Category Archives for "Managed Services News"

Jan 22

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

By | Managed Services News

To thwart cyberattacks, threat hunters rely on baseline corrective actions, proactivity over reactivity, and separating legitimate tools from illegitimate uses.

“A day in the life of a threat hunter” is a bit of a misnomer because it implies a pattern to our 9-to-5 routines. In reality, there isn’t much of a pattern. A threat hunter’s day-to-day is rife with unpredictability. One day it may be a hospital system breached by a ransomware gang. The next it might be a nation-state coordinating a cyber assault across government agencies. On another day we might be called in to investigate cyberattacks on universities, law firms, or entire cities and counties, perpetrated by all manner of entry-level and sophisticated attackers.

From day to day, the adversaries that threat hunters face, the environments we investigate, and the tactics, techniques and procedures (TTPs) we look for vary wildly. What doesn’t vary, though, are some key bedrock, guiding principles that threat hunters, security teams and managed service providers (MSPs) have to rely on to thwart cyberattacks and eject threat actors from clients’ networks. Here are three measures that allow threat hunters to inject some reliability, consistency and predictability into their otherwise unpredictable day.

  1. Clean out the web of intrusion in a client’s environment.

No two attackers are the same, no two breaches or ransomware attacks are the same, and no two client environments are the same. Each situation requires a uniquely tailored approach to thwarting an attacker, cleaning out the environment and preventing another breach from occurring.

But tailoring the approach also means working off a baseline level of corrective actions–steps that must be taken each time to ensure threat hunters are both correctly assessing the breach and flushing out attempts at another one in the future. These include:

  • Blocking attacker commands and C2 communications that may occur after the initial breach
  • Conducting login audits that entail disabling and removing access privileges for each compromised account on a network
  • Deploying tools like Sophos Intercept X to isolate hosts from the environment
  • Eliminating malicious processes and systems that have been left behind on compromised machines or networks, and may be used as backdoors for future attacks

When MSPs are determining their next steps for investigating a client’s environment, ejecting all traces of attacker activity and fortifying defenses for the inevitable next attempted breach, the above should form the backbone of any adequate response.

  1. Practice proactivity over reactivity.

Incident response teams investigate environments that have been breached or compromised by attackers. Their work is largely reactive and retroactive. This is complementary to the threat hunter’s approach, which by design must be proactive: analyzing the day-to-day numbers to find data abnormalities that might indicate

Jan 22

Microsoft Taps Longtime Vet to Lead U.S. Partner Organization

By | Managed Services News

Veteran Microsoft execs Julia White and Brad Anderson are departing.

Tyler Bryson is the new leader of the Microsoft partner organization in the U.S. Bryson replaces Dave Willis as corporate VP of Microsoft’s U.S. Partner Group.

Microsoft's Tyler Bryson

Microsoft’s Tyler Bryson

Willis said in December that he would leave Microsoft after 28 years. At the time, Willis said that he would remain through January. Willis has led the U.S. group since 2017 and he held numerous other partner-facing roles at Microsoft. Among them, Willis led the U.S. Small and Midmarket Solutions & Partners (SM&P) group and the U.S. Dynamics business. Willis did not say he is retiring, but he also did not indicate that he is imminently joining another company.

“My mantra has always been ‘work hard, play hard,’ and I’ll be shifting my balance from less work to more play, as I spend much more of my time on passions,” Willis wrote when he announced his departure.

Microsoft's Dave Willis

Dave Willis

Microsoft partners saw Willis as an ally.

“I’m glad we had the chance to work together and I hope we get the chance again,” Mike Gillis principal owner of RSM US said in a comment on Willis’ post.

Jeff Shuey, a longtime Microsoft partner who is now a principal project manager at Oracle, offered a similar sentiment.

“Wow, you have made a huge impact that will be felt for years to come,” Shuey commented.

New U.S. Partner Lead Also a Microsoft Veteran

Bryson might be a newer face to the Microsoft partner organization, but he is also a 20-year company veteran. Before moving into the role Willis is exiting, Bryson was VP of Microsoft’s small, medium and corporate segments. Earlier this week, Bryson shared a brief video introducing himself to the U.S. Microsoft partner community.

“I’m so honored and excited to work with you and get to know you and your businesses,” Bryson said. “I can’t wait to get your feedback on areas where we can improve and get out and work with you, with your customers, to help us grow.”

