The Gately Report: Proofpoint Partners Help Fuel Growth Amid Economic Uncertainty
Plus, more information is coming in, regarding widespread cyberattacks via the MOVEit vulnerability.
![Proofpoint partners in uncertain times Proofpoint partners in uncertain times](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt2ec00eedabfd7075/6523f54108f32f9f82436c69/Business-Uncertainty.jpg?width=700&auto=webp&quality=80&disable=upscale)
StunningArt/Shutterstock
Channel Futures: Proofpoint recently released its 2023 Human Factor Report, showing after a pandemic-induced disruption, there’s been a return to business as normal for cybercriminals. Is there a message for partners in this report?
Joe Sykora: I think in all of the threat research that we do there’s always a message for partners. We have a lot of MSPs that manage security services and a lot of them rely on us for our threat research because we process billions of emails every single day. So we’ve got some of the most comprehensive threat research out there for partners. So any of our partners that are using our solutions, obviously that’s part of our solution.
We also have seen a lot of our partners who are expanding with even more security services so it’s important for them. We identify different activity by the threat actors and who’s doing what, and more importantly what to look for. Part of what we do with partners is the security awareness and training piece of our business, which is their business. You have to make sure it’s relevant. So we have to know how the attacks are coming in to end users. That’s the big value to our partners and end users, and pretty much anyone out there. Even people in the industry use that report to really learn quite a bit as far as what’s going on because we can actually see more information than any other company out there when it comes to what we do.
CF: Last month, Proofpoint announced its membership in the Cybersecurity and Infrastructure Security Agency (CISA) Joint Cyber Defense Collaborative (JCDC). Are there benefits for Proofpoint’s partners?
JS: I think our partners benefit from everything that we do with our alliances and our integrations. We have a lot of integrations with a lot of the other industry-leading cybersecurity providers like CrowdStrike, Palo Alto Networks and Okta. There’s a long list of technologies that we have full integrations with. And really if you’re a partner, there’s no one manufacturer that does everything. And if anyone tells you that they do everything, it’s probably not what you need.
By doing what we do with alliances and the organizations that we become part of, it just lets our partners know that the solutions are complete that they’re providing to their end users. That’s a big value there. It goes hand in hand with our threat intelligence, and a lot of it is also sharing of that information as well. We’re all out here to do one thing, stop the bad guys.
CF: Proofpoint also released its Voice of the CISO report, revealing a higher number of CISOs feeling at risk of a material cyberattack. How can partners help CISOs with Proofpoint?
JS: We have the CISO report, but then we also have CISO advisory councils. So we collectively back the information and we give this to our partners as well. It gives them a different view as far as what’s important to their end users and the CISOs out there. So we make that all available. In fact, what we also make available for partners is we have a resident CISO program at Proofpoint. We’ve actually hired a large number of of CISOs to help us and our partners, they speak at events and do key things for our partners. It’s not a sales pitch; it’s not a product pitch. It’s information out there, and it’s important for everyone to understand what are the top threats and what keeps them awake at night. And that’s something that we’ve always done and we’ve made a significant investment in that.
We also have partner advisory councils across the world. And when I talk to our advisory council members, that’s one of the most valued things. There are two things they always tell me. One, love the threat research, and two, they love the thought leadership and the ability that we give them to bring in some of these CISOs and also reports like that as well. It’s a big value add. It’s important to understand what’s important to the CISOs out there.
CF: In April, Proofpoint announced new innovations to its Aegis Threat Protection, Identity Threat Defense and Sigma Information Protection platforms. How are those helping partners better address their customers’ needs?
JS: With those two platforms, it’s a better collective way to look at our total solutions, because if you look at the products and solutions that our partners sell to end users, we have quite a bit. We continue to make acquisitions. We acquired Illusive at end of last year and we’re integrating all the things into it. The Proofpoint Aegis platform is our traditional email protection, and security awareness and training. Those solutions go into that bucket. And then Sigma is actually the protection of the data.
So that’s where information protection, cloud access security broker (CASB) and our other solutions sit. So what we did is simplified things. It simplified it for our partners as well. When they’re pitching or they’re learning about what we do, it’s just an easier way to do that. And obviously we’ve branded it, and branding awareness is important as well in the market space.
CF: How can Proofpoint help partners that are being impacted by economic uncertainty?
JS: When I talk to partners, with some of their product lines, either they’ve seen elongated sales cycles or projects that no longer have funding. Typically though, when it comes to our solutions, those are the ones still being funded.
And the reassuring thing for our partners is our renewal rates are in the 90% range. So once you’re using the products and solutions, what we typically see and our partners see is, 1) an expansion of how many products they’re using of Proofpoint, and 2) the more products they’re using, the stickier it gets. So we’re a very predictable revenue stream and services stream for them.
