The Gately Report: Secureworks, Channel Prosper from Partner-First Strategy
Also, Salt Security has uncovered critical security flaws in Booking.com.
![Prosperity Prosperity](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltb2d10896bcb7ade5/65240491cba3a272a790d0dd/Prosperity.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Last month, Secureworks CEO Wendy Thomas said this year marks a turning point in the company’s’ business transformation. What does that mean for Secureworks partners and what role do they play in this?
Secureworks’ Chris Bell: We’ve been going through an exciting transformation over the last couple of years, ever since we launched Taegis. If you think of when we launched Taegis and we launched our channel program, it was within a few months of each other. And that transformation centered around the transformation of us moving from our managed security services business to our cloud-native SaaS business, which is Taegis. And that consists of extended detection and response (XDR) as well as managed detection and response (MDR). So that’s one element of the transformation.
The other element which we’re equally excited about is our transformation from historically being a direct-centric company; we have gone partner-first. We announced that in North America, but we also announced that after North America, we’re going to bring that to other regions as well. And eventually globally, we will be 100% partner-first.
CF: Last month, Secureworks reached end-of-life for its Counter Threat Platform (CTP) for most customers, and began fiscal year 2024 with Taegis and strategic consulting. How did the end of life impact Secureworks partners?
CB: If you think of the end of life of CTP, when we launched our channel program, we wanted the focus to be on Taegis. So really, even at the beginning of the channel program, all the focus that we were driving through with our partners has been on Taegis and strategic consulting. So there’s no pivot or change there. It really has allowed us to drive all of our energy to where we know the future is, which is Taegis and strategic consulting.
And with that, we’ve created incentives for our partner community to drive growth where we know the growth should be in the future. We’ve implemented a discount framework that drives more margin for our partners … We’ve also implemented some flexibility around how partners desire to transact. Some partners prefer to transact through distribution and some prefer to transact directly with us. But ultimately we want to give our partners that flexibility. Before our partner-first announcement, we had multiple ways to go to market. One was direct and one was channel. We’ve taken out that potential channel conflict. Now we’re all through the channel in North America going globally here soon. And we’ve also implemented rules of engagement and deal registration, which will also help remove any potential conflict among our solution providers so we know who we’re teaming with and just to really take that burden off of the partners.
CF: During the third quarter of fiscal 2023, Secureworks’ Taegis grew to $222 million in annual recurring revenue (ARR), an increase of 80% on a year-over-year basis. Did partners help drive that growth?
CB: Absolutely. One of the drivers of why we decided to make the transformation to go down a partner-first path was truly because we were already starting to see tremendous traction around Taegis and growth through the channel with Taegis. So it made the decision extremely easy. It was a vision that we always had when we launched the platform. But we said, “OK, what’s the tell on when we should go partner first?” And once we saw the growth — and we’ve seen tremendous growth with the channel — that’s when we said, let’s go all in with the channel. We know that our customers prefer to buy from trusted advisors and channel partners, so we need to really drive a motion that our customers prefer, which is working through partners.
CF: What types of partners does Secureworks work with?
CB: We have other programs that all tie to partners. We have a cyber insurance and cyber risk program. We have a technology alliance program. We have a managed security services program. And then, of course, we have a program focused on solution providers in the market. What we really desire is for our partner ecosystem to engage with us how they prefer to be engaged. We have many partners that really influence sales. And in that case, they really just want to be more of a referral influence path. We have some that want to resell our offerings and then we have some that want to build services around our offerings, such as our MSSP partners. And then we have many that really want to complement our platform. So we have a technology alliance program so we can complement their offerings and they can complement ours. So you put all that together and you put the sum of the parts together, and we feel like we have a tremendous program that, one, allows our partners to engage how they prefer to be engaged, but more importantly, it provides a path to protect customers, and allows them to work with their trusted advisors and to get the best offerings there in the market.
CF: How can Secureworks help partners impacted by economic uncertainty?
CB: If our partners are going through economic uncertainty, what they’re looking for is really a path to secure new logos, increase their win rate and reduce their customer acquisition costs. They’re also looking to drive incremental revenue streams and minimize churn. We hear that consistently. We team with our partners on 100% of opportunities, so what better way to reduce the cost of acquisition if we bring them opportunities. We have a sales force with 20-plus years of experience as part of that teaming. … They can see how to sell security solutions because we’ve been selling security solutions for those 20-plus years. We have a platform that they can wrap their own services around and that provides both a margin-rich offering and also incremental revenue streams that they may not have had historically. And all of that will ultimately lead to customer satisfaction, which minimizes churn. So we’re trying to ensure what partners care about, and if we get those things right, we know that the economic uncertainty for the partners will go away.