On Twitter, Microsoft partners welcomed him to his new role.

“Looking forward to partnering again in US under your leadership,” said Kartik Shah, CEO of Bitscape, the boutique consulting and project services firm focused on Microsoft technologies.

“Great leader,” tweeted David Gersten, practice manager for Microsoft Dynamics at Dynamic Consulting.

Julia White and Brad Anderson Departing Microsoft

Willis isn’t the only longtime Microsoft executive leaving the company. Corporate VPs Brad Anderson and Julia White last week said they are moving on. White is joining SAP’s executive board as chief marketing and solutions officer. White’s job is to boost SAP’s go-to-market emphasis on products, industry solutions and digital marketing. Also, White will play a role in bringing customers and SAP’s ecosystem together — and with product development.

Microsoft's Julia White

Microsoft’s Julia White

“SAP is going through a critical transformation,” White said, referring to SAP’s expedited emphasis on cloud migration. “It has a unique opportunity to help redefine how successful businesses run, and the leadership team has made bold and courageous commitments to accelerate their cloud innovation to this end.”

In a LinkedIn post announcing her move last week, White said the decision to leave Microsoft was difficult.

“It’s truly been a remarkable journey,” she said. “Despite everything going on in the world, digital transformation remains a top need for customers and SAP has a very unique opportunity to help customers on this journey.”

Anderson, corporate VP for commercial management experiences, will become president of product and services at Qualtrics. Acquired two years ago by SAP for $8 billion, the company is set to spin off Qualtrics next week in an IPO.  Qualtrics provides one of the leading new experience management platforms.

“I am all-in on the mission of Qualtrics to help organizations design breakthrough experiences and continuously improve them,” Anderson wrote in a LinkedIn post announcing his move.

In his 17 years at Microsoft, Anderson played a key role in advancing Microsoft 365, commercial Windows device management, and server systems and management. Before joining Microsoft, Anderson was on the executive team at Novell, where he led engineering of the company’s ZENworks PC and server management tools.

Jan 22

Why Partners Should Prioritize AI in 2021

By | Managed Services News

Using AIOps will help enterprises better manage user connectivity.

Mist Systems' Bob Friday

Bob Friday

Customer experience was the top priority for vendors and partners alike in 2020. With all of the curve balls the year threw at us, it’s been crucial for businesses to find ways to ease partner and customer pain points and simplify processes wherever possible. As we head into a new year of uncertainty, and as the industry becomes even more crowded with similar solutions, it’s all about investing in the right differentiated technologies to bring value and overall simplicity to customers.

As such, in the new year and beyond, artificial intelligence will be more important than ever in providing proper support to remote workers, securing data and differentiated visibility to the end-to-end customer mobile experience.

New Year, Same Home Office

COVID-19 has changed everything, from the way we communicate and socialize to the way we learn and work. You’ve probably heard by now that our homes have become enterprise microbranches. This means that for IT teams, instead of having to manage one big hub, they are managing hundreds, and in some cases thousands, of remote work environments. It’s a very real possibility that in a post-COVID world, we will have to adjust to the new normal of more people working at home by choice and improved business productivity, in turn fundamentally shifting how businesses will provide IT services.

As we’ve learned, artificial intelligence plays a huge role in working at home when it comes to enabling IT teams to have the end-to-end visibility needed to support remote employees. Gone are the days when an employee could simply walk over to the IT department when a tech issue arose on connectivity in the office or branch. As you can imagine, this puts tremendous strain on remote IT teams as they face issues of scale and frequency like they never have before. Enter artificial intelligence for IT operations (AIOps).

AIOps is changing the paradigm of customer support for business to customer/employee and for business to vendor. Specifically, in the networking industry, it is helping enterprises manage the end-to-end user connectivity experience. AIOps is the convergence of data science and customer support, and it is being used to address the growing complexity of IT operations. On the business-to-vendor side, cloud AIOps is turning the customer support model upside down. IT teams need no longer to argue with vendors over return material authorization (RMA) – with AIOps, vendors now know when there is a hardware/software problem and can proactively inform customers when RMA fixes in the network are needed. In short, AIOps can help IT departments anticipate and solve their problems, before they impact end users, in a cost-efficient way.

Rather than manually searching through data to find the root cause of hundreds of connectivity problems from all different microbranches, AIOps does this automatically and learns along the way. As many of us will continue working remotely into the new year, it will become increasingly appealing for enterprises to provide their partners with vendor agnostic AIOps strategies that can ingest data from multiple sources to allow IT to quickly isolate a poor user experience.

