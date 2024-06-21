The Gately Report: Barracuda Networks CRO Wants New Business
Plus, new malware campaigns are targeting Android phones.
June 24, 2024
Channel Futures: Why did you want to take this role with Barracuda?
Geoffrey Waters: There are a few reasons. First is the deep history with Barracuda, 20-plus years of protecting and securing our customers for life. The second part is the technology. You've got email, application, data and network, really the full platform. That's everything that we're seeing in the market; customers and partners are looking for that platform. So the ability to bring that was super interesting to me. The third was going through the process of the interviews and getting to meet the [parent company] KKR people and the board, and [Barracuda Networks president and CEO] Hatem Naguib. The executive leadership here is really impressive. I worked with Hatem at VMware years ago and he's a thought leader. And there are also my peers. We’ve got a good group of newer, but also seasoned veterans of Barracuda. And I'm a channel person; I'm a partner person at heart. I love companies that value partners and we go exclusively through an ecosystem of partners. So those are the key reasons that I'm absolutely thrilled and excited about the role.
CF: How will your background with Check Point, VMware and Intel come into play in this new role?
GW: First, I have a deep appreciation for partners. The second thing is, directly coming from Check Point running the full P&L in the Americas, a massive chunk of the business, I gained experience from my last three years there talking to customers and partners. I had about 900 folks and we had tens of thousands of customers. I was really hands-on with customers, really understanding what their issues and strategies, and challenges were. I think that's going to help me in this piece. So I've got the ... cybersecurity part there. And then previous to that, there are 13 years at VMware and I was fortunate enough to start a couple of VMware's early cloud businesses. I started the VMware Cloud Provider Program and built that to a $1 billion business. Then our CEO asked me to go run the VMware AWS business so I put that together for the first couple of years. So I've got a rich history in cloud as well. And I think that'll help with a lot of the things that Barracuda is doing with those same partners, looking at AWS partnerships and Microsoft, and others. So I think there's going to be a lot from the cloud hyperscale perspective that I can leverage there.
CF: Where does Barracuda Networks fit into the current competitive landscape? And will hiring you give Barracuda Networks a competitive advantage?
GW: I would like to think it will, but time will tell. Barracuda is a trusted partner for over 20 years, and from a full platform perspective, so email, application, data and network. There are only a few companies out there in the world that can offer that full platform. The new sexy thing to talk about is platform. I think a lot of people are trying to run to it, but when you look at the last 20 years, that's what we've done. I think we're in a great position to serve and protect our customers for life. And that's the exciting part here. There's a ton that they're doing right here. I think there'll be a few areas that I focus on ... and time will tell if it's a competitive advantage or not.
CF: What’s your take on Barracuda Networks' current channel strategy and its Partner Success Program?
GW: I certainly don't have everything down, but from what I've seen, it's super strong. With the Barracuda Partner Success Program, some of those core components are on empathy around partner agility, and shared success. I think we've done a really good job of bringing all the routes to market, all the different types of partners that are out there. So I think one of the things that I'll specifically look at is how we strengthen the traditional channel at the same time as bringing in our MSP business. That MSP business is really accelerating for us so we're thrilled to see the success that that MSP business has had. But as the traditional resellers are also strengthening their MSP business, how do we have one approach? I think that's what the Barracuda Partner Success Program is all about and so we'll continue to push that forward.
CF: What’s at the top of your to-do list?
GW: I’m still working on that. There’s working on the partner piece, strengthening the great work that we've got around the Barracuda Partner Success Program, the new [customer] piece will be important. And then just making sure that the teams are operating within those four core pieces that I outlined earlier. Those are going to be top of mind now.
CF: What are the biggest challenges facing Barracuda Networks' partners and how will you help them with those?