CF: What’s the latest in terms of feedback from partners? What are their latest needs?
CB: The positive thing is their needs are consistent. Almost all of them have strong embedded bases. And they have a tremendous job to cross-sell and upsell into those embedded bases with great products. So that’s one of their needs. After that initial sale with Secureworks Taegis, are there other cross-sell upsell opportunities that I can also partner with you on? Because if they love one product, they’re going to love many from you. So that’s one.
Minimizing churn is another. You hear consistently that the cost of acquisition for some partners is relatively high, and if a customer churns, it does cost a lot to offset that customer churn with a new customer. So what they’re saying is, how can we partner together from a marketing standpoint to really jointly go after net new customers?
And then the last piece is really around enablement. What most partners have desired is, can we go into an opportunity together? That’s what most partners want. They want a unified story, and they also want to hear how we position our offerings so they can start to learn from that and then they can position on their own. So really that enablement with training, certification and that firsthand experience of going into an opportunity together has been one that they’ve asked for consistently.
CF: How is Secureworks helping partners succeed differently from its competitors out there?
CB: It really all starts with the the offerings. And what we’ve always taken is an outcome-based approach to security. If you can keep the customers happy, our the partners win. One thing around our offerings, both our Taegis XDR platform as well as MDR service, is really the openness of the platform. That’s one area that customers have always asked for, is your platform open or closed? Can you integrate with the other security controls that I’ve already deployed and then add value to those controls around detection and context? If you can do that and ultimately protect them, that’s a win because it allows them to get the most out of their existing investments. There’s also the response capabilities of the offering. What customers care about is, am I protected? Are you getting me to that place where I can sleep at night knowing that I’m protected? And then what our partners care about is can they go to the market with a platform that delivers the outcomes that customers care about.
CF: What do you think will be most challenging and worrisome about the threat landscape the rest of 2023?
CB: The key word there is 2023. The threat landscape is always changing. When you know you have one area of the threat landscape figured out, guess what, the adversary will figure out another path. And that’s the fascinating thing about the threat landscape.
But let me touch on business email compromise (BEC). We’ve seen in the past year from our incident response engagements that the amount of engagements from BEC has doubled. So what keeps me up at night is whenever you see one vector of the threat landscape double in a year, you know that’s concerning. If you look a year ago, it was more ransomware. Now we’re seeing definitely the growth coming from BEC. And BECs are really a path that a human has to make the right decision on whether or not to open an email, for example. And whenever there’s a human, there’s a vector that the human has to make the right path, so that’s why training is important — training your staff to make sure they understand not to open what could potentially be malicious.
CF: What are your goals for the rest of 2023 in terms of channel?
CB: We’re executing on our partner-first strategy in North America today and we are going to move globally to show our commitment behind the channel ecosystem. And then the second piece is really to continue to build out our entire partner ecosystem that’s beyond just solution providers and beyond just MSSPs, but also complementary partners like cyber insurers and technology alliances. And then how can we continue to make sure that our partners feel supported by enablement activities. So it’s the execution path of building out the broader set of the ecosystem so our partners can engage how they desire and then the enablement.
In other cybersecurity news …
Over the past few years, investment scams have become increasingly sophisticated and widespread, taking advantage of the rise of digital technologies. According to data analyzed by the Atlas VPN team, Americans were scammed out of $3.8 billion last year through fraudulent investment opportunities.
Compared to 2021, the amount of losses has grown by 116%. Many of these scams use social media platforms, websites, apps and other channels to reach potential victims.
In the last four years, investment scams in the United States have grown by nearly 4,000%. In 2018, fraudsters stole $94.5 million using investment scams, and nearly 8,400 (57% of all) fraud reports indicated a loss. By 2022, the number of reports had increased significantly, with almost 77,600 reports (74% of all) revealing a loss of money in investment scams.
Furthermore, scammers have been getting away with more and more money, according to Atlas VPN. In 2018, the median loss from investment scams was $2,262. Since then, it steadily grew from year to year, reaching $21,727 in 2022.
Fueling the surge are increasing internet and social media use, which helped scammers find new ways to reach potential victims. Additionally, the rise of interest in crypto made people think they could get rich quickly by investing in it during economically unstable times.
