The Gately Report: SentinelOne Channel Partners Getting New Specializations, More in Months Ahead
Also, thousands of PayPal users' accounts have been accessed through credential stuffing attacks.
Channel Futures: Last week, SentinelOne announced its membership in the Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative (JCDC) to further support the U.S. government’s strategy to secure the cyber ecosystem and critical infrastructure. Will this benefit partners? Will it create new opportunities for them?
SentinelOne’s Ken Marks: Absolutely. We are a 100% channel company, so we only do business through partners. So having this recognition from the government, being part of this important program, just opens up significant opportunity for those partners that play in the federal space. It also opens up a lot of opportunity for our distributor that works with us really closely, Carahsoft, mainly because it gives you recognition, it gives you access into different opportunities. So those federal-focused partners that have been working with us will see a big benefit in opportunities to really expand their footprint with us.
(Photo courtesy Tada Images/Shutterstock)
CF: SentinelOne has expanded its Middle East and Africa operations with its new Dubai office. Is global expansion benefitting partners? If so, how?
KM: So interestingly enough, as companies mature and get to the size that we are, you normally see North America being the bulk of all of the business, and it’s still the bulk of our business, I think 70%-plus. But having the international business at 30% is really a testament to the solution around the globe. So this expansion with a Dubai office really just culminates more expansion internationally, more resources internationally, and more support structure for the partners and our customers. And if you look back when we acquired Attivo, they had a nice presence in the Middle East. We added the solution into our Singularity platform and we have some resources there. And now it just made sense to expand and have an office in Dubai where we can have people come together. We can bring customers in for executive briefings. It’s just the normal expansion. And it’s just a testament to the international strength that we have today.
CF: SentinelOne recently was named one of the fastest-growing companies in North America by Deloitte Technology. What’s fueling that growth? What role are partners playing in that growth?
KM: The product works. The platform solves real customer problems. And I think customers are looking at that today and they’re realizing that. So first and foremost you need a product that works and does what you say it’s going to do. Our partner ecosystem is a competitive advantage for us. We invest with our partners. We co-sell with our partners. We provide the means for them to build their own SentinelOne practices and to differentiate themselves [from] their own competitors.
We’re seeing more investment from the large national partners. We’re also seeing an influx of midmarket-type partners or high velocity partners, where they were predominantly doing business with one or two of our competitors. They’re finding that it’s a crowded market. It’s a competitive market where the margins may not be as rich. And they see the value in building out a SentinelOne practice. So I think all of that adds up to huge growth rates.
CF: In November, SentinelOne announced an integration with Amazon Security Lake to power cloud investigations. What does that mean for partners?
KM: The public cloud providers are growing, having lots of success out there. And we’ve had a strong partnership over the last few years with Amazon Web Services (AWS). And what we’ve been trying to do is integrate our solutions more closely so that customers that are already standardizing in the public cloud can get the benefits of SentinelOne solutions to secure their environments. So it was a logical step for us to just continue our partnership, continue to embed ourselves into the AWS solutions that customers are moving to. You’ll see more and more of that over time as we strengthen our partnership.
(Photo courtesy Yu Chun Christopher Wong/Shutterstock)
CF: There’s a lot of ongoing economic uncertainty right now. How can SentinelOne help partners who are being impacted by that?
KM: We have a very fair program on margins. If you talk to our partners, I think they’ll echo that. We also don’t compete with them on services. So as partners make the bulk of their profitability on services, they can do that with us and feel confident that we’re not going to come in and try to take that revenue from them like some of our competitors. And then there are other areas. By working through our distributors, they can get financing to then propose to their customers as customers look at financing projects.
But the benefit of being in this space is being in cybersecurity, which is a must have for customers, and being in cloud cybersecurity, which is absolutely a place that customers are moving to faster and faster. We’re in a good spot there. And we’re there for our partners to not compete with them so that they can feel comfortable in continuing to make investments when they have to choose who to build their practices around. They can feel comfortable that you can still invest with us and you’ll get a return on it. It’s a confidence level from a partner perspective.
CF: What sort of feedback are you receiving from partners? What are their latest needs?