GW: We just had our Discover24 event in Austin and it was a wild success. We're getting great feedback. We hit capacity with hundreds of partners, great training and great one-on-one discussions with all of my peers and leaders, so there was a great buzz from that event . The feedback was super positive. They liked the direction we're going. At a macro level, in general, I think partners are dealing with a lot of complexity out there. AI is a tool for good and a tool for bad. So I think understanding AI, as it's integrated into the products, but also using AI to help them with programs and some of the AI pieces that Barracuda offers our partners to help, I think they're sort of wrestling with that. The platform is obviously going to be a big piece. More and more customers are asking for the platform play. With the disparate number of security vendors out there, they're looking to consolidate that, especially in the mid-to-small business, which is one of our strengths. So I think those are some of the things at a macro level that partners are absolutely wrestling with and adding value into the equation.
CF: What do you want partners to know about you? What can they expect from you?
GW: What partners can expect from me is I look at three key things. [First], designing programs and our business to be simple. The second thing is around consistency, so we're not going to keep changing things, and then making sure that it's profitable. That's what partners want. My big saying over the last five years of my career is you start a sales cycle with a partner and you end a sales cycle with a partner. So I'm a big believer in making sure that our field teams are engaged with our partner teams early in the sales cycle. One plus one equals three and it's a magical thing. So I think that's what partners can expect for me. They can also expect to see me out in the field quite a bit, so I'm looking forward to it.
CF: How will the evolving threat landscape impact Barracuda Networks’ overall strategy looking ahead?
GW: I don't think there's anything necessarily new that's happened in the last couple months here. You're seeing AI getting in the hands of more of the bad characters and I think that's going to drive increased attacks across all businesses. And unfortunately, a lot of times they will go after public-sector hospitals and universities, and very sensitive government agencies. They're going more into the midmarket and even SMBs. So I think just continuing to leverage the AI tools that we do today, the engines that we have, to go drive email and network, that's where a lot of the threats are coming in. Beyond the email and the network, making sure that we've got the application and the data, and the backup all secured as well will be super critical. So I think it's just an evolution of AI and where it's taking us. So AI for good or for bad, and we're the good guys and we're going to make sure that we protect and secure our customers for life.
CF: What do you hope to have accomplished by the end of 2024, into 2025?
GW: On a personal basis, just really understanding the customer perspective, the partner perspective and the employee perspective. So just getting a deep understanding of our employees, our partners and our customers, all the various components of that. I think leaving here having an efficient and disciplined sales organization would be an amazing feat. They're already great as I'm meeting them; they're already fantastic. As the partners and channel evolve, you're seeing more partners that are offering multiple things, whether it's managed services, you've got the marketplaces out there and you've got the traditional resell. So just making sure that we're looking at all the various partner types and making sure that we've got the empathy, the agility and the shared success model for all types of partners I think would be an amazing thing. And I think we're well on our way already.
In other cybersecurity news …
Check Point Research (CPR) has uncovered multiple campaigns that leverage Rafel, an open-source remote administration tool (RAT), targeting Android phones used by 4 billion people globally.
CPR discovered the use of this Android malware in espionage (remote surveillance, data exfiltration) and ransomware operations. The victim is being tricked, through messages/conversations, etc., to download apps that impersonate popular services (social media, financial, educational and others). By installing the apps, the malware is injected into the mobile phone, enabling different kinds of capabilities from espionage to ransomware.
Rafel RAT is used in over 120 campaigns, affecting users predominantly in the United States, China and Indonesia, according to CPR. Most of the compromised devices are Samsung, Xiaomi, Vivo and Huawei phones, reflecting these brands' market dominance. In addition, most affected devices run outdated Android versions, highlighting the critical need for regular updates and security patches.
"Rafel RAT is another reminder of how open-source malware technology can cause significant damage, especially when targeting big ecosystems like Android, with over 3.9 billion users worldwide,” said Alexander Chailytko, cybersecurity, research and innovation manager at Check Point Software Technologies. “As most of the affected victims are running unsupported Android versions, it is crucial to keep your devices up to date with the most recent security fixes or replace them if they are no longer receiving them, as prominent threat actors and even advanced persistent threat (APT) groups are always looking for ways to leverage their operations, especially with the readily available tools such as Rafel RAT, which could lead to critical data exfiltration, using leaked two-factor authentication codes, surveillance attempts and covert operations, that are particularly devastating when used against high-profile targets.”