Vilius Kardelis is cybersecurity writer at Atlas VPN.
“Overall, investment scams have grown significantly due to various factors, including technological advancements, economic instability and the increased sophistication of scammers,” he said. “Individuals need to be aware of these risks and take steps to protect themselves from such scams.”
Most commonly, scammers contact Americans through social media when offering investment opportunities. People reported more than 27,600 attempts of fraud through social media. By far, the most common payment method in such scams was cryptocurrency. People lost over $880 million worth of crypto through nearly 30,200 reported investment fraud cases.
Nevada was the most common target of scammers. Nevadans reported almost 317 investment-related scams per million people. Californians were second with nearly 273 reports per million.
The White House’s National Cybersecurity Strategy, announced last week, should go along way in beefing up the U.S. cybersecurity workforce.
That’s according to Clar Rosso, ISC2’s CEO. The cybersecurity strategy will provide a road map for how the Biden administration aims to defend the United States from a rapidly growing number of online threats.
There is still a need for more than 3.4 million security professionals, an increase of over 26% from ISC2’s 2021’s numbers.
Rosso said the cybersecurity strategy is a “much-needed and welcome step towards building a bigger, more inclusive and effective U.S. cybersecurity workforce.
“[The strategy] is an opportunity for the United States to not only enhance its own cybersecurity posture, but to lead and influence globally,” she said. “It comes at a time when cybersecurity has never been more critical to the economy, as well as to national and global defense and security.”
ISC2 recognizes that too many segments of society are under-represented in the cybersecurity profession, Rosso said. The sector is missing out on valuable cultures, experiences, approaches and ideas because of this.
“We are bringing more women, people of color, entry-level professionals, people with disabilities, immigrants to the U.S., members of the LGBTQI+ community and other underrepresented communities into the profession through our One Million Certified in Cybersecurity program,” she said. “[The strategy] commits to building on these shared aims, leveraging the existing efforts of several government agencies, state and federal initiatives, as well as supporting the proactive efforts of the industry itself.”
The cybersecurity workforce and infrastructure need to be built equally on a strong cybersecurity foundation, as well as a strong foundation of user trust that users and data will be safe and secure now and in the future, Rosso said.
“The commitment to invest in cybersecurity resilience, with a particular focus on developing a national strategy to build and strengthen a diverse and robust national cybersecurity workforce, is commendable,” she said. “The strategy recognizes that organizations are trying to hire from too small a talent pool. We welcome that diversity is recognized as a valuable investment that expands the pool, bolsters the nation’s ability to manage and mitigate incidents, develop new skills to protect our digital future and underpin the next generation of cybersecurity research and development. ISC2 looks forward to continuing to work with the Office of the National Cyber Director (ONCD), and with legislative and regulatory bodies to execute and deliver the strategic objectives of this strategy.”
Salt Security has discovered several critical security flaws in Booking.com, one of the largest online travel agencies.
According to new threat research from Salt Labs, the flaws were found in the implementation of the Open Authorization (OAuth) social-login functionality utilized by Booking.com. It had the potential to affect any users logging into the site through their Facebook account.
The OAuth misconfigurations could have allowed for both large-scale account takeover (ATO) on customers’ accounts and server compromise, enabling bad actors to:
Manipulate platform users to gain complete control over their accounts.
Leak personal identifiable information (PII) and other sensitive user data stored internally by the sites.
Perform any action on behalf of the user, such as booking or canceling reservations, and ordering transportation services
Popular across websites and web services, OAuth lets users log into sites using their social media accounts, in one-click, instead of via traditional user registration and username/password authentication.
Yaniv Balmas is vice president of research at Salt Security.
“OAuth has quickly become the industry standard and is currently in use by hundreds of thousands of services around the world,” he said. “As a result, misconfigurations of OAuth can have a significant impact on both companies and customers as they leave precious data exposed to bad actors. Security vulnerabilities can happen on any website, and as a result of rapid scaling, many organizations remain unaware of the myriad of security risks that exist within their platforms.”
Any Booking.com user configured to log in using Facebook might have been affected by this issue, according to Salt Security. Given the popularity of using the “log in with Facebook” option, millions of users could have been at risk from this issue.
Kayak.com (part of the same parent company, Booking Holdings) could have also been affected, as it allows users to log in using their Booking.com credentials, increasing the number of users susceptible to these security flaws by millions.
