The Gately Report: Cyderes Charts Growth with Partners Post Fishtech-Herjavec Merger
An access broker is selling root access to 50 vulnerable networks on the dark web.
Shutterstock
Channel Futures: What’s taken place since the two companies have come together? Are the two companies fully integrated and consolidated now?
Cyderes’ Chuck Crawford: I would say for the most part we’re never going to be 100%. So things are always going to be in flux. We’re always going to be making some dynamic changes here and there, depending on the market and our customer demands, and where things go. But I would say for the majority of what we need to merge, how we want to structure our go to market (GTM), our sales teams, our support teams and management teams, we are complete.
We’ve actually come out with a new services catalog, a new product catalog, a new GTM and engagement strategy utilizing the strengths of both companies combined, which is the whole point of why we did this merger. Now we’re actually taking this and retooling our sales teams, building new collateral around our new offerings that we’re able to do both on the managed services side and the product resale side, as well as our professional services side.
CF: This month, the new Cyderes brand was announced. What does it mean to the company, its partners and customers?
Cyderes’ Jason Sloderbeck: Ultimately for our partners and customers, it’s all about that better together story. But from a brand standpoint, the idea of Cyderes and standing for cyber defense and response, and the slogan, it’s what we do. We really just think it’s the shortest and simplest way to tell customers what we’re all about. But ultimately, it’s … the best of all worlds from all fronts, whether it’s the service to our customers, having more SOCs, richer teams and a broader set of technology experience.
CF: Did you combine Herjavec’s and Fishtech’s partner programs, or have you rolled out an all-new partner program?
Crawford: We essentially combined both partners from the organization. And the good news is, after a pretty big evaluation, we found there was a lot of overlap in existing partners. So what we’re able to do is consolidate contracts for the most part. So it’s really easy for us to continue the resell process, whether it’s through the legacy Fishtech paper or legacy Herjavec paper on that side.
What we’re doing now is tiering our partners, much like partners tier vendor resellers. We’re … doing a reverse effect in regards to tiering partners and how it relates to our managed services offering, our IAM offering and our professional services offering, as well as how we see it relevant in the marketplace today to customer pain points and demand. So we’re tiering those around there. We’re working on formalized certifications, formalized GTM programs and marketing programs around all of that as well. And then tying our services, whether it’s managed services, identity services or professional services, along with that. So again, this whole concept of solutions selling back to our organization and not just tying on to a product alone.
CF: What kind of feedback have you been hearing from partners since the two companies and partner programs came together?
Crawford: A lot of them are wanting us to … re-educate them in regards to our GTM message. So much like we’re retooling and going back out to our existing customers and educating them around the benefits of the merger, the new offerings we have, our new strengths and weaknesses that we see in the market and how we’re able to kind of go and solve a lot of the issues, we’re doing the same with our partners. So these are both legacy strategic partners, as well as some of the new, emerging ones, especially in the application security space, which is something we’re targeting heavily, as well as the IAM space. We’re really showing them our advantage of why we did this merger, our new capabilities, and our growth in footprint now as well, being now a global partner as opposed to just regional partners, for us to help take our partners to market.
CF: What are your partners ’ and customers’ most pressing needs and is that being impacted by the evolving threat landscape?
Crawford: The biggest one that we’re trying to help solve and augment is just the shortage of talent within our customer sites. And I think that’s a huge piece of how we could show our advantage of helping our customers and being an extension of their teams internally. Not being just another VAR trying to sell them products that overwhelm them to manage, but being able to actually look at solutions holistically. Looking at their pain points and tie solutions to their pain points, and be an extension of their team to operationalize those solutions to to resolve their threats.
CF: What’s your take on the current threat landscape?
Sloderbeck: From an impact standpoint, ransomware is still the most impactful end game for most attackers, non-nation state attackers. And it’s all about how people are getting in. Malware is a big channel. Email is still a big channel with phishing. We also see identity as another important vector, misconfiguration, misprovisioning, access controls; some of these kind of age-old problems are still persistent.
And then I think cloud security is the other weak link in the chain for a lot of organizations. That’s just a brand-new field, that interaction between InfoSec teams and DevOps engineering teams, and firewall rules are now a configuration file that get pushed out of a code repository. It’s a big shift for a lot of organizations. And we see that as an area that people are still really struggling to shore up fully and integrate it into their systems. And then I think the other one is fraud; it continues to get closer to infosec where we see a lot of organizations, the way you extract revenue from them could be by holding them ransom, and it could also be by very sophisticated fraudulent schemes that do often depend on these same things like vulnerabilities and cloud security, or issues with identity and provisioning.