The time and cost-savings of AIOps benefit not only the IT team, but the enterprise as a whole. This represents a major value-add partners can provide to their customers.

The Customer Comes First

In the enterprise space, customers putting business-critical services on increasingly complex networks is driving the need for AIOps. As society becomes more mobile through these remote microbranches, the wireless user experience is more complex. And as wireless networks become more critical to the daily lives of employees, AIOps is enabling the next era of search and chat bots. The goal is …

Jan 21

Despite Drop in Data Breaches, Exposed Records Jump in 2020

By | Managed Services News

Health care was the most victimized sector last year, accounting for 12.3% of reported breaches.

Publicly reported data breaches fell last year by 48%, but the number of exposed records exceeded 37 billion.

That’s according to Risk Based Security’s 2020 Year End Data Breach QuickView Report. The total number of records compromised increased by 141%. This was by far the most exposed records in a single year since the company reporting began in 2005.

Health care was the most victimized sector last year, accounting for 12.3% of reported breaches.

Risk Based Security's Inga Goddjin

Risk Based Security’s Inga Goddjin

Inga Goddijn is executive vice president at Risk Based Security.

“2020 has challenged the security-minded community quite unlike any other, and the number of records exposed highlights how unique the year has been,” she said. “We do not believe fewer breaches are happening. Disruptions at certain governmental sources, delayed reporting, and declining news coverage have all contributed to fewer breaches coming to light in 2020. But that is only a part of the story. More complex and damaging attacks have also contributed to lengthy and complex investigations.”

Ransomware Skyrockets

Notable findings include:

  • There were 3,932 publicly reported breach events at the time of this report. That’s a 48% decline compared to 2019. As the year matures, and 2020 breaches continue to be disclosed into 2021, it is typical for the number of reported breaches to grow by 5% to 10%. In normal times that would place 2020 on par with 2015 and 2016 breach years.
  • There were 676 breaches that included ransomware as an element of the attack. That’s a 100% increase compared to 2019.
  • Breach severity, as measured by severity score, steadily increased throughout the year, reaching an average of 5.71 in Q4 compared to 4.75 in Q1.
  • Five breaches each exposed 1 billion or more records. Furthermore, another 18 breaches exposed between 100 million and 1 billion records.

“The rise of ransomware coupled with the particularly pernicious practice of leaking data stolen during the attack has been a leading theme of the year,” she said. “There were few signs that ransomware would explode into a preferred method for monetizing attacks. And while the coverage of breach events has picked up once again, the changing tactics means less information about events is being disclosed. It is anyone’s guess where 2021 might take us.”

Jan 21

Legal Experts: VMware’s Lawsuit Against Nutanix’s New CEO Lacks Weight

By | Managed Services News

California prohibits non-competition agreements.

Two legal experts say VMware‘s lawsuit against Nutanix CEO Rajiv Ramaswami holds little weight due to California’s rules concerning hiring among competitors.

Ramaswami is VMware’s former chief operating officer. The suit alleges material and ongoing breaches of his legal and contractual duties and obligations to VMware.

The suit was filed in the Superior Court of the State of California, County of Santa Clara.

VMware had to file its suit in California because it’s based there. But legal experts say having to file in California weakens the case.

VMware's Rajiv Ramaswami

Nutanix’s Rajiv Ramaswami

Nutanix appointed Ramaswami to president and CEO last month. VMware said Ramaswami “failed to honor his fiduciary and contractual obligations to VMware.”

VMware also alleges secret meetings between Ramaswami and Nutanix’s CEO, CFO — and apparently its entire board of directors about becoming that company’s CEO.

Few Legal Ramifications in California

We spoke with a person familiar with the matter, who chose to remain anonymous. He said unlike other states, California prohibits non-competition agreements. That means employees are free to leave one company to join a competitor without facing any potential legal ramifications.

The only exception is if intellectual property is taken and used in that competing organization, he said.

If an employee was to tell their employer they were interviewing with a competitor, they could end up fired, he said. Furthermore, if they don’t then get that other job, they could be out of work.

Unlike lower-level jobs, it can take a few months and more than one interview or meeting to get a C-level position, he said. Hence, the extended secrecy.

Since the 1800s, California has banned non-compete practices, he said.

