The Gately Report: Sumo Logic Gives More to Partners Post-Francisco Partners Acquisition
Also, a data breach is impacting millions of Delta Dental of California patients.
![Sumo Logic partners benefitting from acquisition Sumo Logic partners benefitting from acquisition](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltcab17752b92b599f/65242b07dbf7e6d4fabc2d6d/The-Gately-Report-logo.jpg?width=700&auto=webp&quality=80&disable=upscale)
Channel Futures: Has the acquisition had any impact on Sumo Logic’s channel strategy and partner program, and how it works with partners?
Timm Hoyt: It has had an impact. It hasn't changed anything from the principal and the strategy of what we discussed previously. We still have a strong partner-first commitment organizationally. To be a partner-first organization, the most important piece is how we are engaging in the field with customers. That's really important to partners. But also, there are a number of other cross-functional elements that really define the commitment a vendor is making to being partner-first. And in this case, product development is the next biggest piece. Some of these new innovations and commitments we're bringing to the MSSP business are examples.
We held our first-ever partner advisory board in October. We gathered nearly 20 partners, a mixture of our ecosystems. So we had MSSPs there, we had solution resellers, we had Amazon Web Services (AWS), and it was the first time that we were able to collect feedback and share perspectives. And ultimately, I think this is going to be a fantastic cadence we get into to help listen to our customers, our partners and the needs they have for their customers, and then also be able to share, socialize and test ideas out. That's another example of some of the positive recent updates and how we're engaging with our partner community.
CF: You mentioned Sumo Logic is in growth mode. What role are partners playing in that growth and expansion:
TH: It’s significant. We began our partner-first journey in August of 2022 and have had some very strong moments during that time. And as we look at the growth we expect coming for the next two to three years, partners are going to play a significant role in that. And so we'll have partnerships like AWS.
We made some great announcements at re:Invent around additional collaboration of services and how Sumo is looking to support customers, accelerate the troubleshooting and security resolution of their AWS-centric environments. So that partnership is going to continue to be very important for us in the solution development, as well as go-to-market with their field sales organization, and then go-to-market and tri-party efforts with Sumo plus AWS plus partner. And that can be a solution consulting partner. That could be an MSSP. So it’s really important in that sense.
We’re seeing macro customer trends as they are also impacted by budget constraints and often organizational restructuring, losing talent around their cybersecurity efforts. The MSSP community is picking those up to augment or outsource, and we are an important part of the technology stack of many of those MSSPs. So they are going to be really important for us to scale in the SMB through the enterprise. A lot of these solution resellers who are building multiple solution stacks for their customers are critical in how we continue to grow. These are some great partnerships like Presidio and CDW, and Stratoscale as examples where Sumo fits an important piece of their tech stack that they're bringing to customers as a solution. So I'm excited about where we are, and more excited and anticipative of what's happening in 2024 and beyond.
CF: Last month, Sumo Logic announced the availability of its HELM Chart V4 feature to fully unify data collection as part of its continued commitment to open telemetry. What does this mean for partners?
TH: Sumo was early to embrace the idea of and then embed open telemetry into our platform. And so this is important for partners because it provides seamless integration into a number of customer environments. It drives some democracy around integration and APIs with other offerings, which is really centralized to what Sumo's story is; for example, collecting logs to drive insights, and then ultimately, actions. For customers, this is definitely an area where partners are going to be able to continue to benefit from that strategy of Sumo embracing and building an open telemetry into our platform as they look to bring more modern cloud-centric capabilities to their customers.
CF: Is the threat landscape shaping Sumo Logic’s product, business and channel strategies? If so, how?
TH: Certainly there are a lot of smart people here at Sumo Logic that are evaluating the market and making anticipations of what solutions we believe not only are needed for today, but for what's happening tomorrow. And then you bring in actual input, so we're not just listening in our own echo chamber to the ideation we have of what solutions customers and the market need. These are things like customer advisory boards and partner advisory boards. Our product teams are often engaged in our quarterly business reviews with customers to test their ideas and listen, and that helps shape our road map, absolutely. From just the overall threat landscape, you think about what we announced at AWS re:Invent. One of the announcements was AWS cloud infrastructure security. Thirty-nine percent of businesses last year had a cloud data breach. This is related to malicious behavior. It also sometimes is just simple human error and misconfiguration. So absolutely, that threat landscape of malicious to unintentional is squarely center mass to how Sumo is developing and releasing solutions to market.
