Fear has been considered a useful cybersecurity sales tactic, with near-constant headlines of major breaches and many chief information security officers (CISOs) believing attacks are inevitable.

This fear factor used to be more effective, but it’s quickly losing traction. Frequent and widely publicized web breaches seem to have made businesses less inclined to fear negative consequences at the hands of malicious online actors, but this doesn’t mean the need for security has waned.

David Mason, SiteLock‘s inside channel development manager, spoke with us about how MSPs can cut through the noise by explaining the value of website security services without relying on fear as a lone sales tactic. SiteLock provides business website security and protects more than 12 million websites globally.

SiteLock’s David Mason

In terms of using fear as a sales tactic, “if you look across the MSP space and across larger sales organizations, you do see some quick wins with that, but short-term wins in that you’re not really building any rapport or client value,” Mason said.

Switching sales tactics from fear to value isn’t a difficult transition, he said. In fact, selling security based on something other than fear likely is something they’re already doing in other parts of their business, he said.

“When you think of the MSP space overall, a lot of it is a very consultative and solution-based sales … educating their partners on what’s important and what the value is of what they’re doing,” Mason said. “And they’re already selling a lot of back-end security right now, endpoint security, server-level security, and looking at the website is just that next logical step to offering that holistic security approach and doing that full-service, end-to-end type of security solution.”

When you take more of that holistic and solution-based approach, you’re building confidence with that customer, he said. You’re not looking at a short-term, one-time win, but long-term, lifetime value, he said.

“That’s going to be far more lucrative when you look at year two or year three, at the education you gave that client, really establishing yourself as that trusted adviser to your customer, not someone who’s going to come in there and scare-tactic them into buying something from you,” Mason said. “It’s really taking the time to say, ‘Hey, here’s what your needs are and here’s what we have that mirror that, and here [are] even a few areas that you’re not thinking about now, but because we’re so educated in the field and we really understand our customers, we’re presenting to you to further protect you.'”

Turning away from fear-based sales is a growing trend with partners looking at more of a “consultative and solution-selling approach, and they have to at this point” as customers don’t want to “have to shop around for everything they need,” he said.

“One of the keys is making solutions that logically make sense for your customers,” Mason said. “Don’t just throw various products together and call it a package, and expect that it’s going to make sense to them. Put some actual thought behind, ‘This is our security solution, this is why it’s in place and this is what it does for you.’ Have a good, thought-out plan for what you’re doing and make sure you’re really hitting those key points of your customer’s needs within that package and then do that consultative approach that MSPs already do so well and offer that value that clients are looking for.”

Mason said he’s had conversations with various partners looking to get away from …

… using fear as a sales tactic.

“One of the things they found is, right now consumers just aren’t buying off of fear like they were in the past, so it’s starting to become a very ineffective model for them and they’re looking to expand their revenue stream and the value they add to the customers,” he said. “MSPs in particular are in the best position because they’re already having those conversations to offer it all together as one solution.”

Carbon Black Report Shows Cyberattacks Surging Before Mid-Term Elections

Cyberattackers from Russia and China are attempting to cause system outages and destroy data, according to Carbon Black’s Quarterly Incident Response Threat Report (QIRTR).

The report is based on key findings from incident response (IR) partner investigations during the last three months. Of the more than 100 investigations Carbon Black partners conducted in the third quarter, 41 percent stemmed from Russia and China. Also, two-thirds of IR professionals interviewed believe cyberattacks will influence the upcoming U.S. elections.

Carbon Black’s Victor Baez

Victor Baez, Carbon Black’s vice president of worldwide channel, tells us the report has a lot of information useful to all security professionals.

“For the channel specifically, it’s two things,” he said. “First, global organizations are no longer just battling financially motivated cyberattackers. They’re battling nation states – countries such as Russia, China and North Korea – who are not only looking to undermine democracy, but also launch campaigns of corporate espionage. Second, it’s clear that legacy security solutions are no longer effective against these advanced cyberattacks.”

Modern attacks now involve lateral movement, destruction of data, island hopping and counter-incident response, and these are tactics modern attackers use to stay invisible and undetected, Baez said.

