The Gately Report: Synopsys to Jump-Start Investment in WhiteHat Security Partners
Also, this week saw the first-ever rollout of a bug bounty program by a ransomware gang.
![Jumper Cables Jumper Cables](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltacef506d301fed97/6524230b55d368d4f73f1378/Jumper-Cables.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Is Synopsys gaining more security capabilities and offerings with its WhiteHat Security acquisition?
Synopsys’ Vatsal Sonecha: Absolutely. So if you look at our portfolio, we are squarely focused in the application security space, which is helping developers write secure code, and for people that are deploying code, before they deploy, testing that code and being able to have some trust in the software that’s running in their infrastructure. As you look at this thing, we had very strong static analysis capabilities with [static analysis solution] Coverity. We had extremely strong software composition analysis capabilities with Black Duck. We had interactive application security testing with Seeker. And we had a significant business in the pen testing space, so managed services and things like that.
What we needed was a partnership relationship that was in the dynamic application testing area, and so that’s what we acquired with the WhiteHat acquisition.
Channel Futures: is WhiteHat Security going to be consolidated with Synopsys or is it going to remain as a brand and as a Synopsis company? How is that going to work?
VS: So over time, we tend to integrate businesses and bring them into the overall fold in order to realize the synergies. That’s not to say that we would just go and pull different functions and just smash them together. We do it extremely thoughtfully to make sure that we are retaining the value of the acquisition, as well as the commitments to the customers that we are making as part of WhiteHat. So we think about this as very much a family of two that are coming together and trying to merge into what’s the best thing.
Where we see significant synergies is on our SaaS platform. We have a SaaS platform called Polaris, and so the bulk of the work that will go in is to enhance the capabilities that will be available through that SaaS platform. WhiteHat has its own SaaS platform and we will bring those two efforts together. You will see a lot more richness that a customer will realize and a partner will realize in taking it to the customers as they think about our SaaS platform.
CF: The two companies had separate partner programs. Are those going to be consolidated? What would be the process and timeline for that?
VS: So we have already embarked on some of that in working with partners. And yes, we will combine those two programs. Partner programs need to be refreshed and need to be kept current with the current business practices and the realities of what is going on in both the technology world as well as how customers like to transact. So with that in mind, we have been building a brand-new partner program and will continue to bring these two efforts together. There won’t be two separate programs. Essentially what we’ve done is we have brought all the WhiteHat partners into the Synopsys program to begin with. And we will continue to add more over time to get us better geographic coverage, better services coverage, etc. So we are building that piece out very nicely.
CF: What’s the timeline for when that new partner program be be launched?
VS: The partner program is already underway. And so we are not looking to launch a new program per se. We’re going to continue to add and make progress on the program that we already launched. So today, if you look at how we used to go to market, we were 100% direct. We did some business through partners when the customers wanted that. We have changed that in the last two years completely.
We are now transacting more business through the partners and our goal is to go and continue to build in that area. And the way we are thinking about doing this is essentially to assist the partner in the selling process so as they build the capabilities in-house, as they go and bring on new customers, that we are able to continue to go and help them because in their customer journey, they’ve made certain investments in certain products and services. We are looking to help them realize better value out of those products and services by bringing our expertise into it.
CF: How do partners fit into Synopsys’ growth and expansion plans? Are you going to be targeting certain regions globally?
VS: We have a concerted effort throughout the United States, EMEA, Asia Pacific, China and Japan, very diligently building out each of these geographies. Some will be more attuned to the channel programs and some will have to be built over time. We’ll see increased focus into the channel area. We cannot scale the business to our aspirations without partnering with people that have the last mile with the customer. So we see them as a part of our journey. We see them very much as synergistic and allies in going to the last mile.
Our goal is to build trust in software. That is our mission. That’s what we’re really focused on. And we want to help customers get there. Systems integrators are another group. That is a very strong focus for us. We have looked at essentially doubling down our efforts with SIs, partnering with them with our technologies, helping them with our know-how on application security program development and testing services.
