Category Archives for "Managed Services News"

Mimecast has acquired Segasec, a provider of digital threat protection, to provide brand exploitation protection using machine learning (ML) to identify potential hackers at the earliest stages of an attack.

The Mimecast Segasec solution is designed to enable organizations to: protect employees, customers, partners and third-party vendors from phishing scams attempting to trick them by abusing domains that are similar to their legitimate branding; identify and protect against attacks where cybercriminals have cloned a website for malicious activities against stakeholders; and block and take down both suspicious sites and active scams.

Financial terms of the acquisition weren’t disclosed.

Dino DiMarino, Mimecast‘s chief revenue officer, tells us this acquisition gives his company’s partners an opportunity to offer additional brand protection to their customers. Mimecast partners with both MSPs and resellers.

Mimecast’s Dino DiMarino

“Email is the No. 1 attack vector, and cybercriminals are leveraging email to steal credentials, gain access to sensitive information, etc.,” he said. “When these malicious emails pass through an email system, email security vendors can see that; however, increasingly criminals are using an organization’s brand identity to attack their customers and their supply chain. Since this tactic isn’t using a domain the organization owns, it is really difficult to identify that their online presence is being used to dupe their customers, partners or third-party vendors. Mimecast’s acquisition of Segasec gives partners the ability to offer customers this additional layer of brand protection, and an entirely new revenue stream for them.”

Prior to the acquisition, Segasec had a small number of partners, DiMarino said. This acquisition is an opportunity for their partners to offer a broader range of solutions.

“Mimecast has been in the business of email security for a long time and the channel continues to be a big part of our business,” he said. “As technology evolves, organizations are increasingly seeing malicious actors turn to more complex email attack methods that begin outside of their own perimeter, using brand identity to attack them and their supply chain. With Segasec, Mimecast can extend email security to that outside layer to stop these types of attacks in their tracks before it’s too late, also providing partners with a broader solution that they previously would have had to offer via multiple vendors.

“In today’s increasingly digital economy, we rely so heavily on websites and email to interact with businesses in both our professional and personal lives,” said Elad Schulman, Segasec’s CEO and co-founder. “As such, brand exploitation has been on the rise, as cybercriminals co-opt the brands we depend on and violate our trust. The powerful combination of Mimecast and Segasec will help customers better protect their brands, customers and other external stakeholders, as well as their own employees.”

In its continued heated pursuit to acquire HP Inc., and just ahead of the opening of the doors at CES 2020, Xerox Holding Corp. on Monday announced that it has obtained $24 billion in binding financing commitments from Citi, Mizuho and Bank of America to take over the company.

Since Xerox’s initial $33 billion bid to acquire HP, made on Nov. 5, HP has twice rejected offers (both the same) from Xerox, as too low, undervaluing the company. Today, Xerox sent a letter sent to the HP board of directors:

Dear [Board Chair] Chip [Bergh] and [CEO] Enrique [Lores],

“Over the last several weeks, we have engaged in constructive dialogue with many of your largest shareholders regarding the strategic benefits of our proposal to acquire HP. It remains clear to all of us that bringing our companies together would deliver substantial synergies and meaningfully enhanced cash flow that could, in turn, enable increased investments and innovation and greater returns to shareholders.

But it also became clear from dialogue with your shareholders that you and your advisors have been questioning our ability to raise the capital necessary to finance your proposal. We have always maintained that our proposal is not subject to financing contingency, but in order to remove any doubt, we have obtained binding financing commitments (that are not subject to any due diligence condition) from Citi, Mizuho and Bank of America.”

In closing, John Visentin, vice chairman and CEO, Xerox, offered to meet with Chip Bergh, HP Chairman, and Enrique Lores, HP CEO, with or without advisors to get the deal in motion.”

Xerox in early December filed a 33-slide presentation making its case that was made available to all HP shareholders. It highlighted potential revenue growth of up to $1.5 billion as a combined company, large cost reductions, as well as the strength of its direct sales force to complement HP’s partner channel, among other things.

The lately quiet HP, has yet to respond.

In the meanwhile, expect to see HP make product introductions at CES 2020.

Cumulus Networks, the open networking software vendor, on Monday announced its first formal partnership with Hewlett Packard Enterprise (HPE) to put its open network OS on HPE’s StoreFabric M-Series Ethernet switches. The M-series switches will run Cumulus Linux and NetQ.

The Cumulus and HPE partnership brings the benefits of a modern Linux-based OS to HPE customers.