CF: Where does Cyderes fit in the current cybersecurity competitive landscape? And what’s Cyderes’ competitive advantage?
Crawford: In the competitive landscape, I would say we’re definitely one of the leaders if not the leader in this industry. That’s because of our relevance to solving needs in our customers’ pain points. So we’re not an end all, be all play for everyone intentionally. We are specifically targeting our GTM around what we feel are very targeted pain points that our customers are facing today. Lack of talent for all the security threats … going to cloud, IAM and ransomware. So we’re very targeted in how we could GTM around this from a services perspective and picking relevant solutions around that. That does include IAM as being a huge piece of that as all those latest attack methods really end up going back to the user perspective and the lack of user controls, and humans just being humans. We’re going to make natural errors on that side. So how can we help alleviate that and secure that as much as possible. Sizewise, we’re as large as we are and we’re continuing to grow a global footprint, redundant SOCs and a multi-skill set in regards to our professional services capabilities.
We’re taking our partnership levels even to another level where we’re actually investing in our partners as well in regard to being an extension of their sales teams in many ways. But also an extension of them and how we want to go to market, and being very direct in how they fit into a lot of our reference architectures that we want to build for our managed capabilities, and challenging our partners to build those integration capabilities and showing those values so we can talk to customers holistically around that.
We’re actually looking to go to customers, design architectures, design migration paths as they move toward cloud-enabled or multicloud-enabled environments, to even solving legacy issues as well those that are on premises. So I think our differentiator is still how we approach our customer pain points and the challenges we’re pushing back on partners around that to solve those pain points.
CF: What can partners expect from Cyderes during the remainder of 2022 and into 2023?
Crawford: I think partners will find that we’re going to be pretty easy to work with if they fit into our GTM. If there’s a qualifying need, we’re happy to work with them. We’re happy to help solve a pain point for a customer. We’re not going to be a roadblock. I think one of the things they’ll find with us is our agility to work with partners, to pivot on the fly and to help enable them to close a transaction. But the bigger thing that we’re going to work on with them, that I’m hearing good feedback from our partners on, is the ability to expand with our services and our advisory service offerings around that, and operationalize their products moving forward. So making it stickier within our clients if it’s applicable.
In other security news this week …
Synopsys has completed its acquisition of WhiteHat Security, which rebranded to NTT Application Security last year, for $330 million in cash.
Synopsys said adding WhiteHat will expand its application security SaaS capabilities. The two companies share a vision for delivering SaaS-based security testing solutions and building security into the software development life cycle.
Jason Schmitt is general manager of Synopsys‘ software integrity group.
“WhiteHat Security helped pioneer SaaS delivery of application security testing and brings powerful technology and expertise into our application security portfolio,” he said. “WhiteHat Security’s DAST capabilities complement our strengths in static analysis, interactive analysis and software composition analysis, while their expertise in SaaS will accelerate our security testing SaaS capabilities. We are excited about the value this will create for our customers and welcome the WhiteHat Security team as they join us in our mission to build trust in the software that businesses depend on.”
Earlier this month at RSA Conference USA, Dave Gerry, NTT Application Security’s chief revenue officer and head of global operations, commented briefly on the acquisition.
“What I will tell you is that the reception as a whole has been incredibly positive,” he said. “So we’re really excited about it and we think it’s going to be a really good thing for our partners.”
The Rapid7 Threat Intelligence team has uncovered an access broker selling root access to 50 vulnerable networks on the dark web. All are allegedly within the United States.
The same access broker claims to have a list of 10,000 additional vulnerable, but unexploited machines that they’re also willing to sell separately from the 50 compromised networks. Rapid7’s telemetry suggests that the 10,000 number is high, but the seller has a good reputation on the forum and so Rapid7 is inclined to believe their claims.
Erick Galinkin is principal artificial intelligence (AI) researcher at Rapid7.
“Though we’ve seen a great uptick in patching through our telemetry, attackers are still exploiting vulnerable internet-facing servers,” he said.
The type and level of potential damage depends on how connected the impacted server is to the rest of the network, Galinkin said.
“These 50 affected Confluence instances are all, according to this threat actor, running as root,” he said. “That means that the attacker is likely able to use techniques like kerberoasting to try and get additional credentials off the network and move laterally if the server is well-connected.”
