The Gately Report: Trellix Partners Shielding SMBs from Ransomware
Plus, HHS has started cracking down on HIPAA violations due to ransomware attacks.
![Trellix partners get more security support Trellix partners get more security support](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltc2b806593c236bb9/65da0113c068cb040adbdb53/Cybersecurity_Shield.jpg?width=700&auto=webp&quality=80&disable=upscale)
Monster Ztudio/Shutterstock
Channel Futures: Trellix has been named a leader in IDC MarketScape for modern endpoint security for midsize businesses and enterprises. What does this mean for Trellix’s partners?
Jason Andrew: Trellix is a strong consideration for midsize businesses with attributes similar to larger enterprises, namely complex environments and sophisticated cybersecurity requirements. We continue to invest in innovating and accelerating the development of our XDR platform, which includes our modern endpoint security suite, so our partners can, in turn, strengthen the cybersecurity postures of businesses, regardless of size, with their expertise in managed detection and response (MDR) services.
CF: Trellix recently achieved AWS SMB Competency. Will partners benefit from this? If so, how?
JA: Absolutely. Achieving the Amazon Web Services (AWS) SMB Competency signals Trellix’s technology is suited for organizations of all sizes, from large enterprises to SMBs. It equips our partners with an additional selling point: Our AI-powered XDR platform addresses SMB cybersecurity challenges with faster detection, investigation and remediation. SMBs look to MSSPs and MDR providers to fulfill their cybersecurity needs, and achieving this competency is a differentiator for Trellix. Our XDR platform addresses their challenges, and our partners deploy and manage it in their ecosystems to maximize efficiencies.
CF: What’s the latest with Trellix’s Xtend global channel partner program? Anything new coming in the months ahead?
JA: Trellix’s Xtend global channel partner program is designed to help partners increase profitability, engagement and growth through the widespread adoption of the Trellix XDR platform. Our priority this year is to innovate and accelerate the development of our XDR platform so our partners can deploy their MDR services. We’re committed to ensuring the partner program continues to deliver value to our partners and enables them to be successful.
CF: Is Trellix attracting new partners? If so, what’s bringing them to Trellix?
JA: Trellix’s overall strategy focuses on developing deeper relationships with our existing partners like OneSource, Expel, Mandiant/Google Cloud and Trustwave, with the innovation and investment needed for continued growth and success.
CF: What sort of growth is Trellix experiencing and what role do partners play in that growth?
JA: We see a positive growth trend in the XDR, endpoint detection and response (EDR) and network detection and response (NDR) markets. XDR is the only way to manage the complexity, cost and efficacy of cybersecurity in the future. Together with our partners, we provide customers with increased security capabilities without excessive infrastructure and talent investment. We play a critical role in each other's success. Partners are essential for leading customers through an XDR buying journey and influencing adoption in a crowded vendor landscape. Partners are also essential as they are the epicenter of our customer success/retention models. Their ability to enhance product performance with their services and drive positive outcomes is part and parcel of fueling retention and broader portfolio adoption.
CF: What’s the latest in terms of feedback from partners? What are their latest needs?
JA: The general feedback has been positive in terms of our vision and direction. Candidly speaking, partners ask for more education and enablement to increase their response speed and deepen their domain knowledge. We’re focused on building a center of excellence around this practice, delivering to our partners the same rich, comprehensive training our Trellix sellers receive.
CF: Is the evolving threat landscape shaping Trellix’s business, product and channel strategies? If so, how?
JA: Absolutely. Along with our partners, we drive real-time innovation and differentiation to add value to solving the rapidly evolving threat algorithms. Simplicity, scale, speed and cost are all primary considerations when developing and evaluating strategic partnerships and investment thesis. Ultimately, AI, automation and analytics will shape the technology and services our partners need to deliver to maintain relevance.
CF: What do you find most surprising and dangerous about the current threat landscape?