Cumulus Networks’ Partho Mishra

“We’ve been having discussions with HPE for about a year now. We’ve done all of the training for the HPE team so they’re ready to go to support these products,” Partho Mishra, president and chief product officer at Cumulus Networks, told Channel Futures.

With the continued growth of data and companies taking advantage of AI, analytics, data mining, 5G and IoT technologies, businesses need more options to handle the new demands being placed on the network. Performance intensive applications, in particular, require high performance, all-flash storage infrastructure with deeper levels of automation — and they need a networking solution to match. With this new partnership, Cumulus and HPE can provide organizations with an open, fully automated, and high-performance storage networking fabric needed in today’s modern data center, according to Cumulus.

The M-Series switches with Cumulus Linux and NetQ provide high bandwidth and low latency for a cost-effective solution to connect primary, secondary, hyperconverged, NAS or object storage systems, which HPE says are ideal for building an Ethernet Storage Fabric (ESF). In addition to being good for performance intensive applications, the solution is suitable for HPE’s broad base of enterprise applications.

“Storage networks built on M-series switches deliver high levels of performance and ultra-low latency,” said Marty Lans, general manager storage connectivity at HPE. “Adding Cumulus Linux and NetQ to the M-series now provides enterprises with greater network flexibility, increased scale, and deeper levels of automation making this a compelling solution for Ethernet Storage Fabrics.”

Cumulus recently announced that its open networking software for the data center – Cumulus Linux and NetQ 2.0, a network operations tool set – is available for the campus network. With that announcement, the vendor was targeting organizations looking to extend the benefits of open and disaggregated networking from their data centers to their campus networks, such as next-generation retail stores or remote branch offices.

Kaspersky has appointed Rob Cataldo, a company veteran, to the position of managing director of Kaspersky North America.

In this new role, Cataldo will be responsible for the company’s sales, business development and marketing functions, as well as achieving the company’s objectives for growth in market shares and profitability. He also will share management oversight and responsibility for the public relations, customer support, finance, human resources and information technology departments.

Kaspersky’s Rob Cataldo

“Since starting at Kaspersky, I have found that the company has not only been focused on providing top of the line security solutions and services, but is obsessed with the mission of safely unlocking the endless opportunities technology brings,” he said. “I look forward to this new chapter at the company and leading this already great team to achieve outstanding growth.”

Cataldo brings more than 20 years of sales experience to his new role with prior positions at Bromium, Sophos and Gryphon Networks. He previously was Kaspersky North America’s vice president of enterprise sales.

“We are pleased to welcome Rob Cataldo to our leadership team at Kaspersky,” said Alex Moiseev, Kaspersky’s chief business officer. “His commitment to partner and customer success, extensive experience in the industry and team-player mentality gives us great confidence that he will strategically grow our brand in North America and continue our mission of bringing on the future.”

Cataldo has transformed Kaspersky’s sales strategy toward advanced cybersecurity solutions and threat intelligence, resulting in 2019 year-over-year threat intelligence services revenue growth of 127%, according to the company. He also led, coached and motivated the enterprise team to achieve 20% year-over-year revenue growth in 2019, it said.

I’m going to get right to the point here: Very few (if any!) of your employees actually need full access to all parts of your business network. Why am I bringing that up? Because there are so many businesses that still give their employees unrestricted network access. If you or your clients haven’t incorporated the principle of least privilege (POLP) into your data security plan, you’re taking a pretty huge risk. Let’s go over some privilege basics.

What “Least Privilege” Really Means

“Least privilege” essentially means “need to know.” For many small and midsize businesses, the process of onboarding new employees involves giving them a login with access to everything on the network. Least privilege is the opposite. With the POLP approach, you start by assigning zero access by default, and then allow entry as needed. By embracing this principle, you ensure that network access remains strictly controlled, even as people join the company, move into new roles, leave, etc. Sure, it’s important to make sure employees have the access they need to be able to do their jobs. But, by limiting initial access, you can minimize the risk of an internal breach.

If you haven’t already done it, now would be a great opportunity to re-evaluate your network access policies. After all, the most important thing here is protecting your business and customers—as well as your reputation.

Listen to the podcast: Episode 6 | Shoring Up Your Network Security with Strong Policies to learn more about implementing the Principle of Least Privilege and other network security best practices.

Handling Objections around Access Control

According to Microsoft, 67% of users utilize their own devices at work. This means you may encounter some resistance to POLP policies because users will have to give up a few freedoms, such as using BYOD in an unauthorized fashion, installing personal software on work computers or having unfettered access to non-essential applications.

