The Gately Report: Netenrich Says Focus On Data Insights to Thwart Cyberattacks
Plus, scanning a QR code can unleash a cyberattack.
NicoElNino/Shutterstock
Channel Futures: AI and generative AI are big topics in cybersecurity. How is Netenrich making use of AI in its secure data analytics platform?
Justin Crotty: Netenrich has a lot of innovation around both machine learning (ML) and AI. Our view is data and the proper use of data is to draw insights and context, and ultimately point to resolution of security issues -- and data is at the root of that. We use ML and AI around use cases and modeling for threat hunting, and the identification and finding things that maybe we don't know about.
A lot of existing cybersecurity tooling does a good job when looking for the known. How do we start to tease out the unknown and allowing the machine, either through ML or AI models and large language models (LLMs), to start to identify areas of interest or anomalies that are appearing in those data streams that people should be taking a look at? So we've incorporated AI models into the interface.
AI is a part of the platform today and will be a big part of the platform tomorrow. And our view is that AI is the future in this business, especially as it relates to not only identifying threats more rapidly and more efficiently, but also reducing human workloads, reducing the noise, reducing the toil that human teams are currently experiencing in this space. We think AI is going to be a positive benefit for all of that.
CF: With AI being such a big topic, are you getting a lot of questions from partners about it? Do they want to know more about it, the benefits, risks, etc.?
JC: I think most of our partners are exploring how to use it or are starting to incorporate it. And whether it be operations models, or they might be using analytics for prospecting or sales support, there are a lot of different use cases that partners are looking at. You don't have to sell a partner that AI is something they should be paying attention to, especially the bigger, more enterprise-focused partners that we support. They already understand that. They're hiring teams to support it, leverage it and understand how to use it. And they're interested in how we're leveraging it and how they can benefit from the AI incorporated in our platform to help them extend security operations and to help make their customers more secure and more confident in the solutions that jointly we're presenting to them.
CF: What sort of growth has Netenrich experienced in the past year and what role do partners play in that growth?
JC: Our business has always been anchored on partners, and in the last year our relationship with Google continued to deepen and expand. I would characterize growth as strong both across our managed service business, where a lot of our large partners have been with us for many years, as well as in the security analytics and security platform business that we launched about three years ago. That's seeing strong, steady growth as well. So the environment is good.
The good news is operations is not getting less complex. It's getting more complex, both digital operations and security operations. So we support a lot of very capable partners. But even the most capable partners generally need some help with their operations or with components of it, or looking for ways to scale and leverage technologies and platforms, and partners like us to help them do that. So it's been a good year for Netenrich.
CF: Is the threat landscape shaping Netenrich’s product, business and channel strategies? If so, how?
JC: The threat landscape or attack surface is more complex than ever and will continue to grow in complexity. One of our core focuses going forward is our security analytics business. It's this idea of leveraging data, and leveraging AI and ML, to ingest and understand that data, and highlight risk, remediation, automate fixes when possible, reduce human toil, identify unknown threats and help threat hunters understand the expanding attack surface and threat landscape, helping them be prepared to meet that threat landscape.
But also we need to start educating customers and the market that not all risk is the same. We really need to be prioritizing risk and aligning risk against what's important for the business. I think a lot of innovation and a lot of evolution in the market has gone toward prioritizing risk, aligning risk with the business and then reducing the amount of human toil engaged in solving or remediating that risk. So it's a big part of our future. We spend a lot of money in R&D. We have a big, world-class engineering team that's continuing to build out our platform to meet the market demand and to meet emerging threats. And we feel really good about where we're positioned and how to go do that.
CF: What’s the latest in terms of Netenrich’s partner program? Anything new coming for partners?
JC: Our partner program really follows the platform innovation. Our partners that have been with us for a long time know that our bread and butter is helping them scale, helping them run operations efficiently. As we've scaled and moved into the security space, our programs will follow security operations, platform innovation, analytics, contextualization, resolution of problems and automation of resolution in the security space. Those are all key partner value components that we bring to the table for those partners that are looking to incorporate that kind of thing into their solution. We [don't have] a traditional partner program like other vendors might [have]. Our partner program is really helping our partners drive growth in the most innovative ways, both in service and in platform that we can bring to the market, and that's really where we focus.
CF: What's the latest feedback you're getting from partners? What are their most pressing needs?
