Category Archives for "Managed Services News"

Aug 03

8 Top Programs for Open Source Partners: Red Hat, SUSE, MongoDB, More

By | Managed Services News

As partners eye open source software to grow revenue, here are some partner programs to explore.

For channel partners looking to grow their businesses, open source software channel partner programs are ripe for exploration. That’s because companies of all sizes are considering open source to solve business problems as they become more familiar with it.

That broadening familiarity comes through frequent innovations from larger open source vendors including Red Hat, SUSE and Google Cloud Platform. In just the last few months, the open source market has been busy with plenty of new tools for partners.

In July, SUSE unveiled its acquisition of Rancher Labs, which will give the company more Kubernetes management depth. The $600 million deal brings together two established open source vendors and deepens SUSE’s depth in the enterprise Kubernetes marketplace. Furthermore, the Rancher Labs platform lets users to deploy their containerized workloads anywhere, including the network edge and to the cloud. Partners and customers often asked SUSE to get more involved in Kubernetes management.

In June, Red Hat, IBM and SAP collaborated to adapt SAP’s cloud platform so it can run on premises. A ton of customers and partners requested that capability.

In April, Red Hat’s new CEO, Paul Cormier, stressed the importance of channel partners to his company. Cormier joined Red Hat in 2001 and has always focused on channel partner relationships. Those relationships, he said, will continue to fuel Red Hat’s steady growth with its wide range of enterprise applications. Today that includes platforms for cloud, Kubernetes, storage, middleware, virtualization and more. And the company’s $34 billion acquisition by IBM last year arguably gives channel partners even more growth opportunities.

And in May, SUSE deepened its Azure cloud integrations capabilities for customers, which also opens more doors for channel partners. More and more case studies show how open source helps businesses get things done. That, in turn, leads to more partner opportunity.

Open source channel partner programs are growing and adapting in response. Scroll through the slideshow above to see how open source channel partner programs are giving partners new opportunities.

Aug 03

SaalexIT Rebrands as Valeo Networks, Part of National MSSP Strategy

By | Managed Services News

SaalexIT acquired Valeo Networks, an Arizona-based MSP, in April.

Saalex Information Technology (SaalexIT) is changing its name to Valeo Networks to better reflect its brand as a national MSSP.

SaalexIT acquired Valeo Networks, an Arizona-based MSP, in April. Valeo’s services included backup and disaster recovery, cloud solutions, network security, server virtualization, vendor management, network monitoring and more.

The acquisition combined the two MSPs in SaalexIT’s Southwest region, which includes California, Arizona and New Mexico, to name a few.

Travis Mack is Saalex’s president and CEO. Saalex is SaalexIT’s parent company.

“The rebranding of the IT division marks an exciting strategy shift toward becoming a national MSSP,” he said. “Our new branding reflects our increased commitment to our customers and our continuous pursuit to grow our services and expertise.”

More Distinct and Recognizable

Saalex IT rebranding to Valeo Networks establishes a more “distinct and recognizable” national brand in the MSSP sector, the company said. It reflects a nationwide team to “better support its customers, and provide expanded services, resources and national capabilities.”

SaalexIT's Travis Mack

Saalex’s Travis Mack

“Being able to distinguish from our federal division gives us a recognizable brand that can further embrace our lean toward the IT commercial vertical,” Mack said.

Saalex Solutions, the federal services division of Saalex, focuses on its federal customer base.

Valeo Networks has continued growing during the COVID-19 pandemic, Mack said.

“We have seen an uptick in business due to companies’ efforts to build a robust IT infrastructure,” he said. “Organizations are trying to embrace work-from-home (WFH) scenarios coupled with an increased adoption of cloud and video technologies.”

Valeo Networks is now in the top 10% of revenue-generating MSSPs nationwide. It provides services in cybersecurity, compliance, cloud, network infrastructure, and managed IT services. It serves state, county and municipal (SCM) markets, along with commercial/SMBs and nonprofit organizations.

Also this year, SaalexIT acquired Oregon-based Arctic MSP. That allowed it to continue expanding in the West.

More acquisitions are planned this year — “as many as we can manage,” Mack said.

“We see opportunity in the markets to further continue our national consolidation plan,” he said.

Aug 03

Red Hat Certification Exams Now Available Remotely

By | Managed Services News

The remote exams will be available beyond the pandemic.

