The Gately Report: CrowdStrike Channel Partners Crucial to Reaching Ambitious Revenue Goals
This week marks the one-year anniversary of the Colonial Pipeline ransomware attack.
Shutterstock
Channel Futures: CrowdStrike recently introduced new adversary-focused Cloud Native Application Protection Platform (CNAPP) capabilities. What do these new capabilities mean for CrowdStrike partners?
Michael Rogers: It’s really exciting what we’ve done there. We’ve established very strong partnerships with Amazon Web Services (AWS) and Google, and we’ve built cloud-native offerings to both assess the security posture of their customers and cloud workload protection for those customers in a very innovative way, allowing those workload instances to be protected from adversaries. So it’s been a great success. We’ve got a specialist team focused on supporting both our internal sellers and our partners, and then within our alliances organization, we have a cloud alliances team focused on not only tapping into the bidirectional value that we can derive together in going to market, not just with the cloud solution offerings, but also with our Falcon platform and our accompanying 22 modules that have been developed over the course of the last few years.
CF: CrowdStrike and Mandiant have formed a strategic partnership to protect organizations against cyber threats. Are partners going to benefit from this? And if so, how?
MR: One of the programs that we launched two years ago that’s been very successful is our engagement license program. What that allows partners to do is harness the the power of the Falcon platform … when they’re responding to customers in their most dire time of need, when they’re under a breach and attack.
We allow our partners to deploy that platform in the customer environment for a period of time at no cost. And then once that engagement is done and the customer has benefited from the Falcon platform, partners have the opportunity to then go in and provide that value to their customers. And it can either be self-managed by the customer or it could be managed by the partner under a monitor management model. So we see Mandiant as a great opportunity to really expand that program. And you’ve got to two of the big security players in the marketplace working together to make the world a safer place for our mutual customers.
CF: CrowdStrike’s managed detection and response (MDR) is ranked No. 1 in global revenue in Gartner’s new report, “Market Share: Managed Security Services, Worldwide, 2021.” What’s the significance of that for CrowdStrike and its partners?
MR: First off, we’re very excited and proud of that recognition by Gartner. If you look at the telemetry and the data that we harness in the CrowdStrike Security Cloud, I think we see in excess of 1 trillion events a day, and we make millions of decisions and take millions of actions on behalf of our customers a second. And we now have that extensibility, which is our Falcon Complete offering, to be able to provide a next level of support for customers in terms of being their eyes and hands on keyboards to ensure that they aren’t breached and an adversary that’s trying to get their our network can’t get within their perimeter.
So the benefit to the partners is many partners resell Falcon Complete and many partners co-brand Falcon Complete with us. So we do have that co-branding capability for our our partner ecosystem. And then we also look at the MSSP community, which again would be another goal that we can note that was mine right when I came into the role, to take our MSSP program to the next level. We look at MSSPs as CrowdStrike customers and we look at their customers as end-user customers of our MSSP partners. And that is a fantastic opportunity for us to go down-market in a heavily underpenetrated market with MSSPs that have that great reach. And oftentimes, those MSSPs are the IT department of those SMEs. So we have a multipronged approach around managed services that takes not only our MDR offering that we have today, but powers the MDR and extended detection and response (XDR) offerings of both the smallest, medium and the largest MSSPs and GSIs in the world.
CF: What do you find most worrisome about the current threat landscape?
MR: Adversaries don’t sleep and CrowdStrike doesn’t either. When we looked across the spectrum, we saw nation-state adversaries, e-crime and significant increases last year in ransomware. Another interesting one is around malware. Of all of the detections in the CrowdStrike Security Cloud in the fourth quarter of 2021, nearly two-thirds of those were malware-free, which means traditional legacy antivirus solutions weren’t even going to come close to catching those. And so instead of using malware, the attackers are increasingly leveraging living off the land (LOTL), which is a lot of legitimate credentials and built-in tools. And it’s a deliberate effort to evade those legacy products. It’s certainly not going anywhere and the complexity continues to increase every single day.
CF: When it comes to products, services, solutions, etc., what are partners and their customers most in need of from CrowdStrike?
