure that and they’re protected on that. And to me, that’s the core of what a great channel program really offers. And then on top of that, there are a number of things we’re doing specifically around deal registration that can be stacked on top of those margins, along with additional promos that we’re providing for our partners as well.
And then outside of the margin side of it, it’s the marketing resources and the demand-generation offerings that we have within the marketing services team. We actually have a team of channel marketing resources that overlay to our sales organization that support our channel ecosystem. They’re working with them to really set up demand-generation plans and utilizing MDF funds that ESET is supporting them with to continue to go drive the awareness out in the marketplace and be able to support them with their needs in the end-user community.
The last thing is, given we are such a research-based company and that research really falls into our product, what we find is that a lot of our engagements on the channel marketing side and the program side are really around more of a consultative approach, and really helping educate and advise the partner community, but also the end-customer community. And a lot of times our partners are asking us to come directly into their their end customer meetings, and really help guide and advise based on our knowledge of what’s happening in the market, given that we’ve got a significant amount of people focused on research — and we’re publishing quite a bit of research daily. So it’s been really great to see that evolve over a period of time here.
CF: What’s your take on the current threat landscape? Any emerging, especially dangerous trends?
Anscombe: One of the things we highlighted in our latest threat report was the increase in phishing. So if you look at the data, Emotet reappeared. It had been taken offline and in the last two weeks of the period our threat report covered, we ended up seeing a 40% increase in downloader and phishing attacks. So there’s the phishing attack, and then there’s the delivery of what’s behind the phishing attack. That’s a very prevalent issue.
And I think if you talk to most CISOs, the two things that every CISO will talk about are phishing and ransomware. And we have to call out remote desktop protocol (RDP). Since the start of the pandemic, that whole threat landscape around RDP has just been huge. However, we are starting to see companies either catching up with their security, or companies now taking their RDP stuff offline where people have returned to work.
CF: What are ESET partners’ most pressing pain points? And how are you helping them with those?
Grant: I think on the go-to-market (GTM) side of things, particularly here in the United States, we’re seeing cyber insurance really driving a lot more requirements for the partners, and really getting their head wrapped around what the requirements are and what they actually mean. So we’re spending quite a bit of time now with partners, educating them on what the insurance companies are looking for, what are the requirements that the security layer needs to have and then making sure they have the right security policies set in place, especially when there is such a big shortage of talent. [Also], being able to really fall back on the technology and let the technology take the lead on some of the work that’s being done there. And so we’re investing in some more formalized relationships with a number of insurance companies this year. And we’ll continue to do that to really help the partners there. So I would say that’s probably the biggest area for us around the partner side of it.
Anscombe: If you look at some of the other requirements coming down the pipe, we will continue to work with partners on some of those. And I say that because you’ve got legislation going through on disclosure reporting. The U.S. Securities and Exchange Commission (SEC) has a proposal for disclosure for public companies, and you’ve got the FDIC already with disclosure requirements. I think certainly for MSPs, you could end up becoming the bureaucratic form filler for disclosure. So I think it’s important that people understand what data needs to be used and what actually the disclosure requirements are, because I think it’s becoming very complex.
CF: With the war in Ukraine and talk of recession, how is geopolitical and economic uncertainty affecting ESET and your partners?
Grant: I would say our partners are far more engaged than they ever have been before, particularly just given the fact that they’re starting to see and we’re sharing with them our involvement to help with what’s going on with the broader world around cybersecurity. I do think that the research has come forefront for our partners. And unfortunately, with some of the things we’re seeing in the current global climate, partners and customers have actually started to come to us more to really understand how to be better protected. And that’s as a result of them being far more engaged than they ever have been before. So it’s obviously good for us to keep our partners engaged and keep them educated. But I would say it’s been a positive story more than anything else.
CF: Is ESET gaining new partners? If so, what’s driving that?
Grant: The partner breadth continues to increase for us in multiple areas. Particularly here in the United States, we’ve seen most all partner types actually growing. We’ve seen our traditional VAR partners growing, our MSP is actually growing as well, and then also our national service providers. So the larger corporate partners out there have grown as well. And interestingly enough … a lot of the consumer retail stuff is actually going through the channel, and we started to see that grow significantly as well.