CF: How is Sumo Logic incorporating AI?
TH: It’s early days on this artificial intelligence (AI) journey overall. And with Sumo, we do have AI capabilities today. They're really centered around how we help accelerate the insight to action for our customers and the partners who service those. We're seeing more and more often that partners are playing a role in the ongoing co-management of customers' environments. So the AI capabilities we have, and will continue to advance and release, are intended to accelerate the automation of decisions that maybe don't require a highly capable, expensive resource human to address, and then really filter in and provide those insights of the most important actions to decide to the human beings. I think this is where partners are going to benefit from that, whether they are a solution reseller or a co-managed to a full MSSP. Another thing that’s exciting here for our partner community is our product development team coming along with the journey around this partner-first motion, and I expect this to be co-innovating with partners more often.
CF: What sort of feedback are you receiving from partners? What are their most-pressing needs?
TH: The most pressing need that I hear consistently from our partners is how we help customers do more with less. Their customers are facing the same macro headwinds independent of the industry they're in, that are forcing them to think about tools consolidation, to think about human capital resourcefulness. And that narrative is one that partners are seeking us to help them with. It's really a center point to Sumo's core value proposition, one of those being around that tools consolidation, allowing a customer to leverage the same data in the Sumo platform offered by our partner for different lines of business, whether you are the DevSecOps team, the site reliability engineering (SRE) team or business users.
Maybe in some ways they have some solutions today which are siloed tool sets. Sumo's ability to provide a single data repository and then the personalized dashboards for insights into action, depending upon what role and persona you are, is a great tool consolidation story that ultimately helps customers with the budget constraints they have. And then secondarily is, how do we help employees become more resourceful? That gives them back time to spend on the most precious elements versus some of that drudgery tactical work they're doing with legacy solutions.
CF: What do you find most dangerous and surprising about the current threat landscape?
TH: I believe the most dangerous element is that it never sleeps. You think about traditional warfare and there are moments when the fighting stops so the teams can recalibrate and rest. The cyber war is 24/7/365. I think that's probably one of the most concerning elements of that. I think what is the most surprising may not be a surprise. What I'm most excited and curious about is the industry starting to take a more proactive stance against malicious actors rather than building just the moat around the castle. How do we start to go out and be aggressive in offensive attacks against the bad actors in the world, in addition to having obviously our castle protected. That is something the industry needs to think more about and I'm seeing it start to happen.
CF: What can partners expect from Sumo Logic in the months ahead, into 2024?
TH: They can expect a couple of things. One, they can expect continued clarity in the business value we drive for customers and the associated differentiation we have to Sumo Logic alternatives. We want our partners to be very clear on what we do, where we do it and why we're better, and also where we don't do it and we're not as good, so don't go spend your time there. That time is most precious. We will continue to drive that clarity, enablement and activation for our partners.
No. 2 is on the partner program. In the spring, we'll be launching a large partner program update. And it'll be really the first true global partner program that Sumo has had that will be driving competencies and associated benefits from those competencies, allowing a variety of our partners to specialize where they want to earn those competencies to differentiate themselves from their competition in the market as a leader in these competencies, as well as to benefit financially from those investments of winning more customers. And then some other program benefits that we will be launching, incentives for partners to continue to invest in Sumo and then to make those specialization competency investments so they differentiate themselves. Then for us, we know we've got go-to partners in cornerstone areas of our business where we can guide customer prospects to, who are seeking a specialist in observability and application reliability, for instance.
In other cybersecurity news …
Delta Dental of California has disclosed that nearly 7 million patients' personal data was compromised in a May MOVEit Transfer breach.
The Russia-linked ransomware syndicate Cl0p has obtained private information, including driver's licenses and passport numbers. MOVEit transfer hacks have impacted over 2,660 organizations, according to Emsisoft.
As confirmed by Delta Dental’s investigation on July 6, the hackers accessed and acquired Delta Dental of California and affiliates' information on the MOVEit platform between May 27 and May 30. The company filed a breach notification with the Maine Attorney General on Dec. 14.
The leaked information is personal and extremely sensitive. In its breach notification, Delta Dental said it engaged independent third-party experts in computer forensics, analytics and data mining to determine what information was impacted and with whom it is associated.
“This extensive investigation and analysis of the data recently concluded and was a critical component in enabling us to identify specific personal information that was acquired from the MOVEit platform,” it said. "Upon that determination, we have worked diligently to identify any impacted individuals to provide notification. Our investigation found that approximately 7 million individuals were impacted. In addition to our own investigation, we have also notified law enforcement of the incident and have been cooperating with them since.”
