The Gately Report: Sophos MSP Partners Having Better Luck Talking to SMBs About Cybersecurity
Meantime, the FBI is warning of potential cyberattacks associated with the Beijing Winter Olympics.
![business meeting business meeting](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltbfb088760c6b5bcc/652436f008f32f3e75436e11/5-Business-Meeting.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Is it easier for MSPs to have that conversation with SMBs with ransomware and other cyberattacks drawing big headlines?
Sophos’ Scott Barlow: I do think it’s a lot easier to have the MSPs communicate to their SMB customers these days. The MSP has built a level of trust with that SMB. I’ll give you one example. We actually created a what we call a Sophos Managed Threat Response (MTR) opt-out campaign. It was actually sent to us by one of our fantastic MSPs out in Arizona. They basically created this opt-out letter that they sent to every single one of their customers saying we are going to be implementing Sophos MTR, this is why and here’s the threats that exist. If you would like to opt out of this service, please contact us. And that enabled that MSP to have the conversation, and they had 3% of their SMB customers pick up the phone and contact them. Ultimately, I believe it was 99% of their customers opted to go with a small increase in their monthly costs. They understood the reason why because the MSP very clearly outlined these are the new threats, these are how advanced these threats are and when you put hands on keyboard as a cyber attacker, it does get much more complicated from a remediation standpoint. And when that partner shared the opt-out letter with us, we shared it with our MSPs globally. The number of MSPs that we’ve had adopt that model has been astounding, and I’m talking on a global scale.
CF: Sophos recently unveiled its new Switch series. How will MSPs benefit from this?
SB: If you look at the Switch series, it adds another component to the Sophos Secure Access portfolio, which also includes Sophos Firewall and Sophos Wireless. The Sophos Switch seamlessly integrates with the Sophos adaptive cybersecurity ecosystem to extend connectivity across office LANs, and it really removes the complexity of multivendor deployments by providing these organizations and MSPs a single source of management, which we call Sophos Central, but also monitoring and troubleshooting. And the switches are very easy and can be remotely managed in the cloud with Sophos Central. So you go to Sophos Central to manage your firewall, your switch, your wireless access points, your next-generation endpoint, your mobile security, your email, etc.
CF: In terms of the threat landscape, what’s most worrisome in 2022?
SB: Ransomware continues to evolve. The business model, in addition to the threat, continues to evolve. It is so effective and lucrative for these attackers that they’re pulling in other cyberthreats, things like initial access broker, where somebody will get access to a corporate network and then they’ll sell access to these ransomware attackers. But in addition to the initial access brokers, you have loaders and droppers, and they create one massive, interconnected ransomware delivery system. And it’s becoming a lot more modular as well as a lot more uniform. These adversaries are offering different elements of attack as a service, and provide playbooks with tools and techniques that enable different criminal groups to implement very similar attacks. You get into extortion threats such as the release of data and other pressure tactics. We’re going to see that increasingly form part of the overall ransomware threat.
We also see an evolution of the attack tools and the targets. We talk about Cobalt Strike — that was part of the the DarkSide affiliate with the Colonial Pipeline. And we’re seeing a lot of additional hands-on-keyboard cyber attackers. And then you get into the evolution of a lot of the existing mobile threats. There’s an evolution of mobile threats and social engineering scams that are expected to continue and diversify to target both individuals as well as organizations.
There’s the evolution of cryptocurrency-related crime, the illicit use of cryptocurrency both to evade sanctions and to obfuscate involvement in criminal activities. And then the evolution of artificial intelligence (AI) and cybersecurity and threats. The application of AI to cybersecurity will continue to accelerate as a lot of these powerful machine learning (ML) models prove their worth in threat detection and alert prioritization. So security practitioners absolutely will need to keep pace with a lot of the AI innovations and find more defensive applications of new AI ideas and technologies.
CF: What are MSPs’ customers’ latest needs? How is Sophos helping them address those needs?
SB: MSPs absolutely need next-generation ransomware protection, but they also need to provide active threat hunting across their customers’ networks, and they need that team or the ability to have that active threat hunting 24/7/365. It’s important that they have the ability to sell this cybersecurity as a system versus, five or 10 individual point solutions. When you look at selling cybersecurity as a system, where each of the different technologies can communicate with each other, it’s a much more holistic and effective solution. With Sophos, the adaptive cybersecurity ecosystem is kind of an evolution of the synchronized security approach where we have the endpoint talking to the firewall and now it’s talking to the email, it’s talking to mobile and it’s talking to even other applications, for instance Microsoft 365.