KM: It’s interesting when I talk to the partners around the globe — and it’s similar. They’re looking for enablement. They’re looking for opportunities to strengthen their practices around not only sales, but also the services aspect, because they’re really trying to differentiate themselves from their competitors. So they continue to ask me, “Hey, how can you help us strengthen our practice? How can you help us be different than a partner around the corner or a partner that’s selling a competitive product?” And that’s what I hear more and more.
We have the benefit of not selling direct, so we don’t get them saying, “Hey, don’t sell direct like some of our competitors.” We believe we have a very fair and healthy margin for partners, so we don’t hear a lot about that. But it’s mainly around the enablement and helping them build out their practices around SentinelOne to win.
CF: What’s your take on the current threat landscape? What do you find most dangerous?
KM: There are a lot of different areas, but one that we’re hearing about more and more is around identity. And hence the acquisition that we made of Attivo, which was very timely. In fact, some of the studies that we see show that the identity threat vector is becoming more and more of where threats are starting. I think the threat landscape is there. It’s always there. Are you’re hearing about the very large breaches in the news every day. Maybe not as much as you were, but absolutely, they’re still out there. It’s still a threat. And we’re seeing identity as another piece that people that provide a full solution and a full platform need to have in their portfolio, which is why we added it.
CF: In summary, what can partners expect from SentinelOne this year?
KM: We’re going to be moving into fiscal year 2024 next month. And what partners should expect from us is more of the same, consistency in partnership. And that’s not only in winning a licensing deal together, but that’s also in profitability. That’s in standing up services practices. That’s helping them build their practice and that’s helping them win against their own competition. They’re going to be able to see more and more of that from us. And as we add identity into the Singularity platform, as we focus on cloud and our differentiations there, they should see more and more upsell and cross-sell opportunity with SentinelOne so they can really capture that lifetime value of a customer.
In other cybersecurity news this week …
PayPal is notifying thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
According to Bleeping Computer, nearly 35,000 accounts were accessed.
In a security incident notice, PayPal said it confirmed on Dec. 20 that unauthorized parties were able to access PayPal customer accounts using their login credentials. The unauthorized activity occurred between Dec. 6 and Dec. 8, when it eliminated the unauthorized access.
The personal information that was exposed could have included customers’ names, addresses, Social Security numbers, individual tax identification numbers and/or dates of birth.
“We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account,” PayPal said. “There is also no evidence that your login credentials were obtained from any PayPal systems.”
Joseph Carson is chief security scientist and advisory CISO at Delinea.
“Attackers are looking for high-valued credentials, and those are privileged accounts which allow the attackers access to everything and go anywhere within the network,” he said. “With privileged access, attackers can cause serious damage, steal any data, hide their tracks and sell them for a higher value to other cybercriminals who will abuse them.”
When employees are left to be responsible for creating passwords, and tend to reuse existing passwords or select similar passwords, then credential stuffing will continue to be successful, Carson said.
“Organizations can help reduce the risks of credential attacks by moving passwords into the background and rewarding employees with a password manager or privileged access management solution that will help automate passwords,” he said. “At the same time, it will help to reduce cyber fatigue.”
Ted Miracco is CEO of Approov, a mobile app security provider.
“We are not witnessing the death of password technology, but what we are witnessing (again and again) is the death of the naïveté and wishful thinking that surrounds any technology built on the premise that a single authentication source is a good idea,” he said. “We have rushed to embrace single sign-on (SSO) technologies without fully considering the obvious major disadvantage that it constitutes a single point of failure, as the compromised password lets the intruder into all areas open to the password owner. And in the case of PayPal, the consequences might be quite high for those that built their trust into these systems without additional safeguards like two-factor authentication (2FA) or hardware authentication.”
(Courtesy mrmohock/Shutterstock)
Over 900,000 active and inactive Norton LifeLock accounts have been targeted by credential stuffing attacks.
Gen Digital, which owns Norton LifeLock, sent us the following statement:
“Gen’s family of brands offers products and services to approximately 500 million users. We have secured 925,000 inactive and active accounts that may have been targeted by credential-stuffing attacks. Our top priority is to help our customers secure their digital lives. Our security team identified a high number of Norton account login attempts indicating credential-stuffing attacks targeting our customers. And we quickly took a variety of actions to help secure our customers’ accounts and their personal information. Systems have not been compromised, and they are safe and operational. But as is all too commonplace in today’s world, bad actors may take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts.”