MR: Partners want a solution-oriented offering. And when you look at the platform and the modules, that’s one component of it. But when you look at our our technology alliance partners, they play a critical role in complementing our capabilities in protecting customers. If you look at our tech alliance program and the partners like Zscaler, Okta, ServiceNow and you go down the list, there are a number of key strategic technology alliance partners. So when you look at how we go to market and the motions that we take with our solution providers, traditionally it would have been, “Hey, let’s do a joint event and we’ll talk about CrowdStrike.” Now it’s, “Let’s do an event with Zscaler, Crowdstrike, plus name your large security-focused solution provider.” And it gets to be really interesting because now it’s solution-oriented, it’s best-in-class, and customers and prospects like it so they’re more likely to attend. And then the solution providers love it because now it’s bringing more people to the table. And we all know all three parties like it because we can do something better together. It’s not just two parties at the table. And we just get immense scale from that.
And when you’re speaking of services, there are certainly services the partners offer to augment the CrowdStrike services. And so that’s a unique opportunity for our partners. And most importantly, together, we’re providing that level of security and protection to companies that have critical roles in our economy, whether it be a health care system that’s looking to avoid, or maybe is under a ransomware attack, and CrowdStrike is brought in with our partners to remediate and contain, and then going forward, protect that customer from further ransomware attacks.
CF: What are your goals for CrowdStrike’s channel in 2022?
MR: To continue to see the momentum, continue to make the investments and continue to listen to our partners so that we are being resilient and identifying what their needs are so that we’re evolving together as the market continues to evolve. Investing in the program, investing in marketing and investing in enablement. And then exiting the year, we’ll be prepared to launch our next evolution of our partner program.
But also the partner experience, putting the customer back in the middle of the partner ecosystem and just creating that harmony across the ecosystem, and then also between the sellers at CrowdStrike and the sellers within our partner community. That’s something that I’ve always evangelized around. At the end of the day, it comes down to people and relationships, and if we stay focused on that and building that level of trust, everything else seems to follow. I’m very mindful that those details really, really matter because at the end of the day, it’s what a partner says when you’re not in the room that matters.
CF: To clarify, what’s the timeline the new partner program rollout?
MR: We’re targeting the start of our next fiscal year, Feb. 1. So we’ve got dedicated resources. We now have a team focused on that. We’ve been going through internal interviews, surveys internally and externally with partners. And so we’re capturing data while also starting to dig into the hard work. When you think about when CrowdStrike launched the Elevate 2.0 program, I think I had in the Americas 13 or 14 resources on a team. It’s now … well in excess of 50. So we’re really investing in that partner engagement model.
In other cybersecurity news …
May 5 isn’t just Cinco de Mayo, it’s also World Password Day. Proper password hygiene has become critical to protect both organizations and individuals from being exploited by adversaries.
Patrick Beggs is ConnectWise‘s CISO.
“In the early days of the world wide web, you were probably able to get away with a password as simple as 12345,” he said. “Times have changed since then, but humans remain predictable. Research has found that women typically include personal names in their passwords while men often use their hobbies. And experienced hackers also know the common vowels, numbers and symbols that often appear in passwords.”
Cybersecurity breaches are at an all-time high, but there are three simple things people can all do to protect themselves, Beggs said.
“First, prioritize length over complexity, because we aren’t very good at remembering complex passwords, and longer ones are more secure,” he said. “Second, only use platforms with multifactor authentication (MFA). A password alone is not enough to protect you. And finally, never reuse. Most breaches happen when a password from one platform is used with another system that shares the same password. If you follow these three simple steps, your passwords should be strong enough to stop a determined hacker from causing damage.”
Tyler Farrar is Exabeam‘s CISO.
“Colonial Pipeline, SolarWinds, Twitch, all of these organizations have one thing in common: They suffered data breaches as a result of stolen passwords and credentials,” he said. “Credential theft has become one of the most common and effective methods cyber threat actors use to infiltrate organizations of all sizes and access sensitive data. We strongly support efforts like World Password Day that raise public awareness and can help to combat this pervasive issue. We advocate for the best practices that ensure cyber hygiene, and protect personal and professional passwords and credentials to prevent credential-based attacks from continuing.”
Corey Nachreiner is WatchGuard Technologies‘ CISO.
“World Password Day continues to serve as an annual reminder that we all need to practice better password security, and despite rumors that passwordless authentication will kill the password, I’m confident the password is here to stay for decades, necessitating this continued attention,” he said. “Attackers continue to add millions of new leaked credentials to the billions already available on various undergrounds and the dark web. This trend has continued for years now, which is why World Password Day is still important.”
The most important authentication best practice is MFA, “which is why I believe that a world MFA day would make a more powerful and effective observance to strengthening digital identities,” Nachreiner said.
The amount of money lost to business email compromise scams continues to grow each year, with a 65% increase in identified global exposed losses between July 2019 and December 2021.
That’s according to an FBI public service announcement. Business email compromise/email account compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.
