The Gately Report: Sumo Logic Channel Partners to Get Bigger Share of Business
Cybersecurity professionals are increasingly concerned about escalating cyberattacks due to the Ukraine crisis.
![Bigger Share Bigger Share](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt8d54b6d14ee76cff/6524324f9adb9afdde83c78f/Bigger-Share.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Last month, Sumo Logic announced new offerings further advancing its Sumo Logic Cloud SOAR with the War Room and App Central features. How will this benefit partners?
Sumo Logic’s Lynne Doherty: That announcement was a set of new features. The War Room allows our customers to make quicker decisions when they’re in a time of crisis, when they’re in a time of breach. It allows for more automation through an open integration framework. It provides a set of playbooks of actions [and] use cases so that our customers can get better educated on how to handle a breach.
How does that help partners? It helps them scale with us. If you think about when a customer is implementing a new solution, there’s sort of a heavy lift to get just to the basics that are standard among all customers. And then there’s the next-level customization in their own environment. What we provide to our partners is that first level. It’s the playbooks, the actions, the use cases so that they can move faster. And the work that they do can really be specific to make a very sticky, customized, best-in-class solution for the customer that they’re working with.
CF: Will acquiring DFLabs and Sensu create new opportunities for partners? Can you give some examples?
LD: DFLabs closed in the end of May of last year and Sensu closed in June. So they were both toward the back half of the year. To be fair, we are still integrating them in our go-to-market (GTM) as well as our partners. But there have been absolutely opportunities that our partners have been able to work with us to help expand an existing customer into these new solutions. Say a customer is starting from a point of using an observability product and moving into a security information and event management (SIEM) solution. So that range of moving from observability into security or vice versa, both of these acquisitions have just expanded our solution and given more opportunities for our partners to do cross-sell with us into new areas to really provide a more full solution for a customer.
CF: What do you find most worrisome about the current threat landscape?
LD: The rise in nation-state attacks is probably what is most worrisome to me because those are the ones that are not just looking to benefit monetarily, but potentially to harm individuals, supply chains, governments, our ability to operate or another country’s ability to operate.
Nation-state attacks are targeted. They are well funded and … it’s the difference of hunting with a pistol versus a rifle that has a very tight lens on it. And so I think nation-state attacks are probably the biggest threat that we have from a cyber landscape going forward. I think that is dialed up by the fact that so many companies out there still have a very siloed strategy for security, and for their cybersecurity tools and teams. And so that makes it that much harder to identify a threat, and not just pinpoint what has happened, but how do you stop that threat across your entire digital landscape in your organization.
CF: Because cyberattacks are regularly making major headlines, is it becoming easier to convince organizations to do what they need to do to better protect themselves?
LD: I think to some degree yes. I think it’s become a more board-level conversation for many companies. But I think there are still, unfortunately, companies out there that don’t take enough action until they have been hit by ransomware or they have a threat in their environment. So I think there are a lot of companies that are still more in reactive mode. But for many companies, I do think that it’s a more board-level discussion and they are much more proactive. And I think that will continue to be a trend as more and more of our world becomes digital, and more and more of our data, our customers’ data and our partners’ data, becomes digital. I think that is going to need to be a trend that continues.
CF: What are partners’ main pain points and how is Sumo Logic addressing those?
LD: What I hear from a lot of our partners is similar to a pain point that we have in our environment. It’s around how to bring in top talent and then how do you enable top talent. For our partners as well as for us, we want to have the best resources for our customers. And so it’s a constant effort, as technology changes, as the landscape changes, to have a team of people that is best in class, that is enabled, and that have the skills and knowledge of technology to provide solutions to our customers. So I think that’s going to be an ongoing battle for us.
The combination of the talent shortage that exists in technology, and specifically even more so in cybersecurity, as well as this great resignation and people moving around in roles, the ability for us to enable our teams and our partners is going to be incredibly critical to provide the services and support that our customers and our joint customers need. What are we doing to address it? We’re putting a lot of focus on No. 1, doing things like providing runbooks and playbooks and configurations, things that help up-level to serve that base level. And then we’re putting a lot of focus around enablement and training, and skills development for our people here and for our partners so that we can help support them, and they can have the knowledge, skills and awareness of our tools to put together solutions for their customers.
CF: What are your goals for Sumo Logic’s channel in 2022?
LD: We have big goals here around how much of our business we want to be driven through partners. And so we work to
increase that number. And for this year, we’re looking to have a big increase in the amount of business we do through and with our partners. But probably a broader goal outside of just the metrics in the numbers is to have Sumo Logic be known as the easiest partner to work with, the partner that has the most partner-friendly, the most profitable, the most clean processes and the most connections to our partners. That to me is the real goal. We need to drive the business through and with our partners, but we need to be the best partner for our partners. So we have a lot of work to do around that, around simplifying how we do business, providing the best enablement, providing the best connections to our team, and creating that experience for our partners.