JC: I'm not smashing atoms here when I say this, but skill gaps, skill resources in all of the areas that you would expect -- security, security analysts, security consultants, security technologists, continued operational skill sets, people that can run digital operations and security operations. They have gaps in skill sets that they need to fill or they're looking to fill, or they're looking to partners like Netenrich to help them shore up. And also technologists around understanding trends in AI, understanding trends in security, and solutioning around those critical needs. The partners that are looking toward the future and investing in their businesses, that's where they're struggling. And then obviously in the day-to-day, they want to be more efficient and they want to run more effectively. They want our help in helping grow their business and helping them improve their gross margins, all of those core blocking and tackling fundamentals. So we pride ourselves on being able to do that for our partners.
CF: Many organizations are dealing with tight budgets. How is Netenrich helping partners meet their needs?
JC: The use of technology should allow organizations to scale capabilities. A simple use case is if we can bring security analytics and rapid resolution to the table, aided by things like AI and ML, and platforms and technology, and automation, if we can reduce the cost that partners bear to not only support, but to resolve problems for customers, then we can impact bottom lines and budgets in a positive manner. If we can improve a partner's capability to go out and sell to a customer and win business, we can impact the bottom line in a positive manner. In my view, it's not atom smashing; it's basic fundamentals. How do we help a partner run as efficiently and effectively as possible? How do we help their customers do the same? And how do we help them drive those benefits to the bottom line, and to budgeting and to investment, and to innovation and all the things that they need to do to grow the business? So that's really where we're focused every day.
CF: What do you find most dangerous about the current threat landscape?
JC: Speed of propagation. Obviously the migration of workloads into the cloud expands the attack surface significantly. Propagation of the attack surface has probably never been faster. As much innovation that happens from the good guys, probably the same kind of innovation and IQ is leveraged by the bad guys. So my view is that distributed architectures, workforces, employees and customers, and the resources and compute deployed to support those customers, introduces a rapidly expanding attack surface that has everybody in the business thinking how we manage this long-term.
CF: What can partners expect from Netenrich in the months ahead, into 2024?
JC: Continued innovation. I think we do a good job listening to partners to understand where they're struggling and where they need help. We continue to invest in all the areas that bring value to our partners, and really heads-down focused on driving security analytics and this concept of driving speed to resolution, and bringing intelligence to the data to help security operations teams make better decisions, and ultimately identify and remediate problems that present the biggest risk to the businesses they're protecting. That's where we're focused.
In other cybersecurity news ...
QR codes are increasingly being used in phishing attacks, otherwise known as "quishing," according to new research from Hoxhunt.
As analyzed by Hoxhunt, 22% of phishing attacks used QR codes in the first weeks of October, based on data gathered from the company’s global human risk network.
In September, Hoxhunt also conducted a quishing benchmark test, which examined nearly 600,000 employees from 38 organizations across nine industries and 125 countries, revealing that just over one-third of recipients successfully identified and reported a simulated QR code phishing attack. More than half failed to recognize it as a threat.
The test also reveals major susceptibility differences to quishing attacks based on job function and industry. Manufacturing was the most vulnerable to QR code phishing, with a 1.6 times higher fail rate than the other industries, whereas legal, professional and business services were one-and-a-half times more successful than the other industries in reporting the benchmark simulation.
Pyry Avist, co-founder and CTO at Hoxhunt, said these campaigns utilizing QR codes typically result in loss of credentials, as they most commonly lead to business email credential harvesters.
"With the current adversary in the middle (AitM) harvesters, the malicious actors also efficiently get past multifactor authentication (MFA) in a scalable manner," he said. "This might then lead to the initial access being sold to another actor group, e.g. one performing ransomware attacks, lateral movement inside the network to establish a better foothold, etc."
QR codes do introduce additional difficulty in determining if it's phishing or not, especially for automatic filters, Avist said. Verifying whether the code leads to a legitimate domain is not as easy for the recipient either as one can't simply hover on the link.
"As these attacks utilize social engineering in a similar manner to other phishing campaigns, often with almost identical templates, phishing awareness and security behavior change programs do well at combating these attacks," he said.
According to SlashNext, QR code phishing works because:
QR codes have gained widespread trust among users, who often perceive them as safe and legitimate.
Scanning a QR code is quick and convenient, offering users instant access to information or services.
Traditional security filters, including Microsoft SafeLinks and other URL rewriting solutions, often focus on URLs. By using QR codes instead, attackers can sidestep these filters, making their phishing attempts more likely to succeed.
