The Gately Report: Fortinet Ceases Russia Operations, Talks Growth with Partners, Kaspersky Rebuffs German Warning
Cloud security teams suffer burnout from too many alerts.
![Russia Stop Sign Russia Stop Sign](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt050cae2975579cd3/6524332653c26e7ca34d8289/Russia-Stop-Sign.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Fortinet recently announced its latest next-generation firewall. How will this release and Fortinet’s investment in the security fabric help partners better meet their customers’ needs?
John Maddison: One of our principals is what we call convergence and what convergence means. A lot of networks are built, and then they put security on top and overlay it. And so one of our foundations is converging networking and security. So when we do release a new next-gen firewall, it’s not really just a firewall. It’s a lot more than that. Obviously it does firewall, but also we’ve converged SD-WAN functionality inside there. We’ve converged SSL inspection, web filtering and also most recently zero-trust access as well. So that all comes together with the security that sits on top of that. We have a range of security stack that also fits on that.
So for a partner, I can go and speak to a customer and it’s not a point solution. I’m positioning a solution that can work on the networking side and on the security side. It offers a lot more operational efficiency. It offers better protection because when you overlay networking and security, you leave gaps. And then we also are very flexible on the form factors and deployment form factors. So when we say firewall, we mean a lot more than just firewall. And partners really like the fact that they can sell multiple use cases and multiple components of a security stack.
Jon Bove: I think it gives partners a lot of confidence in bringing the security fabric to their customers. With any product and integration, I think our reputation is being the most deployed, the most innovative and the most third-party-validated security solution. So it’s fitting a solution that partners can go bring to the market.
Channel Futures: Fortinet recently released its latest FortiGuard Global Threat Landscape that shows ransomware isn’t slowing, and continues to be relentless and more destructive. Is there a message for partners in this?
JM: The message is the threat landscape continues to get more advanced. We did some studying of the latest big vulnerability, log4j, and what we saw was that the speed to spread was almost 50 times faster than previous examples. And so not only do you have on the front end more advanced persistent threats, which originated from state-sponsored threats, but then also once something’s infected, the speed at which it’s spreading is just getting faster and faster.
The report didn’t highlight anything we didn’t really know in that ransomware now is attacking across all industries and is being particularly destructive in what we call operational technology environments, where if you do bring that to a halt, it’s costing sometimes millions of dollars. And so for us, we want to make sure that we provide that security stack across all of the infrastructure, more advanced capabilities, detection capabilities, so we can see it earlier. Also, if a customer does have an infection, the ability to apply prevention, not just detection, across every attack vector is really important.
JB: The security fabric is resonating for all of those reasons. The way that people work is ever-changing and you really need a platform or in our case a fabric to protect your network endpoints and clouds. I think partners see the value of the security fabric because it reduces the number of ad hoc security solutions that are not tightly integrated and that cannot deliver advanced response. So the integration of the fabric and the ability to orchestrate response is resonating with customers, but very much so with partners as well. Customers are challenged more than ever with the lack of skill sets and the increased cost of the digital sprawl. And we’re seeing partners adopt the fabric to help solve these customers’ most critical challenges.
CF: Fortinet has expanded its global Secure SD-WAN presence with new service provider partnerships. Can you talk a little bit about how Fortinet Secure SD-WAN is helping MSSPs grow their business with new services?
JM: There’s a good example of who’s partnering. Our partners will range from the very smallest reseller in a small country somewhere all the way to the largest telcos in the world. SD-WAN is a very important technology in our opinion. It’s the foundation of many of the things as you go forward, protecting the WAN, the LAN and the cloud. In the end, yes, we can sell SD-WAN and we can sell to a particular enterprise, but they always want it managed, so our partnership of SD-WAN and our service provider partners is very important.
CF: What are you hearing from partners in terms of their most pressing needs right now? And are their customers’ needs evolving along with the changing threat landscape?
JM: It’s people. The customers are struggling with people and so are partners. Customers are asking for more services, which is more people. And of course, right now in the current environment around scarcity of people and supply chain issues, it’s all amplified. I think that will get better as it goes forward. So what we try and do is build systems with more automation in them, and that allows a more advanced kind of threat intelligence. That allows our partners to provide more with less, making sure that they can meet the needs of each individual enterprise.
