The Gately Report: LogRhythm's 'Maniacal' Focus on Customer Success Benefits Partners
British daily newspaper The Guardian has confirmed it was hit by a ransomware attack last month.
![Success compass Success compass](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blta67c37b84b7239e4/6524099c911d6eff4ae4c96b/4-Success.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: LogRhythm announced a series of expanded capabilities and integrations for its security operations solutions. How will partners benefit from this?
Gary Abad: We’re incredibly excited about what we just announced. So this is the security analytics module for our Axon platform. We’ve been doing this for over 18 years, and we built this Axon cloud-native platform literally from scratch, taking all those 18 years and putting it into this solution. And the analytics part now is taking all of that data, and it’s now going to be able to give our customers information. If you think about how complex this cybersecurity world is, it’s crazy with all the tools. And if you can’t figure out what is real and what is noise, you’re never going to be able to do your job. So we’re really excited about this.
CF: LogRhythm also recently announced a new partnership with SentinelOne to provide an integrated enterprise security solution to prevent, detect and respond to threats. Will this create new opportunities for partners?
GA: Extended detection and response (EDR), as you probably know, is one of the hottest cyber solutions on the market today. Endpoint security is always critical in any organizations. So a leading EDR provider like SentinelOne, having that integration into our platform is really important for the clients, our customers and the channel. Both of us are 100% channel companies. And when we go to market, we go to market through our partners. We have SentinelOne partners and they have LogRhythm partners. So it’s jointly going to the customer with that value proposition; it’s a winner for our partners.
CF: Is LogRhythm’s partner ecosystem growing? If so, what’s fueling that growth? And are more MSPs becoming LogRhythm partners?
GA: That’s kind of a yes and no. We’re almost 20 years old and we have some of the best cybersecurity partners in the world. But there are still some partners that we should probably have because of expanding markets, because of where we’re going. So we will be adding partners to our portfolio. And we do on a regular basis have a lot of applications for MSPs that are looking to use our platform. That said, we’re very highly selective as well. We don’t want to get where we’re overdistributed and we have too many folks out there that we cannot support. Cybersecurity is tough. It’s very complex. Our world and what we do, we want to make it simple. We want to speed up the results and give people the information they can act on. To do that, we have to be able to really enable these partners. So I don’t want to get more than what we need. But I want to have as many as we require.
CF: There’s a lot of economic uncertainty right now. How can LogRhythm help partners that may be adversely affected by this?
GA: There is a lot of upheaval in the economic systems in the global markets. The first thing I would say is that cybersecurity is extremely strong as a market. Unfortunately, cybercriminals and nation-state terrorists, they are not going away. So there’s never been a bigger need for what we’re doing. The other thing is, because there’s such a big need, with shrinking budgets and folks having limited capabilities to do these things, we really need to think about how do we automate more. How do we get in front of this more? And I do think that we are going to be able to help not just our end users, but also some of these partners figure out what’s the best way to go after these markets. So that’s a huge plus.
The other piece is the skills that it takes to do these things. We have lots of education, lots of resources and material to create cybersecurity experts. So when folks become familiar with what we do and how we do it, they become extremely marketable, whether that’s my customers or my partners. They become a fairly valuable asset to any organization. So I think that by the very nature of what we’re doing, we’re going to see a lot of folks benefit from that and even in a down market.
CF: What are the biggest issues/headaches facing SOC analysts, and how are LogRhythm and its partners helping with those?
GA: Like I said, cybersecurity is very complex. One of the issues that most SOCs have is that they have a lot of different tools. How do I bring it all together where I can start making sense of a lot of tools and a lot of noise? How do things correlate? What are the differences if I’m getting an alert over here, but I’m not getting one over here, or I’m getting five over there, what does that mean? All of that correlation is very important. So what we do and what our partners do is help those clients with that. What we want to do is … simplify the process. We give them the most important alerts and alarms, and threats to act on. And either my partners can help remediate that, and be those eyes on the glass and do that incident response for them on that front line, or they do everything up to there and then hand it over to a team of professionals and say, “Here you go; here are the things to worry about.”
So again, nobody can do it by themselves. But with a world-class security information and event management (SIEM) like LogRhythm and with our world-class partners, we definitely help our customers come overcome those challenges.
CF: What are you hearing from partners? What do they most want from LogRhythm?