Anyone running a Confluence server may be vulnerable, Galinkin said.
“A patch was made available very quickly and detections for vulnerable versions have been public for some time,” he said. “But a large number of these servers are still vulnerable and internet-facing.”
Any organization should immediately:
Patch any unpatched Confluence servers on their network.
Place their Confluence server behind a VPN or some other control.
If their server is unpatched, they should also begin looking for signs of compromise on the vulnerable endpoints.
“We have already seen active exploitation of this vulnerability in the wild, as it is an easy vulnerability to exploit and the attack surface is large,” Galinkin said. “I would anticipate that exploitation of this vulnerability will be ongoing for some time, as our telemetry shows it is one of the most popularly targeted vulnerabilities on the internet at the moment.”
BlackCloak, a digital executive protection provider, this week released its latest study, “Examining the Modern Attack Surface: Quantifying the Risks to Individuals and the Enterprise.” The study reveals just how shockingly vulnerable C-suite execs are.
BlackCloak polled over 1,000 members just before they onboarded onto its digital executive protection platform.
Key findings include:
Eighty-seven percent of execs’ personal devices have no security installed.
Another 87% have passwords leaked on the dark web.
Twenty-seven percent of execs’ personal devices contain malware.
Seventy-six percent of execs’ personal devices are actively leaking data.
Twenty-three percent of execs have open ports on their home network.
Twenty percent of those have open security cameras.
Fifty-three percent aren’t using a secure password manager.
Chris Pierson is BlackCloak‘s founder and CEO.
“The two findings that stand out the most to us are the fact that 23% of executives have open ports on their home network, and that 40% of executives have their home IP address available on data broker websites,” he said. “Open ports in home environments are very unusual and the fact that data brokers have evolved from harvesting names, emails and addresses to collecting home IP addresses presents all sorts of new risks. It’s like having the front door for your executives’ homes wide open.”
On the personal level, executives are exposing themselves to a variety of threats, including spoofing and impersonations, identity theft, financial fraud, account takeover, malware and ransomware, reputation damage, and communications hijacking, among others, Pierson said.
“What’s notable here is that these threats can also have direct impact or collateral damage on their company,” he said. “For example, malware and home network compromise can serve as the path of least resistance into the executives’ company, while reputation damage and impersonations can negatively impact business continuity.”
The challenge is that security teams cannot simply extend corporate security into personal digital lives, and that consumer-grade security is not built to protect those who are directly targeted, Pierson said.
“For organizations that don’t provide digital executive protection solutions, imploring that executives set up and use antivirus software, password vaults, and multifactor authentication (MFA) across all personal accounts is a daunting, yet important task,” he said. “But then the challenge becomes who is going to monitor it and check the yes or no box when something that is unknown tries to run? In addition, going through the arduous process of data broker removal, or finding and remediating your dark web password exposure, are two other security measures that will improve an executive’s risk profile.”
SentinelOne has unveiled integrations with IBM, Swimlane, and Intezer, increasing use case offerings available via its Singularity Marketplace. The new integrations cover security information and event management (SIEM), security orchestration, automation and response (SOAR), and malware analysis.
Ruby Sharma is SentinelOne’s head of technology partnerships.
“SentinelOne partners will benefit from access to SentinelOne’s unmatched security telemetry,” she said. “The integrations allow SentinelOne customers to defend themselves with the very best extended detection and response (XDR) technology while using the tools they are most familiar with. Allowing these already outstanding security tools to ingest the best security telemetry courtesy of SentinelOne, customers enjoy an enhanced level of security. With SentinelOne detecting threats in progress, and IBM, Swimlane and Intezer analyzing potentially malicious files and orchestrating incident response, joint customers can embrace a defense-in-depth strategy.”
The API integration between SentinelOne Singularity XDR, and IBM Security QRadar SIEM and SOAR consolidates visibility across SentinelOne managed endpoints, cloud workloads, identities and additional SOC tools, incorporating SentinelOne context for automated detection and response. SentinelOne filters its detections through IBM’s QRadar SIEM for correlation, triage and investigation.
The SentinelOne integration with Swimlane increases visibility and triage accuracy, reduces alert fatigue, and accelerates mean-time-to-respond. It leverages SentinelOne Singularity XDR APIs for Swimlane to trigger low-code automation playbooks, case management processes, and populate modular dashboards or reports. This joint solution provides centralized case management, automated incident enrichment, and alert remediation.
