Email will remain the primary means of entry threatening corporate cybersecurity.

Edward Gately, Senior News Editor

December 19, 2017

8 Min Read

Ransomware and other malware continue to wreak havoc on organizations, and 2018 is likely to bring even more attacks given the success cybercriminals have had so far.

That’s according to Sophos, which recently released its 2018 Malware Forecast, including the growth in sophisticated, targeted malware attacks and how deep learning, predictive technology can help defend against them in the new year.

It’s a fair bet that Android and Windows will continue to be heavily targeted, and that email will remain the primary means of entry that threatens corporate cybersecurity, especially in the case of targeted attacks, according to the company.

Sophos provides security to more than 100 million users in 150 countries.

In a Q&A with Channel Partners, Kendra Krause, Sophos’ vice president of global channels, highlights the biggest threats and talks about growing partner opportunities in security.

Channel Partners: What are some of the upcoming trends/predictions concerning ransomware?


Sophos’ Kendra Krause

Kendra Krause: The biggest thing we’re seeing is ransomware as a service (RaaS). It just continues to permeate and continues to be one of the biggest contributors to the growth of ransomware. It’s so extremely easy for pretty much anyone to go on the dark web and be able to create a ransomware attack. And the kits are getting far less expensive and there are very easy ways to follow a path and be able to create a ransomware attack. It’s definitely contributing in the growth of those types of attacks.

We’re seeing it with partners and it’s the hottest topic of what they’re looking at and what they’re talking about when it comes to security. We do all sorts of educational webinars [for] our partners and our customers, and we host one [with] ransomware in the title. The attendance is through the roof because people are very, very concerned about it and a lot of them are unsure what to do. And they’re also seeing that the cost of cleanup of ransomware is becoming more and more expensive. Obviously it’s not only hitting your costs to clean up your network, but it’s also costing you from your business alliances and from perception in the field. So we’re really pushing it with our partners and ensuring that all of our partners are selling our Sophos Intercept X product. That is our product that is basically the must-have, anti-ransomware product. It’s now just a basic security requirement.

CP: Are the victims changing? Who now will be more vulnerable than previously?

KK: I think it’s become really prevalent that anyone is now vulnerable. It used to be very high-profile organizations and larger organizations, and really now anybody’s vulnerable. And some of that has to do with the complexity of these attacks. These cybercriminals are constantly evolving what they’re creating and making these attacks …

… much more complicated — and that’s absolutely continuing to change into next year.

CP: What’s most surprising about the 2018 forecast?

KK: For me specifically, when you look at things like WannaCry and NotPetya, we see the trend where they’re able to attack anybody. Any type of organization unprotected, it’s going to hit them. On the other hand, you also see a lot of these files that are written for particular organizations. So if you look at malware, and our lab processes over 400,000 previously unseen malware samples every single day, it’s amazing to me that you can have these ransomware attacks and these large attacks that are so generic in nature, and then you also have these very particular, designer zero-day malware attacks where you’ve got to continue to be innovative and you’ve got to continue to be ahead of what is going to come for that day because you don’t know what is going to attack you that day. It’s probably going to be something that was unseen the day before. That tends to be the scariest part of what we’re seeing going into this next year. And the best way that people are protecting against that is now with predictive security. And now we’re getting into these machine-learning predictive capabilities.

CP: Let’s talk about opportunities and challenges for the channel. Will 2018 be unlike any previous year?

KK: I do think it will be because there’s so much evolving in what is going on, and if you look back at the beginning of the previous year, we weren’t dealing with this volume and frequency of unseen malware, and we weren’t dealing with needing to be so far ahead of it with predictive security. And now we’re going into next year with that as the baseline. But this does provide a large opportunity for partners in many ways. First is getting a lot of these partners to be much more next-generation security solution providers. The growth in managed-security providers is tremendous, and more and more companies are looking for a partner to be either their managed provider or that security expert for them. And not only do they need to do that providing solutions, but one of the biggest things that happens – let’s say when the next WannaCry happens – immediately customers are turning to their partners and [asking], “Did I get hit? What happens if I get hit? What do I do?” And with zero-day crashes, they need to have answers for them.

One of the things Sophos really tries to help partners with as [quickly] as we can [are] kits, webinars and information to help educate our partners so that they can service their customers. It’s a whole different way than they’ve ever had to do business in the past and I think that’s just going to continue to evolve.

CP: For partners that are wanting to enter security or increase their security capabilities, is it a tough road ahead for them?

KK: It’s definitely a tougher road because it’s new, but it’s not impossible — and I think it really does provide a lot of opportunities out there. Partners are needed more than ever, and being a 100-percent channel company, we are seeing it and loving it, and it’s great because … this is a lot to keep up with. It’s nearly impossible to keep up with it unless you have a full security staff on your IT. Most of them don’t, and so what they are doing is …

they are going to their partners and saying, “Provide me services so that you’re my security consultant; provide me services so that you’re my full managed security partner. So there [are] various levels and ways that they can be their security expertise. It does provide a great opportunity for them.

CP: Is your partner community growing as more partners want to enter security?

KK: I think we are growing because of two really innovative ways that we’re developing our products. One is the innovation that we’re building in deep-learning malware detection. So purchasing the company and the technology of Invincea, that we acquired back in February — and we’ve actually just recently released our Sophos Intercept X Early Access Program in which we’re providing that technology into it. And so that is driving not only existing partner growth, but also driving new partners coming to Sophos for that technology.

The second piece that’s really driving it is our synchronized security technology, and basically partners want to learn and become experts in it. And they see the benefit of providing the shared intelligence between network security and endpoint security. And with zero-day malware and ransomware increasing, not only do customers have to worry about what they have in network security, but they also have to look at “what do I have at the endpoint” and “what do I have on my server,” and “what do I have on my mobile, and wouldn’t it be great if they were all managed from one pane of glass?” which Sophos offers. And then we take that one step further and provide a synchronization of intelligence and security across those platforms, and that makes those individual endpoints that much more secure and more intelligent. Those two things are really driving our growth in the number of partners that we have and partners selling synchronized security. We doubled the number of synchronized security accredited partners in six months, so it really shows that we’re doing something right and partners are looking to quickly get up to speed on the most innovative solutions.

CP: Is 2018 going to be Sophos’ biggest year yet in terms of partner participation, capabilities, demand, etc.?

KK: We’re constantly innovating in that area. We’re constantly providing additional tools for our partners and additional products for our partners to sell because this market is growing and we’re going to continue to grow with it. And so I do definitely see a lot of growth in the number of partners, and the tools and needs, and services that those partners deliver. The biggest example of that is our MSP program, which has been growing tremendously and partners are loving that they can have these innovative products with the Intercept X, with the machine learning and our XG Firewall, and be able to manage that across a single pane of glass, and be able to have synchronized security with it — and then from one platform they can manage all of their customers.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like