Bud Broomhead, CEO of Viakoo, said from when it was first announced, “we knew that there would be a long-term impact from the MOVEit vulnerability." More announcements are likely as organizations come to terms with whether their data was exfiltrated and to what extent customer data was included.
“Because of the scale that MOVEit operates at, one might suspect this and previous breaches reported are truly the tip of the iceberg,” he said. “Kudos to Delta Dental for having the forensics in place to make these determinations, but not all organizations will be capable of doing that. What is surprising is the depth of data that was included. Why would my dental insurance company need to retain passport numbers or other detailed personal information? Organizations should reconsider what data truly needs to be retained within personal records and reduce it to a minimum. Any data that does need to be retained should be encrypted at all stages of its journey and have digital watermarking to help determine if it has been exfiltrated through a cyber breach.”
Nick Tausek, lead security automation architect at Swimlane, said the disclosure of nearly 7 million impacted patients has made this the third largest MOVEit breach disclosed to date.
"A critical SQL injection vulnerability in MOVEit, a popular managed file-transfer software, has been weaponized by the Cl0p ransomware group since May, impacting thousands of organizations,” he said. “Information continues to be disclosed on the impact of this vulnerability. Health care organizations remain a prime target for data exfiltration and ransomware attacks, due both to their general inability to tolerate prolonged outages and also to the highly sensitive nature of the data collected by health care providers, including names, addresses, Social Security numbers, detailed health information and financial information.”
Checkmarx’s threat research team has uncovered a sophisticated supply chain attack targeting cryptocurrency firm Ledger.
The attack resulted in the redirection of users' crypto transactions to a wallet controlled by the attacker. The Ledger Connect Kit is a vital component in the decentralized application ecosystem owned by Ledger, a company that manages billions of dollars.
At this time, over $700,000 has been stolen as a result of this security breach. Ledger has released version 1.1.8 to patch the vulnerability.
Ledger chairman and CEO Pascal Gauthier disclosed the attack in a blog.
“This exploit was the result of a former employee falling victim to a phishing attack, which allowed a bad actor to upload a malicious file to Ledger’s NPMJS (a package manager for Javascript code shared between apps),” he said. “Ledger has engaged with authorities and is doing all we can to help as this investigation unfolds. Ledger will support affected users in helping to find this bad actor, bring them to justice, track the funds and work with law enforcement to help recover stolen assets from the hacker. The situation is now under control and the threat has passed. We understand the panic this caused for the community and broader ecosystem.”
Tzachi Zornstein, Checkmarx’s head of CXDustico, said this breach highlights the potential domino effect of a single compromised element in interconnected digital platforms.
“The reliance on third-party components adds layers of vulnerability, making every participant in the chain a potential target and contributor to a larger-scale compromise,” he said. “Therefore, it is crucial to ensure that effective security strategies are in place, which involves things like rigorous vetting of third-party components, implementing robust internal security measures and fostering a culture of cybersecurity awareness.”
Colin Little, security engineer at Centripetal, said back before the digital age, “it was easy to see if my bank had good security practices in place.”
“Security cameras, armed guards, a strong vault and other good physical security measures signaled to users that our assets were safe," he said. “In the digital age, however, we are forced to rely on faith that the vendors of our digital wallets have sound security practices. Security practices that would have prevented this attack include strong asset inventory, which would have decommissioned the disused software repo, strong employee account practices, which would have disabled the ex-employee's account, and user awareness training to prevent employees from falling for phishing attacks."
Cyberattacks on non-profits are becoming more damaging and more sophisticated, posing significant threats to remote workers and organizations alike, according to ETTE, a managed IT services provider for nonprofits.
The company is highlighting the top 10 most financially damaging hacks that non-profits have suffered.
“Nonprofit organizations often symbolize goodwill, public service and humanitarian efforts,” said Lawrence Guyot, ETTE's president and CEO. “Yet, even these beacons of societal benefit are not beyond the reach of cybercriminals seeking to exploit any vulnerability for financial gain. As more organizations have digitized their operations — sometimes without sufficient cybersecurity measures — the threat landscape has transformed drastically. Our report uncovers the top 10 most financially damaging hacks that non-profits have suffered, revealing a concerning trend where the sanctity of charitable works offers no shield against digital malevolence.”