SentinelOne and Intezer combine to automatically triage incidents and provide advanced malware analysis verdicts, lessening the load on busy security teams. When SentinelOne detects a malicious activity, customers now have the option to automatically share alert data with Intezer for analysis. Intezer’s analysis is returned to SentinelOne for consolidated visibility and mitigation.
Norton, a consumer cybersecurity brand of NortonLifeLock, has expanded the availability of its new program for resellers and distributors, the Norton Empower Reseller Program.
Through this program, Norton will reward partners who sell applicable Norton Empower-enabled products and services to their customers with a revenue share program.
As a member of the program, partners can keep track of their revenue share, subscriptions sold and activations through the Empower reseller portal. Partners can:
Place orders and download product keys for Norton subscriptions.
Renew customers’ subscriptions.
Access marketing assets.
Steve Wilson is United Kingdom and Ireland director at NortonLifeLock.
“We’re excited to expand the Norton Empower Reseller Program to offer our strong network of existing partners – as well as potential new partners – an even better way to work with the Norton brand,” he said. “Through the [program], we want to help our partners to be as successful as they can be in selling Norton products and services. When our partners succeed, we succeed, and more consumers can access cyber saety.”
Norton Empower members in the United Kingdom have access to sell Norton AntiVirus Plus, Norton 360 Standard, Norton 360 Deluxe, Norton 360 Premium and Norton 360 for Gamers.
Norton, a consumer cybersecurity brand of NortonLifeLock, has expanded the availability of its new program for resellers and distributors, the Norton Empower Reseller Program.
Through this program, Norton will reward partners who sell applicable Norton Empower-enabled products and services to their customers with a revenue share program.
As a member of the program, partners can keep track of their revenue share, subscriptions sold and activations through the Empower reseller portal. Partners can:
Place orders and download product keys for Norton subscriptions.
Renew customers’ subscriptions.
Access marketing assets.
Steve Wilson is United Kingdom and Ireland director at NortonLifeLock.
“We’re excited to expand the Norton Empower Reseller Program to offer our strong network of existing partners – as well as potential new partners – an even better way to work with the Norton brand,” he said. “Through the [program], we want to help our partners to be as successful as they can be in selling Norton products and services. When our partners succeed, we succeed, and more consumers can access cyber saety.”
Norton Empower members in the United Kingdom have access to sell Norton AntiVirus Plus, Norton 360 Standard, Norton 360 Deluxe, Norton 360 Premium and Norton 360 for Gamers.
Cyderes, the mega MSSP formed by the merger of Fishtech Group and Herjavec Group, is relying on partners to expand its global reach.
The Cyderes brand made its debut last month. It stands for “cyber defense and response.” It uses its cloud-native analytics platform (CNAP) to help enterprises tackle the world’s biggest cyberattacks. It has more than 800 security professionals operating out of six global security operations centers (SOCs).
Fishtech and Herjavec merged in January, backed by private equity company Apax Partners. Apax holds a majority stake in Cyderes. In addition, Robert Herjavec, founder and CEO of Herjavec and star of ABC’s “Shark Tank,” and Gary Fish, founder and CEO of Fishtech, maintain significant equity in the new business.
Great Synergies
Chuck Crawford is Cyderes’ chief solutions architect. He’s responsible for Cyderes’ partner programs, which include more than 180 technology partners.
Cyderes’ Chuck Crawford
“One of the great synergies between merging Herjavec and Fishtech was the lack of conflict in the region worldwide,” he said. “So Herjavec was really strong in the Canadian area and some of the western coasts, as well as Europe. Fishtech was really strong in the central and East Coast of the United States. So merging gave us now a nice, wholistic footprint literally worldwide. We were able to almost triple our SOC footprints worldwide now for our customers and literally tripled our professional services bench, including identity and access management (IAM) and more than … quadruple our managed services capabilities for our clients and across the board. So we’re super excited about just the synergies between the two companies.”
Jason Sloderbeck is Cyderes’ vice president of worldwide channels. He supports Cyderes’ strategic partners including Google.
Cyderes’ Jason Sloderbeck
“We see partners as a way for us to go global to get that global reach,” he said. “So in the alternatives for us is to build up a direct salesforce in Europe, for example. Yes, we’ve got people on the ground in Europe, but it’s much faster to be able to work with major partners in those regions and provide overlays to them as a way to get that global reach to match our global security footprint.”
Scroll through our slideshow above for more from Cyderes post-merger and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like