Orly Lobel, a law professor at the University of San Diego, and an expert in intellectual property and employment and labor law, also told Data Center Knowledge there’s no conflict of interest when an employee interviews and is hired by a competitor.

During job interviews, employees can’t share sensitive information, such as their employer’s product plans, she said. However, they can “brainstorm” and show they are knowledgeable, are full of ideas, and have good experience.

VMware didn’t respond to the experts’ views.

VMware said it expects all employees to honor their commitments to the company, and executive officers should be held to an even higher standard.

This month, Intel announced that Pat Gelsinger is leaving his post as VMware’s CEO to become Intel’s chief executive.

Jan 20

Insured Losses from SolarWinds Hack Mount, But Could Be Worse

By | Managed Services News

The cost of breaches keeps going up at a rate faster than revenue growth for many companies.

The insured losses due to the massive SolarWinds hack now total $90 million and climbing.

That’s according to BitSight and Kovrr’s joint analysis of the financial impact of the SolarWinds breach to the insurance industry.

The SolarWinds attack is a cyber catastrophe from a national security perspective, the companies said. However, insurers may have narrowly avoided a catastrophic financial incident to their businesses. That’s because the insured losses haven’t spiraled out of control.

The insured losses include incident response and forensic services for companies impacted by this incident and that have cyber insurance coverage.

While the number of SolarWinds victims may grow in the following months, BitSight and Kovrr don’t expect the direct insured costs to change significantly.

To find out more about the insured losses from the attack, we spoke with Samit Shah, BitSight‘s director of insurance programs and partnerships.

Channel Futures: Could the insured losses from the SolarWinds hack been higher? Why are we not likely to see that $90 million figure increase much?

BitSight's Samit Shah

BitSight’s Samit Shah

Samit Shah: The $90 million figure could have been higher. However, some of the mitigating factors keeping it [from being] catastrophic were who it mainly affected and the impact/damage. While thousands of companies used the software across a wide variety of industries and geographies, it seemed, based on analysis on who was affected, that the focus was mainly federal government and several larger companies. The damage seemed to be more around espionage, and less around exposing personal records or causing business interruption. In the case of federal governments, they buy little to no coverage. And for larger organizations, while they [often] buy cyber insurance coverage, they tend to have high retention/deductibles.

The patch to the vulnerability was released quite quickly and publicly such that all affected organizations had a chance to quickly respond and limit the damage. [Hackers may] have laid other traps to gain access in the future. But the increased vigilance decreases the virality of the issue.

CF: What have we learned from the SolarWinds hack in terms of its impact on organizations and insured losses?

SS: The SolarWinds incident highlights the basic problem that organizations including federal entities such as the U.S. government face — reliance on a vast third-party supply chain, with limited visibility into the security posture of critical providers. Like many industries, a cyber hack has detrimental consequences. For the government, it’s not necessarily cyber insurance cost; instead, it’s the potential loss of intelligence and new costs with firewalling current networks, or, as some have suggested, rebuilding from square one.

CF: How could this hack have been much worse for the insurance market?

SS: [If the] threat actors were focused on exfiltrating data for the purposes of selling them or causing business interruption, then the situation could have been worse. They went in, found what they needed, took it, and went out trying to escape unnoticed so they could re-enter again in the future. Drawing attention doesn’t seem to have been their [modus operandi].

CF: Is the ongoing threat landscape worrisome for the cyber insurance market? If so, how?

SS: Insurers will likely be concerned that future supply chain incidents resembling SolarWinds may have widespread impact on their insured base.

CF: Is the SolarWinds hack likely prompting more organizations to obtain cyber insurance?

SS: This event, like all preceding well-known cyber events, should motivate organizations to take a harder look at their enterprise cybersecurity posture holistically, including vendor-driven exposure. Whether it is the board, senior management or the security team, cyber risk is very much an enterprise risk that needs to be managed through …

Jan 20

Cloud-Based CRM: What SMBs Need to Know about Backup and Recovery

By | Managed Services News

The cloud makes CRM more accessible to SMBs, but solutions must be layered with backup and recovery.

