The Gately Report: Metallic Lures MSSPs with New ThreatWise Security Service
Phishing attacks have skyrocketed over the last 12 months.
![Fishing with Lure Fishing with Lure](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt752b558e6504d84d/652411f842f912643f865dab/Fishing-with-Lure.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: How did ThreatWise come about?
Metallic’s Thad Keating: We’re a data protection company. We’re not a security company. We don’t want to be in the firewall business. We don’t want to be in the ransomware business. We want to be in the detection business of a bad actor. So as we looked across the landscape to determine what’s the best way to solve for that, we found an Israeli security company (TrapX) that [had] next-generation sensor technology that emulates real devices, real workloads inside of a network. As we thought about what can we add on, we’ve got this cool cloud control plane. We’ve got reach into the data center, your cloud workloads and your SaaS workloads. Could we put sensors that would emulate the technologies or the resources that a bad actor would be after, and then use those sensors to identify and notify back to the customer that inside this environment you potentially have a bad actor that’s looking to gain access to your data protection environment? So we acquired that company earlier this year.
We already have our first SaaS version of that technology delivered to the market, called ThreatWise. And our customers that are using Metallic today, inside of their user interface (UI), they’re protecting their SaaS apps, they’re protecting their databases and their … environments, and now they have ThreatWise where they can easily deploy these sensors across their environment where they feel like they need a bit more protection. We’re the only one in the market that has that extended capability today.
CF: Any other latest cybersecurity offerings or any on the horizon?
TK: I can’t get into details, but I will tell you we continue to think through our efforts to provide our customers better insights into their data protection environment. There’s a lot of stuff that we have just in terms of our engagement with our hyperscale cloud partners. They’ve got a bunch of native security tools that are also very relevant to our platform, and what we’re doing and where we’re extending. So we’re looking at a lot of things. But I think in the future, you’ll see us continue to add on to what we’re doing around that thought of extending the value chain of protecting data.
CF: Every MSP now has to offer security, and not just a little security. In addition, there are MSPs that want to become MSSPs. How can Metallic help in those scenarios?
TK: Early on with Metallic, we saw our partners engaging on multiple accounts through numerous ways. Whether they wanted to order extensions, or they may even submit a ticket to request a feature or function, that partner is really engaged in what’s happening. And what we found is they were delivering service wrappers and running an MSP using the Metallic platform because it was so efficient and easy to deploy, and quick time to value.
So we started engaging our solution providers who said would it be helpful if we could deliver a multitenant platform that would allow visibility into health and billing, etc. And they said, “Oh, that would be fantastic.” So we launched a Metallic MSP almost a year ago and have had great success with it, successful stories of these partners scaling their businesses very quickly. And now what we’re seeing is they want to bring ThreatWise to market.
We have a couple of design partners that we’re talking to right now in terms of how best to deploy that. We have some MSSP design partners right now that are already delivering ThreatWise or the previous software version as an offering in their company. They’ve added Metallic data protection to their portfolio of offerings because they’re starting to see that combination of security and data protection come together.
CF: What’s influencing the formulation of your cybersecurity offerings? Is the evolving threat landscape having an impact?
TK: We had a bad problem with ransomware before the pandemic, and the pandemic just sort of put steroids into it. Based on the business that we’re in, we get the phone calls when we need to help our customers recover. And thankfully we’re really good at that. So a lot of our direction comes from customer engagement, customer feedback. We spend a lot of time engaging with our customers. We’ve got one of the best customer success models in the market. That team is phenomenal and is capturing customer direction. And I would say that along with the incredibly smart leaders we have here at Commvault, that helps us … steer and make sure that we’re picking the right capabilities and the right features to bring to market.
CF: When it comes to cybersecurity, what are you hearing from MSPs in terms of their latest needs and biggest pain points?
TK: There are two things. One, continue to deliver ease of deployment and ease of management. Do I have the right insights? Am I covering the right thing? As big as the security industry is, and with as many tools and resources that are in the market, it’s amazing how successful the bad actors continue to be. And we in the data protection space have to deliver better and more insightful. We’ve got to continue to look for ways to leverage artificial intelligence (AI) and machine learning (ML).
Take anomaly detection, for example. Those can be very complicated things to track in an environment. How do you do that, but yet turn around and simplify the report back to the end user, to the administrator, that there’s an issue? So I think it’s scale and at the same time looking for ways to simplify what the action is that needs to be taken.