You’ll have to prepare yourself for some tough conversations. But, ultimately, the goal of POLP isn’t to make work a zero-fun zone; rather, it’s to ensure you’re providing a more secure workplace for everyone. Be sure to stress that it has nothing to do with who your employees are, their seniority, or even a history of good or bad habits; it’s just about security.

As the MSP or IT leader, you’re responsible for implementing POLP policies to protect the network. That means it’s also up to you to start the dialog around access control––early and often.

 Why You Shouldn’t Rely on Antivirus and Firewalls Alone 

No doubt about it: Antivirus software and a good firewall are necessary parts of your security strategy. But there are things that they can’t really help with. For example, they don’t protect against internal threats, such as an employee falling for a phishing scam email. This is where you need access policies to fill in the gaps.

Here’s an example: Let’s pretend you have an employee whose job is data entry, so the employee needs access only to a few specific databases. If that employee clicks a phishing link and gets infected with malware, then the attack is limited to those database entries. But, if that employee had root access privileges, the infection could quickly spread across all your systems.

Cyberattacks like phishing, ransomware and botnets are all designed to get around firewalls. If you follow an appropriate privilege model, you can limit the number of people who can bypass your firewall and exploit security gaps in your network.

Pro Tips for Implementing Least Privilege

When it comes to implementing POLP in your business, here are some tips for getting started:

• Start with an audit. Check all existing accounts, processes and programs to ensure that they have only enough permissions to do the job.
• Outlaw open access and start all accounts with low access privileges. Add specific

The recently discovered malware attack on U.S. dining, hospitality, entertainment and gaming chain Landry’s is proof that more emphasis is needed on data security.

That’s according to Terry Ray, senior vice president and fellow at Imperva. Landry’s owns and operates more than 600 restaurants, hotels, casinos and entertainment destinations in 35 states and the District of Columbia.

In a statement on its website, Landry’s has advised customers of a point-of-sale (POS) malware attack that stole payment card data from an order-entry system used to process kitchen and bar orders. The company says the cards were mistakenly swiped through the devices between March 13 and Oct. 17 of last year.

Its encryption technology on POS terminals, which makes card data unreadable, was working as designed and prevented the malware from accessing payment card data when cards were used on these encryption devices. The malware searched for track data, which sometimes includes the cardholder’s name, card number, expiration date and verification code.

MSSPs and other cybersecurity service providers should definitely be working to build to a data security practice, as business security teams globally are failing to hire the necessary experts and in-house expertise is often lacking in that area, Ray said.

It’s always critical for any company storing private data to be able to answer five simple questions about that data at any given point: who accessed it, when was it accessed, how was it accessed, what was accessed, and – most important and timely – should it be accessed, he said.

Imperva’s Terry Ray

“Most security teams don’t know where to begin for data security, so they opt for what they know — data leak prevention, identity access management and anti-malware — yet these are proven time and time again to fail in preventing a breach and fail to answer the basic questions above,” Ray said.

Bill Conner, SonicWall‘s CEO, tells us this type of attack has become a common occurrence that plagues retailers and hospitality businesses relying on POS systems to conduct transactions. There is a growing list of nationally and globally known companies that have fallen victim to similar attacks, he said.

SonicWall’s Bill Conner

“Some of these had more than enough budget to protect their systems, yet they were still unable to secure themselves,” he added. “This is why cybercriminals have also honed their tactics to target SMBs, which are often not as equipped to defend themselves against today’s persistent threats and threat actors.”

This presents an opportunity for MSSPs and other providers to work more closely with customers to strengthen their security and educate them on the constantly evolving cyberthreat landscape and attack patterns, Conner said.

Kaseya’s Mike Puglia

Mike Puglia, Kaseya‘s CMO, said retailers must ensure they are complying with the Payment Card Industry Data Security Standard (PCI DSS).

“Compliance with these standards helps retailers protect payment card data by restricting physical and digital business access to cardholder data and requiring multifactor authentication (MFA) for all non-console administrative access,” he said. “None of these processes alone will ensure complete IT security; however, retailers can leverage compliance and incorporate cybersecurity best practices to maximize consumer protection in the payment life cycle.”

Dell Technologies reportedly is looking to offload its RSA cybersecurity business, which it gained through its acquisition of EMC in 2016.

According to PE Hub, Dell has hired Morgan Stanley to sell RSA for at least $3 billion. RSA has more than 30,000 customers globally, and its channel partners include VARs, distributors, systems integrators and consulting firms.

Dell isn’t commenting on the report.