Until recently, big enterprises were the primary adopters of CRM technology. While this is changing as CRM technology is becoming more scalable and accessible to SMBs, here are three reasons SMBs only recently began widely adopting CRMs:

  1. Ability to spread out CRM costs 
    The costs to implement CRMs were traditionally quite high and included the cost of hardware, software, licenses, and additional investment to manage and maintain the applications. Now, many SMBs can spread these costs out over months or years.
  2. Less complexity in CRM implementation 
    CRM implementations used to be so complex that organizations had to deploy the application on several servers, and this involved a lot of configuration to get the system working properly. With cloud-based SaaS models, this process can be completed much faster and with fewer interruptions to an MSP’s team.
  3. Easier-to-maintain CRM environment with cloud hosting  
    With the advent of cloud and subscription-based pricing, CRM applications are hosted in the cloud, and small businesses can take advantage of a full-fledged CRM implementation with a pay-as-you-use pricing model (per user/per month cost).

With the adoption of CRM solutions by SMBs comes the challenge of ensuring data remains available to users. And while some CRMs, like Microsoft Dynamics 365, include some backup and recovery built-in already, they’re often not robust enough to provide the data security and recoverability standards most SMBs require to maintain SLAs.

The Cloud-Based Data Recovery Myth  

When it comes to CRM and SaaS data, many SMBs and MSPs make the mistake of assuming that data is secure when it’s housed in the cloud. Nothing could be further from the truth. Even in the cloud, your own employees could accidentally delete important client information or unknowingly click on a malicious email that lets a threat actor into your system.

Placing too much faith in a CRM or SaaS vendor to keep data safe is risky. As cyberthreats rise amid COVID-19 closures, MSPs must take greater measures to prevent IT service delivery disruptions to their clients.

Why Backup and Recovery Is Essential for Cloud-Based CRMs

Most organizations downplay the risk of not protecting their SaaS data, but one ransomware attack can change that. For this reason, critical customer experience data in Microsoft Dynamics 365 needs to be protected.

Data loss can occur due to various reasons:

  1. SaaS platform disruptions
    Microsoft and other SaaS vendors strive to keep their services up and running, but these online services occasionally suffer disruptions and outages. What’s more, SaaS vendors state that they’re not liable for any data loss that may result due to these disruptions—you are.
  2. Human errors 
    By far, the biggest reason for CRM data loss is human error. No matter how careful you or your employees are, SaaS data is easy to misplace, write over, or lose.
  3. Programmatic errors
    Data loss can result because of third-party application integrations or large data migrations that you run within the Microsoft Dynamics 365 application.
  4. Cyberattacks
    Digital transformation and remote work environments due to COVID-19 have opened up many attack vectors for hackers and malicious programs to exploit.
  5. Reliance on Microsoft’s native backup
    SaaS vendors like Microsoft often provide tools and mechanisms to back up your SaaS data. But can you rely on those backups to recover your users’ SaaS data? Not completely. SaaS vendors aren’t responsible for recovering data accidentally deleted by a user.  Microsoft’s service agreement recommends the use of third-party backup applications to regularly backup content and data.
  6. Backups at instance level 
    Microsoft’s native backup allows you to back up SaaS data and recover it at an instance level (production and sandbox instances). It doesn’t allow you to perform backups at the fields/object level.
  7. Retention of the backups 
    You can retain backups of your production instance with one or more Microsoft Dynamics 365 applications for up to 28 days. System backups of your sandbox instances are retained for up to seven days, and you can’t extend this timeframe.
  8. Limited data restore options
    Microsoft doesn’t allow you to perform an in-place restore of your production instance. To perform in-place restore, you need to first switch it to a sandbox environment, and changing an environment type to sandbox will immediately reduce backup retention to seven days.
  9. Ransomware protection
    Microsoft Dynamics 365 does not protect against ransomware, malware or any defense against malicious users.
  10. No integrated backups 
    Suppose your customer has both Microsoft Dynamics 365 and Microsoft 365, a norm for SMBs. In that case, you will need to implement two separate data-recovery solutions, which is a risk over time due to the integration between the two applications.

A Recovery Solution Designed for Microsoft Dynamics 365  

What’s clear is that CRMs like Microsoft Dynamics 365 should be accompanied by a more comprehensive recovery solution to ensure important customer information can always be restored. Fortunately, there’s a tool for this. It’s called ConnectWise Recover SaaS, and it offers extensive

Jan 20

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

By | Managed Services News

Effective data migration tools enable schools to move to a secure cloud environment, making applications and content easier to access, as well as mitigating the risk of data loss.