JB: The people challenge is real and we’ve stepped up. We’ve got a commitment to train over 1 million people through the network security expert program and we do provide that for free for our partners. And going back to our Engage specializations, we really organize that sales and technical enablement for partners to really skill up to meet those challenging demands.
CF: How is Fortinet giving its partners a competitive advantage?
Jon Bove: We are a channel company, so the competitive advantage we give our partners is we’re going to go win business with them. You bring opportunities to us through our deal registration program. You’re going to go engage with the sales teams and it’s going to be a multi-legged effort to go win with the customer. And that’s really what we need. We want to get in on projects earlier and then we want to go use those sales engagements to further demonstrate to partners how they can carry those opportunities just a little bit further next time. Across the board, we see our partners driving some of the healthiest gross margins in the cyber network space with Fortinet.
CF: What are your goals for Fortinet’s channel in 2022? I know last year was a really big year. Is this year going to be at least as big, if not bigger?
JB: Absolutely. I think we’ve done a really good job through the Engage program of really putting our foot in the ground and offering support across partners from that more traditional reseller or VAR versus MSSP and also embracing these born-in-the-cloud partners. I think the next evolution is really enabling them to deliver outcome services to customers. We want our partners to really balance the margins that they can drive through the transaction. But we want them to be able to implement and support the ongoing day-to-day interactions with their customers. So I think our big focus this year is to continue to further aid partners on the services development journey because we recognise how margin rich services can be and we think we can continue to do that as the next evolution of our Engage partner program. It’s going to lead to further success for our Fortinet partners and for Fortinet.
In other cybersecurity news …
Germany’s Federal Office for Information Security (BSI) this week warned users of antivirus software developed by Moscow-based Kaspersky that poses a serious risk of a successful hacking attack.
According to Reuters, the German agency said Kaspersky could be coerced by Russian government agents to hack IT systems abroad. It also said agents could clandestinely use its technology to launch cyberattacks without its knowledge.
The warning comes as Russia’s invasion of Ukraine escalates. The Russian army is now shelling Kyiv, the capital of Ukraine.
Eugene Kaspersky, Kaspersky’s CEO, issued a letter in response to Germany’s warning.
“Without going into details, I can say that these claims are speculations not supported by any objective evidence nor offering technical details,” he said. “The reason is simple. No evidence of Kaspersky use or abuse for malicious purpose has ever been discovered and proven in the company’s 25-year history, notwithstanding countless attempts to do so. Without such evidence, I can only conclude that BSI’s decision is made on political grounds alone. It is sadly ironic that the organization advocating for objectivity, transparency and technical competence — the very same values Kaspersky supported for years together with BSI and other European regulators and industry bodies — decided or was forced to drop its principles literally overnight.”
The reputational and business damage of the BSI decision is “already quite significant,” Kaspersky said.
“The only question I have — to what end?” he said. “Not having Kaspersky in Germany will not make Germany or Europe safer. Quite the contrary. The BSI decision means that German users are strongly advised to immediately uninstall the only antivirus that according to AV-Test, an independent German IT-Security Institute, guarantees 100% protection from ransomware. This means that the leading German industrial equipment manufacturers will no longer receive information about critical vulnerabilities in their software and hardware from Kaspersky ICS-CERT — an organization hailed for its responsible disclosure work by these very same manufacturers. This means that German automotive giants will remain oblivious to the bugs that may allow an attacker to overtake the entire onboard computer system and change its logic. This means a huge blind spot on the attack surface for European incident responders and SOC operators, who will no longer be able to receive threat data from across the globe — and from Russia in particular.”
Orca Security‘s 2022 Cloud Security Alert Fatigue Report shows cloud security teams are suffering burnout, which could have serious ramifications for organizations. The company surveyed more than 800 IT professionals across five countries and 10 industries.