Eric Parizo, senior analyst with Ovum, tells us he’s surprised it’s taken this long for Dell to make a concerted push to sell RSA.

Ovum’s Eric Parizo

“Dell arguably has too many cybersecurity-related assets considering security is not among its core competencies,” he said. “There is now quite a bit of solution overlap on cybersecurity within the Dell universe, with Dell’s own assets, SecureWorks, and VMware’s growing security division. For instance, including RSA, Dell now has at least three different endpoint security products. Over time, it has been increasingly difficult to see where RSA fits within its broad matrix of security capabilities.”

RSA’s biggest problem has long been its strategic identity crisis, Parizo said. It has a number of distinct product lines, but despite its best efforts over many years, it hasn’t been able to bring these solutions together into a “compelling” set of integrated offerings.

“Even before Dell’s acquisition of EMC, there were a lot of questions when EMC acquired RSA in 2006 about how EMC would give RSA the much-needed strategic focus that the company needed,” he said. “Today, the business unit is less focused than ever, and more than a decade after that deal, RSA is still valued at less than what EMC paid for it. Related to that, it is understood that a key motivating factor in such a sale would be to get the RSA debt (via EMC) off of the Dell balance sheet. With so many high-profile/high-value cybersecurity-related sales recently, there may be no better time than now to strike a deal.”

Because RSA has so many disparate lines of business, Parizo expects the company will be broken up in some way.

“If I were Dell, I would keep the security operations and threat detection technologies, and look to pair those with what VMware is assembling,” he said. “For instance, a combination of NetWitness and Carbon Black would immediately create one of the most compelling network-endpoint combinations on the market, and be a strong competitor in the emerging XDR market segment. Then I would look to sell the rest of RSA piecemeal; companies like Micro Focus and Broadcom are eager to acquire established software assets like those of RSA in order to complement or strengthen its existing lines of business in areas like identity and access management (IAM) and governance, risk management and compliance (GRC).”

Travelex, the currency exchange business, on Thursday night shut down its website following a ransomware attack discovered on New Year’s Eve. But before it did so, several banks including Sainsbury’s Bank, Barclays, HSBC and others already were affected via their use of the Travelex platform.

KnowBe4’s Javvad Malik

“Details are very limited at this point as to what the cause of the attack was and to which extent Travelex systems have been impacted. The fact that the company can still conduct transactions over the counter would indicate that the attack is limited to the website and its functionality,” said Javvad Malik, security awareness advocate at KnowBe4.

“Not only does such an attack bring services down, but depending on the vulnerability exploited and the duration for which it goes undetected, it can impact customers too,” Malik added.

The attack underscored the U.S. government’s warning last month that financial services increasingly were being targeted by ongoing Dridex attacks. Dridex is a financial Trojan designed to steal banking credentials and typically spread by email phishing.

“We expect actors using Dridex malware and its derivatives to continue targeting the financial services sector, including both financial institutions and customers,” the U.S. government warned.

Whether Travelex was attacked with Dridex, a derivative, or something else is uncertain. But it’s likely part of an increasingly common combo play against financial institutions.

“Actors distributing Dridex likely employ ransomware with similar configurations. Code for BitPaymer, also known as Friedex, includes numerous similarities to Dridex, despite its function as ransomware rather than data extraction,” according to the government warning.

The Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security (DHS) and the publisher of the warning, listed several mitigation recommendations:

• Ensure systems are set by default to prevent execution of macros.
• Inform and educate employees on the appearance of phishing messages, especially those used by the hackers for distribution of malware in the past.
• Update intrusion detection and prevention systems frequently to ensure the latest variants of malware and downloaders are included.
• Conduct regular backup of data, ensuring backups are protected from potential ransomware attack.
• Exercise employees’ response to phishing messages and unauthorized intrusion.
• If there is any doubt about message validity, call and confirm the message with the sender using a number or email address already on file.

Further, the Treasury and CISA reminded users and administrators to use the following best practices:

• Maintain up-to-date antivirus signatures and engines.
• Keep operating system patches up to date.
• Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
• Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrator’s group unless required.
• Enforce a strong password policy and require regular password changes.
• Exercise caution when opening email attachments even if the attachment is expected and the sender appears to be known.
• Enable a personal firewall on workstations and configure it to deny unsolicited connection requests.
• Disable unnecessary services on agency workstations and servers.
• Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
• Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
• Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs).
• Scan all software downloaded from the Internet before executing.
• Maintain situational awareness of the latest threats.
• Implement appropriate access control lists.
• Exercise cybersecurity procedures and continuity of operations plans to enhance and maintain ability to respond during and following a cyberincident.