As far as the driver, a lot of it is people are becoming more familiar with ESET. ESET is here in North America. We’ve spent quite a bit of time really letting folks know about the ESET offering and the solution, and what we’re bringing to the table. We’re actually taking much more of a educational approach to the market, whether it’s a consumer all the way up to an enterprise type of customer in terms of what they should be considering there. And then the other great thing we’ve seen is that our partners are extremely loyal, and we get a lot of referral business and a lot of people recommend us as well, which is a complement obviously to us. The partner community, they do talk, they actually get together and they share best practices, and it becomes a pretty big conversation point for the partners when they’re sharing best practices. So that’s been very beneficial for us as well.
CF: What can partners expect from ESET in the coming months, and into 2023?
Grant: I think the low-hanging fruit is that the product will continue to see enhancements, for all different product types or for all different partner types. And you’ll continue to see how we evolve the research into the product where needed. So you’ll continue to see a pretty big focus there. And then the other part of it, too, is we’ll continue to really evolve the channel program in terms of how we go to market with our partners. We haven’t publicly put anything out there in terms of what we’re doing for 2023. But there will be some major investments into the partner program for 2023 that will continue to put ESET in a position to really help our partners and educate them on what’s happening from a cybersecurity standpoint.
In other cybersecurity news …
The Los Angeles Unified School District’s IT infrastructure was hit with a ransomware attack during the Labor Day weekend, causing a major system outage.
The district resumed normal operations on Sept. 6. The decision to resume classes and work was informed by the district’s ability to confirm that its most critical systems were viable.
“While the district’s ability to intercept the attack by deactivating all our systems was the swift, decisive and prudent action to avoid a catastrophic breach, the recovery from the disruption has proven more challenging than initially anticipated,” the district said in its latest release.
Jeff Schmidt, Avertium‘s CEO, said educators can learn a lot from this attack. His suggestions include:
Separate student networks from school networks.
Limit privileged access by faculty and visiting teachers.
Update technology patches on a regular basis. Patching in a timely manner is another issue for schools.
Implement multifactor authentication (MFA).
Reduce thirty-party access to IT networks.
Train for phishing.
“These will continue because education tends to focus heavily on access and open systems, which leads to higher risks and security gaps to exploit,” Schmidt said. “Security is still widely seen as an obstruction to student access for educational institutions, so there is less funding for security. The ransomware attack on the Los Angeles School District was successful because the attack caused the district to shut down computer systems at the beginning of the school year. Since the pandemic, schools have had to rely more on technology, but did not prepare for the cybersecurity risks that come with it.”
Darren Guccione is Keeper Security‘s CEO and co-founder. He said this “egregious cyberattack is the latest example of the pervasive threat that predatory cybercriminals pose to everyone from multinational businesses to young school children.”
“No one is safe from cybercrime and often the most vulnerable among us are the most likely to be targeted,” he added. “It takes all of us doing our part to raise awareness, which further empowers the collective cybersecurity protection of our communities. It is imperative to practice good cyber hygiene by using strong and unique passwords for all of our applications, websites and systems — on every device. To achieve this, it is essential to use a password manager. This will create high-strength, random passwords for every website, application and system, and further, will enable two-factor authentication (2FA) to protect against remote data breaches.”
Cymulate has received a $70 million Series D investment led by existing investors One Peak, together with Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and Dell Technologies Capital.
To date, Cymulate has raised $141 million. The latest investment, which is among the largest for continuous security testing vendors, accelerates the company’s global expansion and pace of innovation.
Carolyn Crandall is Cymulate’s CMO.
“Cymulate is a channel-centric organization and this latest fund raise will allow us to increase our partner engagement globally,” she said. “The company will specifically increase its investment in partner program enhancements, including profitability programs, additional channel account managers, co-selling programs, sales training and enablement. Cymulate has seen success in creating market demand with reseller, integration and alliance partners, and will also be increasing its investment in joint marketing programs.”
Partners play a critical role in creating demand and providing additional services to customers, Crandall said.
“Cymulate will be adding and expanding its distribution, reseller and MSSP relationships to address the growing demand for security control validation and breach feasibility solutions,” she said. “Cymulate grew sales by 100% in 2021, demonstrating the need for these solutions and profitable sales opportunities for its partners.”
Cymulate’s extended security posture management (XSPM) platform leverages its native offensive security technology and capabilities to support customers’ security and business needs. XSPM incorporates four fundamental pillars tied together with analytics to provide security posture insights. Those are: attack surface management; continuous automated red teaming; breach and attack simulation; and advanced purple testing.