The increase in losses can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually, the FBI said.
“The BEC scam has been reported in all 50 states and 177 countries, with over 140 countries receiving fraudulent transfers,” it said. “Based on the financial data reported to the Internet Crime Complaint Center for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021, followed by Mexico and Singapore.”
Joseph Carson is chief security scientist and advisory CISO at Delinea. He said it should come as no surprise that BEC is on the rise.
“At a time when employees continue to work remotely, it is more difficult than ever to verify with a colleague whether the request is legitimate,” he said. “When it appears to be urgent, most people will fall for such scams. The major challenge with BEC security incidents is that you have to provide evidence that your account was indeed compromised and the incident was not just human error. With cybercriminals being really good at hiding their tracks, such evidence can sometimes be very difficult to gather.”
Most organizations that become victims of BEC are not resourced internally to deal with incident response or digital forensics so they typically require external support, Carson said.
“Victims sometimes prefer not to report incidents if the amount is quite small, but those who fall for larger financial fraud BEC that amounts to thousands or even sometimes millions of U.S. dollars must report the incident in the hope that they could recoup some of the losses,” he said. “Moving forward, I highly recommend that organizations seek expertise in the private sector for incident response and digital forensics and, at the same time, report the BEC crime to law enforcement. This will help accelerate the investigation with expert resources while the crime navigates the law enforcement chain of response.”
Andy Gill is senior security consultant at Lares Consulting.
“We’re not shocked at the figure stated in the FBI PSA,” he said. “In fact, this number is likely low given that a large number of incidents of this nature go unreported and are swept under the rug. BEC attacks continue to be one of the most active attack methods utilized by criminals because they work. If they didn’t work as well as they do, the criminals would switch tactics to something with a larger return on investment.”
BEC attacks are often conducted by a threat actor phishing their initial target to gain access to email inboxes, Gill said. From there, they’ll typically search inboxes for high-value threads, such as discussions with suppliers or discussions with others within the company, to initiate further attacks either against employees or external parties.
This week marks the one-year anniversary of the Colonial Pipeline ransomware attack, which shut down a major U.S. fuel pipeline.
Colonial Pipeline paid the hackers, Russian cybercrime group Darkside, a $4.4 million ransom in Bitcoin days after their demand. But last June, the Justice Department recovered $2.3 million in cryptocurrency ransom.
Colonial Pipeline is the largest refined products pipeline in the United States. In the aftermath of the attack, President Biden signed an executive order aimed at strengthening U.S. cybersecurity defenses.
Artur Kane is CMO at GoodAccess, a business cloud VPN provider.
“Ransomware attacks are a prevalent threat to businesses today, yet many companies still neglect the necessary procedures to prevent and contain them,” he said. “Critical infrastructure, in particular, is a lucrative target. Adversaries often pick them because of the high potential impact and the slow adoption of the latest security measures by critical infrastructure operators, leaving them vulnerable to attack.”
Oil, gas, power and water suppliers tend to be conservative in their security policies, which center on reducing the attack surface by building a secure perimeter to repel outside attacks, Kane said. This perimeter, built on legacy technology and outdated networking models, has to be impenetrable if it is to fulfil its function.
“However, users nowadays also need to connect from outside the secure boundary, something the traditional model has trouble coping with,” he said. “User devices connected from outside to the internal network may introduce malicious code, or hackers infiltrate internal systems. Once that happens, there is little to stop them from doing damage because the network can never be completely disconnected when administrators need to access it.”
Monti Knode is director of customer success at Horizon3.AI.
“One thing is still true today – ransomware organizations are truly organized and resourced for their core mission, whereas private and public industries are slow to believe, organize or even acknowledge that cybersecurity is core to their operation,” he said. “Saying it is one thing. Acting and resourcing is another. Organizations should always presume a breach will happen and ask ‘are our crown jewels at risk’ and then verify the answer.”
The second and perhaps more unsettling thing that is true today is that criminals know that more companies are willing to pay than not, Knode said.
“Colonial Pipeline paid in hours – and essentially funded further ransomware efforts,” he said.
A ransomware attack forced Michigan-based Kellogg Community College (KCC) on May 3 to close its campuses and cancel classes. Operations resumed the following day.
“While our investigation into this incident continues with the support of independent advisers, we have made great progress in our restoration efforts and these third-party experts have confirmed that our systems are safe and secure to interact with,” KCC said.
James McQuiggan is security awareness advocate at KnowBe4.
