The Gately Report: Radware Partners Have Advantage in Protecting Customers
Plus, the LockBit cybercriminal gang demands a $70 million ransom from chipmaking giant TSMC.
![Radware partners help customers with cybersecurity protection Radware partners help customers with cybersecurity protection](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blte21afc4854eb60c2/6523f1b040861a11a3a83975/Cybersecurity-Protection.jpg?width=700&auto=webp&quality=80&disable=upscale)
TierneyMJ/Shutterstock
Channel Futures: Radware announced its signature partnership with Sycomp, a global provider of data center and security services. And together, they have secured a $1 million deal with one of the top 10 biotech companies in the United States. Is signature a specific type of partner?
Radware’s Ron Meyran: In our ecosystem, we’ve got the channels, we’ve got the OEM partnerships, so Cisco, Check Point Software Technologies and also Nokia, and technology partners. Under channel, for resellers, the top level is signature, then there is spotlight and certified. Each one of these partners has a specialization like MSSP, which we are now working to launch the program; cloud security, which is the main specialization we are looking for, and also data centers. So we still focus on selling products or solutions for data centers, for physical data centers, not necessarily virtual or software data centers.
Today what we are focusing on is channel, and in the case of Sycomp, it’s a signature partner and they are specializiwng ith data center and cloud security. And there a limiited number of signature partners that we allow, so it’s by invitation only. There is a limit of 25 partners per geography. And so Sycomp is a selected partner and assigned the signature. A signature partner is selling above $1 million.
CF: Why would a partner choose to work with Radware?
RM: We’ve got a new program with new incentives and discounts, rebates and so many more. But no one decides to work with a company because there are additional rebates. They will work with the company if they believe that they can make business and they will not harm their customer base. That’s the definition and something I also learned from Cisco.
Cisco is an OEM partner for hardware. Cisco is a huge organization and they move very slowly. Cisco will not introduce you into their accounts unless they are absolutely certain that it’s going to be a successful and mutual implementation, and business closes with the customer and they will end up with a happy customer.
So the reason for partners to work with us is, first of all, because of the solutions, the innovation that we bring with our solutions. Second is the fact that Cisco, Check Point and others are using our technology as part of their solution portfolio. In many cases, our partners can sell Radware as part of an existing Cisco agreement because we are part of Cisco Enterprise Agreement (EA) … so they can sell it through an existing open contract. They don’t need to go for bids or anything. Simply put the part number and offer Radware’s technology through Cisco or Check Point contracts. And the third reason is because they will make more money with Radware.
CF: In May, Radware introduced its new Cloud Web DDoS protection solution. Is this helping partners better protect themselves and their customers?
RM: We fight the fire with artificial intelligence (AI). In every solution featured, we are using innovative technology, which is based on machine learning (ML), finger printing and AI. If you look at so many organizations, they fail to protect against attacks and say, “Hey, why do they fail? We must not have good solutions in place.” But it’s about the attackers who got sophisticated. They’re running web DDoS attacks in which effectively they generate a lot of requests. For example, an HTTP post is very effective because you are asking the website to render information and download it to you. And then they are using evasion techniques, so it will each time generate the request from a different IP, from different locations and from different web browsers. They are also running it at HTTPS traffic so it looks like legitimate traffic. It is encrypted, so standard security solutions cannot inspect it and it goes undetected.
We provide the full network and applications security solution. So it’s not only a platform, but we believe that this is a best-of-breed solution. But again, everybody or every company, when I worked for other companies, I always said that we’ve got the best solutions, but it’s really about understanding the threat landscape and then the technology. We also have the global infrastructure to support our customers. We have DDoS scrubbing centers. These are huge data centers which we use to filter out malicious volumetric traffic. On top of this, we’ve got the cloud web application firewall (WAF). We’ve got more than 30 points of presence. We have the infrastructure to serve our customers everywhere.
CF: Radware blocks web DDoS Tsunami attacks. What are those? Who’s launching them?
RM: These are a new type of attack that are deployed mainly by Anonymous Sudan and other groups, but we also see the Killnet cluster using them and they are really hard to mitigate. I went to the [Radware] emergency response team, the war room, with a delegation that came from Taiwan and I just saw one of the customers getting attacked, and I saw the teams there are working hard to protect. Without technology, you cannot defend, but they keep changing the vectors and keep trying different tactics in order to go through the mitigation shield that our customers have.
CF: Why is web DDoS such a go-to cyber weapon? What makes it effective?