Cymulate has more than 500 customers globally, including Fortune 500 companies and strategic partners such as Optiv and Wipro. By the end of this year, Cymulate plans to further expand its staff by 75% to continue supporting its GTM efforts.
Arctic Wolf has acquired vxIntel, a provider of cyber threat intelligence.
vxIntel will be part of Arctic Wolf Labs, an initiative that is bringing together Arctic Wolf’s security researchers, data scientists and security development engineers into a single team focused on threat detection and response capabilities for customers, partners and the security community at large.
xIntel’s malware intelligence platform analyzes more than 500,000 files each day and more than 10 terabytes of data each month from more than 100 global data sources. The massive size of its platform has helped them to create one of the largest malware databases in the world and become an essential threat intelligence source for dozens of enterprise organizations, government agencies and cybersecurity companies around the world.
The vxIntel team will become part of Arctic Wolf Labs, and their knowledge of the modern malware landscape will play a key role in enhancing the threat detection capabilities of the Arctic Wolf Security Operations Cloud and Arctic Wolf‘s plans to share operational insights with the cybersecurity research community.
Dan Schiappa is Arctic Wolf’s chief product officer.
“To date, our partners benefit greatly from our threat detection and response capabilities,” he said. “With the addition of vxIntel, our partners will gain access to an even higher quality and quantity of threat intelligence via our security operations platform, which in turn will inform and arm our customers and partners with the latest intelligence needed to address the rapidly evolving threat landscape.”
Threat intelligence is critical to understanding and ending cyber risk, and differentiating vendors in the cyber market, Schiappa said.
“This acquisition adds yet another layer of intelligence, thanks to vxIntel’s world-class knowledge of the malware landscape, to our offerings,” he said. “Our partners can look forward to continued advanced threat detection and industry analysis from Arctic Wolf Labs, with the addition of vxIntel to our team.”
A new survey indicates IT professionals are becoming increasingly concerned about the growing number of cyber threats and foreign attacks capable of impacting video conferencing.
The survey, commissioned by Zerify and executed by market research firm Propeller Insights in July involved 1,000 IT professionals.
Key data findings include:
Ninety-seven percent of respondents said they were concerned about protecting privacy and video conferencing data.
Ninety-two percent reported they are aware of security vulnerabilities in video conferencing platforms.
Nation-state cyber threats have increased at most (82%) companies.
The majority of IT professionals (89%) are concerned about foreign attacks as they see a rise in threats.
Sixty-nine percent believe cyberattackers could breach their video conferencing platforms and 84% stated that if they were breached, they believed attackers could steal intellectual property, sensitive company data and trade secrets.
George Waller is executive vice president of Zerify.
“Remote and hybrid work is now a huge part of just about every business, and organizations are now using video conferencing platforms to conduct business with employees, vendors and clients,” he said. “Therefore, cybercriminals can gain access to confidential data — i.e. health care data, financial data, HR and employee data, intellectual property, government and military secrets, etc. — with damage resulting that ranges from severe to catastrophic. The average breach cost (penalties and lawsuits) can easily be in the millions – with adverse effects on a brand’s reputation, a loss of customers, loss of intellectual property and more.”
The first highly important step is to turn on two-factor authentication (2FA) if the conferencing system has it for both the meeting creator and participants, Waller said.
“However, if the authentication system sends the same one-time passcode (OTP) to all participants, it is not considered safe because anyone with that code can log in to any meeting,” he said. “Next, it is important to lock down the camera, microphone and audio-out streams since spyware can be used to hijack those applications. The organization should look into using a video conferencing service programmed with a desktop agent that locks down camera, microphone, keyboard, clipboard and audio-out speakers, preventing them from being compromised by malware. Ideally, all meeting creators and meeting participants should be individually authenticated every time they try to enter a meeting. This may involve being provided with a unique code that no one else can use, and biometrics for fingerprint and facial recognition.”
Coro, an end-to-end cybersecurity platform for midmarket organizations and IT teams, announced continued momentum with climbing revenues in 2022, driven by its steady growth across key industry verticals, the introduction of a free lifetime detection service for cyber threats, and rapid growth of its channel partner program.
Coro has seen significant momentum with 300% year-over-year growth for each of the past three years and into the first half of 2022. This growth is driven by steady expansion into existing verticals, including financial services, technology and health care, and forays into new verticals including K-12 education, trucking, transportation and logistics, and manufacturing.