Enabling remote learning involves more than just holding classes on Zoom. Schools and administrators are scrambling to provide access for data normally stored on physical devices that previously lived on-premises. And, while the cloud can stand in for physical infrastructure to get the job done, schools–being subject to data privacy regulations like the Family Educational Rights and Privacy Act (FERPA)–are responsible for how data is handled in the cloud. The right data migration tool can help.

Schools are looking to the cloud to help mitigate huge challenges brought on by the pandemic. On top of all this is the fact that schools are notoriously short on IT resources. Stories abound of teachers paying for pencils and notebooks because school budgets are stretched to the max. Their IT “team” might literally be a faculty member with some basic networking skills. The idea of a “lift-and-shift” operation that entails moving all their data to the cloud may seem quite daunting.

A highly simplified, very high-level definition of job requirements might look something like this:

  • Choose a cloud provider to host the school’s data.
  • Determine the workflow to move data to the cloud.
  • Find a window of time to take systems offline and perform the migration.
  • Apply encryption at each step to ensure data secrecy.
  • Ensure low to no data loss throughout the process.
  • Perform user testing and validate functionality.
  • Go live in the cloud.

These are the minimum steps required to take a school’s IT infrastructure and make it available in the cloud for the purpose of enabling remote learning while minimizing risks along the way.

The difficulty is compounded when you:

  1. Lack sufficient in-house resources to perform successful data migration, and
  2. Don’t have tools that are designed to move workloads while maintaining cross-dependencies and minimizing the risk for downtime and data loss.

Data Migration Tools

When you’re this strapped for resources, you can’t waste time on a data migration tool that’s going to complicate the process. A lot of data migration tools, especially free ones, lack essential features that can make or break a migration project.

The first thing to look for at is the data replication part.

Most data migration tools use a snapshot of the server to create a replica in the cloud. The problem is that the snapshot is just a point in time—specifically, the point at which the snapshot was taken. Between the time the snapshot was taken and when the cloud replica based on the snapshot is stood up–and that can take a long time, depending on the amount of data on the server–a lot of data can be generated or changed on the source. None of these changes will be reflected in the new cloud replica. And there’s no guarantee that all of those changes will eventually be reflected in the cloud instance. So, the potential for data loss is there. In some cases, system dependencies are not preserved during the sync process and need to be recreated. This can take a lot of time and resources, which are already in short supply.

Another option is to use

Jan 20

Citrix to Acquire Wrike for $2.25 Billion, Expand SaaS Portfolio

By | Managed Services News

Wrike offers a collaborative work management platform.

Citrix‘s acquisition of Wrike for $2.25 billion, announced Tuesday, seeks to accelerate the company’s transition to SaaS. Citrix CEO David Henshall is betting that Wrike’s collaborative work management (CWM) platform will help extend the Citrix Workspace.

The deal follows a year of accelerated growth of the cloud-based Citrix Workspace, fueled by last year’s COVID-19 pandemic. The sudden shift to remote work hastened customer demand for Citrix’s subscription-based cloud services, the company said. Subscription revenue for the full year topped $1.1 billion, a 71% increase from 2019, Citrix disclosed on Tuesday. Furthermore, SaaS revenues of $574 million in 2020 increased 38% year over year.

Citrix provided the figures in its fourth quarter and full year earnings report, released early to announce the Wrike acquisition. Henshall said remote, or hybrid work environments, are likely to remain permanent, even after social distancing dissipates.

Citrix's David Henshall

Citrix’s David Henshall

“It’s pretty clear that this idea of hybrid or remote work, or even distributed teams that has been so prevalent throughout the pandemic, is here to stay,” Henshall said during Tuesday’s call with investors to announce the Wrike acquisition. “I think [our] two organizations coming together gives us that ability to do that in a way that is very holistic and very differentiated from anybody else.”

Adding Wrike to the Citrix Cloud portfolio promises to justify customers deploying the digital workspace platform. Also, it will give partners a set of workspace collaboration tools that they can attach and integrate for customers. IDC client virtualization research manager Shannon Kalvar believes Wrike could make the Citrix Workspace more extensible.

“Desktop virtualization-based workspaces are by their nature focused on individual work — what you do, how you do it, what you need to gather,” Kalvar said. “But modern work also requires a focus on collaborative work, both structured through processes, and ad hoc to address emerging needs. The inclusion of Wrike, which has those capabilities and is already a SaaS offering, squares the circle, as it were, and completes Citrix’s offering in ways that would be very difficult for them to achieve on their own. There are always challenges, of course, but the underlying idea is a good one.”

