Security Roundup: Going Rogue, SentinelOne, Exabeam, Kaspersky, Sophos

C-level executives led the way in using personal apps on their work devices without permission.

Edward Gately, Senior News Editor

June 7, 2019

11 Min Read
Security Roundup

A growing headache for IT is workers going rogue with work devices, software and applications, despite being aware of the potential risks involved, just so they can do their job.

New research by Snow Software highlights this problem. The study polled 3,000 professionals in the United States, Europe and Asia Pacific, and revealed that this is especially notable in younger employees, as millennials are almost twice as likely to go behind IT’s back compared to older workers. Some 81% of millennials admitted they have used or accessed something on their work device without permission, versus 51% of baby boomers who have done the same.

In general, management-level employees (manager, director, vice president or executive) were almost twice as likely to use unauthorized professional or personal software and applications compared to individual contributors (entry-level, associate or specialist).

Vice presidents and C-level executives led the way in using work apps (57%) and personal apps (51%) on their work device without permission.


Snow Software’s Alastair Pooley

So how does IT keep a lid on cyberthreats with workers actively going rogue?

We spoke with Alastair Pooley, Snow Software’s CIO, to find out more about this problem and how it can have serious consequences for organizations.

Channel Futures: Does the fact that many workers are breaking the rules to get the job done mean organizations need to focus on making it easier for workers to both get the job done and practice good cybersecurity?

Alastair Pooley: It is vital that organizations concentrate on making the secure route the easiest path for workers to access technology. The familiarity everyone has with technology along with their personal experience of the app ecosystem on modern smartphones has raised everyone’s expectations of their use of technology. People expect it to work whenever they want it, from anywhere, and they are not averse to using their own devices or applications to achieve these aims. Organizations must focus on enabling employees while maintaining insight into the corporate technology ecosystem to ensure they are both obtaining value for money and protecting their assets.

CF: Can going rogue lead to serious problems that workers may not be aware of? Can you give some examples?

AP: Unfortunately, this is a real and increasing risk. I have personally seen examples of applications being used outside of the IT organization which led to the export of personally identifiable information (PII) outside of the EU. This would now be a breach of General Data Protection Regulation (GDPR) regulations and would land the organization in some difficulty. While most workers are aware that security is important, they don’t correlate their use of data and applications as either a security risk or a regulatory issue.

Away from security, another big concern many CIOs have today is controlling costs. While technology investments are now more commonly originating from the business decision makers, I have seen examples of businesses paying for …

… multiple applications which serve the same function with the resultant confusion within the organization of what is the right tool to use. One of the roles IT can play is to clearly communicate why software or applications were selected and help the business make the right decisions to ensure money is not being wasted.

CF: Do the generational differences suggest increasing problems as younger generations make up a larger percentage of the workforce?

AP: Millennials are already the largest generation in the workforce and Gen Z is right behind them — we have already reached a tipping point where this isn’t a problem as much as it is the new normal. What has really changed is the expectations and familiarity with technology. The policies, protocols and tools will always evolve, but IT should try and focus on better controls to identify new applications as they are being used in order to prevent systemic issues later.

CF: What are some of the ways organizations can convince employees at all levels to stop going rogue and seek the necessary permissions before using unauthorized software and applications?

AP: Unfortunately, there is no magic bullet for this. A security-aware company will use a combination of hosting regular security awareness training, implementing controls at the network’s perimeter and on endpoints, blocking riskier software downloads and analyzing IT processes. IT can also proactively monitor the entire technology estate to understand what workers are using, and what they aren’t, to build the right mix for your organization.

CF: Are there any positive findings in this research? Is there anything to point to as an example of encouraging practices/behaviors?

AP: While the lines between work and personal use of technology have been fundamentally altered, the fact that a majority of employees are invested in their use of technology is positive. Today, it is clear that workers see their software, applications and devices as an extension of their identity and a critical part of their ability to do their job. Organizations have both a duty and an opportunity to harness that energy, and work alongside employees to find the right balance between a productive and protected technology ecosystem.

SentinelOne Receives Big Cash Infusion

SentinelOne, the endpoint protection company, has raised $120 million in Series D funding led by Insight Partners, bringing its total funding to more than $230 million.


SentinelOne’s Tim Mackie

The funding will be used to accelerate SentinelOne’s “rapid displacement” of legacy and next-gen competitors in connecting endpoint, cloud and IoT protection through its autonomous AI platform deployed throughout the enterprise, the company said.

Tim Mackie, SentinelOne’s vice president of worldwide channels, tells us the additional funding will help his company and its partners in a number of ways, including account coverage and better margins.

“From a coverage perspective, it will allow us to expand our teams in areas where we need to add additional channel account managers (CAMs), as well as look to new regions around the world where we want to stand up teams; thus delivering a better touch for our partner community,” he said. “From a program perspective, this allows us to create richer programs, with more benefits and better payouts. Promos and additional benefits around net new logos, certifications and sales growth will be part of the portfolio.”

Cybersecurity has had a “whirlwind of technology evolution in this space the past five years” and it’s been up to the channel community to …

… act as consultants when supplying solutions for their customers, Mackie said.