CF: What are your partners and customers’ most pressing needs? And will Synopsys be better able to meet those needs with WhiteHat Security?
VS: One of the things that partners would come back and tell us is they need the capabilities that require essentially automation, that require them to be available as services without a ton of expertise so to speak. And so that’s where WhiteHat really shines, where you can turn to a reliable third party to conduct your testing and give you back extremely reliable findings that you can then use to fix the things that are important versus wasting a lot of your time. And WhiteHat is a pioneer in this business. They started the dynamic application security testing (DAST) market. They are the player that has longstanding customers, who have helped them get that product to the right tuning that you really need. So we are now looking to do that for our partners, our reseller partners, our SI partners, and then as the maturity of the customer dictates, bring our products broadly to them.
We want to give them the complete option of doing it in-house and doing it right at the development phase, all the way into the testing phase, and be able to go and then give the CISO the ability to look at it from a risk management perspective.
CF: Where does Synopsys with WhiteHat Security fit into the current cybersecurity competitive landscape? And what’s your competitive advantage?
VS: The most important thing to note here is the breadth of the portfolio and getting all the tools under one umbrella. Now granted, these are all different acquisitions that we brought together, but our modus operandi is to really bring the value of each of those tools and aggregate the results and the findings, and be able to go and show the risk in different parts of the software investments or software assets that customers may have.
We did an acquisition last year of a company called Code DX, which essentially is this platform that brings all of the findings from different tools, whether it’s ours or somebody else’s, but brings the investments that the customer has made and helps them figure out where to really focus the efforts. The other part that you will see is we are very large in the open source space, and there is tremendous amount of use in the open source area. We play a pioneering role with Black Duck threat research and the capabilities of Black Duck. We are at the beginnings of a software supply chain risk management discussion and that journey that has become so important. So we have assets here that we bring to bear to solve today’s problems and over time evolve that software supply chain view of it.
Because of our Synopsys roots, we have a strong presence in the embedded area. And if you look at where the world is headed, it’s a hardware-software combined world that we are going into now. And as the sensors and the actuators, and the robotic systems and all the industrial control things come together to realize the next generation of business, you’re starting to see the value of this portfolio really shine, and they’ll come back and say you addressed a pretty broad way of approaching this thing.
CF: What can partners expect from Synopsys through the remainder of 2022 and into 2023?
VS: They will see a bigger embrace coming from us where we would love to go and work alongside partners, not to just identify passive opportunities that some customer demands and you try to fulfill, but we really want to get into the proactive game of going and saying, you have these 1,000 relationships, let’s tell them how the rest of the industry is doing, get into looking at their own vertical comps and looking at things and saying ‘Well, this is what your colleagues are doing in your industry and these are the kinds of modern ways of thinking about these things.’
So with our capabilities in the services area, and the program development area, we’ll bring that whole thing to bear where a customer can make a very judicious choice of where he/she wants to investment his/her time and dollars.
In other cybersecurity news …
The LockBit ransomware operation has released “LockBit 3.0,” a new ransomware as a service (RaaS) and the first ransomware bug bounty program.
In screengrabs circulated online, the RaaS gang says it aims to “make ransomware great again.” It will pay “all security researchers, ethical and unethical hackers on the planet” to provide personally identifiable information (PII) on high-profile individuals and web exploits. Payments range from $1,000 up to $1 million.
The ransomware operation launched in 2019 and has since grown to be the most prolific ransomware operation, accounting for nearly half of all known ransomware attacks in May 2022.
Casey Bisson is head of product and developer enablement at BluBracket, a provider of code security solutions.
