The Gately Report: Proofpoint Touts Latest Email Security Capabilities

Channel Futures: What can you learn from the intent of an email?

Joe Sykora: We can look at different compromises in the body of the email. The first thing is we can see if it is a known threat actor from just the domain, because if you're part of the Proofpoint solution, you can actually have access to everything that we know so we can see who else has been infected.

We also know who the bad guys are. So right away we can know from the beginning just by who's sending it. And then we can look at the content of it. If there's urgency, for example, if it's ransomware and someone's trying to have you make a payment, there's going to be something around an ACH payment or some type of payment. If it's personal, maybe it's Venmo, maybe it's Zelle. But then there's some type of urgency. So through our intelligence, we kind of know the structure. We don't know exactly what they're going to [do], but we know the structure of what the bad guys are going to do. So the intent of the email within the body of that is something that I think we do better than anyone else. We've saved our clients from making tens, if not hundreds of millions of dollars in those payments and stopped the bad guys before they could compromise our clients.

CF: What will these new email security capabilities mean for Proofpoint’s partners?

JS: For channel partners, they need to differentiate themselves from the competition. Same thing for us. Partnering with Proofpoint is something that they can really differentiate themselves with because this is something that no one else does. So that's important. It's our core.

CF: Proofpoint recently announced the availability of its human-centric security solutions in AWS Marketplace. Will that get deals moving faster and create more opportunities?

JS: It does. We still do standard deal registration with protection for our partners. This gives them another route to market. And a lot of times it is financial, so it does speed deals up because end users that have contracts with AWS, it's as simple as point and click. You click on it, and go ahead and make the purchase. So we have seen the sales cycles really reduce because of things like this.

And then the other thing we hear is from the CFOs of end users, that is another source of budget as well for projects. So sometimes when our partners go in and they see that there's either a budget reduction or potentially it could be a few quarters out, this is another route to market that they can use to help accelerate deals.

CF: Proofpoint recently announced general availability of its Data Loss Prevention (DLP) Transform, including generative AI use cases. What will this mean for partners in terms of cybersecurity and generative AI?

JS: Gen AI is a big topic and it's really helping us to accelerate things that a human doesn't need to be involved in: reporting, creation of some content and everything else. But the thing that you need to be careful of, of course, is what content are you putting in and is that confidential? So we're hearing a lot from end users that are really worried about data protection and data leaks, because the second part of what we do, of course, is the data protection, protecting the people and protecting the data. DLP has been around for 20-plus years. We do DLP differently than other corporations out there, but now with the coverage for gen AI that's top of mind, we have a lot of end users asking our partners, "How do I protect myself?" Because they all see the benefits of, "Hey, this is great, I can now put something in and it outputs it right away, but how do I protect my data?"

So with our new solution, we can actually add that to the DLP stack. Whatever method the data is going out, we can protect the end users, which is another opportunity for our partners. We also see a lot of partners building practices around our DLP solutions, so that's another benefit as well. To my knowledge, we're the only ones that actually could provide the protection from gen AI.

CF: Did input from partners come into play when formulating these latest Proofpoint solutions?

JS: Yes, 100%. We have multiple partner advisory councils. We have one international and we have one here in the Americas because we do have partners in Canada and Latin America. We meet with them at least two times a year. We give them updates as far as, here's our road map, here's what's new at corporate vision and we make sure that's aligned with what they need. And then the best benefit for all those meetings is they give us input. So over half the meeting is partners telling us what we need to do or what we need to change at Proofpoint. That could be technology. It could be operationally. It could be anything on the table. So we take that feedback, we consolidate it and then we continue to work on it with them. And it's interesting because some of the things that we're announcing, both the international group and the Americas group were aligned with several of the same topics. So it is constant feedback to look at. There’s a lot of partner feedback whenever we do anything here at Proofpoint.

CF: When it comes to email security, is there anything the cybercriminals are doing that surprises you?

JS: I think I've been in security now for almost 30 years, so nothing surprises me. Like I've always said throughout the years, if a bad guy wants to get in, they will find a way in. You then have to have multiple layers of security to protect yourselves and know what to do. Everyone here at RSAC is talking about AI and the use of AI for good. There's also AI for the bad. We used to get phishing emails and you could tell right away if you've got something, like it was spelled wrong or it didn't look right, or the graphics were off. Now it doesn't. Now it looks very good. I mean, it’s hard to tell if it's really not the person sending it. So if you don't have a solution like Proofpoint, you click on one wrong thing and then all of a sudden they could have root access to your network. And from there they can do a lot of bad stuff. I'm not surprised by it. But we are seeing more use of AI. Just like we're using it on the good, people are using it on the bad. So that's one of the things that’s resonating with our partners.