More than half of respondents use three or more cloud providers and 57% have five or more cloud security tools. This combination of multicloud adoption and disparate tooling is overwhelming security teams with a flood of inaccurate alerts. In fact, 59% of respondents receive more than 500 public cloud security alerts per day, and 38% receive more than 1,000 per day.
More than half of respondents spend more than 20% of their time deciding which alerts should be dealt with first. The overload of alerts, combined with widespread inaccuracy (43% say more than 40% of their alerts are false positives) is not only contributing to turnover, but also to missed critical alerts. More than half of respondents said their team missed critical alerts in the past, due to ineffective alert prioritization – often on a weekly and even daily basis.
Avi Shua is Orca Security’s CEO and co-founder.
“Having to sift through hundreds of ‘high priority,’ often meaningless alerts, is causing security practitioners to become overwhelmed and leading to burnout and turnover, exacerbating cybersecurity staff shortages,” he said. “The only way to win the battle of cloud security is to leverage context to the maximum. Practitioners should be enabled to focus on the very few toxic combinations of alerts and attack paths that can put their crown jewels in jeopardy, rather than trying to review thousands of meaningless alerts.”
John Morgan is CEO of Confluera.
“Cloud security teams will have to work smarter, not harder,” he said. “Investigating each and every security alert in a timely manner is simply not feasible as organizations accelerate their cloud and multicloud adoption. Without a new approach, security teams will miss events and alerts that are part of a bigger threat until it’s too late. As organizations embark on multicloud adoption, they have an opportunity to revisit the tools and processes to enable their security teams to work more efficiently.”
Cowbell Cyber has secured $100 million in capital led by Anthemis Group with participation from Permira Funds, PruVen Capital, NYCA Partners, Viola Fintech and all existing investors.
This latest financing will increase investment in data science, underwriting, risk engineering and claims management. It will also expand go-to-market (GTM) channels including digital distribution, and support Cowbell Re, the company’s reinsurance captive.
Cowbell partners include MSPs, cloud providers, cybersecurity platforms, training providers and more.
Cowbell has developed the largest cyber insurance distribution network in the United States. It has grown its monitored risk pool to more than 23 million businesses, 70% of the U.S. SME market.
Jack Kudale is Cowbell’s founder and CEO.
“Since its 2019 inception, Cowbell has delivered on its promise to meet the needs of our policyholders by aligning cyber coverage to their specific exposures, continuously monitoring their rapidly changing threat landscape, and offering access to unique risk mitigation resources,” he said. “As we position ourselves to lead the second wave of cyber insurance growth, this funding will accelerate our pioneering approach to cyber risk underwriting, and drive growth and profitability while closing insurability gaps.”
The company says it will triple its policyholder base in 2022, solidifying its market position as the leading provider of cyber insurance to SMEs.
Cowbell estimates cyber insurance premiums in the United States will total $100 billion by 2030. One in five U.S. SMEs remain uninsured or underinsured for cyber risk, presenting Cowbell with an opportunity to lead this underserved market segment.
Barracuda‘s latest spear phishing report shows small businesses are three times more likely to be targeted than larger organizations.
The average employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.
Between January and December of 2021, Barracuda researchers analyzed millions of emails across thousands of businesses. Among their findings:
Conversation hijacking grew almost 270% in 2021.
Fifty-one percent of social engineering attacks are phishing.
Microsoft is the most impersonated brand, used in 57% of phishing attacks.
One in five organizations had an account compromised in 2021.
Cybercriminals compromised about 500,000 Microsoft 365 accounts in 2021.
One in three malicious logins into compromised accounts came from Nigeria.
Cybercriminals sent out 3 million messages from 12,000 compromised accounts.
Mike Flouton is Barracuda’s vice president of email protection.
“Hackers target small businesses just as much as they do big enterprises – in fact our research showed that the smaller the organization, the more likely their employees could be targeted,” he said. “MSPs need to make sure that their customers understand this. Given how targeted SMBs are and how devastating potential attacks on small business can be, their security protection should be just as robust as that of a large enterprise.”
Cybersecurity providers need to make sure their customers make investments in the following areas:
Security technology that is effective at protecting against all email threat types.
Improving security awareness among end users so they can recognize and report suspicious messages.