RM: If you use a web DDoS and it’s a successful attack, and you manage to consume the server resources, first of all the servers are out of business. It cannot serve legitimate users. Second, we have seen that in some cases the attackers run a DDoS attack or a network attack, and then they run in parallel an application-level attack. So while you are busy with the big noise of DDoS, they will try to steal information from your websites. Why is it hard to mitigate? Because the attackers effectively imitate real user traffic.
Think about it. You are an owner of a website and your users send an HTTP get, they download data and they go to one page and then to another page, and so on. Now you see new users which do the same. They go to your server or website, they download the home page, they download other pages, they post questions and so on and everything, and it looks normal. But how can you differentiate between a real user and a machine if in both cases it’s the same traffic?
CF: Is Radware being impacted by economic uncertainty? Also, how is Radware helping partners that are being impacted by economic uncertainty?
RM: For the first question, I’m not sure that I’m able to answer because it’s more about the financials of Radware. We didn’t finish the quarter yet, so probably in a few days we will know better. I can say the overall market is in recession and Radware is trying to operate as best as possible. And for our partners, we are trying to make their life easier in the sense that we moved from purchasing products or paying upfront to quarterly payments, or from capex to opex, and so on to help both partners and customers. And we compensate our partners higher when they bring an annual recurring revenue (ARR) deal compared to a total contract value (TCV) deal, when they bring a monthly recurring deal compared to a one-time deal, which is about selling a box.
CF: What’s the latest in terms of feedback from Radware partners? Have their most pressing needs changed?
RM: We see large partners which were selling to data centers and they understand that they need to move now from the huge high-end market to the mid-end market because this is where everyone is going, and the cloud motion and so on. And we see traditional resellers that we sometimes have to push them to move to the next level or tell them hey, you need to start offering services on top of selling products and doing integrations. So sometimes we need to push our partners in order to keep the pace with the market.
CF: What do you find most dangerous about the current threat landscape, especially as it pertains to app security, DDoS, public cloud, etc.?
RM: First of all, you call it dangerous and I call it interesting. I’ve got the threat intelligence team also working for me, and for me it’s very interesting to look into the attackers, the threat actors, the new threat actors that you find almost every day, their tactics, their techniques, how they recruit people, how they manifest and motivate their fans, what type of a targets they choose and how do they choose them. For me personally and my team, it’s very interesting.
Of course, our customers and partners, they want to know that we understand that landscape. We’ve got the intelligence. I’ve got on my team people who participate in these threat actors in order to download the tools, test them and then update our customers. And we can sometimes tell our customers, “Hey, tomorrow you are going to be attacked by this group, this is the technique that they are using, here are the tools; we are already testing them in our lab in order to improve your protection.” So this is the name of the game, which makes it interesting for us because our passion is about understanding the attackers in order to provide better protections.
CF: What can partners expect from Radware in the remainder of 2023?
RM: A lot. It’s true that some of the activity that we are doing now will impact on the two quarters later. But we are doing events and participating with partners, I would say mainly in North America, with events in southern California and in the Boston area. We are participating in Black Hat and we’ve got partner events in almost every state where we go together in order to reach to their customers, look for new prospects and talk about the top concerns of their customers and see if there is a match in order to provide them with the best solutions that we believe we bring to the market.
In other cybersecurity news …
Chipmaking giant Taiwan Semiconductor Manufacturing Company (TSMC), said it hasn’t been breached despite a $70 million ransom demand from the LockBit cybercriminal group.
According to Bleeping Computer, a threat actor affiliated with LockBit live-tweeted what appeared to be a ransomware attack on TSMC, sharing screenshots with information related to the company. The screenshots indicated the threat actor had significant access to systems allegedly belonging to TSMC. It displayed email addresses, access to applications, and credentials for various internal systems.
TSMC sent us the following statement:
“TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration. At TSMC, every hardware component undergoes a series of extensive checks and adjustments, including security configurations, before being installed into TSMC’s system. Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any of TSMC’s customer information. After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the company’s security protocols and standard operating procedures. TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards. This cybersecurity incident is currently under investigation that involves a law enforcement agency.”
According to Bleeping Computer, the systems of one of TSMC’s IT hardware suppliers, Kinmax Technology, were hacked.
Erich Kron, security awareness advocate at KnowBe4, said this could possibly be another one of those incidents where the troubles related to a vendor reflect poorly on a more well-known or larger organization, and further outlines the need for third-and fourth-party supply chain security.
“It can be challenging to ensure that data handled by third parties is done so correctly and deleted when no longer needed,” he said. “However, obligations should be in place through the contracts with these vendors to ensure the least amount of risk is present.”
The LockBit group’s successful use of email phishing to spread their malware should be a lesson to organizations of all sizes about how important it is to address both the technical and human sides of the social engineering threats we continue to see, Kron said.