Red Hat certification exams are now available remotely. The move to offer four in-demand certification exams is to meet the needs of tech pros in the midst of the COVID-19 pandemic. Remote exams will continue, however, beyond the current situation, the company said on Monday.

The four exams include: Red Hat certified system administrator, certified engineer, certified specialist in OpenShift administration; and certified specialist in OpenShift application development.

Red Hat's Ken Goetz

Red Hat’s Ken Goetz

“This year, organizations around the world are having to adjust to new ways of working,  and that includes remote working and social distancing,” said Ken Goetz, vice president training and certification at Red Hat. “Our ability to provide remote exams will not only address current challenges, but will also open up opportunities to reach more IT professionals who may not have been able to take an in-person exam in the past. As always, our goal is to provide customers, partners and IT professionals with the tools they need to succeed, and this new offering enables us to do so.”

The pandemic has curtailed travel and forced some testing sites to close temporarily. As a result, it prompted Red Hat to expedite remote online test taking. Previously, Red Hat certification exams were held onsite at training and testing locations; however, the company last November introduced Red Hat preliminary exams, offered online. The preliminary exams assess and validate in-demand, foundational skills and knowledge.

More Information

Here are some specifics about the four Red Hat certification exams the company is offering remotely.

  • Red Hat Certified System Administrator (RHCSA) (EX200V8K). This exam tests knowledge in areas of system administration common across a wide range of environments and deployment scenarios. The skills tested in this exam are the foundation for system administration and cover all Red Hat products.
  • Red Hat Certified Engineer (RHCE) (EX294V8K). This tests knowledge and skills in managing multiple systems using Red Hat Ansible Engine and executing common system administration tasks across a number of systems with Ansible. Ansible is the automation framework for multiple Red Hat products.
  • Red Hat Certified Specialist in OpenShift Administration (EX280V42K). Containers and Kubernetes are emerging as dominant deployment paradigms in today’s enterprise IT organizations. This exam tests the knowledge, skills and ability to create, configure and manage a cloud application platform using Red Hat OpenShift container platform.
  • Red Hat Certified Specialist in OpenShift Application Development (EX288V42K). This tests the ability to deploy existing applications in a Red Hat OpenShift container platform environment.

Extending COVID-19 Initiatives

All of the above count on the certification path to achieving Red Hat Certified Architect status. Remote exam delivery is in a live environment. They run on candidates’ X86_64, Fedora-compatible systems and cloud-based environments. Remote proctors observe the exams.

In March, Red Hat announced several COVID-19 initiatives for training and certifications. The company expanded virtual class offerings and added courses to its virtual training catalog. The vendor also offered customers and partners the ability to cancel or reschedule classes or exams.

Additionally, training units purchased between March and June 30 are valid for 15 months. This extension exceeds the typical 12 months. The vendor also extended all certifications set to expire between March 17, 2020, and Dec. 31, 2020, to January 1, 2021.

Aug 03

Microsoft Confirms Talks to Buy TikTok Amid Trump’s Threats to Ban It

By | Managed Services News

CEO Satya Nadella spoke with President Trump, pledging to secure U.S. data.

Microsoft confirmed on Sunday that it is considering the purchase of popular social media site TikTok in the United States. This comes as President Trump considers a Tiktok ban in the U.S.

In a statement issued on Microsoft’s corporate blog, the company said it will continue discussions with TikTok’s parent, ByteDance.

Reports of the negotiations surfaced Friday, when President Donald Trump said he might ban TIkTok in the U.S. After Microsoft CEO Satya Nadella spoke with Trump about the company’s intentions, the administration has reportedly blessed a possible deal.

Microsoft didn’t specify why it has interest in the social media site or how much it might pay for TikTok. Also, not evident is to what extent, if any, TikTok would impact Microsoft’s commercial and enterprise businesses and its partners.

Perhaps Microsoft is interested in TikTok for its gaming business, along the lines of its acquisition of Minecraft in 2014. Further, TikTok has unique and sophisticated algorithms that Microsoft might see having potential beyond just running the social media site.

Ballmer Weighs In

Former Microsoft CEO Steve Ballmer told CNBC Monday that TikTok could be an attractive opportunity for the right price. Ballmer, who is Microsoft’s largest shareholder, said he has no inside knowledge about the talks.