Incident response. Make sure your customers are prepared for a cyberattack and have a well thought out response plan in place that will help them recover quickly.
Data protection. Data is one of the most important assets most organizations have, and the ability to recover and restore data is critical for business continuity.
Barracuda‘s latest spear phishing report shows small businesses are three times more likely to be targeted than larger organizations.
The average employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.
Between January and December of 2021, Barracuda researchers analyzed millions of emails across thousands of businesses. Among their findings:
Conversation hijacking grew almost 270% in 2021.
Fifty-one percent of social engineering attacks are phishing.
Microsoft is the most impersonated brand, used in 57% of phishing attacks.
One in five organizations had an account compromised in 2021.
Cybercriminals compromised about 500,000 Microsoft 365 accounts in 2021.
One in three malicious logins into compromised accounts came from Nigeria.
Cybercriminals sent out 3 million messages from 12,000 compromised accounts.
Mike Flouton is Barracuda’s vice president of email protection.
“Hackers target small businesses just as much as they do big enterprises – in fact our research showed that the smaller the organization, the more likely their employees could be targeted,” he said. “MSPs need to make sure that their customers understand this. Given how targeted SMBs are and how devastating potential attacks on small business can be, their security protection should be just as robust as that of a large enterprise.”
Cybersecurity providers need to make sure their customers make investments in the following areas:
Security technology that is effective at protecting against all email threat types.
Improving security awareness among end users so they can recognize and report suspicious messages.
Incident response. Make sure your customers are prepared for a cyberattack and have a well thought out response plan in place that will help them recover quickly.
Data protection. Data is one of the most important assets most organizations have, and the ability to recover and restore data is critical for business continuity.
Fortinet channel partners played a big role in the cybersecurity giant’s strong 2021 earnings. Furthermore, the company expects more growth this year.
That’s according to Jon Bove, Fortinet’s vice president of channel sales. This week, Fortinet announced five new service providers – GO Telecom, Microland, Radius Telecoms, Spectrotel and Time dotCom – have added Fortinet Secure SD-WAN to their managed service portfolios.
Ceasing All Operations Within Russia
In response to Russia’s invasion of Ukraine, Fortinet earlier this month ceased operations within Russia. This included the suspension of Fortinet sales, support and professional services.
Fortinet provided the following statement:
“We regret the impact this will have on our employees, partners and customers who are adversely impacted by the actions of the Russian government. Fortinet has multiple efforts underway with our customers and partners, including governments around the world, to prepare for and defend against cyberattacks. These efforts include sharing the latest threat intelligence from our FortiGuard Labs as well as our broad ecosystem of threat intelligence partners.”
Fortinet is encouraging all organizations to elevate their defenses in light of the heightened cybersecurity risk.
“This should include a risk-prioritized approach to fully updating and patching cybersecurity solutions, reviewing overall security postures to ensure any gaps are addressed, and using recent threat intelligence to protect against possible threat vectors,” it said. “It should also involve a review of basic cyber hygiene best practices. Fortinet stands ready to help support and protect our customers and partners.”
Opportunities Abound for Fortinet Channel Partners
In a Q&A with Channel Futures, Bove and John Maddison, Fortinet’s CMO and executive vice president of products, talk about ongoing and new opportunities for partners.
Channel Futures: Fortinet this month reported its full year 2021 financial results, which showed a 29% year-over-year increase in total revenue. What role did partners play in this growth?
Fortinet’s Jon Bove
Jon Bove: First of all, what an incredible year. And being a channel-centric company, partners are a part of every bit of our go-to-market, and we really attribute a lot of our success — both historical but also forward-looking to them. The opportunity that we present partners is so unique. In the second quarter, we exceeded 6,000 new [customers] and so partners through deal registration play a huge part of that. But at the same time, I think the enablement that we deliver through our Engage partner program that we introduced last year, we were very thoughtful in that approach. We wanted to give partners the ability to engage with us, expand not from a traditional VAR model, but also into managed security services and into helping customers on their journey to cloud and then also specialized.
Fortinet’s John Maddison
Scroll through our slideshow above for more from Fortinet and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like