“Customers are demanding more than simply a file scan from legacy antivirus,” he said. “They are looking for visibility across the enterprise and the ability to prevent, detect, respond to and predict advanced attacks. Above all else, I think this report reveals that it’s time for everyone in cybersecurity to evolve.”

Carbon Black researchers found 20 different state voter databases available for purchase on the dark web, several from swing states. Critical information in these offerings include voter IDs, full names, current/previous addresses, genders, phone numbers and citizenship status.

“The fact that nearly two-thirds of the leading incident-response professionals in the world said they thought the upcoming 2018 midterm elections will be influenced by a cyberattack is scary to think about,” Baez said. “At the end of the day, what we’re here to do is keep our connected way of life better protected — and that includes our democracy. If the world’s leading cybersecurity professionals are overtly stating there is something wrong with election security, there is clearly a widespread problem.”

And speaking of election security, Bitdefender has unveiled a new public website to share real-time, combined threat and information warfare intelligence, and report-detected election security incidents.

The Bitdefender Labs new monitoring and reporting capabilities are able to detect possible criminal attacks disguised within high-traffic times like this U.S. election season and attempting to deliver malware like ransomware for financial gain. Or more importantly, they are able to flag anomalies that might indicate …

… bad actors intent on deceiving voters, undermining confidence or even preparing an attack on the election infrastructure itself.

“The security industry has been focused on offering products and education to help defend against cybercrime tactics like social engineering, spoofs and spam,” said Monika Goldberg, Bitdefender’s vice president of corporate marketing. “But to combat information warfare, we need to better understand how people today are engaging each other and consuming information using technology. Information warfare isn’t easy to solve, but we believe our Election Security Central site will make an impact and take us a step forward.”

FireMon Adds Visibility Across AWS and Azure to Security Policy Management Platform

FireMon has unveiled the latest versions of the its Security Manager and Lumeta Spectre platforms, which deliver new visibility, automation and orchestration capabilities for hybrid-cloud security and business agility.

FireMon says the added functionality allows it to provide full visibility into enterprise attack surfaces and complete network anomaly detection across on-premises and cloud environments. Business and DevOps teams then can focus on innovating with new apps and services, while security personnel ensure that these apps and services meet enterprise security requirements, it said.

Lumeta Spectre now extends the end-to-end visibility required to discover and secure all IT assets to Amazon Web Services (AWS) and Microsoft Azure users, while Security Manager now meets the demands of agile businesses with optimized workflows for cloud automation for Microsoft Azure users.

FireMon’s Kurt Mills

“Lumeta has a unique offering … that fills a needed void in our partners’ portfolios,” said Kurt Mills, FireMon’s vice president of worldwide channel sales and operations. “It enables organizations to solve a current challenge of being secure across on-premises and multicloud environments. As a result, it creates a new market opportunity for our partners and solves a very real concern for their customers.”

Comodo Cybersecurity Unleashes Dome Shield Platinum

Comodo Cybersecurity has launched a new cloud-delivered, domain name system (DNS)-based security-as-a-service (SaaS) offering that allows enterprises, SMBs, MSPs and channel partners to protect users’ digital presence by blocking access to harmful websites that other measures do not recognize as dangerous.

Comodo Dome Shield implements a configurable web filter to check the content and reputation of sites per company IT policy based on both safety and appropriateness.

The new platinum version extends the current Comodo Dome Shield, deployed and validating 2.5 billion user DNS requests daily to regulate and secure their web access, blocking 1.2 million attack attempts daily. The product today protects against a wide range of threats and attacks, such as phishing, bots and botnets, command-and-control servers, spyware and spam.

Platinum also lets businesses protect all internet-connected devices, with deployment across any size infrastructure, from a global enterprise to a small business.

“Comodo created the Dome Shield solution by listening to real-world user needs, as well as requirements from MSPs and channel partners,” said Bulut Akisik, Comodo Dome Shield product manager. “These organizations consume their IT budgets, attempting to regulate employee web browsing and stopping web-borne attacks, in complex multi-office network environments, for roaming users and BYOD, and for the gamut of connected devices. For these and myriad other configurations, Comodo Dome Shield Platinum offers visibility, control and protection with rapid deployment and the lowest TCO.”