In other cybersecurity news …
A new ISC2 poll shows cybersecurity professionals globally are worried about an escalation of cyberattacks stemming from the Russian invasion of Ukraine.
More than 260 ISC2-certified cybersecurity professionals from 41 countries participated, including Ukraine and the Russian Federation. They represent 33 different industries, with the most in financial services, followed by IT services and health care.
Clar Rosso is ISC2’s CEO.
“The most surprising finding is the commonality of concerns across 41 countries and 33 industries,” she said. “Most respondents are worried about cyber threats to critical infrastructure and supply chain, and secondary concerns are also quite similar. Respondents urge their peers to prepare for the worst and sense that organizations are ill-prepared. ISC2 and many others are warning organizations that massive cyber threats are imminent and everyone should be on high alert. “
The top concern across the board was the immediate threat to critical infrastructure and essential supply chains that would put lives at risk anywhere in the world. A member of the German military was concerned that “hacktivist efforts against Russia will be incorrectly attributed to the U.S. and will lead to an escalation such as a large-scale cyberattack on U.S. critical infrastructure and/or the banking sector.”
In addition to being concerned about how attacks could shut down critical functions of society, respondents were also concerned about the level of preparedness that exists to combat such attacks. “Operational capacity and readiness” was the top concern for a member of the U.S. military.
Cybersecurity professionals also worry about threats to businesses and how their customers could be impacted financially.
“The workforce shortage certainly doesn’t help cybersecurity teams feel as prepared as they would like to be,” Rosso said. “With 60% of cybersecurity teams dealing with a cybersecurity workforce shortage in their organization, most teams are trying to do more with less. The best course forward is to remain vigilant and do everything possible to limit cyber exposure, such as deleting ghost accounts, patching software and hardware, resetting passwords, implementing multifactor authentication (MFA), backing up data and testing those backups.”
Respondents looked beyond the current wave of attacks to the future and questioned whether cyberwar tactics would become a global norm.
Some respondents foresaw the possibility of non-related attacks taking advantage of the worldwide attention on Ukraine to sneak by undetected.
What’s clear is cyber professionals everywhere are concerned about the ramifications of the invasion. Even as cyber threats are weighed, some respondents sent a reminder that it’s important not to lose sight of the fact that human lives are at stake in Ukraine.
Island, which provides a secure enterprise browser, has raised $115 million in its Series B financing round at a $1.3 billion valuation.
The round was led by Insight Partners, which led Island’s prior financing round. Existing investors Stripes and Sequoia Capital also participated in this round, bringing Island’s total funds raised to over $200 million.
This round follows Island’s emergence from stealth on Feb. 1. Its partners include VARs, MSPs and MSSPs.
Its browser enables organizations to protect users and data at the point where they interact with SaaS and internal web applications. By using the browser, security teams can control the last mile, from basic exfiltration protections such as copy, paste, download, upload and screenshot capture, to more advanced security demands such as smart network routing and MFA insertion.
Mike Fey is Island’s CEO and co-founder.
“With this new funding, we’re able to innovate to solve a host of previously unsolvable problems that extend beyond the security space into the realms of productivity and IT, which will ultimately benefit our partners,” he said. “The Series B funding will enable Island to scale the company, and fund both its R&D and GTM teams to ensure customer success. This includes both direct sales and channel teams.”
Channel partners will play a critical role in Island’s growth and expansion, both in North America and EMEA, Fey said.
“Island is seeing strong interest from partners who are looking for opportunities to bring the enterprise browser into their existing accounts,” he said. “As a result of demand, Island plans to hire four or five dedicated channel personnel in the eastern United States, western United States and EMEA, with a channel manager overseeing geographic-specific personnel.”
Ransomware payments hit new records in 2021 as cybercriminals increasingly pressured victims to pay up by threatening to release sensitive data online, according to new research from Unit 42 by Palo Alto Networks.
The average ransom demand in cases worked by the Unit 42 security consultants rose 144% in 2021 to $2.2 million. The average payment climbed 78%, to $541,010.
Ryan Olson is vice president of threat intelligence at Unit 42.
“Ransomware actors have focused a significant amount of energy on multi-extortion tactics over the past year,” he said. “Unit 42 has seen at least 35 new ransomware gangs threaten to expose data or utilized leak sites in 2021. In 2021, names and proof of compromise for 2,566 victims were publicly posted on ransomware leak sites, which marked an 85% increase compared to 2020.”
When an organization’s information is leaked, it creates a costly and time-intensive process for them, Olson said. It can also have an impact on their reputation as well.
