Channeling Security: Kaspersky PR Problems Raise Questions – and Opportunities
The growing drumbeat of charges that the Trump campaign colluded with Russia aren’t helping Kaspersky Lab, which faces ongoing allegations that it’s complicit with Kremlin foreign intelligence and espionage operations (see Larry Walsh’s take on that here).
A new round of publicity from Bloomberg this week, along with confirmation Tuesday to Politico that the General Services Administration has removed Kaspersky from the approved list of vendors for two government-wide purchasing contracts, added fuel and pushed the controversy into the mainstream media. A fairly sensationalized report by ABC, complete with a sweeping drone’s eye view of the company’s U.S. headquarters and a shot of CEO Eugene Kaspersky standing near Vladimir Putin, may well have caught customers’ attention.
Kaspersky strongly denies any wrongdoing, saying that “Kaspersky Lab, and its executives, do not have inappropriate ties with any government.”
How should you respond if asked about the matter?
First, note that Kaspersky Lab has technology partnering agreements with more than 120 providers, including AWS, Cisco, Juniper, Microsoft and dozens of security firms that license the antivirus SDK. It’s not a simple matter of swapping in a new AV system.
GlobalData’s Eric Parizo
From a purely technology perspective, Kaspersky products have historically performed well in terms of endpoint antimalware efficacy and have been used around the world for years with few issues.
“I advise resellers to stay the course,” says Eric Parizo, senior analyst focusing on enterprise security with analysis firm GlobalData. “Eugene Kaspersky simply could not have built and sustained such a successful company, and one highly regarded within the global cybersecurity community, by serving as a close ally of the Russian government.”
Parizo advises partners to remind customers that the caliber of the products, and the employees making and supporting them, remain unchanged despite the negative publicity.
“The Kaspersky GSA delisting is an overreaction caused by a Washington government and media landscape that is hyperfocused on any individual or entity with ties to Russia,” he adds.
Platte River Networks saw a similar politically motivated uproar earlier this year.
Kaspersky is moving ahead with product news. This week it released a new version of its Endpoint Security Cloud, a multi-tenant console for partners and MSPs overseeing customer cloud infrastructures remotely. The new release includes support for Macs and additional automation and management capabilities. Customers who still think Macs are immune to malware are wrong; last year, Kaspersky Lab detected 11.8 million attacks, including MacOS-specific malware, OS-agnostic phishing and man-in-the-middle attacks that affect Apple users. For MSPs, there’s improved billing and reporting and integration with ConnectWise’s Manage and Automate tools.
This month Kaspersky also released a free open-source forensic tool, BitScout, that investigators can use to remotely collect evidence. It allows for full-disk-image acquisition, even with untrained staff, and provides other useful functions, like remote AV scanning and remediation of offline systems and network nodes.
Still, the drumbeat of criticism raises the question of how partners handle it when bad PR around suppliers reaches customers.
The No. 1 piece of advice from channel leaders: Don’t rush into a decision to weaken or break ties with a longtime supplier over what may end up being a short-term distraction. If the provider has good products, a profitable channel program with strong enablement tools and isn’t competing with a direct sales force, see how it handles the PR storm.
What to watch for:
- Is the company being transparent with partners and customers? Kaspersky has released definitive statements refuting recent allegations.
- Is there any fire behind the smoke? As Walsh notes, CEO Eugene Kaspersky received his security training in Russian intelligence, and many of the managers at Kaspersky Lab are former Russian military or have held government positions. And Kaspersky Lab does work with the Russian government on security. The GSA delisting is a real issue for partners that work with government agencies or their suppliers.
- How fired up are your customers? That’s the primary relationship, and there are readily available alternative security suites. Still, as noted, removing all Kaspersky Lab code isn’t a simple matter.
Partners build customer relationships by solving problems, so Parizo suggests keeping an eye on the long-term findings while making the best of the situation.
“If anything, the short-term business disruption for Kaspersky presents an opportunity to potentially negotiate discounted licensing additions or renewals that customers should not hesitate to take advantage of,” he says.
Partners, have customers asked about this? What did (or will) you respond?
Update via Reuters: Britain’s National Cyber Security Centre said on Tuesday it had never certified products from Russian cyber security firm Kaspersky Lab.
“The NCSC certifies products through a range of initiatives, and vendors apply to have their products certified via one of our accredited lab partners,” the NCSC, which is part of Britain’s GCHQ eavesdropping security agency, said.
So … does that mean they refused to certify, or that no such request was made? Seems like a natural followup.
Update: A Kaspersky spokesperson responded, saying “The NCSC is not a regulator and they do not certify anti-virus products. We work closely with public sector across the world and where required with regulatory and certification bodies.”