Upon discovering the vulnerabilities, Salt Labs’ researchers followed coordinated disclosure practices with Booking.com, and all issues were remediated with no evidence of these flaws having been exploited in the wild.
Photo courtesy Casimiro PT/Shutterstock
The U.S. government has issued a warning of an ongoing ransomware attack from Royal ransomware on critical infrastructure.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released the alert to disseminate known Royal ransomware indicators of compromise (IOCs), and tactics, techniques and procedures (TTPs) identified through FBI threat response activities as recently as January.
“Since approximately September 2022, cybercriminals have compromised U.S. and international organizations with a Royal ransomware variant,” the alert said. “FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used Zeon as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million in Bitcoin. Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, health care and public healthcare (HPH), and education.”
Jamie Boote is associate software security consultant with Synopsys Software Integrity Group.
“Ransomware presents a unique crossover of the attack surface that wasn’t as noticeable when public-serving operations weren’t as networked or digitized,” he said. “Attacks like ransomware target private companies like hospitals, factories and energy companies, but end up being an attack against the American public by depriving them of these vital services. These private-target/public-impact attacks have prompted the White House to build a strategy to go beyond securing government networks and will work to secure the networks of critical infrastructure providers. By highlighting the private targets that have a public impact, such as hospitals and other public-facing providers, bulletins like these are raising awareness of the threats posed to the public. These communications and strategy announcements from the government are representative of how the government has made cybersecurity a priority, and will continue to work with private and public partners to better mitigate threats like these.”
The U.S. government has issued a warning of an ongoing ransomware attack from Royal ransomware on critical infrastructure.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released the alert to disseminate known Royal ransomware indicators of compromise (IOCs), and tactics, techniques and procedures (TTPs) identified through FBI threat response activities as recently as January.
“Since approximately September 2022, cybercriminals have compromised U.S. and international organizations with a Royal ransomware variant,” the alert said. “FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used Zeon as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million in Bitcoin. Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, health care and public healthcare (HPH), and education.”
Jamie Boote is associate software security consultant with Synopsys Software Integrity Group.
“Ransomware presents a unique crossover of the attack surface that wasn’t as noticeable when public-serving operations weren’t as networked or digitized,” he said. “Attacks like ransomware target private companies like hospitals, factories and energy companies, but end up being an attack against the American public by depriving them of these vital services. These private-target/public-impact attacks have prompted the White House to build a strategy to go beyond securing government networks and will work to secure the networks of critical infrastructure providers. By highlighting the private targets that have a public impact, such as hospitals and other public-facing providers, bulletins like these are raising awareness of the threats posed to the public. These communications and strategy announcements from the government are representative of how the government has made cybersecurity a priority, and will continue to work with private and public partners to better mitigate threats like these.”
Secureworks has increased its engagement with partners and recruitment of key focus partners since it rolled out its partner-first strategy across North America on Dec. 1.
That’s according to Chris Bell, Secureworks’ vice president of strategy, corporate development and strategic alliances. All new Taegis (the company’s XDR and MDR solution) business is being sold in collaboration with partners. Secureworks expects the strategy to accelerate its market share.
Bell couldn’t disclose financials because the company is in a quiet period.
Secureworks’ Chris Bell
“The synergies we’re creating with our sales team and then supporting our partners with closing deals has been tremendous,” he said. “We’ve also seen a very strong focus on recruitment of key focus partners. We’ve been really focused on growing business with security-focused partners, so partners like Set Solutions, Defy Security and Guidepoint Security, as well as national partners that everyone recognizes, such as CDW Insight and SHI, who we’ve been working with for quite some time. But really the engagement that we’ve seen from them since we’ve gone partner-first has grown exponentially, which has been great.”
Secureworks to Go Partner-First Globally
There have also been positive developments from a pipeline standpoint of teaming with partners and helping them grow their businesses while Secureworks also grows, Bell said.
Secureworks will roll out its partner-first strategy in additional regions this year, he said.
“There’s not necessarily a set timeline,” Bell said. “But … we will continue to roll out regions throughout 2023 as we onboard the right key strategic focus partners in each region.”
Last month, Secureworks confirmed layoffs impacting 9% of its workforce — more than 200 employees. CEO Wendy Thomas said the company is shifting to a “smaller, more focused team.”
Scroll through our slideshow above for more from Bell about Secureworks’ plans this year. We also recap some of the biggest cybersecurity news from the past week.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like