“We’ve seen a substantive increase in the number of opportunities (upward of 30%) and the amount of times we win over both legacy technologies, as well as even now some of the other next-gen players,” he said. “Because of conditions in the marketplace (consolidation/acquisitions, margin control, poor partner programs) from some of our competition, combined with things we are doing right … we feel the timing is good for SentinelOne as partners are looking for a viable manufacturer to partner with.”

Report: Staffing, Security Alerts Pain Points for SOCs

Exabeam’s 2019 State of the Security Operations Center (SOC) report shows staffing remains an issue, as do processes like reporting and documentation, along with alert fatigue and false positives.

Key findings include:

  • A third of respondents feel their SOC is understaffed by as many as six to 10 employees.

  • The importance of soft skills, like communication, is growing, with nearly two-thirds (65 percent) of respondents saying personal and social skills play a critical role in the success of a SOC, but employees’ actual abilities in these areas are also improving.

  • Hard skills have increased in importance: Threat hunting is up seven points to 69 percent, while data loss prevention jumped eight points to 75 percent.


Exabeam’s Steve Moore

Steve Moore, chief security strategist at Exabeam, tells us solving primary pain points for CIOs/CISOs and SOCs is a major opportunity for MSSPs and other cybersecurity providers.

“Specifically, 27% of respondents felt their top pain point was alert fatigue,” he said. “Additionally, false-positives and time spent on reporting/documentation are significant pain points for respondents, accumulating 24% and 33% of respondents, respectively. Additionally, the survey revealed that the lack of environmental visibility in the form of too few logs is also an issue.”

Managed security information and event management (SIEM) deployments, especially those with machine-learning-based behavior analytics features, can help greatly reduce these issues through automation, specifically timeline creation, which will decrease alert fatigue, save time and prioritize work, Moore said.

Nearly half of understaffed SOCs indicated they don’t have sufficient funding for technology, while respondents of larger SOCs said that despite recent or increased funding for technology, they recommend continued investment in newer, more modern technologies (39 percent), according to Exabeam.

The survey also revealed that nearly half of SOC respondents continue to outsource business activities; malware analysis, threat analysis and threat intelligence are the most frequently outsourced functions. Conversely, SOCs are choosing to tackle event and data monitoring internally.

When technology investments are made, big-data analytics (39 percent) and user and entity behavior analytics (UEBA) (22 percent) remained strong, while AI (23 percent) and machine learning (21 percent) made gains in usage rates. In medium and smaller SOCs, use of technologies like AI and biometric authentication and access management also jumped.

“The perception of performance is skewed from the data supporting performance,” Moore said. “Generally, SOC effectiveness is unchanged, but the perception of auto-remediation effectiveness has declined in aggregate. The problem of inexperienced staff is …

… greater in the eyes of CISOs/CIOs than with SOC analysts and SOC managers.”

It’s Now Kaspersky, No Lab

This week, Kaspersky Lab announced it has rebranded as simply Kaspersky with a new mission to “build a safer world.”


Kaspersky’s Andrew Winton

Andrew Winton, Kaspersky’s vice president of marketing, tells us the new branding reflects Kaspersky’s vision of the future and its approach to business.

“Our refreshed mission to build a safer world will better help our partners encourage customers to use our products while also seamlessly aligning with our brand principles,” he said. “We hope they are as enthusiastic about this refresh as we are.”

Since its inception in 1997, Kaspersky’s customer mindsets have “evolved greatly, and it is imperative that our brand evolves with them,” Winton said.

“While partner feedback was not the absolute deciding factor in our rebrand, it has become clear in recent years that our customers and partners keep referring to us as simply Kaspersky, so it seemed like a logical decision for us to make this change,” he said.

“Today the world has new needs, and our rebranding reflects our vision to meet those needs — not just for today, but well into the future,” said Eugene Kaspersky, Kaspersky’s CEO. “Building upon our successful track record in protecting the world from cyberthreats, we’ll also help build a safer world that’s immune to cyberthreats, a world where everyone is able to freely enjoy the many benefits that technology has to offer.”

Sophos Rolls Out New Server Defense

Sophos has unveiled its new Intercept X for Server with Endpoint Protection and Response (EDR), which allows IT managers to investigate cyberattacks against servers.

Cybercriminals frequently evolve their methods and now are blending automation and human-hacking skills to successfully carry out attacks on servers. This new type of blended attack combines the use of bots to identify potential victims with active adversaries making decisions about whom and how to attack.


Sophos’ Stephen McKay

Stephen McKay, senior product manager at Sophos, tells us the new product brings partners and their customers the “powerful benefits” of EDR.

“It also gives partners the ability to increase revenue by selling not only EDR for endpoints but EDR for servers,” he said. “MSSPs benefit with improved visibility of their customers’ estates; for example, quickly seeing which files, processes and registry keys were impacted during an attack, and accessing this information from the same Sophos Central console, reducing time spent on management … allows MSSPs to demonstrate value add by more quickly responding to potential threats and closing security holes.”

Partners and customers also gain access to the latest threat intelligence from Sophos, McKay said. To maintain full visibility into the threat landscape, SophosLabs tracks, deconstructs and analyzes 400,000 unique and previously unseen malware attacks every day in a constant search for emerging threats and attack techniques.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like