JA: The increased adoption of AI brings advancements in security capabilities, enabling organizations to improve defensive tactics while also enabling nation-states and criminal organizations to improve offensive tactics. AI enables attackers to gain accelerated capabilities at a lower cost, as seen with malware development and perfect phishing. And cybercriminals are selling large language model (LLM) tools on the market now. The opportunity for business interruption, economic loss and destruction is real, especially for global SMBs and public sector businesses continuously targeted by ransomware. Organizations must adopt the people, processes and technologies to strengthen their cybersecurity postures.
CF: What can partners expect from Trellix in 2024?
JA: Our top priority is to be the best partner to CISOs worldwide, and ensure they have the technology and services needed to combat the next phase of cyber threats. We’re focused on, one, significant investments in technologies reducing the mean time to detect and respond (MTTD, MTTR) to threats — think XDR, EDR and NDR, and two, investing in AI and automation to continue to improve security operations so the good guys can play better offense.
In other cybersecurity news …
The U.S. Department of Health and Human Services has started to crack down on Health Insurance Portability and Accountability Act (HIPAA) violations due to ransomware attacks.
It’s Office for Civil Rights (OCR) has levied a $40,000 fine against Green Ridge Behavioral Health, a Maryland-based psychiatric health services provider, for HIPAA violations related to a ransomware attack on the company.
Green Ridge experienced a ransomware attack in 2019 that encrypted the health care records of 14,000 patients. Although the company did not pay the ransom and was able to recover its systems from backups, OCR’s investigation revealed them to have been out of compliance with HIPAA regulations.
OCR said Green Ridge failed to:
Have in place an accurate and thorough analysis to determine the potential risks and vulnerabilities to electronic protected health information.
Implement security measures to reduce risks and vulnerabilities to a reasonable and appropriate level.
Have sufficient monitoring of its health information systems’ activity to protect against a cyberattack.
This is the second time OCR has fined a HIPAA-regulated company for violations identified during a ransomware investigation.
“Ransomware is growing to be one of the most common cyberattacks and leaves patients extremely vulnerable,” said OCR director Melanie Fontes Rainer. “These attacks cause distress for patients who will not have access to their medical records, therefore they may not be able to make the most accurate decisions concerning their health and well-being. Health care providers need to understand the seriousness of these attacks and must have practices in place to ensure patients’ protected health information is not subjected to cyberattacks such as ransomware.”
Steve Hahn, BullWall’s executive vice president of Americas sales, said there’s a reason HIPAA has strict compliance guidelines and cybersecurity is supremely important to the security of patient information.
“Ransomware attacks on medical service providers have become a serious threat to public health and safety,” he said. “These attacks not only disrupt the delivery of essential medical services, but always compromise the security of sensitive patient information. The impact of these attacks can, in fact, be devastating, as they can leave medical providers struggling to recover their data and regain control of their systems. In this case, Green Ridge did not pay the ransom, but whether the ransom is paid or not, the costs in dollars and lost patient services severely cripple these already struggling institutions.”
Hospitals and health care organizations are particularly attractive targets for cybercriminals, and their reliance on technology to manage everything from patient records to surgical equipment makes them uniquely vulnerable, Hahn said.
“It is very encouraging to see OCR enforcing compliance with a cybersecurity best practices approach for providers,” he said.
Mark Cooper, president and founder of PKI Solutions, said the fact that this is only the second time OCR has fined a HIPAA company for violations after a cyberattack should be a wake-up call for the security teams at every health services provider.
![PKI Solutions' Mark Cooper PKI Solutions' Mark Cooper](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltb406d4c4ca7204df/65da033fd3a86e040a0f7130/Cooper_Mark_PKI_Solutions_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
PKI Solutions' Mark Cooper
“Medical records are far more valuable for hackers than credit card numbers or Social Security numbers, so a mindset shift is needed into proactive monitoring and visibility in critical infrastructure protection (CIP)," he said. "Misconfigurations should be a priority and not an afterthought. Invest in proactive monitoring and visibility now or pay later."