“Legitimate bounty programs developed as an alternative to dark web marketplaces where vulnerabilities and PII have been exchanged for over a decade,” he said. “These ethical hacking programs have been enormously successful in helping to uncover attackable vulnerabilities and create a culture of responsible disclosure that has benefitted participants in these programs, security researchers, and helped to raise security awareness and skill across the industry. It’s no surprise to see ransomware groups refining their methods and services in the face of that competition.”
The bigger headline here is that attackers are increasingly finding they can buy access to the companies and systems they want to attack, Bisson said.
“This should have every enterprise looking at the security of their internal supply chain, including who and what has access to their code, and any secrets in it,” he said. “Unethical bounty programs like this turn passwords and keys in code into gold for everybody who has access to your code.”
Mike Parkin is senior technical engineer at Vulcan Cyber.
“Businesses offer bug bounties to get more eyes on their code, hoping they offer enough of a reward to entice researchers to take a look and responsibly disclose what they find,” he said. “Now, with the Lockbit ransomware gang apparently offering bug bounties of their own, anyone that still doubts cybercriminal gangs have reached a level of maturity that rivals the organizations they target may need to reassess. They have taken a page straight from a mature organization’s development playbook. If it works for a major player like Microsoft, Google or Apple, why wouldn’t it work for a criminal gang if they have both the maturity and the resources to do it?”
Malware gangs have caught up with conventional organized crime syndicates at this point, and it’s going to take an international effort to stop them, Parkin said.
“Unfortunately, we all know how well that’s worked overall,” he said.
Baptist Medical Center in San Antonio has been hit with a malware attack, which involved the exfiltration of data affecting more than 1.24 million patients from two Texas hospitals.
Baptist Medical released a statement on the attack:
“On April 20, 2022, it was discovered that certain systems within our network may have been infected with malicious code as a result of potentially unauthorized activity. In response to this incident, user access was immediately suspended to impacted information technology applications, extensive cybersecurity protection protocols were executed, and steps were quickly taken to restrict further unauthorized activity. In parallel, an investigation of the incident was immediately launched, and a national forensic firm was engaged to assist with investigation and remediation efforts. Although the investigation is ongoing, it has been determined that an unauthorized third party was able to access certain systems that contained personal information and remove some data from the network between March 31, 2022, and April 24, 2022.”
The personal information involved in this incident may have included one or more of the following:
Demographic information to identify and contact patients.
Social Security numbers.
Health insurance information.
Medical information.
Billing and claims information.
Driver’s license numbers, credit and debit card information, bank account information and account passwords weren’t involved in this incident, according to Baptist Medical.
Saryu Nayyar is CEO and founder of Gurucul.
“Here is yet another example of a security lapse involving a third party,” she said. “All network access should be monitored continuously in order to detect unauthorized access by malicious insiders, third-party contractors and cybercriminals. Insider threats can quickly become external threats as we’ve seen in this case. Organizations need to re-evaluate their threat detection, investigation and response (TDIR) programs to enhance insider risk and threat initiatives. The most effective defense is an advanced set of behavioral analytics, to baseline and monitor for unusual user behaviors and catch bad actors in real-time before data is exfiltrated.”
The number of ransomware attacks detected in the first quarter of this year has already doubled the total volume reported for 2021.
That’s according to WatchGuard Technologies’ most recent quarterly Internet Security Report. It details the top malware trends and network security threats analyzed by WatchGuard Threat Lab researchers.
Among the findings:
LAPSUS$ emerges following REvil’s downfall. Q4 2021 saw the downfall of the REvil cybergang, which opened the door for another group to emerge, LAPSUS$. WatchGuard’s analysis suggests the LAPSUS$ extortion group, along with many new ransomware variants such as BlackCat, could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.
Log4Shell makes its debut on the top 10 network attacks list. Log4Shell garnered attention for scoring a perfect 10.0 on the Common Vulnerability Scoring System (CVSS), the maximum possible criticality for a vulnerability, and because of its widespread use in Java programs and the level of ease in arbitrary code execution.