We’re pulling data into our XDR system in order to allow the MSP, or the MSSP if they choose, to go and do that active threat hunting themselves. Or if they don’t have the internal resources to do that, they can actually leverage the Sophos MTR service, which will provide that 24/7/365 active threat hunting. So if we see something with a customer on the other side of the world, we can come back and scan all of our global customers to ensure that we’re not seeing something similar in their environments. MSPs and partners, and customers in general benefit when you have a lot more visibility, more data intelligence, and that’s all integrated together.
CF: What are you hearing from MSPs in terms of their most pressing needs?
SB: With ransomware evolving like it is, a lot of the MSPs that we work with are benefiting from the MTR service. My favorite piece of feedback, and I got this from one of our MSPs, is that he’s actually able to sleep at night knowing that Sophos is watching. Doing my job is enabling an MSP to sleep better at night, given all of the challenges and all of the threats that MSPs face, not just for their end customers, but also for themselves internally. And so we really do encourage MSPs to leverage the tools not just in their existing agreements with their customers, but more importantly, for their own environments, so that you have somebody watching 24/7.
CF: What are your goals in terms of Sophos ’ channel business in 2022?
SB: Our goals are to accelerate growth in 2022 and help our partners do exactly the same. Our focus when we built the MSP program was to help MSPs lower their costs and improve their operational efficiency, but more importantly, increase their revenue. And adding additional services to help MSPs secure their end customers first and foremost, while doing it profitably is incredibly important to us. Security services have never been more critical or in demand, not just for MSPs, but really for any organization in any vertical.
Security is growing so complicated these days, and cyberattacks are growing more and more complex. Very specific services are needed to tackle these challenges. This need is especially urgent for SMB customers and helping the MSP change the mindset of that SMB that “it can’t happen to me” because it is happening to the SMB customers. A lot of the tools that are out there, the low-cost or free tools, that 10-15 years ago were good enough, are no longer good enough. At Sophos, we continue to be a worldwide channel-best and MSP-best security company, and we wear our unwavering commitment to partner success in delivering these security services and solutions that meet the customers’ needs, and we will continue to do that with urgency in 2022.
In other cybersecurity news …
The FBI is warning entities associated with this month’s Beijing Winter Olympics and March 2022 Paralympics that cyber actors could use a broad range of cyber activities to disrupt these events.
These activities include distributed denial of service (DDoS) attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns or insider threats. And when successful, these attacks can block or disrupt the live broadcast of the event, steal or leak sensitive data, or impact public or private digital infrastructure supporting the Olympics.
Additionally, the FBI warns Olympic participants and travelers of potential threats associated with mobile applications developed by untrusted vendors. The download and use of applications, including those required to participate or stay in the country, could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code or malware.
Large, high-profile events provide an opportunity for criminal and nation-state cyber actors to make money, sow confusion, increase their notoriety, discredit adversaries and advance ideological goals. Due to the ongoing COVID-19 pandemic, no foreign spectators will be allowed to attend the Olympics or Paralympics. Spectators will be relying on remote streaming services and social media throughout the duration of the games. Adversaries could use social engineering and phishing campaigns leading up to and during the event to implant malware to disrupt networks broadcasting the event.
Chris Clements is vice president of solutions architecture at Cerberus Sentinel.
“For those people traveling to the Olympic games, it’s important to understand both the invasiveness and capabilities of border security agencies screening entry with regards to cybersecurity when traveling,” he said. “As a rule, it’s important to assume all bets are off as to the security of any device traveling with you, the privacy of the data within, or to any accounts linked to that device including social media. It’s also crucial to understand that this situation applies to almost any foreign country traveled to. Border control agencies often have broad authority to inspect or completely clone devices, compel the traveler to unlock, or even share passwords for online accounts. For this reason, it’s often recommended that travelers concerned with this possibility carry disposable devices for use while traveling that can be disposed of before leaving.”
Attacks specific to interest in the Olympics such as pirated video streaming sites or fake news headlines are common ways for cybercriminals to distribute ransomware or other malware for any event that garners wide interest, Clements said. Organizations should be on guard for any potential suspicious activities by closely monitoring end points for indicators of compromise and enact general cybersecurity best practices such as multifactor authentication (MFA) and patching.”