“Cybercriminals know that educational institutions lack a solid cybersecurity culture that large enterprise organizations typically maintain,” he said. “Thus, they make them prime targets for social engineering attacks.”
While resetting passwords for all the accounts is one step, the concerning factor is what data was stolen and can be exploited against the school, the faculty or the students, McQuiggan said. Cybercriminals want to make money from this attack, and they will go after the victims of the data collected to earn something for their time and trouble.
“Other organizations that shut down their systems for several days suffer the impact of lost business, and thus smaller organizations may end up being shut down for good,” he said. “I have the feeling college students did not mind a few extra days for a break from classes. But at this time of the year, when it is exam time, it might have been more stressful and concerning to them to not have access to the systems or worse, that their grades and hard work would be lost from the past semester. It certainly would have put the school in a challenging situation, not only with the cybercriminals, but with their students, too.”
Chris Clements is vice president of solutions architecture at Cerberus Sentinel. He said the timing of this attack is interesting in that the campus network shutdown occurred when many institutions are going through finals week.
“Without accurate attacker attribution, nothing is for certain, but this could be an example of either a cybercriminal gang waiting until a critical moment to launch their ransomware to maximize pressure on the organization to quickly pay out, or an insider potentially looking to delay what for many can be a stressful time,” he said.
A ransomware attack forced Michigan-based Kellogg Community College (KCC) on May 3 to close its campuses and cancel classes. Operations resumed the following day.
“While our investigation into this incident continues with the support of independent advisers, we have made great progress in our restoration efforts and these third-party experts have confirmed that our systems are safe and secure to interact with,” KCC said.
James McQuiggan is security awareness advocate at KnowBe4.
“Cybercriminals know that educational institutions lack a solid cybersecurity culture that large enterprise organizations typically maintain,” he said. “Thus, they make them prime targets for social engineering attacks.”
While resetting passwords for all the accounts is one step, the concerning factor is what data was stolen and can be exploited against the school, the faculty or the students, McQuiggan said. Cybercriminals want to make money from this attack, and they will go after the victims of the data collected to earn something for their time and trouble.
“Other organizations that shut down their systems for several days suffer the impact of lost business, and thus smaller organizations may end up being shut down for good,” he said. “I have the feeling college students did not mind a few extra days for a break from classes. But at this time of the year, when it is exam time, it might have been more stressful and concerning to them to not have access to the systems or worse, that their grades and hard work would be lost from the past semester. It certainly would have put the school in a challenging situation, not only with the cybercriminals, but with their students, too.”
Chris Clements is vice president of solutions architecture at Cerberus Sentinel. He said the timing of this attack is interesting in that the campus network shutdown occurred when many institutions are going through finals week.
“Without accurate attacker attribution, nothing is for certain, but this could be an example of either a cybercriminal gang waiting until a critical moment to launch their ransomware to maximize pressure on the organization to quickly pay out, or an insider potentially looking to delay what for many can be a stressful time,” he said.
CrowdStrike is counting on its channel partners to help it exceed $5 billion in revenue by 2025.
That’s according to Michael Rogers, CrowdStrike’s global channel chief. In March, CrowdStrike promoted him to vice president of global business development, channel and alliances. Rogers previously was the global vice president of partner and alliance sales.
For its fourth quarter ending Jan. 31, CrowdStrike’s annual recurring revenue increased 65% year over year and grew to more than $1.7 billion. In addition, George Kurtz, CrowdStrike’s co-founder and chief executive officer, expects revenue to top $5 billion by 2025.
CrowdStrike’s Michael Rogers
“We’re a partner-first organization,” Rogers said. “Over 95% of our transactions are through partners. And it’s a multifaceted strategy that encompasses solution providers, GSIs, MSSPs, OEMs, IoT partners and technology alliance partners, all of those partners harmoniously. And if you think of cloud as well, we want to have all of those partners playing a key role as we focus on that $5 billion goal.”
Partners Crucial to Continued Growth
CrowdStrike can’t do meet its growth goals without its channel partners, Rogers said.
“Our partners have always brought the scale and the need for CrowdStrike, and we’re just going to continue to expand on that,” he said. “One of our mantras is ‘delighted customers,’ but also delighted partners. So we’re always focused on improving the partner experience, ensuring that we make the right investments in the people, systems and processes to make sure our partners have the best support available to them.”
Last quarter, CrowdStrike hired a number of new individuals across all routes to market, Rogers said. That’s to support both existing partners and optimizing them for success, as well as new partners that join CrowdStrike.
Scroll through our slideshow above for more from Rogers and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like