Gen Digital said it’s been monitoring closely, flagging accounts with suspicious login attempts and requiring those customers to reset their passwords upon login along with additional security measures to protect customers. It continues to work with customers to help them secure their accounts and personal information.
“We strongly encourage our customers to use good password hygiene – strong, complex passwords unique to each account – and use 2FA to help protect against these types of attacks,” it said. “And we have put additional security protocols and technology in place to help defend against these types of attacks.”
Timothy Morris is Tanium‘s chief security advisor.
“While nothing new, credential stuffing is growing in popularity due to the enormous amount of compromised credential lists (user ID/email and password pairs) increasingly available to criminals in illicit forums,” he said. “This sensitive information dramatically simplifies a hacker’s ability to automate their attack and simultaneously attempt millions of log-ons per second. Due to this sustained volume of assault, they inevitably find vulnerabilities and steal personal data on a mass scale.”
Darren Guccione is Keeper Security‘s CEO and co-founder.
“Our research shows the average U.S. business experiences 42 cyberattacks per year, with three of them successful,” he said. “While the impact to business operations and financial losses may be the most tangible examples of the damage that these attacks cause, the reputational impacts can be equally devastating. These attacks show no signs of slowing down, as 78% of IT professionals only expect this onslaught to intensify.”
Password managers protect an individual or organization’s most sensitive accounts and information, Guccione said.
“It is essential that the public understand over 80% of data breaches are due to weak or stolen passwords, credentials and secrets,” he said.
Ransomware activity from cyber threat actor BlackCat surged 100% last month with the highest number of attacks the criminal group has undertaken in a single month.
This is according to the NCC Group’s latest Threat Pulse research report. It examines ransomware attacks during December.
Among other key findings:
There were 269 ransomware attacks in December, a 2% increase over November (265 attacks).
This increase contradicts the patterns observed in 2021 in which November to December experienced a decrease, attributed to a slowdown during the holiday period.
We’re approaching the highest number of ransomware victims since the peaks reached in March and April of 2022. This indicates major growth since the summer and autumn months.
Lockbit 3.0 regained its leading position, accounting for 19% of attacks, followed by BianLain (12%) and BlackCat (11%).
BianLain saw a 113% increase in ransomware activity in December over November. The group encrypts victim devices with alarming efficiency, making them a particularly dangerous variant.
Play, another threat actor first discovered last July, launched activity displaying a particular interest in the government sector with four victims (15%), rarely seen with ransomware groups due to the law enforcement crackdown that it incites.
Threat actors BianLain are adopting a new approach to publishing on their leak sites, releasing victim names in stages, using asterisks or question marks as a censor. NCC Group threat intelligence suspects this is in a bid to prompt organizations into payment, slowly releasing their names in full when payments are not made. Researchers have seen two threat actors use this technique so far, and say it may become a prominent feature of the hack and leak world in 2023.
Looking at this month’s sector trends, consumer cyclicals (44%) and industrials (25%), remain the top two most targeted sectors for ransomware attacks. Technology (11%) experienced 34 ransomware incidents, a 21% increase from the 28 attacks reported in November.
Matt Hull is NCC Group’s global head of threat intelligence.
“Although December saw some stability in the volume of ransomware attacks, this was a deviation from what we normally observe,” he said. “Over the seasonal period, we have come to expect a downturn in the volume of attacks, as demonstrated by the 37% decrease at the same time last year.”
Vectra has hired Rob Rosiello, previously with Skybox Security, as its new senior vice president of sales for the Americas.
Rosiello served as Skybox Security’s chief revenue officer and executive vice president of worldwide sales and field operations. There, he delivered notable contract value growth, boosted subscription sales, and worked closely with customers to ensure they achieved rapid time to value.
Before Skybox Security, Rosiello held senior channel sales roles at Motorola and Riverbed Technology.