Many organizations prioritize desktop and network security, leaving mobile devices comparatively vulnerable. Recognizing this, attackers focus on mobile devices, especially given the rise in mobile-oriented functionalities like QR code scanning. Often, the attack may originate from an email, but the final exploitation occurs on a mobile device with lesser defenses.
QR codes are used in various contexts, such as marketing campaigns, ticketing systems and contactless payments. This wide range of applications provides hackers with numerous opportunities to exploit QR codes for their malicious purposes.
Stefanie Hammond, N-able's head nerd, has compiled a list of 10 best practices for MSPs marketing security.
"The cybersecurity landscape is in constant flux," she said. "Your marketing efforts should reflect your commitment to avoiding emerging threats, continuously improving your security services and strengthening your customer’s security posture. When you highlight your dedication to evolving your offerings to address new challenges effectively, you can position your MSP as a trusted security partner and drive growth by delivering the security solutions that today's businesses demand to meet tomorrow’s threats."
The following MSP marketing best practices will help build trust, showcase expertise and drive growth:
Before crafting your security marketing strategy, it's essential to understand your audience, Hammond said. MSP clients come from various industries with unique security needs and compliance requirements. Take the time to segment your audience based on industry, company size and specific security concerns. Tailor your security offerings and marketing messages to resonate with these distinct client profiles. Your security solutions should align with their pain points and regulatory obligations.
While fear, uncertainty and doubt (FUD) can grab attention, it's not the only discussion to have with your audience, she said. Instead of solely focusing on the doom and gloom of cybersecurity threats, take a balanced approach. Acknowledge the risks and emphasize proactive security measures, best practices, and the value of partnering with a knowledgeable MSP. Clients appreciate a more constructive and informative conversation that helps them make informed decisions.
Educational content is a powerful tool for marketing security, Hammond said. Create content such as blogs, whitepapers, webinars and video tutorials that share valuable insights, industry knowledge and best practices. Regularly update your clients and prospects on emerging threats and the latest cybersecurity trends. This knowledge positions you as an expert and demonstrates your commitment to their security and success.
In a crowded market, it's essential to differentiate your MSP by showcasing your unique value proposition, she said. Craft a compelling narrative highlighting your expertise, commitment to security, and the benefits clients gain by choosing your services specifically. Use graphics and visuals that communicate complex security concepts in an easy-to-understand manner. Creating visually engaging content can help your marketing materials stand out and resonate with your audience.
Leveraging vendor MDF is an excellent strategy for engaging prospects and existing clients, Hammond said. Consider hosting events like lunches, wine tastings or guest speaker sessions focusing on cybersecurity topics. These events allow you to educate your audience in a relaxed setting while strengthening your relationships. Additionally, partnering with reputable security vendors enhances your credibility and demonstrates your commitment to staying at the forefront of cybersecurity.
Webinars and in-person events are powerful ways to engage your audience and build trusted relationships, she said. Don’t hesitate to host, archive and promote educational webinars on various security topics featuring your team, as well as guest speakers from strategic partners (vendors or distributors) or other experts in the field. Use these webinars to inform—not overtly market or sell to your audience—and provide a platform for interaction and Q&A sessions, fostering a sense of community. Promote these events through email marketing, social media and your website to maximize attendance.
Consider offering security workshops for your clients and prospects, Hammond said. These workshops can be hands-on sessions that teach practical cybersecurity skills and best practices. Workshops can cover topics like password management, phishing awareness or securing remote work. Hosting such workshops demonstrates your commitment to client education and provides valuable insight that can help enhance your audience’s security posture.
Social proof, such as case studies and client testimonials, can be a compelling part of your security marketing strategy, she said. They build trust and provide concrete examples of your value to your client's security efforts. Showcase successful security implementations and highlight how your services help protect clients.
Encourage your existing clients to refer your services to other businesses by implementing a referral program that rewards them for bringing new business to your MSP, Hammond said. Word-of-mouth referrals can be a highly effective way to expand your client base, especially in the security sector, where trust is paramount.
Continuously measure the effectiveness of your security marketing initiatives and analyze metrics such as website traffic, email open rates, event attendance and lead conversions, she said. Use this data to adapt your strategy, focusing on what works best for your audience and refining your approach over time.
Kaspersky has discovered a number of scams exploiting the Israeli-Hamas conflict. Researchers found more than 500 examples of scam emails, along with fraudulent websites designed to capitalize on people’s willingness to aid those impacted.
