RSA Day 1: SolarWinds, IBM, Perimeter 81, Dell, Mandiant, More
The cybersecurity industry can't wait until a cyber pandemic to transform security.
![Rohit Ghai RSA CEO at RSA 2022 Rohit Ghai RSA CEO at RSA 2022](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltbcfd6fb4bbfeb4d9/6524286a7f88f55dca775151/Rohit-Ghai-RSA-CEO-at-RSA-2022.jpg?width=700&auto=webp&quality=80&disable=upscale)
Partners have been involved in SolarWinds‘ business for many years, but they weren’t a strategic pillar of the company. That’s changing, said SolarWinds’ Jeff McCullough.
“If you think of partnering across our distribution resell networks, our global SI and our new emerging cloud solution partner platforms, they’re all key strategic parts of our go-forward strategy,” he said. “For SolarWinds, the first innovation is, we’re really committed and focused on building and growing with partners from a partnership perspective outside of, or in addition to, observability, having a new product to offer to both move the install base to observability as well as to introduce new customers into the environment.”
SolarWinds is introducing a new services portfolio of products, McCullough said.
“These are SolarWinds-branded products that partners can sell, and a new certified services program allows partners to be certified to deliver those products,” he said. “So if you’re a partner and you want to sell a services product, a branded-services product, you can do that now and you don’t have to deliver it. You can resell it and make money selling those services. But if you’re a partner that wants to do delivery, you can become certified to do it. You can sell that product and deliver that product, and you keep the lion’s share of the dollars in that opportunity.
And so [it’s about] defining the experience for the customer and then creating a process where partners can deliver that experience in a way that meets our requirements. Meeting the customer requirement is one of the big changes that we’ve made to our partner strategy and our value story as we look at how partners accelerate and grow, not just grow new customers, but grow profitability selling SolarWinds.”
This summer is all about hybrid cloud observability for SolarWinds and its partners, McCullough said.
“That’s our on-premises platform,” he said. “Right behind that, coming out later this year, will be the SaaS version of those products. And so you will see a lot of big moves from us around our partnerships with Microsoft and with Amazon right away here in North America, and then globally in the first part of 2023. You’ll see our products offered in the Microsoft and AWS marketplaces, and we’ll be participating in their partner programs, allowing partners to sell our marketplace products through those platforms.”
Partners will be able to offer observability both on premises and the cloud, McCullough said.
“So we think we have a very compelling and complete story around observability for customers and then for partners,” he said. “Obviously it’s a great story to tell again in terms of driving product consulting revenue and then services revenue.”
IBM‘s big news at RSA is that it’s acquiring Randori, an attack surface management (ASM) and offensive cybersecurity provider. Randori helps clients continuously identify external-facing assets, both on-premises or in the cloud, that are visible to attackers, and prioritize exposures which pose the greatest risk.
IBM said this acquisition further advances its hybrid cloud strategy and strengthens its portfolio of artificial intelligence (AI)-powered cybersecurity products and services.
Randori is IBM’s fourth acquisition in 2022. IBM has acquired more than 20 companies since Arvind Krishna became CEO in April 2020.
Chris Meenan is vice president of IBM Security product management.
“With Randori, our partners and IBM, [we] can demonstrate existing gaps in security monitoring and response functions, to customers in a clear and frictionless way,” he said. “Today, many organizations are struggling with finding the time and skills to understand the attacker’s perspective, and in turn, the top priorities for security teams. Randori helps solve this problem. For one, the actionable insights from Randori’s Recon product and attack automation capabilities help address new issues uncovered by Randori’s technology.”
IBM sees an integrated ASM function helping to drive more value and focus from an extended detection and response (XDR) system, Meenan said.
“By bringing in the attacker’s perspective, ASM helps ensure that XDR capabilities are addressing the threats that pose the greatest risk,” he said. “For example, many organizations are leveraging MITRE ATT&CK as a way to operationalize how they respond to threats. The challenge, however, lies in determining how to prioritize what tactics and techniques they need to collect telemetry, and monitor for. With Randori, we can now use that same approach and leverage MITRE ATT&CK to operationalize their defense and threat detection processes. Furthermore, by closely integrating Randori’s technologies with detect and response capabilities in XDR, organizations can leverage additional context both ways to drive more informed and faster decisions.”