“Email gateways and filters are a great technical help, and employee education and training can make a significant difference when dealing with the messages that get past the technology,” he said.
The Cybersecurity and Infrastructure Security Agency (CISA) recently announced new rules for federal civilian executive branch (FCEB) agencies regarding internet-exposed management interfaces. And now researchers at Censys have discovered hundreds of qualifying devices in their scans.
CISA released its binding operational directive (BOD) with the objective of mitigating the risks associated with remotely accessible management interfaces that might allow configuration or control of federal agency networks from the public internet. These internet-exposed devices can allow threat actors to gain unauthorized access to important assets.
“Threat actors have used certain classes of network devices to gain unrestricted access to organizational networks leading to full-scale compromises,” CISA said. “Inadequate security, misconfigurations and out-of-date software make these devices more vulnerable to exploitation. The risk is further compounded if device management interfaces are connected directly to, and accessible from, the public-facing internet. Most device management interfaces are designed to be accessed from dedicated physical interfaces and/or management networks, and are not meant to be accessible directly from the public internet.”
The BOD requires FCEB agencies to deploy capabilities as part of a zero trust architecture that enforce access control to the interface through a policy enforcement point separate from the interface itself.
Censys researchers conducted analysis of the attack surfaces of more than 50 FCEB organizations and sub-organizations. Throughout their investigation, they discovered over 13,000 distinct hosts spread across more than 100 autonomous systems associated with these entities. Examining the services running on these hosts, Censys found hundreds of publicly exposed devices within the scope outlined in the directive.
“While this mandate directly applies to FCEB organizations, it’s recommended that all organizations regardless of size take steps to identify and harden these interfaces within their networks, as these are often easy targets for threat actors,” Censys said.
Sunil Muralidhar, vice president of federal, alliances and strategic initiatives at ColorTokens, a provider of zero trust cyberscurity solutions, said the widespread exposure of network devices in critical networks can be attributed to a combination of oversights, misunderstandings and “outright failures.”
“Operating systems, middleware or applications can be misconfigured without the knowledge of the organization, exposing the device as well as the network it is connected to,” he said. “In other cases, the exposure may have been made explicitly for a legitimate reason (working with a partner or allowing for services to be accessed). Usually, in such scenarios, organizations put compensating controls to mitigate the risk, e.g., a firewall policy. However, over a period of time, these compensating controls may have been accidently removed or their effectiveness could have degraded, exposing the asset to a wider risk. Another common reason is new vulnerabilities are discovered after the systems are deployed, but these systems continue to operate without the vulnerabilities patched or addressed appropriately.”
This BOD appears to be a significant step towards addressing a much larger problem in U.S. government security, Muralidhar said.
“The fact that there have been numerous breaches in the recent weeks is certainly alarming,” he said. “However, the decision to implement zero trust represents a crucial and exciting development for enhancing security in the future.”
John Gallagher, vice president of Viakoo Labs at Viakoo, said CISA is continuing its march down a path towards better security and lower risk to federal agencies, “and this is another significant step in that direction, but still far from being the end of the road.”
“Making this a BOD shows that it is not a minor step, and reinforces the need for agencies to improve their focus on IoT/OT security,” he said. “Expect more BODs, more focus on dashboards and audit processes and more focus on remediation. This is a long journey, and while this is a significant step, it is not a major turning point.”
Cybercriminals like to exploit seasonal activities and events, especially ones that garner a lot of attention from the public. Amazon Prime Days (July 11-12) is one such seasonal event in which the retail giant kicks off a series of tempting sales for consumers looking to save money.
With Amazon Prime Days approaching, cybercriminals are ready to strike by leveraging “special deals” on the online days that they will utilize to create scams for consumers, and unprepared employees shopping from their corporate devices.
Rick Hanson, president of Delinea, said one of the best weapons in a cybercriminal’s arsenal is urgency.
“As consumers look to jump on the next great sale or deal, they often let their guards down and don’t always pay attention to red flags or cybersecurity best practices,” he said. “For example, they may not check to ensure that an email about an Amazon Prime Days deal is really coming from Amazon. Your identity is the most powerful thing you have, and criminals will do anything to get it. Consumers must stay vigilant at all times, and especially if they are moving quickly to capitalize on a great price. Hover over any links before you click on them to ensure they come from the domain you are looking to buy from, or just go directly to that site to make the purchase. Don’t be lured by unproven online shopping sites – stick with those that you know and trust. And once you’ve made your purchase, be mindful of delivery scams looking for your information. Know who your parcel delivery service is for each order, and only check your shipping updates through the vendor’s website. Finally, be on the lookout for AI-assisted telephone scams.”