Emotet’s comeback tour continues. Despite law enforcement disruption efforts in early 2021, Emotet accounts for three of the top 10 detections and the top widespread malware this quarter following its resurgence in the fourth quarter.
PowerShell scripts lead the charge in surging endpoint attacks. PowerShell scripts were responsible for 99.6% of script detections in Q1, showing how attackers are moving to fileless and living-off-the-land attacks using legitimate tools. Although these scripts are the clear choice for attackers, WatchGuard’s data shows that other malware origin sources shouldn’t be overlooked.
Legitimate cryptomining operations associated with malicious activity. All three new additions to the top malware domains list in Q1 were related to Nanopool. This popular platform aggregates cryptocurrency mining activity to enable steady returns. These domains are technically legitimate domains associated with a legitimate organization.
Businesses still face a wide range of unique network attacks. While the top 10 IPS signatures accounted for 87% of all network attacks, unique detections reached their highest count since Q1 2019.
EMEA continues to be a hotspot for malware threats, according to WatchGuard. Overall regional detections of basic and evasive malware show Firebox firewall appliances in EMEA were hit harder than those in North, Central and South America, followed by APAC.
Corey Nachreiner is WatchGuard‘s CSO.
“Based on the early spike in ransomware this year and data from previous quarters, we predict 2022 will break our record for annual ransomware detections,” he said. “We continue to urge companies to not only commit to implementing simple, but critically important measures, but also to adopt a true unified security approach that can adapt quickly and efficiently to growing and evolving threats.”
HP this week released research from HP Wolf Security showing changing workforce dynamics are creating new challenges for IT teams around firmware security.
As business workforces become increasingly distributed, IT leaders say it’s harder than ever to defend against firmware attacks.
The shift to hybrid work models has transformed how organizations manage endpoint security, while also highlighting new challenges for IT teams around securing device firmware.
The HP Wolf Security global survey of 1,100 IT leaders reveals that:
The threat of firmware attacks is a growing concern for IT leaders now that hybrid workers are connecting from home networks more frequently. With hybrid or remote work now the norm for many employees, there is a greater risk of working on potentially unsecure home networks, meaning that the level of threat posed by firmware attacks has risen. More than eight in 10 IT leaders say firmware attacks against laptops and PCs now pose a significant threat, while 76% of IT decision makers said firmware attacks against printers pose a significant threat.
Managing firmware security is becoming harder and taking longer in the era of hybrid work, leaving organizations exposed. Some 80% of IT leaders are worried about their capacity to respond to endpoint firmware attacks.
Ian Pratt is global head of security for personal systems at HP. He said firmware provides a fertile opportunity for attackers looking to gain long-term persistence or perform destructive attacks.
“The security of firmware is frequently neglected by organizations, with much lower levels of patching observed,” he said. “In the last year, we’ve seen attackers performing reconnaissance of firmware configurations, likely as a prelude to exploiting them in future attacks. Previously, these types of attacks were only used by nation-state actors. The tools, tactics and procedures for targeting PC firmware could trickle down, opening the door for sophisticated cybercrime groups to weaponize threats and create a blueprint to monetize attacks.”
Once an attacker has gained control over the firmware configuration, they can exploit their position to gain persistence and hide from anti-malware solutions that live in the operating system (OS), Pratt said. This gives them an advantage, allowing them to stealthily maintain persistence on target devices so they can gain access to infrastructure across the enterprise and maximize their impact.
“We urge organizations to deliver protection where it is needed most: the endpoint,” he said. “Organizations should embrace a new architectural approach to security that helps to mitigate risk. This involves applying the principles of zero trust – least privilege access, isolation, mandatory access control and strong identity management. This approach requires resilient, self-healing hardware designed to hold its own against attacks and recover quickly when needed, while also containing and neutralizing cyber-threats.”
HP this week released research from HP Wolf Security showing changing workforce dynamics are creating new challenges for IT teams around firmware security.