GA: It’s always enablement. One of the things that you’ll hear a lot about from LogRhythm is that we are on a very aggressive update and release schedule. We are promising and making commitments to our clients that we are going to have quarterly releases. And with that, we’ve got to make sure that we’re quarterly enabling everybody on what that is. So enablement is always key with partners and having world-class enablement. In addition to that, it’s just scale. A lot of times our best partners have not five or 10 customers, but tens of customers or hundreds of customers. How do we help them scale their operations? How do we help drive costs out of their model so they can deliver world-class services without running into every time I bring on a customer? I have to bring on a new group of employees. So that scale is very important for our partners.
CF: What’s your take on the current threat landscape? What do you find most dangerous?
GA: Everything. Unfortunately for us, almost anyone can be a cybercriminal. With the dark web, and people commercializing things like ransomware and getting subscriptions, the threats really are from everywhere. Nation-state terrorism is a very big threat, not just to other nations, but to our utilities, our financial organizations, etc. So the threats really seriously are coming from everywhere. Like most people know, the endpoint is easy for them to attack and go after, but it’s also the network as well, coming in and bombarding, and taking over somebody’s networking and locking it down. Those are real threats that are happening. And unfortunately, there’s no end in sight. We’ve got to do everything we can to be not one step in front of the cybercriminals, but literally five steps ahead, because as soon as they can get around something, they will. So the premise that we have is that they’re in, they’ve already breached you. What you have to do is you’ve got to find them. And that’s what we do.
CF: Overall, what can partners expect from LogRhythm in 2023?
GA: With partners, No. 1, it’s profitability, They have to make money. They have to fund their operations, etc. The cybersecurity market is white hot and where there’s mystery, there’s margin. And there’s a lot of mystery in solving these complex security issues. So they can expect margin.
No. 2, they can absolutely expect innovation. If we have to stay five steps ahead, we have to be innovating every single day. And then finally, a maniacal focus on our customer satisfaction, our customer success. It is the goal of everyone within LogRhythm that we never lose a customer, the customers are happy with what we do and how we do it. And it’s not like we’re perfect. We make software so there are issues with it. It’s how you handle the issues. It’s how you solve and how you communicate. We want to be world-class there. We want to continue with everything within our organization focused on that customer success.
In other cybersecurity news …
British daily newspaper The Guardian has confirmed it was hit by a ransomware attack last month and the personal data of U.K. staff was accessed in the attack.
The Guardian described the incident as a “highly sophisticated” cyberattack involving unauthorized third-party access to parts of its network. It was most likely triggered by a phishing attempt in which the victim is tricked, often via email, into downloading malware.
The Guardian expects some critical systems to be back up and running within the next two weeks. A return to office working has been postponed until early February to allow IT staff to focus on network and system restoration.
Erich Kron is a security awareness advocate at KnowBe4.
“This is a lesson that no matter the industry you are in, you are a target for ransomware,” he said. “The initial infection vector here, email phishing, is one of the most common and successful attack types when it comes to ransomware. To prepare for ransomware, organizations should ensure they have good, tested and offline backups, and should ensure they are educating their staff on how to identify and report phishing emails. In addition, data loss prevention (DLP) controls are critical as bad actors often steal data and use the threat of releasing it publicly to extort victims.”
Blockchain hackers stole more than $3.5 billion worth of cryptocurrencies in 2022, according to data collected by the Atlas VPN team.
Blockchain bridges lost $1.2 billion worth of cryptocurrencies in just 16 events. Ronin Network sidechain bridge suffered the biggest hack of the year, as the attacker walked away with $610 million.
Furthermore, the BSC ecosystem lost more than $870 million in 76 attacks or scams in 2022. The Ethereum ecosystem is not far behind, with 49 events resulting in losses of more than $500 million in cryptocurrencies.
Other crypto-related projects and people were victims of 48 hacks, causing nearly $370 million in losses.
Vilius Kardelis is a cybersecurity writer at Atlas VPN.
“As the use of blockchain technology continues to grow and become more mainstream, we can expect to see a corresponding increase in the number of hacking attempts targeting these systems,” he said.
Despite the fall of the crypto market in 2022, cybercriminals are still targeting blockchain networks and exchanges for their financial gain.
In 2022, cybercriminals and scammers caused 301 blockchain incidents. Last year, hacks rose by 27% compared to 2021, when researchers registered 237 blockchain events.