The emails and sites, written in English, fraudulently seek donations for those affected on both sides. Links in many of the emails lead to a scam website that features content about the conflict and encourages people to make donations. The site facilitates easy money transfers, offering options for various cryptocurrencies, including Bitcoin, Ethereum, Tether and Litecoin. Using the wallet addresses, Kaspersky experts discovered additional fraudulent web pages claiming to collect aid for various other groups in the conflict area.
According to Kaspersky, fake charity scams frequently emerge to exploit real disasters. Scammers impersonate charitable organizations and use emotional language to entice users to click on a scam website link, where they are prompted to contribute, only to lose their money.
“In these emails, scammers try to create multiple text variations to evade spam filters," said Andrey Kovtun, a security expert at Kaspersky. "For instance, they use various call-to-donate phrases like ‘we call to your compassion and benevolence’ or ‘we call to your empathy and generosity,’ and substitute words like help with synonyms such as support, aid, etc. Besides, they alter links and sender addresses."
The researchers say scam pages like these can swiftly multiply, altering their design and targeting diverse groups. To avoid scams, they urge users to scrutinize pages thoroughly before donating. Fake sites often lack essential information about charity organizers, recipients, legitimacy documentation, or lack transparency regarding fund usage.
Kaspersky has discovered a number of scams exploiting the Israeli-Hamas conflict. Researchers found more than 500 examples of scam emails, along with fraudulent websites designed to capitalize on people’s willingness to aid those impacted.
The emails and sites, written in English, fraudulently seek donations for those affected on both sides. Links in many of the emails lead to a scam website that features content about the conflict and encourages people to make donations. The site facilitates easy money transfers, offering options for various cryptocurrencies, including Bitcoin, Ethereum, Tether and Litecoin. Using the wallet addresses, Kaspersky experts discovered additional fraudulent web pages claiming to collect aid for various other groups in the conflict area.
According to Kaspersky, fake charity scams frequently emerge to exploit real disasters. Scammers impersonate charitable organizations and use emotional language to entice users to click on a scam website link, where they are prompted to contribute, only to lose their money.
“In these emails, scammers try to create multiple text variations to evade spam filters," said Andrey Kovtun, a security expert at Kaspersky. "For instance, they use various call-to-donate phrases like ‘we call to your compassion and benevolence’ or ‘we call to your empathy and generosity,’ and substitute words like help with synonyms such as support, aid, etc. Besides, they alter links and sender addresses."
The researchers say scam pages like these can swiftly multiply, altering their design and targeting diverse groups. To avoid scams, they urge users to scrutinize pages thoroughly before donating. Fake sites often lack essential information about charity organizers, recipients, legitimacy documentation, or lack transparency regarding fund usage.
Focusing on data and how businesses can leverage data insights are keys to staying safe and keeping cybercriminals from succeeding in their attacks.
That's according to Justin Crotty, Netenrich’s senior vice president of channels. With its Resolution Intelligence Cloud, its secure data analytics platform, Netenrich turns big data into intelligence so enterprises can expose and manage security risk to reduce business impact.
Netenrich's Justin Crotty
"For so long, operations, both digital and security operations, have sort of been hey, there's a gap, let me throw a tool at it," he said. "It's been a sort of a tool bag fight, meaning, 'Let me put a bunch of tools in my toolbelt. Let me have a tool for all these various feature functions that I need to keep an organization or to keep a customer safe.' That has just resulted in massive tool sprawl."
Data Insights More Effective than Piling On Tools
A lot of the tools are good, they were built for specific purposes and they serve those specific purposes, Crotty said.
"There's nothing wrong with the decisions or the technology, but the the concept behind it is not sustainable," he said. "You can't just keep piling tools on these human operations teams and expect them to to catch a rapidly expanding attack surface or rapidly innovating threat actor universe out there. Instead, organizations need to start focusing on data and how data can be more effectively leveraged to identify and isolate, and remediate problems, and platforms that focus on data and focus on helping humans, security operations teams ... reduce the amount of noise that's coming at them, prioritize risk against what's important to the business, and ultimately, speed resolution or remediation of those issues. That's where we're betting big."
In July, Netenrich discovered the emergence of FraudGPT, an artificial intelligence (AI) bot that helps cybercriminals launch business email compromise (BEC) phishing campaigns on organizations.
Netenrich calls FraudGPT the “villain avatar” of ChatGPT. The AI bot can craft spear phishing emails, create cracking tools and more.
Scroll through our slideshow for more about Netenrich data insights and other cybersecurity news.
About the Author(s)
You May Also Like