Keeper Security has acquired Glyptodon, the creator of Glyptodon Enterprise, a remote access gateway, which provides DevOps and IT teams with access to remote desktop protocol (RDP), secure shell protocol (SSH), virtual network computing (VNC) and Kubernetes endpoints through a web browser.
Glyptodon is also the company that invented and maintains Apache Guacamole, the open source platform used by millions of people for accessing remote desktops.
Darren Guccione is Keeper Security‘s CEO and co-founder.
“This acquisition and integration with Keeper Security will create growth-driven opportunities and expansion for Keeper’s channel partners,” he said. “Most importantly, it will allow them to better serve their end customers with industry-leading and innovative cybersecurity protection. Even as pandemic restrictions recede, distributed remote work and hybrid work environments shall remain as the new normal. Organizations need a secure, reliable and scalable way for their distributed workforces to remotely connect to their desktops and applications. VPNs are a common choice, but they’re expensive, notoriously time-consuming for IT personnel to configure and maintain, and difficult for end users to use. They also don’t scale well, and they suffer latency, reliability and availability problems.”
Together as a unified and ubiquitous cybersecurity platform, Glyptodon Enterprise, Keeper Secrets Manager and Keeper Enterprise Password Manager provide essential enterprise-wide visibility and coverage for privileged access management (PAM), Guccione said.
“This extends well beyond just the IT department,” he said. “It covers every user of the organization on every device they use, and every website, application and system they access. This solution is the culmination of our innovative team, which identifies the most critical gaps in visibility, control and security in the organization, one that is now perimiterless and operates across multicloud and hybrid-cloud environments.”
Cybereason has discovered previously unidentified malware variants being leveraged in two separate Iranian state-sponsored cyber espionage operations targeting a wide range of organizations in multiple global regions.
Moses Staff is deploying ransomware against targets to inflict damage and hamper forensic investigations, while Phosphorus is joining-forces to inflict global damage partnering with the recently documented Memento ransomware group.
Moses Staff’s list of victims includes multiple countries and regions. Among them are Israel, Italy, India, Germany, Chile, Turkey, United Arab Emirates (UAE) and the United States.
Phosphorus has been spotted attacking research facilities in multiple regions such as the United States, Europe and the Middle East. The group is known to be behind multiple cyber espionage and offensive cyber attacks, operating in the interest of the Iranian regime, leveraging cyberwarfare in accordance with Iran’s geopolitical interests.
Assaf Dahan is Cybereason‘s senior director and head of threat research.
“There have been multiple reports about attacks carried out by these groups that were successful,” he said. “The damages can be quite severe if you take the consequences of such attacks into account. There are direct damages caused by the deployment of ransomware and the encryption of the files, which can jeopardize business continuity and prevent organizations from accessing their data, not to mention the damage caused by the act of stealing sensitive data. That data can be later used to facilitate further attacks or used for espionage purposes. Additionally, we have to take into account the leaking of the data that can cause huge reputational damage to the victims and even open the victims to lawsuits.”
Cybereason recommends a three-step approach for organizations to protect themselves.
“First, defenders and security teams should study our reports and extract all the indicators that we provide,” Dahan said. “We recommend focusing on understanding the modus operandi of these attackers and making sure that they can proactively hunt for signs of compromise, as detailed in our reports. Second, we recommend patching all endpoints, and especially critical servers, since the root cause of most of the attacks lies in unpatched systems (consider Microsoft Exchange servers, log4J and VPN clients). Finally, defenders should have a wholistic XDR platform that can detect correlated events from all parts of the network.”
Forescout has acquired CyberMDX, a health care cybersecurity provider delivering visibility and threat prevention for medical devices and clinical networks.
Forescout said the acquisition strengthens its industry position in out-of-the-box support for connected device types across IT, IoT, OT and internet of medical things (IoMT).
CyberMDX offers visibility and risk management of IoMT devices. Together, Forescout and CyberMDX have a platform that delivers device visibility, classification, threat detection and incident response focused on IoMT devices to better serve health care organizations.
Wael Mohamed is Forescout’s CEO.
“Forescout is seeing rapid growth in health care, a market the company has always focused attention on from a technology and sales perspective,” he said. “Cybersecurity for IoMT, much like cybersecurity for OT devices, requires specific expertise and technologies. We are pleased to have the CyberMDX team join Forescout as we continue delivering new capabilities on our market-leading platform and grow our R&D center.”
Recently, Forescout announced that its platform discovered 66% more devices than originally expected at the University Health Network (UHN). It’s a group of four hospitals in Toronto, Canada.
Amir Magner is CyberMDX’s president and co-founder.