The top 10 most damaging non-profit breaches are:
1. The Jewish Federation of Greater Washington – $7.5 million stolen
2. Save the Children Federation – nearly $1 million fraudulent transfer
3. Blackbaud ransomware attack – $49.5 million settlement and fines
4. One Treasure Island – $650,000 siphoned from affordable housing funds
5. Minneapolis Public Schools – $1 million ransom demanded by Medusa ransomware gang
6. Norton Health Care – personal information of nearly 2.5 million patients accessed
7. Save the Children International – 6.8 terabytes of data stolen by BianLian hacker gang
8. Bill Murray’s NFT Charity – $185,000 stolen
9. Maternal & Family Health Services (MFHS) – sensitive data of approximately 461,070 people exposed
10. People Inc. – up to 1,000 clients’ sensitive data exposed
Cyberattacks on non-profits are becoming more damaging and more sophisticated, posing significant threats to remote workers and organizations alike, according to ETTE, a managed IT services provider for nonprofits.
The company is highlighting the top 10 most financially damaging hacks that non-profits have suffered.
“Nonprofit organizations often symbolize goodwill, public service and humanitarian efforts,” said Lawrence Guyot, ETTE's president and CEO. “Yet, even these beacons of societal benefit are not beyond the reach of cybercriminals seeking to exploit any vulnerability for financial gain. As more organizations have digitized their operations — sometimes without sufficient cybersecurity measures — the threat landscape has transformed drastically. Our report uncovers the top 10 most financially damaging hacks that non-profits have suffered, revealing a concerning trend where the sanctity of charitable works offers no shield against digital malevolence.”
The top 10 most damaging non-profit breaches are:
1. The Jewish Federation of Greater Washington – $7.5 million stolen
2. Save the Children Federation – nearly $1 million fraudulent transfer
3. Blackbaud ransomware attack – $49.5 million settlement and fines
4. One Treasure Island – $650,000 siphoned from affordable housing funds
5. Minneapolis Public Schools – $1 million ransom demanded by Medusa ransomware gang
6. Norton Health Care – personal information of nearly 2.5 million patients accessed
7. Save the Children International – 6.8 terabytes of data stolen by BianLian hacker gang
8. Bill Murray’s NFT Charity – $185,000 stolen
9. Maternal & Family Health Services (MFHS) – sensitive data of approximately 461,070 people exposed
10. People Inc. – up to 1,000 clients’ sensitive data exposed
Sumo Logic partners are benefitting from both Francisco Partners taking the company private and Joe Kim becoming its CEO.
That’s according to Timm Hoyt, Sumo Logic’s senior vice president of worldwide partners and alliances. Francisco Partners completed its $1.7 billion acquisition of Sumo Logic in May and Kim, Francisco Partners’ senior operating partner, was named CEO.
Before the acquisition, Sumo Logic was a public company and its stock was traded on the Nasdaq stock exchange.
“Moving to a privately held company from a publicly held company allows for organizations who are in growth mode to do some things that would be more difficult to do in the public market around prioritization of investments and some restructuring,” Hoyt said. “And I think this is one of the areas that is helping partners to benefit. In addition to moving from a public to a private company that is held by Francisco Partners, there were also some organizational changes. One of those was the addition of Joe as our CEO, and Joe has come in with amazing operator experience combined with his private equity experience as well, and has helped the company with fresh eyes recalibrate on what is our core essence and our mission, and our purpose to support our vision. And that is helping the company make sure we are investing in those areas.”
Sumo Logic and MSSPs
In the partner landscape, one of the investment priorities is around MSSPs, Hoyt said.
![Sumo Logic's Timm Hoyt Sumo Logic's Timm Hoyt](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltd85cc9b1442ff37c/658080099b48d4040a65a8b7/Hoyt_Timm_Sumo_Logic_2023.jpg?width=700&auto=webp&quality=80&disable=upscale)
Sumo Logic's Timm Hoyt
“The MSSP space has been solid for Sumo, and we see macro trends to also complement additional investments,” he said. “The ability to do that with the support of Francisco Partners, and the direction and leadership of Joe, as he's helped us calibrate what our core beliefs are, where the product prioritization is, cross-functionally − how we are going to ensure we're executing and being accountable to one another − is a great benefit to customers and then the partners of ours who serve those customers.”
See our slideshow above for more from Sumo Logic and more hot cybersecurity news.
About the Author(s)
You May Also Like