And when we announced the new partner program and the specializations, our partners have really embraced that and they’ve built services around it. So services and renewals provide a very predictable income and revenue stream for our partners. I’m not saying anyone is economy-proof, but cybersecurity I think is one of the areas that we haven’t slowed down. Our partners are seeing it, too.
CF: What’s the latest in terms of Proofpoint’s new Element Partner Program? Is it providing new opportunities for partners?
JS: The Element program is doing great. We needed to refresh the program. It led us to re-energizing our partner program with the new branding and the new structure. Part of that was also additional margin and margin protection for our partners. So that’s been very well received. And again, the concept of the program is, if you’re willing to invest in Proofpoint, Proofpoint is willing to invest in you, and that’s been very well received. So we’ve actually seen some significant growth even out of some of our top partners. And we have been able to attract new partners as well. And some of the deals that we’ve been able to do on the MSP side are significant. We have seen a significant uptick in the number of our MSP partners. So far, the early indicators are it was a very successful launch and adoption of the program.
CF: What are you hearing from partners in terms of their most pressing needs?
JS: If you look at what partners want, they want protection. They want to build services around [Proofpoint], which translates to the margin to them. We’ve done a really good job of building a program that gives them that.
They also want predictability. We actually just launched a channel-ready program where we’re taking some of our most popular solutions and we’re making it even easier for partners to do business. So that’s one of the main things that partners want. They want to operationalize our technology, but they also want to simplify the entire sales process. And of course they want more support. We’ve given them more technical support and reference architectures, and showed them how to build a practice.
There is an urgency with some of the other parts of their business if they’re not just purely security. Some of the other parts of their business are flat to down. If there’s an MSP that was also doing notebooks and printers, and everything else, those aren’t growing like they used to. So there is an urgency, and people are taking us up on our offer as far as plugging into a lot of demand generation and the technical reference architectures that we have to spin those up in their organization.
CF: Is there anything about the current threat landscape that you find particularly dangerous?
JS: I think the biggest thing that I’ve noticed is the mobile. I’ve seen a shift to a lot of mobile attacks, either via text or via voice. So they’re getting a little more creative. Even some of those phishing attempts on the emails are getting better and better. Remember back in the day, way back when I got started, you could really tell, this is fake? The quality is getting better. So you just have to be careful and make sure you’re aware. We’re always going to have things we need to deal with. And I think for partners and manufacturers, we just need to all be ready to take care of them when people need help, and always be there.
I think the threat intelligence that we have is also a pre-warning for a lot of people. We can see things happen before most people do. And that’s just the sheer volume of our threat intelligence that we have here at Proofpoint.
CF: What can partners expect from Proofpoint through the remainder of 2023?
JS: We’re continuing to execute on specializations for partners. We may introduce a new specialization we are getting. Identity threat is a big topic and we did buy Illusive, so you’ll see more support and opportunities for our partners around that.
At RSA, we also presented break the attack chain. So that’s a nice message because if you look at the attack chain, Proofpoint can stop it at the beginning with still 95% of all attacks are coming through email. So we’re at the beginning. We’ve got information protection and data protection at the end. If something does happen, we make sure the data doesn’t leave.
And with Illusive, we actually filled in the middle with identity threat detection and response (ITDR). So we can actually look at vertical movement within the organization if something is happening. We have a pretty complete solution on the areas of cyber that we cover. And I think if you’re a partner, just look for more around those solutions. We’re continuing to make doing business with us easier. That’s always my simple formula, make it easier, make it profitable.
In other cybersecurity news …
More information has come to light regarding the targets and impacts of last week’s hacking of U.S. government agencies via a MOVEit Transfer software vulnerability.
According to a blog, Cymulate has confirmed that the U.S. Department of Energy was partially compromised by the Clop ransomware gang through the use of the MoveIT Transfer vulnerability.
“As this attack is ongoing, the extent of the compromise, and the potential that other agencies were also successfully attacked is not yet fully known,” it said. “This escalation of activity indicates that private and public organizations in the United States are likely to see scanning traffic and active attempts to perform ransomware attacks against critical infrastructure in the coming days and weeks.”
Jeffrey Wells, partner at Sigma7, a risk services company that works with top public and private organizations, said it will be some time, perhaps months, before we can know for sure the full impact, and just how pervasive or persistent a problem this will be and if other order of effects or malware were left behind.
“There has been some messaging from actors claiming to be Clop that any and all information that is related to the U.S. government that may have been exfiltrated, was unintentional and has been deleted,” he said. “That said … we should not trust that any of what they say is true or accurate.”
Exploitation of the MOVEit Transfer vulnerability will likely continue to be an issue for both government and the private sector, Wells said. That’s because both rely on a complex web of services provided by multiple providers and third parties.