Kaspersky has exposed a new phishing campaign targeting SMBs. The attack leverages the email service provider SendGrid to infiltrate client mailing lists and employs stolen credentials to send out phishing emails, making them appear authentic, thus easily tricking recipients.
Cybercriminals often target mailing lists used by companies to reach their customers, presenting opportunities for spamming, phishing and other sophisticated scams. Access to legitimate tools for sending bulk emails further enhance the success rates of such attacks. Consequently, attackers frequently attempt to compromise companies' accounts with email service providers (ESPs).
Kaspersky discovered this phishing campaign that refines this attack method by harvesting credentials of the SendGrid ESP by sending phishing emails directly through the ESP itself. By doing so, attackers increase the likelihood of success, capitalizing on recipients' trust in communications from familiar sources.
The phishing emails appear to originate from SendGrid, expressing concern about security and urging recipients to enable two-factor authentication (2FA) to protect their accounts. However, the provided link redirects users to a fraudulent website mimicking the SendGrid login page, where their credentials are harvested.
To all email scanners, the phishing looks like a perfectly legitimate email sent from SendGrid’s servers with valid links pointing to the SendGrid domain. The only thing that may alert the recipient is the sender’s address. That’s because ESPs put the real customer’s domain and mailing ID there. An important sign of fraud is the phishing site's "sendgreds" domain, which closely resembles the legitimate "sendgrid" at first glance, serving as a subtle, yet significant warning sign.
What makes this campaign particularly insidious is the phishing emails bypass traditional security measures. Since they are sent through a legitimate service and contain no obvious signs of phishing, they may evade detection by automatic filters.
“Using a reliable ESP is important when it comes to your business’ reputation and safety,” said Roman Dedenok, a security expert at Kaspersky. “However, some sneaky scammers learned how to mimic reliable services, so it is crucial to check the emails that you receive properly.”
Roger Grimes, data-driven defense evangelist at KnowBe4, said the notable aspect is not scammers using SendGrid or appearing to come from reputable ESPs. That has been done for decades.
![KnowBe4's Roger Grimes KnowBe4's Roger Grimes](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt236f02df26931ea1/6538fc7adc1309e272ca34cc/Grimes-Roger_KnowBe4.jpg?width=700&auto=webp&quality=80&disable=upscale)
KnowBe4's Roger Grimes
“To me, the most interesting part of the scam, which is still probably not new or unique, is how it prays on everyone's understanding and appreciation of multifactor authentication (MFA),” he said. “A vendor coming to someone and saying 'hey, there's crime out there, you better buy more locks for your doors, and I'll take you to a quick link to buy more locks' is a genius scam. Everyone thinking they've just improved their security posture and probably mentally thanking the vendor for the prompting soon finds out it was the bad actors all alone. It's a bitter irony."
Kaspersky has exposed a new phishing campaign targeting SMBs. The attack leverages the email service provider SendGrid to infiltrate client mailing lists and employs stolen credentials to send out phishing emails, making them appear authentic, thus easily tricking recipients.
Cybercriminals often target mailing lists used by companies to reach their customers, presenting opportunities for spamming, phishing and other sophisticated scams. Access to legitimate tools for sending bulk emails further enhance the success rates of such attacks. Consequently, attackers frequently attempt to compromise companies' accounts with email service providers (ESPs).
Kaspersky discovered this phishing campaign that refines this attack method by harvesting credentials of the SendGrid ESP by sending phishing emails directly through the ESP itself. By doing so, attackers increase the likelihood of success, capitalizing on recipients' trust in communications from familiar sources.
The phishing emails appear to originate from SendGrid, expressing concern about security and urging recipients to enable two-factor authentication (2FA) to protect their accounts. However, the provided link redirects users to a fraudulent website mimicking the SendGrid login page, where their credentials are harvested.