Patrick Harr, CEO at SlashNext, said cybercriminals are just waiting to take advantage of the excitement around Amazon Prime Days.
“Most scams are designed to take advantage of Amazon Prime Days shoppers looking for deals,” he said. “There are also more dangerous phishing attacks, credential stealing and rogue software, which can lead to ransomware and account takeovers. With any scam, no matter the time of year, malicious actors intend to instill a sense of urgency in their victims, or prey upon feelings of desperation or uncertainty. Around annual events, such as Amazon Prime Days, there may be more opportunities for cybercriminals to launch convincing scams, tricking victims into handing over payment information, login credentials and other information that can be leveraged for identity theft or monetary gain.”
Cybercriminals like to exploit seasonal activities and events, especially ones that garner a lot of attention from the public. Amazon Prime Days (July 11-12) is one such seasonal event in which the retail giant kicks off a series of tempting sales for consumers looking to save money.
With Amazon Prime Days approaching, cybercriminals are ready to strike by leveraging “special deals” on the online days that they will utilize to create scams for consumers, and unprepared employees shopping from their corporate devices.
Rick Hanson, president of Delinea, said one of the best weapons in a cybercriminal’s arsenal is urgency.
“As consumers look to jump on the next great sale or deal, they often let their guards down and don’t always pay attention to red flags or cybersecurity best practices,” he said. “For example, they may not check to ensure that an email about an Amazon Prime Days deal is really coming from Amazon. Your identity is the most powerful thing you have, and criminals will do anything to get it. Consumers must stay vigilant at all times, and especially if they are moving quickly to capitalize on a great price. Hover over any links before you click on them to ensure they come from the domain you are looking to buy from, or just go directly to that site to make the purchase. Don’t be lured by unproven online shopping sites – stick with those that you know and trust. And once you’ve made your purchase, be mindful of delivery scams looking for your information. Know who your parcel delivery service is for each order, and only check your shipping updates through the vendor’s website. Finally, be on the lookout for AI-assisted telephone scams.”
Patrick Harr, CEO at SlashNext, said cybercriminals are just waiting to take advantage of the excitement around Amazon Prime Days.
“Most scams are designed to take advantage of Amazon Prime Days shoppers looking for deals,” he said. “There are also more dangerous phishing attacks, credential stealing and rogue software, which can lead to ransomware and account takeovers. With any scam, no matter the time of year, malicious actors intend to instill a sense of urgency in their victims, or prey upon feelings of desperation or uncertainty. Around annual events, such as Amazon Prime Days, there may be more opportunities for cybercriminals to launch convincing scams, tricking victims into handing over payment information, login credentials and other information that can be leveraged for identity theft or monetary gain.”
Radware partners can show their customers and prospects that they can better protect them against attacks while other vendors have failed.
That’s according to Ron Meyran, Radware’s senior director of partner programs. And he doesn’t hold back from naming competitors.
Radware’s Ron Meyran
“If you as a partner arrive to a prospect and you show them that you can protect them against an attack, that Akamai didn’t manage to protect them or Cloudflare couldn’t protect them, I think that the partner is already in a much better position in this account,” he said.
The Israel-based company provides cybersecurity and application delivery solutions. That includes distributed-denial-of-service (DDoS) protection.
In January, Radware launched an enhanced partner program that aims to accelerate partners’ growth. The global Radware Cybersecurity Partner Program offers new participation tiers, training, financial incentives and support materials. Radware partners include resellers, MSSPs, carriers and cloud service providers.
Radware Partners Taking Advantage of Training
“I checked it last week and the number of partners who have gotten certified on our solutions is over 300 sales engineers worldwide, and not only in North America,” Meyran said. “This is something that I’m really happy to see because this indicates the motion of the program and the understanding that there are some new things here.”
In addition, Radware is onboarding new partners, he said.
“In fact, what we did as part of the launch of the new partner program was removing many of what I would call inactive partners, cleaning the table and restarting,” Meyran said. “Of course, the large partners always will remain and we now nominated them as signature partners, but we started recruiting new partners. Also the company, which was initially 10-15 years ago a product company, moved into services. We want to grow with the services, and that’s why we are also looking for the relevant partners who can offer our services, but they also need to be integrators or work with Microsoft Azure, Amazon Web Services (AWS) and so on in order to provide value add to their customers.”
In the meantime, Radware is actively engaged in Russian’s war in Ukraine by protecting the Ukraine government pro bono, he said.
“We are protecting them in parallel to the army of Ukraine,” Meyran said.
Scroll through our slideshow above for more from Radware and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like