Coro’s performance is also bolstered by a sustained uptick in its channel partner program offerings and strong team traction in the Chicago area.
Since the launch of its channel partner program in late 2021, Coro has steadily attracted and signed up new partners, including MSPs and technology service distributors. As part of the Coro Partner Program, partners secure 20% lifetime residual income and can sell Coro’s solution as either a branded or white-label offering.
In the first half of 2022, Coro signed more than 20 new partners, including AppSmart, Avant, Jenne, Sandler Partners, TCG, Telarus, FlexWorx, Net-Tech and Tutient.
Guy Moskowitz is Coro’s CEO.
“In a time when many cybersecurity companies are struggling and reducing staff, Coro continues to grow,” he said. “Our strategy of focusing on midmarket and SMBs, and offering an affordable, all-in-one cybersecurity solution is a winning combination. We are beyond proud of our 96% customer retention rate. As we continue to hire and grow, we are empowering channel partners to diversify. The previously untapped, unprotected midmarket is the new frontier for growth for MSPs and [technology service distributors] across the country.”
Coro, an end-to-end cybersecurity platform for midmarket organizations and IT teams, announced continued momentum with climbing revenues in 2022, driven by its steady growth across key industry verticals, the introduction of a free lifetime detection service for cyber threats, and rapid growth of its channel partner program.
Coro has seen significant momentum with 300% year-over-year growth for each of the past three years and into the first half of 2022. This growth is driven by steady expansion into existing verticals, including financial services, technology and health care, and forays into new verticals including K-12 education, trucking, transportation and logistics, and manufacturing.
Coro’s performance is also bolstered by a sustained uptick in its channel partner program offerings and strong team traction in the Chicago area.
Since the launch of its channel partner program in late 2021, Coro has steadily attracted and signed up new partners, including MSPs and technology service distributors. As part of the Coro Partner Program, partners secure 20% lifetime residual income and can sell Coro’s solution as either a branded or white-label offering.
In the first half of 2022, Coro signed more than 20 new partners, including AppSmart, Avant, Jenne, Sandler Partners, TCG, Telarus, FlexWorx, Net-Tech and Tutient.
Guy Moskowitz is Coro’s CEO.
“In a time when many cybersecurity companies are struggling and reducing staff, Coro continues to grow,” he said. “Our strategy of focusing on midmarket and SMBs, and offering an affordable, all-in-one cybersecurity solution is a winning combination. We are beyond proud of our 96% customer retention rate. As we continue to hire and grow, we are empowering channel partners to diversify. The previously untapped, unprotected midmarket is the new frontier for growth for MSPs and [technology service distributors] across the country.”
ESET considers itself a research company with products, as opposed to a product company with research. And much of that research shapes the solutions it provides to partners.
That’s according to Tony Anscombe, ESET’s chief security evangelist. ESET is one of the largest cybersecurity providers in Europe.
ESET‘s IT security software and services protect businesses, critical infrastructure and consumers worldwide from digital threats. They’re backed by ESET’s R&D centers.
Because it’s based so close to Ukraine, ESET has had a front-row seat to all of the cybercrime associated with the war there, Anscombe said.
ESET’s Tony Anscombe
“We’ve had a relatively big amount of focus on the conflict in Ukraine,” he said. “Our headquarters is in Slovakia, so it’s on a bordering country and we’re one of the largest providers of cybersecurity in Ukraine. So we’ve had very specific intelligence. And I think that’s been very interesting because if you look at the cyber threats … there’s typically monetization behind them. And now we’re seeing cyber threats against industrial control systems. We’re seeing malicious and malicious only attacks. So there’s no monetization behind them. They’re destructive attacks. So we’re actually learning a lot of what cyber warfare could look like or does look like. And that’s important as well.”
Research Shapes Cyber Protection
Ryan Grant is vice president of sales for ESET North America. He said partners get a lot out of ESET research.
ESET’s Ryan Grant
“Not only do we take it to market and we really share the latest findings that we have out there, but we actually publish it on welivesecurity.com where people can view that as well,” he said. “But it also makes it into the core of the product and how people set up their feeds on the product, and set up their security policies and those sorts of things. They’re able to really leverage the research, which is real time, that allows them to make sure that they are aware. And if they’ve got the latest product deployed from us, any kind of updates that we find through the research, they’re going to continually get at no additional charge. But they also can get educated as well.”
Scroll through our slideshow above for a Q&A with Anscombe and Grant, and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like