“CyberMDX enables hospitals to provide quality care by securing and protecting the systems and devices they rely on every day to treat patients and save lives,” he said. “We are thrilled to join the Forescout team where our innovation can continue to make a profound difference to health care organizations around the world.”
And in yet more cybersecurity M&A, Tenable has signed an agreement to acquire Cymptom, a provider of attack path management.
Cymptom enables organizations to continuously test and evaluate threats according to the MITRE ATT&CK framework and the hacker’s attack perspective. They can do so without the use of agents or running simulated attacks.
Combining Tenable’s coverage of vulnerabilities and misconfigurations with Cymptom’s attack path analysis and prioritization capabilities will allow security teams to preemptively focus response ahead of and during attacks.
Nico Popp is Tenable‘s chief product officer.
“Risk prioritization has become a cornerstone of modern cybersecurity,” he said. “By correlating software vulnerabilities and misconfigurations with network and access data, Cymptom can immediately identify exploitable attack and breach pathways. Following closing of the deal, these compelling analytics will be integrated into Tenable.ep, Tenable’s exposure platform, and augment the prioritization, benchmarking, trending and other capabilities which are part of Lumin and available via Tenable.ep.”
After closing, Cymptom’s agentless platform will be integrated into Tenable’s threat and vulnerability data. The terms of the deal were not disclosed and the acquisition is expected to close this quarter.
And in yet more cybersecurity M&A, Tenable has signed an agreement to acquire Cymptom, a provider of attack path management.
Cymptom enables organizations to continuously test and evaluate threats according to the MITRE ATT&CK framework and the hacker’s attack perspective. They can do so without the use of agents or running simulated attacks.
Combining Tenable’s coverage of vulnerabilities and misconfigurations with Cymptom’s attack path analysis and prioritization capabilities will allow security teams to preemptively focus response ahead of and during attacks.
Nico Popp is Tenable‘s chief product officer.
“Risk prioritization has become a cornerstone of modern cybersecurity,” he said. “By correlating software vulnerabilities and misconfigurations with network and access data, Cymptom can immediately identify exploitable attack and breach pathways. Following closing of the deal, these compelling analytics will be integrated into Tenable.ep, Tenable’s exposure platform, and augment the prioritization, benchmarking, trending and other capabilities which are part of Lumin and available via Tenable.ep.”
After closing, Cymptom’s agentless platform will be integrated into Tenable’s threat and vulnerability data. The terms of the deal were not disclosed and the acquisition is expected to close this quarter.
Sophos MSP partners are having an easier time convincing SMBs that they need better cybersecurity, and they’re willing to pay more to stay safe.
That’s according to Scott Barlow, Sophos’ vice president of global MSP and cloud alliances. He said 2021 was a “phenomenal” year for the cybersecurity vendor.
Sophos’ Scott Barlow
“Sophos saw accelerated growth of MSP Connect, [and] introduced several milestone innovations in 2021, all of which strengthen the adaptive cybersecurity ecosystem, including Sophos Extended Detection and Response (XDR), XGS Series firewall appliances and Sophos Cloud Optix advancements,” he said. “[It also] made several successful and strategic acquisitions, including Refactr, Braintrace and Capsule8, and was named the highest-rated and most-reviewed Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms. There’s a lot to be proud of, and we’re well positioned to continue building on this momentum in 2022.”
Last month, Sophos unveiled Sophos its Zero Trust Network Access (ZTNA) offering that fully integrates with its next-generation endpoint solution, Sophos Intercept X. It provides advanced endpoint protection and ZTNA with a single agent.
Sophos in 2022
In a Q&A with Channel Futures, Barlow talks about what’s in store for Sophos MSP partners in 2022.
Channel Futures: Sophos just unveiled its Zero Trust Network Access (ZTNA). What will that mean for Sophos MSP partners?
Scott Barlow: We often talk about “trust nothing, verify everything,” and that’s exactly what this is going to do. Sophos ZTNA is going to remove the complexities of managing multiple vendor products and agents, incorporating that selling cybersecurity as a system by offering ZTNA to MSPs. We’ll be working on having ZTNA available to MSPs via a monthly subscription, but it is available for MSPs today. And I think there’s a really significant opportunity for MSPs to jump in. CompTIA did a study and they have a quote that 22% of MSPs do not have a zero-trust strategy. And this really opens the door for Sophos to be a leader in the MSP space.
Scroll through our slideshow above for more from Sophos and other cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like