“This is why ransomware actors use this tactic – it increases the return on investment (ROI) and possibility that they might get paid,” he said. “These tactics pressure victims to pay the ransom fast, as well as make it so that offline backups aren’t enough for organizations. It used to be that if organizations had and tested offline backups, it was enough to recover from a ransomware attack. With multi-extortion, it makes those backups almost useless. We have seen numerous types of data leaked from organizations, including intellectual property, contracts, internal communications and more.”
The Conti ransomware group was responsible for the most activity, accounting for more than one in five cases worked by Unit 42 consultants in 2021. REvil, also known as Sodinokibi, was No. 2 at 7.1%, followed by Hello Kitty and Phobos, at 4.8% each. Conti also posted the names of 511 organizations on its dark web leak site, the most of any group.
The number of victims whose data was posted on leak sites rose 85% in 2021 to 2,566 organizations, according to Unit 42’s analysis. Sixty percent of leak site victims were in the Americas, followed by 31% for EMEA and then 9% in the Asia-Pacific region.
The most affected industries were professional and legal services, construction, wholesale and retail, health care and manufacturing.
“We anticipate that 2022 will continue to see ransomware actors innovate and succeed while they seek new ways to extort victims and get paid,” Olson said. “We’ll continue to see – and have – efforts of multi-extortion pay off. We’ll see actors operate affiliate models with ransomware as a service, and we’ll likely see ransomware actors leverage zero days and reported common vulnerabilities and exposures (CVEs) to exploit and gain an initial foothold in an organization.”
This week, cloud security provider Lacework announced the hiring of Splunk veteran Brian Lanigan as its new vice president of worldwide channels and alliances. He’ll help expand the Lacework partner program to include new and more diverse partners. MSPs, GSIs, ISVs and CSPs are crucial to Lacework’s continued growth.
In a Q&A, Lanigan talks about what partners can expect from him in the coming months.
Channel Futures: Why did you want to take this role with Lacework?
Brian Lanigan: I’m joining Lacework at a similar time in its trajectory to when I joined Splunk. What I loved about that role, and what I’m looking forward to getting back to at Lacework, was building a partner ecosystem from the early days that addresses a key need in an industry.
CF: How will your previous experience with Splunk come into play in this new role?
BL: We started tracking this entire cloud security market at Splunk a few years ago, so I was already familiar with the space before joining Lacework. When I look at the last two years specifically, with the acceleration to the cloud with the pandemic, I started noticing that DevOps and security teams were needing to address the growing complexity and scale of cloud infrastructures. And in order for organizations to scale quickly and securely, the DevOps Team and the security teams needed to develop a better together approach in order to deliver business outcomes. Additionally, my experience with the security partner ecosystem at large has set me up for this role. All of the partners I’ve worked with and will work with in the future are now moving to a cloud-centric model. I also have a lot of experience building partner ecosystems in both domestic and international markets, which is essential as Lacework expands at exponential rates.
CF: What’s your take on Laceworks’ current channel strategy and partner program? Any changes needed?
BL: When I initially looked at the partner program, I really admired how forward-thinking Lacework was in not designing a program that’s one-size-fits-all. Partners provide different capabilities; some of them want technical skill sets and others want to build services on top of Lacework’s platform. The program is designed with that flexibility in mind. And all of this intersects with how we go to market with our CSPs.
I just joined Lacework, so I’m focused now on building a deep understanding of the program and how it is working for partners. I know that as of a few quarters ago, approximately 60% of our sales were influenced by partners, which is a great sign that something is working within the organization. Our leadership team is committed to partners being the way a company can grow profitably and I’m here to help make that happen.
CF: What’s at the top of your to-do list?
BL: The first 90 days will be critical. Joining a new organization, especially as a leader, requires a lot of analysis of what’s happening on the ground and then a quick transition to execution. I’m going to spend time absorbing how the partner program is currently functioning, including the rollout of the new program launched just a couple months ago. And then we will take a data-driven approach to determining how we’ll continue to roll that program out to new partners as we expand. When you’re in a hyper state of growth, you’re going to have a lot of potential new partners streaming in. It’s important to remember to invest with the partners that are going to invest in you.
For the price of a fast-food burger, you can buy tools needed to initiate cyberattacks of all kinds.
That’s according to data presented by the Atlas VPN team. Different types of cyberattack packs, including phishing, ransomware, distributed denial of service (DDoS) and others can be purchased for less than $50 on the dark web, with some starting as low as $5.
Ruta Cizinauskaite is cybersecurity writer and researcher at Atlas VPN.
“The data leads to an unsettling revelation that cyberattacks are no longer limited to professional hackers,” she said. “With cyberattack kits being so readily available on the dark web and the prices so low, anyone who dares step into the dark net can acquire the tools needed to launch a cyberattack.”