CF: What’s the latest with Proofpoint’s partner program?

JS: I always try to keep it fresh. Last year, we introduced our Element Partner Program. Element is kind of a simplification of the program. We took it down to two different levels and then specializations on top of that. So we continue to move towards our ecosystem journey. We are on a journey like many companies of rewarding partners for different behaviors during the sales cycle, which is important because what we're working toward with Element is making sure that it's not just a reward at point of sale. I want to reward people for the technical things they do, for the proof of concept (POC) they do. If they can do something to help influence an opportunity, even if they maybe don't win that in the end, I want to wait to reward them. So we're still working toward that journey. The program itself is super solid. We do have two deal registration types so they're protected in deals and rewards throughout the opportunity process.

And then the other thing that we're looking at is do we support more routes to market. So AWS and marketplaces was one we heard loud and clear. So we opened that up for partners. I'm also looking at things like an influencer-type program.

CF: Anything new coming for Proofpoint partners?

JS: I think what you'll see is enhancements around our MSP and our MSSP program. That is something that I do also hear from our partners. We have a program, we've won awards with the program and I think it's a solid program. And I, coming from an MSSP background, I know it fulfills it, but how do we create the next level of the MSSP program? So that's something you'll see us working on the rest of this year. And I don't know if we're going to introduce it still this year. It might not be until next year because we want to do some testing and make sure we have it right. But more things around our MSSP partners and the partners that want to build practices around us. In the end, we want to be relevant to them and they're going to be relevant to us. That's the key to any partnership.

CF: Do MSSPs have particular needs that maybe other types of partners don't?

JS: They do. The needs of an MSSP are a lot different than resale because, one, operationalizing it is important so you need to make sure you're operationalizing whatever solution that you're providing to them. For resale, we have a lot of channel sales engineers. For MSSPs, we have solution architects because solution architects actually help them build the integrations they need into their back-end billing systems, their ticketing systems and management systems. All those things are so important because we have to operationalize things. You have to have really good tech. The tech has to be outstanding, but then you need to operationalize it because if you can't operationalize it; that's where MSPs and MSSPs push back a little bit because that's part of the way that they increase their margins. Most of the MSPs are very profitable, which is great. They're very stable, but they're not the ones coming to me and saying, "I need a better discount on this deal." It's never going to be deal based, I need to get skinny, you need to get skinny, everyone needs to go low. It's not like that. With MSSPs, we give them more discounts as they get bigger and then we give them those highly technical, secure solution architects to help integrate into our systems. So that's a key differentiator between the two.

Obviously all partners still like leads, so we're still giving leads, but the leads are a little different. Someone wants to buy a product is one thing. If someone wants to buy a solution, it's different. And you have to ask those qualifying questions before you hand it off to make sure you give it to the right partner. And again, all partners want leads for more business. The other thing, too, is sometimes they're not selling it as Proofpoint. It's either secured by or powered by Proofpoint versus hey you're buying product XYZ. We're part of a bigger solution when we're dealing with MSSPs.

In other cybersecurity news …

Kaspersky researchers have identified severe security vulnerabilities in Cinterion cellular modems, widely deployed in millions of devices and vital to global connectivity infrastructure.

These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT devices foundational to industrial, health care, automotive, financial and telecommunications sectors.

Among the vulnerabilities detected, the most alarming is CVE-2023-47610, which enables remote attackers to execute arbitrary code via SMS, granting them access to the modem’s operating system, according to Kaspersky. This access also facilitates the manipulation of RAM and flash memory, increasing the potential to seize complete control over the modem's functionalities, all without authentication or requiring physical access to the device.

Further investigations exposed significant security lapses in the handling of Java-based applications running on the modems. Attackers could compromise the integrity of these applications by circumventing digital signature checks, enabling unauthorized code execution with elevated privileges. This flaw poses significant risks not only to data confidentiality and integrity, but it also escalates the threat to broader network security and device integrity, according to Kaspersky.

