The Gately Report: SteelDome Cyber Plots Big Channel Play with Data Protection
Plus, Italy has banned ChatGPT and launched an investigation into Open AI.
Shutterstock
Channel Futures: If an organization is hit with a ransomware attack, can SteelDome Cyber help them recover in the aftermath?
SteelDome Cyber’s Tony Franchi: The software specifically returns the data back. So the ransomware may make it feel to the customer that the malware has attacked the servers, and separated or destroyed their backups. That’s how it all looks to the ransomware folks. But our data is being stored, and through many multiple snapshots that we take and store outside of it, the ransomware will never know to attack it because it’s not available to them. These are immutable snapshots. Once we take it, it’s there forever. One of our biggest highlights in this product is the restoration piece. You spin up, you get an internet connection and you can begin to egress that data back.
SteelDome Cyber’s Rich Van Duysen: In the channel, we’re really providing a turnkey offering around bridging cybersecurity services with some partners that we have because we don’t do everything … there’s a whole consultative side to this. We’re very disruptive when we talk about data protection and data storage services because the software is in essence combining those two marketplaces. And it doesn’t matter where we fall. We can fall on a solution recovery data restoration side of it, or we can fall on a data protection side of it. But in software, we’re really intersecting those two markets.
CF: What is SteelDome Cyber’s overall channel strategy?
Van Duysen: We have a multichannel strategy. So our go-to-market (GTM) is for sure the channel. Tony mentioned Telarus. So we have a play there for enabling those channel managers, aligning with their strategic partners, and really putting these services out in that technology solution brokerage (TSB) space. But in addition, we are talking about putting partnerships together on a few others. So we’re doing it with the distributors and the partners themselves. We do have strategic partners that are already on board that we already have GTM plans in place with through their channels. That’s a wholesale resale play for us. We’ll basically sell a license and they’re enabling their practices. We get tied into a lot of service offerings with data protection as a service, storage as a service, backup as a service and data restoration services.
CF: Is SteelDome Cyber attracting various types of partners?
Van Duysen: Where we’re focused now is the solution brokers. We have brought in a large global, leading cybersecurity risk advisory firm as a partner. So we will be co-branding and marketing. So we do have a cybersecurity advisory play there. We are working with a few MSPs of our choice. We have not launched yet an official VAR play, but we are going to be launching it. In fact, we just hired someone and she’s going to be heading that up. We just completed our partner welcome kit for the VARs. So we’ll be taking a little bit of an organic approach to that, picking the right VARs probably by vertical, the right areas where we want to focus. We’re looking to enable MSPs, MSSPs and then we have our TSB relationship for market intelligence, and access to maybe some vendors and partners that will fill a gap in a particular area.
Franchi: There’s so much going on here. We’re getting a lot of attention, not just in the traditional storage data protection [space], I call it the Web 2.0 world, but we are also now in the midst of developing a Web 3.0 with Blockchain and crypto. So we’re [making it so] our software can be embedded in a solution for higher-petabyte customers. Larger customers can now utilize this software in a decentralized manner rather than using the Googles and the Azures of the world. And they can get this at an extremely cost-efficient price, and obviously having their data at their own fingertips. So we’re working on the next generation of web storage data protection.
CF: How is SteelDome Cyber different from anything else on the market?
Franchi: We are software-based. And compared to the other service providers that are providing this type of service, there’s no comparison when it comes down to timing of deployment. There’s no comparison on every level, whether it’s the pricing of our product and really the specialty around what we’re doing. It’s really encapsulating storage and the data protection product technology, and all that comes with it in a fully managed way. So you can call us up, and by the end of the day you’re going to have the ability to turn up the service on your network. That is just unheard of in this market. And it enables the channel partner to realize commissions so much faster. If they’re doing a bigger deployment with someone else or a competitor, it could take six months before they realize any commissions whatsoever. With us, it’s 30-45 days, depending on a billing cycle, of course, and how the TSB pays. But 30-60 days after a sale is pretty unheard of. And that’s a big, big differentiator for channel partners.
CF: Is your partner ecosystem growing?
Franchi: We’re still considered to be new, so we’re still evolving with all the TSBs. So we will grow in the TSB space. But we’re also growing through our various other channel-enabled strategies. So because we’re new, obviously there’s a tremendous amount of upside and gaining partner share. So right now it’s getting the word out of what we’re doing and really explaining it in a way that’s effective and transferable because no one has this solution today. So we’re kind of treading on both sides here. We come to the market saying, “We’re doing this.” And most people say, “How are you doing that? … and then we explain it to them and how we’re delivering the service, and the “oh my God” happens. They see the architecture within our technology is sharp. So there’s a tremendous upside.