Mimecast’s Carl Wearn

“This ransomware attack, against a leading currency exchange business, is indicative of the enhanced threat that ransomware now poses. Over the last year the increasingly targeted use of ransomware by criminals has affected organizations from the Coast Guard, to universities, numerous state governments and a vast range of businesses, data centers and managed service providers (MSPs) internationally,” said Carl Wearn, head of e-crime at Mimecast.

“Unless organizations up their game, and their user awareness, this threat will inevitably increase in 2020 and the tide of attacks, as currently seen, will worsen,” Wearn added.

There’s no word yet on when Travelex’s currency exchange services will be back online, but the company says it’s working as fast as possible to restore services.

The total addressable managed security market is expected to exceed $58 billion by 2024 as the scope of cybercriminals reaches beyond the enterprise and large-midmarket businesses to include the smallest mom-and-pop shops.

The demand for cybersecurity talent is mounting but is being met with a severe shortage of folks who fit the bill, at least those on the right side of cybercrime. The estimated shortage of cybersecurity white hats rests just under 3 million, and they don’t come cheap. While every company, no matter how cash-strapped, needs a solid line of cyberdefense, in-house cybersecurity talent is so expensive and complicated as to be simply out of reach of a lot of businesses.

Enter the MSSP.

It’s no surprise that a growing number of MSPs are trying to “add the S” to grab their share of the exploding MSSP market, and the 501 is no different. This report explores the difference between an MSP that has a managed security offering and someone that can actually bill themselves as a managed security services provider.

Protection from today’s advanced threats needs to be round-the-clock, to keep up with the always-on nature of cybercrime. As enterprises today face attacks from every direction, from vulnerable cloud misconfigurations to devastating RDP exploits, they need to be able to detect and respond to threats quickly, at all times.

With that in mind, and to stay a step ahead of competition, many MSPs are moving beyond a prevention-centric approach to security, expanding their offerings to customers to include threat hunting as a service, in the form of threat detection and response capabilities.

In some cases, MSPs may be best served by building their own security operations center (SOC), but others will find more success outsourcing these activities to a trusted security partner. Regardless of which path an MSP chooses, building a detection and response practice is as much about developing teams and processes as it is about buying products and services.

How can MSPs kick off or evolve their detection and response capabilities–whether in-house, outsourced or mixed–to deliver an effective and well-defined service that performs for both their customers and their bottom line?

Let’s take a closer look at some key areas for MSPs to consider when deciding to offer detection and response services.

Tools, People and Processes

MSPs need to offer measurable and demonstrable protection, detection and response capabilities. This requires tools, people, and process.

In terms of tools, prioritize prevention over detection. Then, make sure detections cover the gaps where machines cannot make an adequate determination. MSPs need to be able to see deep inside the network, gathering information from disparate sources to figure out when and where threats are occurring.

Once that information is acquired, MSPs need adequate manpower to sift through and investigate the alerts that matter. One of the main issues that MSPs struggle with is human capital–threat hunting is complex work, and it’s difficult to recruit, train, and retain the talent needed to perform effective threat detection and response. MSPs simply aren’t going to have a thousand security analysts at their disposal in their SOC who can evaluate the data and prioritize what matters. Outsourcing helps here, but so does establishing effective processes.

How do you make sense of the data, and how do you figure out what to look at, what to prioritize, and what needs action? How do you filter, and, more importantly, how do you avoid filtering out alerts you should have looked at? How do you identify assets and containers and secure them? How do you know when you’ve looked enough, and how do you decide when to act? Answering these questions is difficult, but creating parameters and setting up processes enable MSPs to identify the detection that matters most and determine how to respond.

Responding to threats is another area where the additional resources outsourcing brings can be beneficial, whether the threat needs to be neutralized, isolated, contained or removed altogether. Having more manpower can only support your efforts.

Proactive Security Approach

How can MSPs measure the success of their threat detection and response service? Of course, their customers should experience improved overall security as a result. But at a higher level, it’s all about achieving the ability to be more proactive instead of reactive.

By evaluating the telemetry on an ongoing basis, either internally or through a trusted security partner, MSPs can give customers proactive information about their network and devices. For example, higher memory usage could be a sign that an attack is happening. Or, MSPs may be able to notify customers about events on their network if they’re seeing high volume of alerts generated from a single device, which could be another sign of an attack.

Rather than simply offering services akin to cyber liability insurance, MSPs need to provide effective security capabilities that prevent, rapidly detect and neutralize threats.

This guest blog is part of a Channel Futures sponsorship.