Gavin Osters is Randori’s director of channel management.
“Randori has built a robust channel program with leading national and regional VARs,” he said. “We are excited to continue to invest in the channel and see many ways they could benefit through a closer relationship between Randori and IBM.”
At RSA, Mandiant unveiled a new intelligence-led solution as well as the general availability of a new module within its multi-vendor XDR platform, Mandiant Advantage. Both are designed to enable visibility into vulnerabilities, allowing organizations to take a proactive approach to cybersecurity.
However, the announcement was somewhat overshadowed by news that ransomware group LockBit 2.0 claimed it successfully attacked Mandiant. According to CyberScoop, LockBit posted a notice to its dark web portal Monday claiming it would release Mandiant files late Monday. There is no ransom demand posted to the page.
Mandiant, which is being acquired by Google Cloud, is skeptical that this is an actual attack:
“Mandiant has reviewed the data disclosed in the initial LockBit release. Based on the data that has been released, there are no indications that Mandiant data has been disclosed, but rather the actor appears to be trying to disprove Mandiant’s June 2, 2022, research blog on UNC2165 and LockBit.”
Chris Olson is CEO of The Media Trust, a digital safety provider.
“This is a developing story which we should take with a grain of salt,” he said. “In the past, LockBit has posted names on its website only to drop them without explanation – it has also stolen data from organizations through a third-party vendor while falsely claiming to have breached its victims directly. Until more information emerges, the Mandiant story may go in either of those directions.”
Perimeter 81, a security service edge (SSE) and zero trust network access (ZTNA) provider, began RSA by announcing its valuation has reached $1 billion after completing a $100 million Series C funding round led by B Capital.
Participating investors include Insight Partners, Toba Capital, ION Crossover Ventures, Entrée Capital and publicly traded Spring Ventures. The financing will accelerate Perimeter 81’s growth, hiring and development. The company has more than doubled its annual recurring revenue (ARR) year over year.
Perimeter 81’s platform enforces a zero trust architecture, which became a federal strategy in the United States this year following President Biden’s executive order on improving the nation’s cybersecurity.
Amit Bareket is Perimeter 81‘s co-founder and CEO.
“The rise of remote work, cloud adoption, fiber and 5G has created a fundamental shift in the network security landscape, leading companies to replace their on-premises network and security appliances with a secure corporate network over the internet,” he said. “B Capital and other investors embrace our vision to deliver holistic security that is purpose-built for a cloud-first, distributed workforce and share our belief that a secure corporate network over the internet transcends the traditional office environment and is the way of the future.”
Rashmi Gopinath is B Capital’s general partner.
“Perimeter 81’s highly impactful offering, undeniable performance, and fully integrated solution has enabled about 2,400 businesses to secure their networks,” he said. “We believe Perimeter 81 has a best-in-class ZTNA and SSE platform and we look forward to partnering with the team in its next phase of growth.”
Eric Baize, Dell Technologies‘ vice president of product and application security, was on hand at RSA to talk about the importance of having a secure development life cycle (SDL) process for software security. He’s responsible for ensuring security is built into technology from design to deployment.
Baize also talked the important steps organizations should take to create a software bill of materials and build it into their SDL process.
“Because customers are on the constant catch-up, what we see is that most cybersecurity attacks, whether it be a phishing attack or an intrusion, are most often rooted in either zero day, meaning a software vulnerability or a system which has not been patched, which is the same thing as it’s still a software vulnerability,” he said. “So the whole ecosystem is looking at security as, how can I
patch faster or can I be more effective? But nobody is looking at the root cause of this, which is, why do we have a software vulnerability in the first place.
“Every time you have a team patching a system, you have a team that developed software that created a bug that was a vulnerability. So the SDL is all about, how do we create secure software from the get-go, and how do we design systems, application products, thinking like an attacker, from a requirement, development and testing standpoint? It is about looking at solving the security problem at the root of the problem, not after it’s too late.”