CF: What do you find most dangerous and threatening about the current threat landscape?
TK: I think it’s all the things we have to be conscious of. It used to be we thought about actually kicking the cord and unplugging the server, the bad shutdown that we can’t recover, the blue screen of death. And now I think the industry has done such a good job of application availability, those sorts of things have kind of moved to the back of our mind. But I’ve got to tell you, we still do lots of recoveries for just pure, old-fashioned human mistakes. So it’s the accident.
We’re also seeing skilled labor shortages. So as businesses continue to scale … and security needs continue to scale, the availability of those resources is becoming smaller and smaller, which is another reason why our MSPs are having such a strong go at it. They’re delivering very efficient, very strong, best-in-class skilled models that deliver that service to the customer. I think the risks today are a lot of the same risks we’ve been dealing with as an industry. I just think they’re scaling further and faster. And we’ve got to think about how you keep the same consistency of great service to the market while labor continues to be tight.
CF: How is economic uncertainty impacting your company and its partners? How are you helping MSPs during this uncertain time?
TK: One of the things I’ve seen every time there’s been an economic downturn is purchasing just gets a lot more thorough in their reviews of the value back to the business. Thankfully, we have a phenomenal portfolio of both a pure, cloud-based SaaS offering that covers everything from on-premises into the cloud, to SaaS apps, and a phenomenal software offering that has end-to-end capabilities that I think very few could touch. And the reason that’s important is, different customers are on different paths in terms of how they’re thinking about adopting new technologies to deliver value to their business. That could mean how they deploy security techniques. That could mean how they’re adopting the cloud. That could mean application rationalization. Everybody is on a different path to the cloud.
Without having a portfolio like ours that can deliver both a very flexible SaaS model and a software model, the total cost of ownership gets very difficult. I don’t really know and I don’t think anybody really understands what’s going to happen with the economy just yet, how this thing is going to land, is it going to tick up or down. But our ability to be flexible with our portfolio and our solutions to our customers as we go through that review … I think we’re going to be in a really good position.
CF: What can partners expect from Metallic in the months ahead into 2023?
TK: When we started Metallic, we launched with partners first. We actually brought it to the partner community before we even brought it internally to the Commvault seller. And the reason is, as we were doing some pre-release roadshows with partners, they were immediately getting it. They saw the value and they could see this shift happening in the market. So as soon as we came to market with this and the customer ecosystem saw it, they were quick to jump on it and we did everything we could to support that growth. Not only were they the largest point of origination in terms of opportunities, but they were also bringing to us the majority of net new buyers to Commvault as well.
So when we think about the partner landscape, it’s not just about getting scale. I think that’s sort of like a simplistic view. The insights they have to their market, to their customers, they are the trusted advisor to the buyers. They are helping to look at the business problems, aggregate technology solutions together and bring them forward. We are constantly looking at ways to revamp our partner program and the different ways we can incentivize our partners to continue to lean in with us. Thankfully, they keep getting bigger. I was just looking at numbers earlier today and our line in terms of number of deals coming from the partners is up and to the right, and it just gets deeper and deeper. So we’re always looking at ways to better support our partners. So I think in terms of what they can look forward to is more.
In other cybersecurity news this week …
SlashNext has published its annual State of Phishing Report, which reveals a 61% increase in phishing over the last 12 months.
The latest report underscores how cybercriminals are moving their attacks toward mobile phishing and credential harvesting. That’s causing breaches in places once thought impenetrable.
There has also been an 80% increase in threats from trusted services in 2022, such as Amazon Web Services or Google, which now represents one-third of all phishing attacks.
Additional findings include:
More than half of the threats detected are zero-hour attacks, representing a 48% increase in zero-hour threats from the end of 2021.
Seventy-six percent of attacks are credential harvesting, which is still the No. 1 cause of breaches, as demonstrated in the high-profile breaches of Twilio, Cisco and Uber, all starting with credential theft.
Fifty percent year-over-year increase in attacks on mobile devices.
Patrick Harr is SlashNext‘s CEO.
“With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever,” he said. “Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets.”
Hank Schless is senior manager of security solutions at Lookout.