As business workforces become increasingly distributed, IT leaders say it’s harder than ever to defend against firmware attacks.
The shift to hybrid work models has transformed how organizations manage endpoint security, while also highlighting new challenges for IT teams around securing device firmware.
The HP Wolf Security global survey of 1,100 IT leaders reveals that:
The threat of firmware attacks is a growing concern for IT leaders now that hybrid workers are connecting from home networks more frequently. With hybrid or remote work now the norm for many employees, there is a greater risk of working on potentially unsecure home networks, meaning that the level of threat posed by firmware attacks has risen. More than eight in 10 IT leaders say firmware attacks against laptops and PCs now pose a significant threat, while 76% of IT decision makers said firmware attacks against printers pose a significant threat.
Managing firmware security is becoming harder and taking longer in the era of hybrid work, leaving organizations exposed. Some 80% of IT leaders are worried about their capacity to respond to endpoint firmware attacks.
Ian Pratt is global head of security for personal systems at HP. He said firmware provides a fertile opportunity for attackers looking to gain long-term persistence or perform destructive attacks.
“The security of firmware is frequently neglected by organizations, with much lower levels of patching observed,” he said. “In the last year, we’ve seen attackers performing reconnaissance of firmware configurations, likely as a prelude to exploiting them in future attacks. Previously, these types of attacks were only used by nation-state actors. The tools, tactics and procedures for targeting PC firmware could trickle down, opening the door for sophisticated cybercrime groups to weaponize threats and create a blueprint to monetize attacks.”
Once an attacker has gained control over the firmware configuration, they can exploit their position to gain persistence and hide from anti-malware solutions that live in the operating system (OS), Pratt said. This gives them an advantage, allowing them to stealthily maintain persistence on target devices so they can gain access to infrastructure across the enterprise and maximize their impact.
“We urge organizations to deliver protection where it is needed most: the endpoint,” he said. “Organizations should embrace a new architectural approach to security that helps to mitigate risk. This involves applying the principles of zero trust – least privilege access, isolation, mandatory access control and strong identity management. This approach requires resilient, self-healing hardware designed to hold its own against attacks and recover quickly when needed, while also containing and neutralizing cyber-threats.”
WhiteHat Security, which rebranded to NTT Application Security last year, had paused its partner investment efforts. But that’s changing now that the company is owned by Synopsys.
That’s according to Vatsal Sonecha, Synopsys’ vice president of strategy and corporate development. Last week, Synopsys completed its acquisition of WhiteHat Security for $330 million in cash.
Synopsys said adding WhiteHat Security will expand its application security SaaS capabilities. The two companies share a vision for delivering SaaS-based security testing solutions and building security into the software development life cycle.
Synopsys, WhiteHat Security Coming Together
Now that the acquisition is a done deal, we spoke with Sonecha to learn more about the two companies coming together.
Channel Futures: What will this acquisition mean for partners of both companies? And is Synopsys taking on new partners and new partner types with this acquisition?
Synopsys’ Vatsal Sonecha
Vatsal Sonecha: We have embarked on a journey to build our reseller business over the last two years. And we’ve been at earnest going and building that business. We brought on a channel chief in Tom Herrmann, who is now building out his team and capabilities across the whole thing. We announced a distribution agreement with Arrow. This is a very clearly thought-out plan to go and be in the partner ecosystem and make sure we are friendly to distribution. We cannot reach everywhere ourselves; that is just not possible. And so this capability goes and does that.
WhiteHat coming in had put a pause on their partner efforts under NTT. So that goodness still remained, but the partners did not see as much investment going into it. And so we intend to essentially revive that entire effort and boost the combined efforts of the channel organization and drive that. And it’s all under Tom Herrmann. We’re going to continue to build that piece out. So our commitment to the channel is strong, and you will hear that loud and clear.
Scroll through our slideshow for more from Synopsys and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like