“Effectively managing and policing the security practices of those providers is a complex problem for everyone, no matter their security posture,” he said.
Louisiana and Oregon are warning that millions of residents have had their data exposed as a result of the MOVEit Transfer mass-hack. Anyone with a driver’s license, ID or car registration from either of these states likely had personally identifiable information (PII) such as Social Security numbers exposed.
James McQuiggan, security awareness advocate at KnowBe4, said now that it has been reported, the cybercriminals will most likely go through and sell off the data or try to use it for targeted social engineering attacks.
“People with sensitive information stolen will want to act quickly to protect themselves from identity theft and social engineering attacks,” he said. “The stolen personal data can be used maliciously. Therefore, taking immediate steps to control the damage and prevent further harm is essential. They will undoubtedly want to monitor their financial accounts for suspicious transactions, checking with the credit bureaus to prevent identity thieves from opening new accounts or obtaining credit in their name. People must stay vigilant against phishing scams, social media engineering and cyberattacks. Keeping an eye out for suspicious emails, text messages or phone calls from unknown sources and never clicking on any link or attachment are just some of the steps they should be taking or need to take.”
The European Parliament has approved rules for artificial intelligence (AI), known as the EU AI Act, moving a step closer to the first formal regulation of AI in the West to become law.
“Parliament’s priority is to make sure that AI systems used in the EU are safe, transparent, traceable, non-discriminatory and environmentally friendly,” it said. “AI systems should be overseen by people, rather than by automation, to prevent harmful outcomes.”
According to CNBC, the EU AI Act would require generative AI systems, such as ChatGPT, to be reviewed before commercial release. It also seeks to ban real-time facial recognition.
Craig Jones, vice president of security operations at Ontinue, said this is a “significant and ambitious” step in a rapidly evolving technology landscape.
“The EU AI Act is pioneering in its scope, attempting to address a vast array of applications of AI,” he said. “It’s a remarkable initiative that signals the maturation of AI as a technology of central societal and economic importance. The requirement for pre-release review of generative AI systems, including ChatGPT-like systems, will spark a debate around freedom of innovation and the necessity of oversight.”
The EU AI Act, much like its predecessor General Data Protection Regulation (GDPR), could set global norms, given the transnational nature of technology companies and digital economies, Jones said. While GDPR became a model for data privacy laws, the AI act might become a template for AI governance worldwide, thereby elevating global standards for AI ethics and safety.
“On the upside, the act provides a regulatory safety net that seeks to ensure ethical and safe AI applications, which can instill more public trust in these technologies,” he said. “It also raises the bar for AI transparency and accountability. The downside might be that it could temper the pace of AI innovation, making the EU less attractive for AI startups and entrepreneurs. The balance between transparency and protection of proprietary algorithms also poses a complex challenge.”
Chris Vaughan, vice president of technical account management at Tanium, said overall, this is a positive decision.
“AI is a powerful tool that needs legislating,” he said. “Of course, there are great uses for the technology, but we have already seen numerous examples of unethical use, including horrific abuses of deepfake technology. There have also been incidents of dangerous AI-related activity regarding privacy, fraud and the manipulation of information.”
AI is not something that should be legislated retroactively, Vaughan said. Passing this draft creates a solid foundation for the future development of AI and the law around it. It signals that one of the most influential governing bodies has recognized the risks in these developments and will not be ignorant to the threats.
“This legislation isn’t the perfect solution to abuse of AI,” he said. “The AI act will only cover AI activities within the European Union, so there’s a strong possibility of AI havens developing where nefarious use of the technology isn’t prohibited. The legislation focuses on aspects of AI technology that can harm individuals. If AI is being developed to be used in a defensive manner, innovation won’t be stifled.”
There are more pros than cons to the AI act, Vaughan said. It is a risk-based act, meaning it has maneuverability. It is difficult to legislate technology that hasn’t been used yet and is difficult to predict. At the very least, it creates a framework for legal progression. Overall, it is a beneficial Act.
“Overall, my guess is that we’ll see the U.S. government hold back on introducing new measures any time soon,” he said. “I expect that they will continue inviting experts to appear in front of Congress to help them learn more about the technology, but also to show the public and the industry that it’s something they are keeping a close eye on. The EU legislation was drafted in a collaborative measure with experts in the field contributing to the discussion. Perhaps as Congress continue to hear from experts, the U.S. government may follow a similar approach.”
The European Parliament has approved rules for artificial intelligence (AI), known as the EU AI Act, moving a step closer to the first formal regulation of AI in the West to become law.
“Parliament’s priority is to make sure that AI systems used in the EU are safe, transparent, traceable, non-discriminatory and environmentally friendly,” it said. “AI systems should be overseen by people, rather than by automation, to prevent harmful outcomes.”