John Bambenek, president of Bambenek Consulting, said fundamentally, mobile malware comes in the form of malicious applications that users have to be tricked into installing.
Bambenek Consulting's John Bambenek
“Google has gotten pretty good about making sure none of these apps get on the Play Store, or at least stay there very long,” he said. “Users should never install applications based off a text message. With that being said, this also highlights the importance of persistently applying updates to your mobile phone to make sure that you’re running the latest versions.”
Hundreds of PC and server models that use Intel processors could be affected by a high-severity vulnerability found recently in Phoenix Technologies’ SecureCore UEFI firmware solution.
The vulnerability was discovered by an automated analysis system developed by Eclypsium. The security hole can be exploited by a local attacker to escalate privileges and execute arbitrary code within the UEFI firmware during runtime. Eclypsium warned that this is a type of vulnerability that may be leveraged by threats such as the Black Lotus UEFI rootkit.
An investigation showed the vulnerability is related to an unsafe variable in the trusted platform module (TPM) configuration. The vulnerable SecureCore UEFI firmware runs on multiple Intel mobile, desktop and server processors used by computer makers such as Lenovo, Acer, Dell and HP.
"This vulnerability exemplifies two characteristic traits of IT infrastructure supply chain incidents, high impact and broad reach,” Eclypsium said. “UEFI firmware is some of the most high-value code on modern devices, and any compromise of that code can give attackers full control and persistence on the device. And since the vulnerable code stems from a major supply chain partner that licenses code to multiple OEM vendors, the issue can potentially affect many different products.”
Critical Start's Callie Guenther
Callie Guenther, senior manager of cyber threat research at Critical Start, said the vulnerability potentially affects hundreds of PC and server models. This includes devices from multiple OEMs using Intel Core processors such as AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake and TigerLake. Due to the broad use of Phoenix SecureCore UEFI firmware, the vulnerability's reach is extensive, impacting potentially a significant number of products globally.
“AI excels at identifying new vulnerabilities by analyzing large volumes of binary data efficiently,” she said. “For patching, AI can assist by recommending code changes and automating testing processes to ensure patches do not introduce new issues. However, the final implementation and verification often require human oversight to ensure accuracy and security.”
Barracuda Networks’ new chief revenue officer is focused on bringing new business to the cloud-first cybersecurity solutions provider.
Geoffrey Waters has joined Barracuda Networks as its chief revenue officer. He will lead worldwide sales and partnerships, helping Barracuda Networks accelerate growth in markets around the world.
He most recently was president of Americas sales at Check Point Software Technologies, where he managed the line of business across Canada, the United States and Latin America.
Prior to Check Point, Watters was senior vice president of global channel sales at VMware, where he spent 13 years building and leading go-to-market teams for several of VMware’s managed services and cloud businesses. And before that, he was with Intel for more than 10 years.
Top Priorities for Barracuda Networks
Waters said when he joins a company, he looks at it through a lens of four core principles.
Barracuda's Geoffrey Waters
“I always think about new business,” he said. “You can get new business through maniacal customer outcomes, and selling up and cross-selling the full platform within your customer base. The second piece is what I call customer prospect and partner intimacy. I'm always going to be pivoted toward customer outcomes, working with partners and leveraging partners in those outcomes, but also then prospecting. I think we're in a world right now where there are a lot of new companies that are coming out that need security solutions. And I use the word intimacy because it's not just engaging them, but it's really about understanding them.”
Water said his third principle is “sales excellence (SE).”
“The consistent execution within sales is always going to be a focus,” he said. “And then finally just doing everything through the lens of one team. That one team can be pulling together our partners and it can be pulling together our SE organization. It can be pulling together a renewals organization. And so I think just getting everybody swimming in the same direction is always important.”
Waters wants to strengthen Barracuda Networks’ partnerships.
“I think we're going to be maniacally focused on net-new [customers] and working with our partners there,” he said. “It's the shared success. So it'll be us with our partners looking at that. And then just making sure that everything we do is about getting the best business security outcomes for our customers.”
Scroll through our slideshow above for more from Barracuda Networks and more cybersecurity news.