Read more about how the TikTok app gathers customer data.
Steve Ballmer

Steve Ballmer

“It’s important to remember, you have to keep trying new things in order to build new businesses,” Ballmer said. ”Microsoft’s legacy actually is in the consumer business and built in enterprise business. And I think it [could become] an important addition to Microsoft’s business model from a revenue perspective.”

While it is not unheard of, it is rare for Microsoft, or any large company, to confirm rumored deals. But given the president’s harsh tone about TikTok, perhaps Microsoft was looking to assuage concerns and prevent a ban. The company may have reached out to gauge what regulatory hurdles a deal might face and to put forth its case.

Because TikTok is based in China, Trump threatened the ban amid the two countries’ ongoing trade dispute. The U.S. has also cited evidence of companies in China gathering data and sharing information with its government. Amid those concerns, Trump had threatened to either issue an executive order or invoke emergency powers.

At least for now, it appears Nadella has persuaded Trump to hold off on banning the social media site.

“Microsoft fully appreciates the importance of addressing the president’s concerns,” according to the company. “It is committed to acquiring TikTok, subject to a complete security review and providing proper economic benefits to the United States, including the United States Treasury.”

Security Risks Overblown?

According to TikTok, the security concerns are moot. The company stores U.S. data is stored in U.S. data centers, TikTok told NBC News. The company added that customer privacy is paramount. Microsoft said it would transfer all private data of TikTok’s American users to U.S. data centers, where it would remain.

“To the extent that any such data is currently stored or backed up outside the United States, Microsoft would ensure that this data is deleted from servers outside the country after it is transferred,” the company said. “This new structure would build on the experience TikTok users currently love, while adding world-class security, privacy and digital safety protections. The operating model for the service would be built to ensure transparency to users as well as appropriate security oversight by governments in these countries.”

During its negotiations, Microsoft said it will keep …

Jul 31

Shadow IT: Out of the Shadows and into the Cloud

By | Managed Services News

Here’s how MSPs can tackle shadow IT as a part of a security services offering.

‘I’ve sent it to you in cloud disk

‘We don’t use cloud disks here’

‘No worries.  I’ll send you a link’

Shadow IT–the use of IT systems and applications without the knowledge or approval of the business–has grown exponentially.  With the adoption of cloud-based applications and services, it’s just so easy for users to reach out for their own preferred tool to do the job.

Someone outside the business sends you a file in cloud disk like Box, Dropbox, Google Drive or something similar. Then, when you need to send that file to someone inside the business, so you install that application and tell them to use it, too. Next thing you know, everybody’s using cloud disk messengers, third-party mail and social networks in the office.  But nobody’s told IT (naturally, or they might get told to stop), so whoever’s tasked with enforcing IT policy–whether it’s you or your client–has no idea where the business’s valuable and potentially sensitive data is being stored in the cloud.  And how, or even if, it’s protected.

What you don’t know about, you can’t control, or patch, or protect. So shadow IT becomes a “blind spot” in terms of your clients’ security.  And, with Gartner studies finding that shadow IT can represent as high as 30% to 40% of spending on IT, it’s perhaps less of a blind spot and more of a black hole.

So how do you, as an MSP, tackle shadow IT as a part of your security services offering?


The first task is clearly to find out exactly what unapproved cloud services are actually at work in your customer’s business. For those with deep pockets and plenty of time, firewalls and CASBs (cloud access security brokers) can be used to do this. For the rest of us, applications specifically dedicated to this task (our own Cloud Discovery is just one of them) can provide a clear, straightforward, ongoing picture of what software is in use, how often it’s accessed and by which users.

Shadow IT Kaspersky

Shadow IT Discovery in Action

Once you know what you have, you can start taking a look at the associated risks and potential damage to be faced.  Are we talking mainly about potential data breaches or time-wasting social media usage? Now is a good time for you as an MSP to get a report on the table for your client’s CEO or HR Management or both.


Having sat down with your client and looked at what’s really happening, it’s time to talk about preventing the creep of shadow IT by controlling and blocking applications.  You’ll want to think about what to block and for which users. There will be VIP users with much wider permissions and those whose roles require access to specific applications that may be unavailable to others.  You may decide to ban access to some applications only during core office hours, while blocking others entirely.


Having limited or blocked access to unauthorised applications, it’s critical to provide appropriate replacements so people can work effectively. You may take a look around the market researching for the best cloud collaboration tools that fit your business needs. And one of the criteria to keep in mind is for that new cloud-based software to meet your cybersecurity requirements and data protection compliance.