"The vulnerabilities we found, coupled with the widespread deployment of these devices in various sectors, highlight the potential for extensive global disruption,” said Evgeny Goncharov, head of Kaspersky ICS CERT. “These disturbances range from economic and operational impacts, to safety issues. Since the modems are typically integrated … within other solutions, with products from one vendor stacked atop those from another, compiling a list of affected end products is challenging. Affected vendors must undertake extensive efforts to manage risks, with mitigation often feasible only on the telecom operators’ side. We hope that our in-depth analysis will help stakeholders implement urgent security measures and establish a valuable reference point for future cybersecurity research.”

In response to these discoveries, all findings were proactively shared with the manufacturer prior to public disclosure. Cinterion modems, originally developed by Gemalto, are cornerstone components in machine-to-machine (M2M) and IoT communications, supporting a wide array of applications from industrial automation and vehicle telematics, to smart metering and health care monitoring. Gemalto, the initial developer, was subsequently acquired by Thales. In 2023, Telit acquired Thales’ cellular IoT products business, including the Cinterion modems.

Last week’s cyberattack on Ascension, the largest Catholic hospital chain in the United States, is just the latest example of threat actors targeting health care with massive consequences.

According to its latest update, many systems remained unavailable heading into the weekend. John Bambenek, president of Bambenek Consulting, said this attack “sounds like ransomware to me, which very quickly moves medical care back to paper charting.”

Ascension runs 140 hospitals across 19 states.

Nick Tausek, lead security automation architect at Swimlane, said since the Change Healthcare attack in February, there've been disclosures of data breaches from Kaiser Permanente and MedStar Health, a cyberattack on Octapharma and now Ascension.

“These ongoing attacks on health care organizations reiterate the vulnerability inherent in the health care industry, a vulnerability that threat actors are exploiting to their advantage,” he said. “The allure of targeting health care organizations lies in the vast troves of sensitive data and the intricate networks they operate within. Compounded by often confusing regulatory oversight and insufficient allocation of resources towards cybersecurity, health care entities remain prime targets.”

To mitigate these threats, health care organizations must prioritize cyber hygiene and use these attacks as a learning opportunity to bolster their defenses, Tausek said.

“As threat actors persist in the health care and public health sector, proactive security measures are imperative to safeguard patient data and organizational operations,” he said.

Kurt Osburn, NCC Group’s director of risk management and governance, said no health care attacks are surprising, unfortunately. The industry is a priority target for attackers because of the value of the information.

“Health care is an easy target and within hospitals, there are so many people and entry points to get information from that it can take a significant effort and cost to secure it all,” he said. “This is a criminal attack on a non-profit organization – no one is safe or immune to cybercriminals, even those organizations looking after our sick and vulnerable population. Companies should make efforts to prepare and plan for responding to incidents. It’s not a matter of if, but when they happen.”

Last week’s cyberattack on Ascension, the largest Catholic hospital chain in the United States, is just the latest example of threat actors targeting health care with massive consequences.

According to its latest update, many systems remained unavailable heading into the weekend. John Bambenek, president of Bambenek Consulting, said this attack “sounds like ransomware to me, which very quickly moves medical care back to paper charting.”

Ascension runs 140 hospitals across 19 states.

Nick Tausek, lead security automation architect at Swimlane, said since the Change Healthcare attack in February, there've been disclosures of data breaches from Kaiser Permanente and MedStar Health, a cyberattack on Octapharma and now Ascension.

“These ongoing attacks on health care organizations reiterate the vulnerability inherent in the health care industry, a vulnerability that threat actors are exploiting to their advantage,” he said. “The allure of targeting health care organizations lies in the vast troves of sensitive data and the intricate networks they operate within. Compounded by often confusing regulatory oversight and insufficient allocation of resources towards cybersecurity, health care entities remain prime targets.”

To mitigate these threats, health care organizations must prioritize cyber hygiene and use these attacks as a learning opportunity to bolster their defenses, Tausek said.

“As threat actors persist in the health care and public health sector, proactive security measures are imperative to safeguard patient data and organizational operations,” he said.

Kurt Osburn, NCC Group’s director of risk management and governance, said no health care attacks are surprising, unfortunately. The industry is a priority target for attackers because of the value of the information.

“Health care is an easy target and within hospitals, there are so many people and entry points to get information from that it can take a significant effort and cost to secure it all,” he said. “This is a criminal attack on a non-profit organization – no one is safe or immune to cybercriminals, even those organizations looking after our sick and vulnerable population. Companies should make efforts to prepare and plan for responding to incidents. It’s not a matter of if, but when they happen.”