Wrike’s Collaborative Work Management Platform

Wrike describes its SaaS-based CWM as a modern project management and productivity platform designed to help people work more efficiently. The cloud-based platform includes tools to structure, track and report on projects, and for employees to collaborate on any device.

Keep up with the latest channel-impacting mergers and acquisitions in our M&A roundup.

The San Jose company, founded in 2006, has 1,000 employees. Wrike claims it has 20,000 customers worldwide, among them AirBnB, Dell, Este Lauder, Geico, Google, Snowflake, Siemens and Walmart Canada. Over the past two years, Wrike’s SaaS annual recurring revenues (ARR) grew at a 30% CAGR, according to Citrix. Wrike’s unaudited SaaS ARR in 2020 were $140 million. This year, the company projects ARR will fall between $180 million and $190 million.

Wrike's Andrew Filev

Wrike’s Andrew Filev

Wrike designed its tools for project management, marketing campaigns, professional services and companywide collaboration. The tools include shared team calendars, time tracking, resource management, business analytics and reporting. Wrike also provides an API for integration with SaaS and on-premises applications, and connectors for more than 400 solutions.

“We try to reduce the chaos and complexity of digital work, so that individuals and organizations can achieve their best,” Andrew Filev, Wrike’s founder and CEO, told CNBC on Tuesday.

CWM Tool Market

Wrike is among nine leading providers of CWM tools recently identified by Forrester Research. Asana, Atlassian, Microsoft, Monday.com, ServiceNow, Smartsheet, Workfront and Workplace from Facebook were others noted in the November 2020 Forrester report. Following the publication of that report, Adobe last month acquired

Jan 20

SolarWinds Hackers Hit Malwarebytes, But Impact Limited to Internal Email

By | Managed Services News

Abusing privileged access into a business application is an extremely common way to attack.

SolarWinds hackers have also targeted Malwarebytes, which became the fourth major cybersecurity firm to be attacked by this group.

Marcin Kleczynski, Malwarebytes‘ CEO and co-founder, disclosed the breach. Microsoft, FireEye and CrowdStrike also were targeted by the SolarWinds hackers.

Malwarebytes' Marcin Kleczynski

Malwarebytes’ Marcin Kleczynski

“While Malwarebytes does not use SolarWinds, we, like many other companies, were recently targeted by the same threat actor,” Kleczynski said. “We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”

No Impact to Malwarebytes Partners

A Malwarebytes spokesperson said the breach had no impact on the company’s partners.

“We received information from the Microsoft Security Response Center on Dec. 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures (TTPs) of the same advanced threat actor involved in the SolarWinds attacks,” Kleczynski said. “We immediately activated our incident response group and engaged Microsoft’s Detection and Response Team (DART). Together, we performed an extensive investigation of both our cloud and on-premises environments for any activity related to the API calls that triggered the initial alert. The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails. We do not use Azure cloud services in our production environments.”

Malwarebytes’ software remains safe to use, he said.

More to Uncover

Randy Watkins is CriticalStart‘s CTO.

Critical Start's Randy Watkins

Critical Start’s Randy Watkins

“From the report, Malwarebytes took appropriate and timely action after being notified of potentially malicious activity,” he said. “This attack validates what many inside the community have been saying since the discovery of the SolarWinds breach. We’re just starting to uncover the true scope. Cybersecurity providers, including ourselves, have begun to reassess their internal security measures to ensure the ability to quickly detect and respond to malicious behavior.”

Piyush Pandey is CEO at Appsian. He said abusing privileged access into a business application is an extremely common way to attack.

Appsian's Piyush Pandey

Appsian’s Piyush Pandey

“Many organizations leverage Microsoft Office 365 and Azure Active Directory,” he said. “And if an attacker identifies a vulnerability, the volume of attacks is likely to ramp up dramatically. This is why we recommend taking a defense-in-depth approach to securing business application data. This would include dynamic authorization to ensure privileged access could not be granted from a hostile country, reauthenticating users if they request access to sensitive data, applying data masking as much as possible at the UI level, and having granular visibility into data access and usage.”

Unfortunately, legacy business applications can’t do this out of the box, Pandey said. Therefore, organizations need supplemental solutions.

“IT and security leaders must take a hard look at their business applications and research a defense-in-depth strategy,” he said. “Otherwise, a data breach or data compromise is inevitable.”

>