In addition, a software bill of materials helps you understand where the code you have in the product is coming from, Baize said.
“All systems or products today are made of many components,” he said. “The reason it’s important is that if you understand where the components are from, first of all, you can understand what level of security was put in a component. You can make sure you have the latest up-to-date components deployed and you don’t leave open doors into your components. And also, if there’s an issue on the component, the vendor will know which product they have to update and match. So it’s an important practice.”
Baize equates it to being healthy.
“If you want to be healthy, there is not one pill you can take; that’s not the way it works,” he said. “You have to exercise, you have to eat well and you have to do the hygiene, and then you are more likely to be healthy. Now you may die anyway. You may have a vulnerability even if you do the secure SDL. The software bill of materials is one of these practices that makes your software a more secure software.”
The channel and partners have a role to play in software security by educating their customers, Baize said.
“So part of it is explaining, for instance, what security resources are available from a vendor,” he said. “From a Dell standpoint, part of our security life cycle requires that we issue a secure security configuration guide with each product so that customers know how to help harden the product.”
Revelstoke is a security orchestration, automation and response (SOAR) startup that formed at RSA before the pandemic. Bob Kruse, Revelstoke’s CEO, and other founders were with Demisto, which was acquired by Palo Alto Networks in 2019.
“We were there and grew that business,” Kruse said. “We spent the better part of a year at Palo Alto, realized that they weren’t going to solve the problems that we still saw on automation, so we decided to do stuff and solve those problems. So that’s what we do today.”
Revelstoke created a solution that doesn’t require programming, he said.
“So we can automatically, seamlessly integrate cybersecurity solutions into the security orchestration platform without having a code,” Kruse said. “And we do that a very specific way that’s patented. That is kind of the main reason why we exist today, and that’s our unified data layer. You can literally drag and drop connectors for various security products, and you don’t have to code. And it’s that simple. And when people see it, they’re in disbelief — and they love it. And that’s why we’re growing and winning today.”
One of Revelstoke’s routes to market is managed detection and response (MDR) MSPs, he said.
“They absolutely love our unified data layer,” Kruse said. “MSPs have to deal with a variety of technologies because they have a variety of end users. So if they’re going to acquire customers — one might have CrowdStrike, one might have FireEye, etc. — they have to code for all of those vendors. And then they have to support that. But we do that seamlessly with our unified data layer, where we don’t require the MSP to have to code to do that. And so one of our top use cases is absolutely a multitenancy for MSPs as well as M&A technology or M&A use cases for companies that are acquiring other companies that have disparate technologies.”
Due to the pandemic, the attack surface has only increased because people are working from home and using more, varied and questionable SaaS apps, he said.
“And so the attack surface has evolved, it’s changed and it’s increased, and it’s increasing in complexity for for the end user, for the enterprise,” Kruse said. “And so we’ve only seen demand increase for a product like ours.”
In March, SYN Ventures joined Revelstoke through a new $5 million injection.
Also at RSA, Skyhigh Security unveiled new enhancements to its Secure Service Edge (SSE) platform. These latest innovations to Skyhigh’s secure web gateway (SWG), cloud access security broker (CASB), private access (ZTNA), data loss prevention (DLP) and global points of presence (POP), bring enhanced data-aware security to its more than 3,000 global customers.
With Skyhigh SSE, organizations can protect sensitive data no matter where their users are, what device they are using, and wherever their data resides. That includes on the web, the cloud and private applications.
Gee Rittenhouse is Skyhigh’s CEO.
“As organizations continue to embrace a hybrid or remote workforce, we’re seeing new threats emerge in IT environments that traditional security approaches weren’t built to handle,” said. “These new enhancements to our SSE portfolio bring customers the data and threat protection needed so they can realize the full benefits of their modern workforce, while mitigating threats and simplifying the security of their data.”
Skyhigh will introduce its partner program later this year.
Noname Security unveiled version 3.0 of its API security platform at RSA. It provides API security that adheres to any environment, market or regulatory requirement.