CF: What’s your take on the current threat landscape and how is SteelDome Cyber addressing those threats?
Van Duysen: In the ransomware space, if we were involved proactively in the account and data was coming through our technology, then we are protecting against ransomware. So therefore, that risk in that organization is really minimized immensely. If we’re not involved, and because we’re not really out there or all over the place yet, we’re usually being brought in because there’s already been a ransomware situation, or a need to protect a data set or recover something. So in that regard, we’re actually improving speed to recovery. We’re getting companies to get back up into a production environment really, really quickly.
We’ve built the technology around a zero trust data protection service, so it doesn’t matter what the threat is. When something hits our software, we’re doing the scanning and the antivirus scanning, and the malware-type stuff. We are doing some cool things like optimizing and data compression-type stuff, but we’re also encrypting everything. So if it comes through encrypted, obviously it’s encrypted already, but if something comes through our system and it’s bad and there’s a bad signature or a bad threat, it’s getting alerted, it’s getting noted back — it’s not going to come through. But if it does come through, we’re going to actually encrypt it.
CF: It sounds like ransomware attacks could actually be fueling your business because organizations that get hit need your help and then after they want to stay protected, right?
Van Duysen: There are two sides to it. If somebody’s already been breached, then to your point, absolutely. We can help you recover and we can make it better going forward. On the proactive side, companies are out there trying to de-risk their environments to get more proactive with cyber insurance policies, potential lawsuits, or maybe they’re doing an acquisition, whatever the case may be. There’s a reason to understand the security profile of your business. So on the proactive side, when those studies are being done … we’re bringing that data protection and prevention of a ransomware attack because we’ve been brought to the table early.
CF: There’s a lot of economic uncertainty, with tight budgets among partners and their customers. How can SteelDome Cyber help with that?
Franchi: In comparison to what’s been on the market, we’re looking probably at saving customers over 40% of what their typical spend is. And we are enhancing it and we’re giving them a cloud-based software solution. Everything everyone’s trying to do is move to the cloud as much as you can. Go cloud-based, software-based and reduce infrastructure because that’s where a lot of capex costs and big numbers come about. We eliminate all of that. So we bake that into the cost savings and it’s just a win-win all the around. So in this downturn in the economic state, we’re really enabling customers now to jump on board and not only protect themselves in a new modern era of digital security, we’re also enhancing their services and saving them money.
CF: What can we expect to see from SteelDome Cyber in the months ahead?
Franchi: We need to add feed on the street. That’s part of our plan within the next three to four months. We’ll see an explosion in employee growth to support our efforts around the TSBs and VARs, resellers, MSSPs and other organizations that are distributing their services and rebranding it. So we’re going to need help, not only sales, sales engineers, but within marketing and finance as well.
Rich Van Duysen: We’ve got two large data center partners. One of them we’re going to market with in a bundle. So that’ll be a soft launch in the second quarter with a heavy ramp in the third quarter to their customer base.
In other cybersecurity news …
Italy has issued a temporary ban on ChatGPT and opened an investigation into how Open AI, which created the chatbot, uses the data it collects.
According to CNN, Italy’s data protection agency said users lacked information about the collection of their data and that a breach at ChatGPT had been reported on March 20. The Italian regulator is also concerned about the lack of age verification for ChatGPT users. It said this “exposes children to receiving responses that are absolutely inappropriate to their age and awareness.” The platform is supposed to be for users older than 13, it noted.
Timothy Morris, chief security advisor at Tanium, said while somewhat surprising, this ban follows a pattern of hesitancy when new technology is introduced. Even the internet wasn’t initially embraced as a legitimate resource that benefitted both businesses and consumers.
“Protecting underage users is certainly worthwhile,” he said. “Currently, ChatGPT has a simple one-step sign up, which limits the ability to verify the identity of individuals to restrict access based on age or other parameters. The heart of the issue in Italy seems to be the anonymity aspect of ChatGPT, which based on the power of the technology, can troublesome.”
Claude Mandy, chief evangelist of data security at Symmetry Systems, said security professionals struggle to secure this data already and are continually challenged in understanding where personal data is being stored, let alone used.
“The increased consumerization of artificial intelligence (AI) will make it even harder to control the flow of data into AI tools, representing an even bigger hurdle to prove organizations are using customer data ethically and with consideration of their privacy rights and needs,” he said. “In the hype around ChatGPT, it is inevitable many organizations will ignore data protection and privacy best practices, resulting in potential devastating consequences for others.”
Patrick Harr, SlashNext‘s CEO, said the concern over ChatGPT is not lowering the barrier of entry and increasing the number of new hackers, but enabling cyberattacks to increase in speed and volume.