“Phishing is an issue for every organization, especially as more enterprises embrace bring-your-own-device (BYOD), and employees use the same device for work and personal reasons,” he said. “There are some ways to protect yourself that will remain regardless of the context of a phishing attack or what evolution of the web we’re on. Always exercise additional caution when doing anything that involves a financial transaction. If you receive communication about a transaction, find ways to validate it. Take the extra couple of minutes to scrutinize the web address, whether that’s a URL or a routing address, to ensure you’re sending funds to the right place. Be wary of social engineering, especially in the blockchain world. This is a new environment for many people, and attackers are taking advantage of that lack of familiarity to execute attacks.”
At this week’s BlackBerry Security Summit, BlackBerry unveiled new applications, software solutions and cloud services available through its ISV ecosystem in the BlackBerry Marketplace for Enterprise Software.
ISV partners with new solutions available on the Marketplace include:
SafeBreach now offers SafeBreach Studio, a no-code, red-team automation platform. It allows BlackBerry customers using CylanceProtect and CylanceOptics to automate and scale red-team exercises without specialized expertise.
Customers now have a free license to use Blue Cedar BlackBerry Edition to create one BlackBerry Dynamics-enabled app for production deployment. Blue Cedar adds BlackBerry Dynamics security to already compiled apps without coding.
Movius now offers MultiLine, a solution for using mobile voice, text and WhatsApp for communications globally. The WhatsApp Messaging Connector within MultiLine unifies mobile voice and multiple messaging channels in a single user experience. Customers can now record and archive all conversations within MultiLine for compliance and capture all communications to send to existing compliance archives.
Absolute Software has added CylanceProtect to its application resilience catalog. Joint BlackBerry and Absolute Resilience customers can now extend Absolute’s firmware-embedded, self-healing device connection to CylanceProtect, ensuring it remains healthy, installed, and working effectively to protect their devices and data.
Exabeam Security Information and Event Management (SIEM) and Exabeam Security Log Management now complement CylanceProtect and CylanceOptics in providing CylanceGuard analysts with critical feeds and insights from any security technology stack, for threat detection and incident response.
ISEC7’s signature product, ISEC7 Sphere, now supports the BlackBerry product portfolio, including Cylance cybersecurity products. And it’s the first third-party product to support BlackBerry’s recently announced CylanceAvert information protection service.
Colleen McMillan is BlackBerry’s vice president of global channel sales.
“The integrations from our ISV partnerships generally help MSSPs with improved interoperability,” she said. “This improves operational efficiency and can decrease client onboarding time for MSSPs accelerating time to revenue.”
Alex Willis is Blackberry’s vice president of sales engineering and ISV partners.
“Combining these new solutions with BlackBerry’s offerings is innovative,” he said. “In today’s climate, CISOs are continuously evaluating their overall cybersecurity postures. As a result, they’re addressing gaps in cybersecurity related to endpoint security and mobile workforce use cases. BlackBerry offers the most advanced endpoint protection, and protection at the application and network using AI and zero trust indivisible to the end-user.”
Categories of solutions on the marketplace include business intelligence, advanced analytics, mobile threat protection, authentication, secure messaging, video conferencing, business process management and more.
“We continually add new partners to the marketplace,” Willis said. “BlackBerry is always monitoring cybersecurity trends with our threat research and intelligence team. We also work with customers to understand their needs and address them with our products and services, as well as through partnerships like these.”
The health care sector is heavily targeted by cybercriminals and these attacks are more likely to result in financial consequences.
That’s according to Netwrix’s 2022 Cloud Security Report. More than 60% of respondents in the health care industry suffered a cyberattack on their cloud infrastructure within the last 12 months. That’s compared to 53% for other verticals. Phishing was the most common type of attack reported.
Thirty-two percent of respondents from other industries report that an attack had no impact on their business, while only 14% of health care organizations say the same. Unplanned expenses to cover security gaps and compliance fines are the most common types of damage that the health care sector faces due to a cyberattack.
Dirk Schrader is vice president of security research at Netwrix.
“Caring for someone in need of urgent medical treatment cannot stop or be delayed; it needs to continue whatever the circumstances are,” he said. “If an attack hits a company, say, operating in the manufacturing sector, there is at least a chance that the impact can be absorbed by the supply chain. For example, by changes to delivery schedules. For the health care sector, such options simply don’t exist. Their current patients are the direct and immediate responsibility, and any sudden change in the way of how care is rendered, as it happens in a cyberattack, carries the risk of larger financial consequences.”
Integration with existing IT environment topped the list of challenges organizations face while adopting the cloud for all the industries surveyed, including health care.