The first quarter of 2022 started strong with 79 blockchain incidents, the most recorded in a quarter at that time. However, in the second quarter, hacks were up by 24% and reached new heights at 98 events.
Due to fallen prices of most crypto, blockchain hacks dipped significantly to 56 events in the third quarter, a 43% drop compared to the second quarter. While the crypto market is still down, blockchain hackers and scammers came back with more schemes in the last quarter of the year, with 68 incidents and more than $1 billion in stolen profit.
The school year is being extended for public schools in Des Moines, Iowa, after a cyberattack forced them to close.
On Jan. 9, Des Moines Public Schools (DMPS) was alerted to a cybersecurity incident on its technology network. It then canceled classes on Jan. 10.
In an update, the school district said it made significant progress in restoring some systems so classes could resume on Jan. 12.
“Students should expect an offline learning experience until further notice as internet access and other networked resources will be limited,” it said.
Dirk Schrader is vice president of research at Netwrix. He said the incident is one more event in a long list of attacks on K-12 institutions in the United States and around the globe.
“Just a few days ago, 14 schools in the United Kingdom were hit by a cyberattack attributed to a group called Vice Society, leading to the loss of personal information of pupils and staff,” he said. “Vice Society is also behind a range of other attacks on schools in the United States and the United Kingdom, with the FBI issuing a joint alert about the group. A recent U.S. Government Accountability Office (GAO) report lists phishing, ransomware, distributed denial of service (DDoS) and attacks on video conferencing systems as the major targets. But in today’s interconnected world, there are many more networked systems that can potentially be impacted by a cyberattack on a school’s core infrastructure.”
For staff, students and parents, as the data usually held by a school includes sensitive information, an incident response plan should be prepared, Schrader said.
“What accounts and email addresses were used in relation to school activities?” he said. “Were the passwords for these reused somewhere else (worst case scenario for a security professional)? As financial data might be affected, credit monitoring should be considered as well.”
The incident is also another prominent reminder for everyone to stay vigilant with personal data and the accounts in use, Schrader said.
“It’s wise to enable multifactor authentication (MFA) if possible, using a password management solution, or, generically, be savvy about your data, your digital identities and your devices,” he said. “This will help in advance for a likely wave of phishing attempts following such an event, even if no data has been exfiltrated at all.”
Nearly 32% of newly introduced enterprise applications are found to have flaws from the first vulnerability scan, according to new Veracode research.
In addition, by the time they have been in production for five years, nearly 70% of applications contain at least one security flaw.
After the initial scan, apps quickly enter a “honeymoon period” of stability, and nearly 80% do not take on any new flaws at all for the first year and a half, according to Veracode. After this point, however, the number of new flaws introduced begins to climb again to approximately 35% at the five-year mark.
Developer training, use of multiple scan types, including scanning via API, and scan frequency are influential factors in reducing the probability of flaw introduction, suggesting teams should make them key components of their software security programs. For example, skipping months between scans correlates with an increased chance that flaws will be found when a scan is eventually run. Furthermore, top flaws in apps vary by testing type, highlighting the importance of using multiple scan types to ensure hard-to-identify flaws aren’t missed.
With heightened focus on the software bill of materials (SBOM) over the past year, Veracode’s research team also examined 30,000 open-source repositories publicly hosted on GitHub. Ten percent of repositories hadn’t had a commit — a change to the source code — for almost six years.
Chris Eng is Veracode‘s chief research officer.
“Using a software composition analysis (SCA) solution that leverages multiple sources for flaws, beyond the National Vulnerability Database, will give advance warning to teams once a vulnerability is disclosed and enable them to implement safeguards more quickly, hopefully before exploitation begins,” he said. “Setting organizational policies around vulnerability detection and management is also recommended, as well as considering ways to reduce third-party dependencies.”
Mark Lambert is vice president of products at ArmorCode.
“As the software supply chain gets more complicated, it is critical to know what open source you are indirectly utilizing as part of third-party libraries, services (APIs) or tools,” he said. “This is where SBOM comes in. By requiring a disclosure of all embedded technologies from your vendors, you can perform analysis of those libraries to further assess your risk and react appropriately.”
Events like the Log4Shell vulnerability have highlighted the need and value of SBOM at the enterprise level, Lambert said. But for many, this has not yet translated to how development teams will be able to leverage them without slowing down software delivery with manual tasks.