According to CNBC, the EU AI Act would require generative AI systems, such as ChatGPT, to be reviewed before commercial release. It also seeks to ban real-time facial recognition.
Craig Jones, vice president of security operations at Ontinue, said this is a “significant and ambitious” step in a rapidly evolving technology landscape.
“The EU AI Act is pioneering in its scope, attempting to address a vast array of applications of AI,” he said. “It’s a remarkable initiative that signals the maturation of AI as a technology of central societal and economic importance. The requirement for pre-release review of generative AI systems, including ChatGPT-like systems, will spark a debate around freedom of innovation and the necessity of oversight.”
The EU AI Act, much like its predecessor General Data Protection Regulation (GDPR), could set global norms, given the transnational nature of technology companies and digital economies, Jones said. While GDPR became a model for data privacy laws, the AI act might become a template for AI governance worldwide, thereby elevating global standards for AI ethics and safety.
“On the upside, the act provides a regulatory safety net that seeks to ensure ethical and safe AI applications, which can instill more public trust in these technologies,” he said. “It also raises the bar for AI transparency and accountability. The downside might be that it could temper the pace of AI innovation, making the EU less attractive for AI startups and entrepreneurs. The balance between transparency and protection of proprietary algorithms also poses a complex challenge.”
Chris Vaughan, vice president of technical account management at Tanium, said overall, this is a positive decision.
“AI is a powerful tool that needs legislating,” he said. “Of course, there are great uses for the technology, but we have already seen numerous examples of unethical use, including horrific abuses of deepfake technology. There have also been incidents of dangerous AI-related activity regarding privacy, fraud and the manipulation of information.”
AI is not something that should be legislated retroactively, Vaughan said. Passing this draft creates a solid foundation for the future development of AI and the law around it. It signals that one of the most influential governing bodies has recognized the risks in these developments and will not be ignorant to the threats.
“This legislation isn’t the perfect solution to abuse of AI,” he said. “The AI act will only cover AI activities within the European Union, so there’s a strong possibility of AI havens developing where nefarious use of the technology isn’t prohibited. The legislation focuses on aspects of AI technology that can harm individuals. If AI is being developed to be used in a defensive manner, innovation won’t be stifled.”
There are more pros than cons to the AI act, Vaughan said. It is a risk-based act, meaning it has maneuverability. It is difficult to legislate technology that hasn’t been used yet and is difficult to predict. At the very least, it creates a framework for legal progression. Overall, it is a beneficial Act.
“Overall, my guess is that we’ll see the U.S. government hold back on introducing new measures any time soon,” he said. “I expect that they will continue inviting experts to appear in front of Congress to help them learn more about the technology, but also to show the public and the industry that it’s something they are keeping a close eye on. The EU legislation was drafted in a collaborative measure with experts in the field contributing to the discussion. Perhaps as Congress continue to hear from experts, the U.S. government may follow a similar approach.”
Proofpoint partners are playing a big role in the enterprise security company’s continued growth despite ongoing economic uncertainty.
That’s according to Joe Sykora, Proofpoint’s senior vice president of worldwide channels and partner sales. He pointed out that many companies that do business in the channel have announced layoffs since the start of the year, but not Proofpoint.
Proofpoint’s Joe Sykora
“We continue to invest, we continue to maintain, and I think that’s important for our partners,” he said. “I will tell you, pipelines are stronger than ever with us, and talking to partners, their pipelines are very strong as well.”
No one knows how long economic uncertainty will last, but Proofpoint and its partners are staying strong, Sykora said. That said, they are fortunate to be in an industry that’s not a “nice to have.”
Proofpoint Partners ‘Need to Be Very Active’
“Some people say it’s going to take to the rest of the year,” he said. “If you follow the stock market, obviously it’s been pretty powerful the last couple of weeks. We’ve seen some gains, especially in the technology sector. And I think for our partners … you need to be very active. This is when you can separate yourself as a true partner versus a reseller. A true partner is someone who’s always checking in and still providing service to your customers, and finding out what do they need and how you can help.”
Proofpoint‘s partner growth is significant, Sykora said.
“If you look at partner contribution, which is deals that partners are bringing to us, that is up almost 20% over last year,” he said. “So we’re seeing a pretty significant increase in deals that are brought to us by partners. And that’s a testament to the changes that we’ve made over the last few years. It also goes into the fact that we’ve brought in a lot of new channel talent globally as well, a lot of channel account managers that have great relationships and really understand that. Partners are one of the major highlights of our success and I can attribute a lot of our success that we’ve had this year to our partners. So and things are going well.”
Scroll through our slideshow above for more important info for Proofpoint partners as well as additional cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like