“This problem concerns 59% of respondents in the health care sector compared to only 41% on average,” Schrader said. “It is a common situation when some 10-or 15-year old medical devices keep executing their primary functions, but cannot ensure the appropriate level of security due to their outdated software. It is crucial to find a balance between taking care of patients’ safety and ensuring modern security. Not exactly a surprise, but the misalignment between operational safety regulations and IT security requirements became visible here.”
The biggest challenges health care organizations face while trying to ensure data security in the cloud are IT team understaffing and lack of cloud expertise, cited by 69% and 55% of respondents respectively, while insufficient budgeting is a concern only for 33%.
“In other words, the health care sector seems to be ready to improve its cybersecurity posture, but needs help with achieving this goal,” Schrader said. “This is a perfect opportunity for channel partners to provide guidance and share knowledge with their clients, while MSPs and MSSPs may become this precise pair of hands health care organizations need.”
The health care sector is heavily targeted by cybercriminals and these attacks are more likely to result in financial consequences.
That’s according to Netwrix’s 2022 Cloud Security Report. More than 60% of respondents in the health care industry suffered a cyberattack on their cloud infrastructure within the last 12 months. That’s compared to 53% for other verticals. Phishing was the most common type of attack reported.
Thirty-two percent of respondents from other industries report that an attack had no impact on their business, while only 14% of health care organizations say the same. Unplanned expenses to cover security gaps and compliance fines are the most common types of damage that the health care sector faces due to a cyberattack.
Dirk Schrader is vice president of security research at Netwrix.
“Caring for someone in need of urgent medical treatment cannot stop or be delayed; it needs to continue whatever the circumstances are,” he said. “If an attack hits a company, say, operating in the manufacturing sector, there is at least a chance that the impact can be absorbed by the supply chain. For example, by changes to delivery schedules. For the health care sector, such options simply don’t exist. Their current patients are the direct and immediate responsibility, and any sudden change in the way of how care is rendered, as it happens in a cyberattack, carries the risk of larger financial consequences.”
Integration with existing IT environment topped the list of challenges organizations face while adopting the cloud for all the industries surveyed, including health care.
“This problem concerns 59% of respondents in the health care sector compared to only 41% on average,” Schrader said. “It is a common situation when some 10-or 15-year old medical devices keep executing their primary functions, but cannot ensure the appropriate level of security due to their outdated software. It is crucial to find a balance between taking care of patients’ safety and ensuring modern security. Not exactly a surprise, but the misalignment between operational safety regulations and IT security requirements became visible here.”
The biggest challenges health care organizations face while trying to ensure data security in the cloud are IT team understaffing and lack of cloud expertise, cited by 69% and 55% of respondents respectively, while insufficient budgeting is a concern only for 33%.
“In other words, the health care sector seems to be ready to improve its cybersecurity posture, but needs help with achieving this goal,” Schrader said. “This is a perfect opportunity for channel partners to provide guidance and share knowledge with their clients, while MSPs and MSSPs may become this precise pair of hands health care organizations need.”
Metallic, Commvault’s cyber venture, is steadily drawing MSSPs, in part because of its new ThreatWise deception technology.
That’s according to Thad Keating, vice president of worldwide Metallic MSPs. Metallic started inside of Commvault and launched its go-to-market in 2020.
“Within less than six quarters, we had gone from zero to $50 million in annual recurring revenue (ARR), so like a rocket ship,” he said. “That’s faster than a lot of the data protection and security companies out there in the market today. The market was giving us the indication that this was a model that they wanted to consume.”
Metallic ThreatWise Uncovers Threats
Metallic recently unveiled its new ThreatWise solution. It’s an early warning system that proactively surfaces unknown and zero-day threats to minimize compromised data and business impact.
Metallic’s Thad Keating
“There’s there’s a lot of interest in what we’re doing with ThreatWise,” Keating said. “And there’s a lot of interest in terms of how we’re starting to bring together the next-gen sensor technology with data protection, and how those two are going hand in hand. So we are seeing a whole lot of interest of MSSPs. I would expect to tell you here in the next couple of quarters that that’s manifesting itself. I think the MSSP space will be a very, very active model for us.”
Working with MSSPs is a newer area for Metallic that developed over the past year or so, he said.
“That has gone incredibly well,” Keating said. “They’re the ones sitting at the table with us, helping us think through how do we go forward, what is the next layer. Is it leaning toward compliance? Is it data, geofencing strategies? It’s things like that that they’re asking us about, which means their customers are asking.”
See our slideshow above for more from Metallic and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like