“Speed and volume hold the advantage over current threat detection technology,” he said. “If the volume increases and the speed to which they are getting through increases, so does the rate of risk and ultimately breaches. In addition, large language-model AI is always learning, so when attacks are unsuccessful, the model learns and develops new and improved attacks that can be ready in seconds.”
Ignoring the current ChatGPT threat suggests there is no need for organizations to invest in security defenses that use large language models, and that is not true, Harr said.
“Generative AI in cybersecurity is essential to adapt to the changes in threats quickly and enables the ability to predict future threats by training a neural network to identify and stop all types of fast-moving, zero-hour threats,” he said.
The volume of phishing emails sent in 2022 jumped 569%, according to Cofense‘s latest State of Email Security Report.
Using artificial and machine learning analysis, researchers analyzed global network data from 35 million users. The email security report revealed five specific trends:
Credential phishing emails jumped 478%.
The top malware gangs were Emotet and QakBot.
The top cyber crime was business email compromise (BEC).
Web3 technologies used in phishing campaigns increased by 341%.
Use of telegram bots for exfiltration jumped 800%.
“The cybersecurity landscape is always evolving, so it is imperative to stay on top of the latest trends and tactics,” said Tonia Dudley, Cofense’s vice president and CISO. “As threats increase in frequency, intensity and sophistication, the need for rapid and actionable intelligence has never been greater. The increase in nation-state attacks and major incidents overall continues to apply pressure to drive visibility of an organization’s security program by boards, corporate executives and cyber insurers. With this pressure, organizations must continue to evaluate ways to mitigate risk and assess what email security controls need to be added or enhanced to raise their overall security posture.”
Morten Gammelgaard, BullWall‘s EMEA co-founder, said the growth in 2022 is “minuscule” compared to what will happen in 2023.
“The rise of natural-language AI, like ChatGPT, will explode the efficacy of phishing overnight,” he said. “Threat actors have just two ways to phish. Firstly, they can write a form email meant for generic people. This is less effective, but it’s a numbers game. You may send out 100,000 of these, but you only need one to click. Or you can spear phish. That is where you research the email recipient, view their boss on LinkedIn, their vendors they interact with, and write a custom email to trick that single user. Maybe one out of 100 of those will be successful.”
With AI, you get the best of both worlds, with mass email campaigns that are highly targeted at scale that can produce 100,000 custom attacks instantly, Gammelgaard said.
“This will explode cyber crime, and there is an arms race between the largest companies on the planet, Google, Apple, Microsoft and others throwing billions of dollars to rush their AI apps out, often putting aside safety and use cases in exchange for being first,” he said. “They have everything at stake if they lose their footholds. But the Russians and Chinese also are secretly funding billions of dollars into AI, but for cyber espionage, ransom and attacks. You can’t stop it. You must focus on building your defensive stack, including rapid containment tools on your endpoints, like endpoint detection and response (EDR), and on your critical infrastructure and file shares with tools like ransomware containment and critical infrastructure monitoring.”
TMX Finance and its subsidiaries TitleMax, TitleBucks and InstaLoan have disclosed a data breach that exposed the personal data of over 4.8 million customers.
That’s according to Bleeping Computer. TMX Finance operates equities, fixed income, derivatives and energy markets exchanges in the United States, Canada, the United Kingdom, Australia and China.
“On February 13, 2023, we detected suspicious activity on our systems and promptly took steps to investigate the incident,” the notification letter said. “As part of that investigation, global forensic cybersecurity experts were retained. Based on the investigation to date, the earliest known breach of TMX’s systems started in early December 2022.”
The investigation confirmed information may have been acquired between Feb. 3 and Feb. 14. The personal information involved may be names, dates of birth, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, Social Security numbers and/or financial account information, and other information such as phone numbers, addresses, and email addresses.
“Our investigation is still in progress, but TMX believes the incident has been contained,” it said. “We continue to monitor our systems for any suspicious activity. We have implemented additional security features, such as additional endpoint protection and monitoring, as well as resetting all employee passwords. We continue to evaluate ways to further enhance the security of our systems.”
James McQuiggan, security awareness advocate at KnowBe4, said organizations must continue to review their cybersecurity measures and ensure they work to reduce the risks associated with data breaches to protect personally identifiable information (PII) from theft or misuse. That includes implementing encryption protocols, monitoring suspicious activity and regularly conducting security audits to identify vulnerabilities.
“One of the most critical steps companies can take to protect PII is collecting only the data necessary to conduct business and storing it securely so unauthorized parties cannot access it,” he said. “Organizations should also ensure that any third-party vendors or partners they work with are implementing strong cybersecurity measures.”