To all email scanners, the phishing looks like a perfectly legitimate email sent from SendGrid’s servers with valid links pointing to the SendGrid domain. The only thing that may alert the recipient is the sender’s address. That’s because ESPs put the real customer’s domain and mailing ID there. An important sign of fraud is the phishing site's "sendgreds" domain, which closely resembles the legitimate "sendgrid" at first glance, serving as a subtle, yet significant warning sign.
What makes this campaign particularly insidious is the phishing emails bypass traditional security measures. Since they are sent through a legitimate service and contain no obvious signs of phishing, they may evade detection by automatic filters.
“Using a reliable ESP is important when it comes to your business’ reputation and safety,” said Roman Dedenok, a security expert at Kaspersky. “However, some sneaky scammers learned how to mimic reliable services, so it is crucial to check the emails that you receive properly.”
Roger Grimes, data-driven defense evangelist at KnowBe4, said the notable aspect is not scammers using SendGrid or appearing to come from reputable ESPs. That has been done for decades.
![KnowBe4's Roger Grimes KnowBe4's Roger Grimes](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt236f02df26931ea1/6538fc7adc1309e272ca34cc/Grimes-Roger_KnowBe4.jpg?width=700&auto=webp&quality=80&disable=upscale)
KnowBe4's Roger Grimes
“To me, the most interesting part of the scam, which is still probably not new or unique, is how it prays on everyone's understanding and appreciation of multifactor authentication (MFA),” he said. “A vendor coming to someone and saying 'hey, there's crime out there, you better buy more locks for your doors, and I'll take you to a quick link to buy more locks' is a genius scam. Everyone thinking they've just improved their security posture and probably mentally thanking the vendor for the prompting soon finds out it was the bad actors all alone. It's a bitter irony."
Trellix partners can help SMBs protect themselves from the ongoing onslaught of ransomware attacks.
That’s according to Jason Andrew, Trellix’s chief revenue officer. He took this role with Trellix last October after more than 26 years with BMC Software, most recently serving as its chief revenue officer.
Trellix recently unveiled its Advanced Ransomware Detection and Response (RDR). Trellix Extended Detection and Response (XDR) Platform for RDR provides visibility across an organization’s entire security ecosystem and delivers coverage for each stage of a ransomware campaign.
SMBs Heavily Targeted By Ransomware
“Small and medium businesses are continuously targeted by ransomware,” Andrew said. “Our research team discovered over 70% of ransomware victims in the United States over the last several years are organizations with 500 or fewer employees. Ransomware is not going anywhere. It will be more targeted and more sophisticated this year, and the use of artificial intelligence (AI) by threat actors will see a whole new breed of phishing campaigns and malware.”
The RDR solution helps Trellix partners accommodate their customers’ cybersecurity needs because it delivers the critical coverage required across each stage of a ransomware attack to strengthen operational resilience, he said.
![Trellix's Jason Andrew Trellix's Jason Andrew](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt90a40630fb99b130/65da0036fab3ca040a846228/Andtrew_Jason_Trellix_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
Trellix's Jason Andrew
“The Trellix XDR Platform for RDR is the only solution providing a complete set of security controls encompassing XDR, endpoint, email, network, cloud and data security to secure customers,” Andrew said.
Last week, Trellix announced its recognition on the Constellation ShortList for XDR Platforms and the Constellation ShortList for Endpoint Protection Platforms in the first quarter of 2024.
“Constellation’s ShortLists play a critical role in accelerating technology buying decisions,” said R “Ray” Wang, chairman and founder at Constellation Research. “Buy-side clients trust our analysts have identified the best vendors in each category and have identified new disruptive enterprise-class startups. With vendors accelerating their AI capabilities, clients expect our analysts to identify the vendors with real solutions ready for the market.”
Scroll through our slideshow above for more from Trellix and more cybersecurity news.
About the Author(s)
You May Also Like