“One of the big challenges I see is that this is more data for the development teams to manage as they deliver software,” he said. “Organizations are going to need ways to automate generating, publishing and ingesting SBOMs. They will need ways to bring the remediation of the associated vulnerabilities into their current application security programs without having to adopt whole new workflows.”
Nearly 32% of newly introduced enterprise applications are found to have flaws from the first vulnerability scan, according to new Veracode research.
In addition, by the time they have been in production for five years, nearly 70% of applications contain at least one security flaw.
After the initial scan, apps quickly enter a “honeymoon period” of stability, and nearly 80% do not take on any new flaws at all for the first year and a half, according to Veracode. After this point, however, the number of new flaws introduced begins to climb again to approximately 35% at the five-year mark.
Developer training, use of multiple scan types, including scanning via API, and scan frequency are influential factors in reducing the probability of flaw introduction, suggesting teams should make them key components of their software security programs. For example, skipping months between scans correlates with an increased chance that flaws will be found when a scan is eventually run. Furthermore, top flaws in apps vary by testing type, highlighting the importance of using multiple scan types to ensure hard-to-identify flaws aren’t missed.
With heightened focus on the software bill of materials (SBOM) over the past year, Veracode’s research team also examined 30,000 open-source repositories publicly hosted on GitHub. Ten percent of repositories hadn’t had a commit — a change to the source code — for almost six years.
Chris Eng is Veracode‘s chief research officer.
“Using a software composition analysis (SCA) solution that leverages multiple sources for flaws, beyond the National Vulnerability Database, will give advance warning to teams once a vulnerability is disclosed and enable them to implement safeguards more quickly, hopefully before exploitation begins,” he said. “Setting organizational policies around vulnerability detection and management is also recommended, as well as considering ways to reduce third-party dependencies.”
Mark Lambert is vice president of products at ArmorCode.
“As the software supply chain gets more complicated, it is critical to know what open source you are indirectly utilizing as part of third-party libraries, services (APIs) or tools,” he said. “This is where SBOM comes in. By requiring a disclosure of all embedded technologies from your vendors, you can perform analysis of those libraries to further assess your risk and react appropriately.”
Events like the Log4Shell vulnerability have highlighted the need and value of SBOM at the enterprise level, Lambert said. But for many, this has not yet translated to how development teams will be able to leverage them without slowing down software delivery with manual tasks.
“One of the big challenges I see is that this is more data for the development teams to manage as they deliver software,” he said. “Organizations are going to need ways to automate generating, publishing and ingesting SBOMs. They will need ways to bring the remediation of the associated vulnerabilities into their current application security programs without having to adopt whole new workflows.”
LogRhythm’s channel leader says his company’s “maniacal” focus on customer success is great for partners and helping them grow.
Gary Abad is LogRhythm’s vice president of global channels. He originally joined LogRhythm in 2015 as senior director of channel sales. He then returned last August after channel leadership roles with Ivanti and Trustwave.
Earlier this month, LogRhythm announced a series of expanded capabilities and integrations for its security operations solutions. Following the October launch of Axon, a cloud-native security operations platform, LogRhythm introduced new visualizations and analytics that offer increased visibility into potential security risks.
LogRhythm ‘Reestablishing’ Itself with Partners
Abad said LogRhythm has been focused on “reestablishing ourselves with partners.”
“We’re super excited about our new management team, our new CEO and the direction we’re taking the company,” he said. “And what we always try to get through is our focus on the customer will be our differentiator. There’s a lot of good technology out there and there’s some great technology. And we certainly feel we have great technology. What will absolutely make us stand apart is our maniacal focus on customer success, which is great for our partners.”
LogRhythm is looking at its programs and partnerships to “make sure we build that program that promotes those types of business outcomes for our clients,” Abad said.
LogRhythm’s Gary Abad
“We’re making sure our partners are enabled,” he said. “We’re making sure that the integration back into what they’re doing for the clients works well. There are the MSP partners out there, the co-managed services partners, and it’s really important that the technology that they have inside their four walls, my technology, works well, not just for the client, but for them. So we’re working on it right now to make sure that we’re going to deliver that type of program that produces those types of results.”
Scroll through our slideshow above for a Q&A with Abad and more of the week’s cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like