When a breach does occur, organizations must respond quickly and transparently, McQuiggan said.
“Granted, organizations will offer identity theft protection and credit monitoring services to all affected individuals, and it’s a positive step, but this is not enough,” he said. “Organizations must work harder to prevent future breaches by investing in robust cybersecurity measures, including security training, and improving their security culture by staying current on the latest threats and best practices. Protecting PII is a collective responsibility that requires the cooperation and collaboration of individuals, organizations and governments. Working together and implementing a more robust cybersecurity culture is a more significant step to ensure that data breaches are reduced.”
Photo courtesy: Deutschlandreform/Shutterstock
TMX Finance and its subsidiaries TitleMax, TitleBucks and InstaLoan have disclosed a data breach that exposed the personal data of over 4.8 million customers.
That’s according to Bleeping Computer. TMX Finance operates equities, fixed income, derivatives and energy markets exchanges in the United States, Canada, the United Kingdom, Australia and China.
“On February 13, 2023, we detected suspicious activity on our systems and promptly took steps to investigate the incident,” the notification letter said. “As part of that investigation, global forensic cybersecurity experts were retained. Based on the investigation to date, the earliest known breach of TMX’s systems started in early December 2022.”
The investigation confirmed information may have been acquired between Feb. 3 and Feb. 14. The personal information involved may be names, dates of birth, passport numbers, driver’s license numbers, federal/state identification card numbers, tax identification numbers, Social Security numbers and/or financial account information, and other information such as phone numbers, addresses, and email addresses.
“Our investigation is still in progress, but TMX believes the incident has been contained,” it said. “We continue to monitor our systems for any suspicious activity. We have implemented additional security features, such as additional endpoint protection and monitoring, as well as resetting all employee passwords. We continue to evaluate ways to further enhance the security of our systems.”
James McQuiggan, security awareness advocate at KnowBe4, said organizations must continue to review their cybersecurity measures and ensure they work to reduce the risks associated with data breaches to protect personally identifiable information (PII) from theft or misuse. That includes implementing encryption protocols, monitoring suspicious activity and regularly conducting security audits to identify vulnerabilities.
“One of the most critical steps companies can take to protect PII is collecting only the data necessary to conduct business and storing it securely so unauthorized parties cannot access it,” he said. “Organizations should also ensure that any third-party vendors or partners they work with are implementing strong cybersecurity measures.”
When a breach does occur, organizations must respond quickly and transparently, McQuiggan said.
“Granted, organizations will offer identity theft protection and credit monitoring services to all affected individuals, and it’s a positive step, but this is not enough,” he said. “Organizations must work harder to prevent future breaches by investing in robust cybersecurity measures, including security training, and improving their security culture by staying current on the latest threats and best practices. Protecting PII is a collective responsibility that requires the cooperation and collaboration of individuals, organizations and governments. Working together and implementing a more robust cybersecurity culture is a more significant step to ensure that data breaches are reduced.”
Photo courtesy: Deutschlandreform/Shutterstock
SteelDome Cyber, founded by longtime channel vet Tony Franchi, is making a big channel play with its cloud-based data protection service.
SteelDome Cyber is a Telarus supplier and is also partnering with Jenne. In the coming months, it will also be seeking more technology solutions brokerages (TSBs), MSPs, MSSPs and VARs.
Franchi is also the company‘s CEO.
SteelDome Cyber’s Tony Franchi
“We are enabling channel partners to now sell a very efficient and non-complex and easy to deploy, cloud-based, data protection service,” he said. “The turn-up can happen within hours depending on customer desire to deploy, which lessens the cycle for partners to realize commissions.”
Restoring Lost Data
SteelDome Cyber resolves any concerns related to any type of data loss, Franchi said. That’s whether due to ransomware attacks, employee error or for any reason. Its InfiniVault product will restore the data using any network protocols with no limitations. The service also includes storage.
“It was created by our CTO, Jeff Slapp,” Franchi said. “He and I worked together at 365 Data Centers. We both worked on the senior management team and the board, and obviously our relationship took us over to developing this powerful new software product that really resolves cybersecurity threats. This is a full resolution around ransomware in a way that is deployed through software that is extremely efficient, highly secure, and at a very, very aggressive price. This really provides the path to leveraging the public storage cloud, and given inside the software, we’re also providing the data protection service. So now we’re able to really put storage and data protection security all wrapped in the InfiniVault.”
SteelDome Cyber’s Rich Van Duysen
To learn more about SteelDome Cyber, we spoke with Franchi and Rich Van Duysen, the company’s chief strategy officer.
Scroll through our slideshow above for more on SteelDome Cyber and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like