The 3.0 platform gives customers global visibility with local control as they are able to identify issues and patterns across regions regardless of traffic volume or environment complexity. With the latest version, security teams can expect improved architecture and navigation, enabling real-time visibility, organization and administration of all active and dormant APIs, as well as adherence to privacy regulations across regions. The platform also adapts to new requirements and markets with more deployment flexibility and speed.
Shay Levi is Noname’s co-founder and CTO.
“API use is at an all-time high as businesses see the opportunity in opening up their technology to drive growth and innovation,” he said. “But big opportunity brings big risk. APIs represent a considerable security risk and have become a top attack vector. We are continually working to develop and improve our API security platform, to remain one step ahead of malicious actors. With today’s news, security teams can be confident that they are protected.”
Noname Security unveiled version 3.0 of its API security platform at RSA. It provides API security that adheres to any environment, market or regulatory requirement.
The 3.0 platform gives customers global visibility with local control as they are able to identify issues and patterns across regions regardless of traffic volume or environment complexity. With the latest version, security teams can expect improved architecture and navigation, enabling real-time visibility, organization and administration of all active and dormant APIs, as well as adherence to privacy regulations across regions. The platform also adapts to new requirements and markets with more deployment flexibility and speed.
Shay Levi is Noname’s co-founder and CTO.
“API use is at an all-time high as businesses see the opportunity in opening up their technology to drive growth and innovation,” he said. “But big opportunity brings big risk. APIs represent a considerable security risk and have become a top attack vector. We are continually working to develop and improve our API security platform, to remain one step ahead of malicious actors. With today’s news, security teams can be confident that they are protected.”
RSA CONFERENCE USA — The theme of this week’s RSA Conference USA, the first live one since the start of the pandemic, is transformation across the cybersecurity industry.
Rohit Ghai, RSA‘s CEO (pictured above), gave the opening keynote detailing the meaning behind the theme. RSA Conference USA has drawn tens of thousands of attendees from across the globe to San Francisco.
Ghai asked if the cybersecurity industry is really going to wait for a cyber pandemic to transform security.
“Transform, we must,” he said. “Our survival depends on it.”
Cybersecurity needs to reframe its roles with security, convenience and innovation, Ghai said.
“We need to ditch the dogma of cyber,” he said. “Identity is the No. 1 constant. The truth is what matters most. And we need to stop thinking of security and convenience as a constant trade-off.”
Beyond the keynotes, RSA prompted a flurry of latest news from IBM, Perimeter 81, Skyhigh Security and more.
Moving Past Sunburst
In addition, SolarWinds was on hand to give an update on its progress since the Sunburst supply chain attack rocked it in late 2020 and well into 2021. Jeff McCullough, SolarWinds’ vice president of global partnerships, said the company has bounced all the way back and has even more to offer partners. He took this role with SolarWinds last November.
Since Sunburst wreaked havoc on SolarWinds, the company has focused heavily on transparency, McCullough said.
“We took the opportunity to really lean into how we improve our development processes,” he said. “We initiated a program called Secure by Design. It’s really about not just securing our products as they show up at a customer’s site, but actually securing our entire data supply chain all the way through our development cycle and putting in place multiple levels of protection and safeguarding to ensure that the methodology that was used here could never happen again, but also to be able to be forward thinking about other potential threats and how we capture those in the most secure way possible. So in many regards, I’d say SolarWinds … comes out of this certainly stronger from an overall security standpoint, I think certainly for the better of the industry because we’ve shared everything we’ve done; we’ve shared Secure by Design.”
Helping Partners with Concerned Customers
When partners have customers that have expressed concerns, SolarWinds immediately takes them through Secure by Design, McCullough said.
“We show them everything that happened, what we’ve learned from it, and how we’ve put those learnings to use within our Security by Design approach,” he said. “And I’d say especially some of our biggest partners who we work with every day have really appreciated the the way we’ve gone about supporting them and their customers, and ultimately and helping them continue to grow.”
Scroll through our slideshow above for more from SolarWinds and much more from RSA Conference USA.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like