Remote access trojan/tool (RAT), malicious software that allows one to gain full access and remote control of another device’s system, is the cheapest cyberattack tool on the dark web. Prices start at just $5 and can go up to $45.
Phishing attack packs are also on the lower end of the price scale. In particular, the avengers whaling phishing kit costs as little as $7.
Next comes the ultimate password-cracking pack with instructions, demo and help. These tools are designed to discover devices’ passwords and can be had for only $10. For the same $10, dark web users can also get a DDoS attack kit.
The ultra-dangerous malware suite costs $12. However, the dangerous malware pack 2021 edition costs almost twice as much. Meanwhile, a hacker startup kit can be bought for as little as $14.
Prices of basic ransomware, which employs encryption to hold victims’ data at ransom, start at $15 and can go up to $76. Ransomware with source code, on the other hand, costs $50. The source code can help malicious actors customize the ransomware to their own malware campaigns.
Finally, prices for VPN breach packs vary between $15 and $100.
For the price of a fast-food burger, you can buy tools needed to initiate cyberattacks of all kinds.
That’s according to data presented by the Atlas VPN team. Different types of cyberattack packs, including phishing, ransomware, distributed denial of service (DDoS) and others can be purchased for less than $50 on the dark web, with some starting as low as $5.
Ruta Cizinauskaite is cybersecurity writer and researcher at Atlas VPN.
“The data leads to an unsettling revelation that cyberattacks are no longer limited to professional hackers,” she said. “With cyberattack kits being so readily available on the dark web and the prices so low, anyone who dares step into the dark net can acquire the tools needed to launch a cyberattack.”
Remote access trojan/tool (RAT), malicious software that allows one to gain full access and remote control of another device’s system, is the cheapest cyberattack tool on the dark web. Prices start at just $5 and can go up to $45.
Phishing attack packs are also on the lower end of the price scale. In particular, the avengers whaling phishing kit costs as little as $7.
Next comes the ultimate password-cracking pack with instructions, demo and help. These tools are designed to discover devices’ passwords and can be had for only $10. For the same $10, dark web users can also get a DDoS attack kit.
The ultra-dangerous malware suite costs $12. However, the dangerous malware pack 2021 edition costs almost twice as much. Meanwhile, a hacker startup kit can be bought for as little as $14.
Prices of basic ransomware, which employs encryption to hold victims’ data at ransom, start at $15 and can go up to $76. Ransomware with source code, on the other hand, costs $50. The source code can help malicious actors customize the ransomware to their own malware campaigns.
Finally, prices for VPN breach packs vary between $15 and $100.
Sumo Logic channel partners can expect to see more of the company’s business driven through them in 2022.
That’s according to Lynne Doherty, Sumo Logic’s new president of worldwide field operations. Last November, she joined Sumo Logic from McAfee Enterprise, where she was executive vice president of global sales and marketing. McAfee Enterprise has since split into Trellix and Skyhigh Security.
Sumo Logic reported 19% year-over-year revenue growth for fiscal 2022.
Sumo Logic’s Lynne Doherty
“We had a great year here at Sumo Logic,” Doherty said. “Partners played a huge role in our success and in our growth. Last year, partners made up more than half of our new business, and that’s a growing number every year. So they play a very strategic role in both providing value-added services to our customers as well as helping us to scale. In addition, last year we were named Amazon Web Services (AWS)’s ISV Partner of the Year, which I think says a lot about our value as a partner. And that’s in marketplaces with MSPs, ISVs, distributors and traditional resellers. I think that award was really a validation of how important partners are to us and how partner-focused our organization is. So we couldn’t have done it without our partners.”
Last year, Sumo Logic acquired DFLabs, gaining a security orchestration, automation and response (SOAR) platform. It also acquired Sensu. That acquisition will accelerate Sumo Logic’s observability strategy by providing customers with an end-to-end solution for infrastructure and application monitoring.
Impact of Ukraine Invasion
In a Q&A with Channel Futures, Doherty talks about how the Ukraine invasion has impacted her company. She also addresses opportunities for Sumo Logic channel partners.
Channel Futures: Does Sumo Logic have operations and business in Russia and/or Ukraine? If so, has it taken action because of the Ukraine invasion?
Lynne Doherty: We have no people in Russia or Ukraine, but we have a big technology hub in Poland. And so for us, first and foremost is complying with any U.S. sanctions that come out. So we’re making sure within our products that we’re complying with the U.S. sanctions. So that’s on the product side. But from a human side, we have done a lot to make sure to support our resources in Poland as there are so many people moving from Ukraine into Poland as refugees. And so our effort has largely been supporting our teams in Poland as we don’t have any people in Russia or Ukraine.
Scroll through our slideshow above for more from Sumo Logic and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like