“Partners, technology alliances and our ecosystem are a critical part of our go-to-market (GTM) strategy,” he said. “In today’s fast-changing environment and increasing sophistication of attackers, clients should have an expectation that their suppliers are their business partners. Vectra, as an ingredient technology in the client’s security posture, adds value not only with our award-winning solutions, but also with our world-class partner community. I strive to take a client-centric approach to business outcomes and am proud of the relationships that I have been able to create with many partners from all types of industry. Having worked in channel roles across a number of organizations and been responsible for channel teams will help add value to our partner and end user community.”
Rosiello said he’s assessing Vectra’s current partner program, but strongly believes in “our strategy of aligning tightly with focus partners (VAR, GSI, alliances) and nurturing partners that have domain expertise in security, and take an ecosystem approach to serving clients.”
“Top of my list is to immerse myself quickly in our business and with our clients, associates and partners,” he said. “We have an outstanding foundation and track record of success for and with clients. We are not opportunity constrained, and my first action is to seek to understand our current client base and the organization, and then to tune and sharpen our focus on execution and repeatable, scalable and outsized success. Vectra is already an outstanding organization providing great value and I am excited to be part of this journey.”
Vectra has hired Rob Rosiello, previously with Skybox Security, as its new senior vice president of sales for the Americas.
Rosiello served as Skybox Security’s chief revenue officer and executive vice president of worldwide sales and field operations. There, he delivered notable contract value growth, boosted subscription sales, and worked closely with customers to ensure they achieved rapid time to value.
Before Skybox Security, Rosiello held senior channel sales roles at Motorola and Riverbed Technology.
“Partners, technology alliances and our ecosystem are a critical part of our go-to-market (GTM) strategy,” he said. “In today’s fast-changing environment and increasing sophistication of attackers, clients should have an expectation that their suppliers are their business partners. Vectra, as an ingredient technology in the client’s security posture, adds value not only with our award-winning solutions, but also with our world-class partner community. I strive to take a client-centric approach to business outcomes and am proud of the relationships that I have been able to create with many partners from all types of industry. Having worked in channel roles across a number of organizations and been responsible for channel teams will help add value to our partner and end user community.”
Rosiello said he’s assessing Vectra’s current partner program, but strongly believes in “our strategy of aligning tightly with focus partners (VAR, GSI, alliances) and nurturing partners that have domain expertise in security, and take an ecosystem approach to serving clients.”
“Top of my list is to immerse myself quickly in our business and with our clients, associates and partners,” he said. “We have an outstanding foundation and track record of success for and with clients. We are not opportunity constrained, and my first action is to seek to understand our current client base and the organization, and then to tune and sharpen our focus on execution and repeatable, scalable and outsized success. Vectra is already an outstanding organization providing great value and I am excited to be part of this journey.”
This year, SentinelOne channel partners will get new specializations, authorized training centers and an authorized support partner program.
That’s according to Ken Marks, SentinelOne’s vice president of worldwide channels. He gave us a sneak peek of what SentinelOne has planned for channel partners in the coming months.
In November, SentinelOne was named one of the fastest-growing companies in North America by Deloitte Technology Fast 500 for the fourth consecutive year.
Cloud, Identity Specializations
SentinelOne’s new year starts Feb. 1. It’s in the process of closing out the year strong, Marks said.
SentinelOne’s Ken Marks
“But we’re also doing all the work on budgeting and looking at the areas of the partner program that we want to improve upon and expand upon,” he said. “One of the biggest areas is going to be around the concept of specializations. Not new in the industry, but as we really build out our Singularity platform, and we look at cloud and we look at identity, we’re going to have specializations around those technologies and those services. And what the partners will get there is training for their practitioners that do identity and do cloud, and help them stand up a business or a practice if they’re not in it today, but want to. And, of course, that will come with incentives and normal benefits to a partner for building out that practice. But you’ll see cloud and identity as the first two.”
More Face-to-Face Training
Also in the months ahead, SentinelOne will launch authorized training centers, Marks said. Moreover, It will have authorized training partners who have training as a piece of their business.
“We’ll open that around the world, predominantly internationally, so we can get local language coverage and we can get more face-to-face type training in the different countries,” he said. “And we’re at the point now where it’s time to launch an authorized support partner program. So you’ll see that as a specialization in our program where partners that do have support practices will have the opportunity to provide level 1, level 2 support on behalf and with SentinelOne for their customers.”
Scroll through our slideshow above for more from SentinelOne and more of the week’s cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like