Multiple Security Services

And, at this point, I’d like to put in a word for one of Kaspersky’s own security offerings.  Aside from award-winning endpoint protection and granular controls, Kaspersky Endpoint Security Cloud incorporates a number of special features and applications with managed services providers in mind, including Cloud Discovery, plus Kaspersky Security for Microsoft Office 365 (which can also be purchased as a stand-alone product). The current mass-migration to Microsoft Office 365 provides the perfect opportunity to tackle shadow IT full-on. So, through a single product purchase, you can offer your clients a range of security services, including:

  1. Shadow IT discovery and management
  2. Security for MS Office 365 (anti-phishing, antimalware) and for major Office apps: Exchange Online, OneDrive, SharePoint Online and Teams
  3. Patch management and vulnerability assessment
  4. Encryption management

And, with everything incorporated into one license and administered through a single console, you’ll find bringing your clients safely out of the shadows and into the cloud can involve you as their MSP with less time, as well as less expenditure, than you may have predicted!

This guest blog is part of a Channel Futures sponsorship.

Jul 31

MSPs are Bolstering Security Programs with Machine Learning and Automation

By | Managed Services News

Overcome the skills shortage and alert fatigue with advanced machine learning and automation technology.

Advanced threats, a shortage of security experts and the rise in work-from-home together form a catalyst for MSPs to enhance cybersecurity effectiveness for their customers. As MSPs seek ways to increase efficiency and do more with less, they’re turning to advanced analytical capabilities like machine learning, security analytics and automation. All of these have moved past their initial hype cycle and are now adopted and delivering enhanced ROI and outcomes in IT and cybersecurity.

“The future of your business is Big Data and Machine Learning
tied to the business opportunities and customer challenges before you.”

                                    — Eric Schmidt, then CEO of Google
CloudNext Conference in 2017

Machine learning and automation are more than popular buzzwords in the cybersecurity industry. These analytic capabilities make sense of large volumes of raw data to create context and find unknown attacks that speed up decision making. When combined with cybersecurity experts, they hold real promise for their ability to transform IT and security operations for organizations of all sizes. While not a magic potion that instantly perfects data security, these advanced tools offer MSPs a way to augment limited staff in the ongoing battle against cyber criminals.

The Value of Machine Learning and Automation in Cybersecurity

With digital transformation serving as a catalyst for larger volumes of data and technology, use cases for ML and automation in IT and security operations are growing. While not exhaustive, key use cases include:

Analyzing vast reams of data for suspicious activity: It’s challenging to process billions of logs with an all-manual approach. Machine learning does the initial correlation work to process incoming log streams, reduce false positives and alert security operations center (SOC) analysts who perform a second level of triage and potential threat hunting.

Improving SOC efficiency and effectiveness: Machine learning and automation manage repetitive and potentially error-prone tasks that can overwhelm security teams. The result is higher job satisfaction and retention of hard-to-find cybersecurity professionals.

Increasing speed, accuracy and scale of threat detection: Automated incident response can launch a set of corrective actions, open a ticket for SOC triage and even block suspicious processes. Faster detection and remediation reduce the potential damage of attackers.

Detecting anomalous behavior by users and supply chain partners: Detect insider threats and advanced attacks with machine learning to understand and predict normal baseline system activity and identify exceptions that signal a cybersecurity risk. A SIEM (security information and event management) solution provides user and entity behavior analysis (UEBA) to detect insider threats, lateral movement and advanced attacks.

Through advancements and adoption of machine learning and security automation, MSPs are harnessing the vast reams of device and client data to foster better cyber decision making.

Cyber Criminals Also Embrace Advanced Tools  

Defenders aren’t the only ones looking at emerging technologies. Global cybercrime damages are predicted to reach $6 trillion annually by 2021, according to the 2019 Annual Cybercrime Report by Cybersecurity Ventures. Cybercriminals are upping their game to use the latest tools and technology to improve outcomes for their exploits. Hackers are using

Jul 31

Tanium Research Underscores Security Gaps Exposed By, Created During COVID-19

By | Managed Services News

Once again, MSSPs are ideally suited to identify and address these issues.

With no end to COVID-19 in sight, 85% of executives predict their organizations will feel the negative effects of the pandemic for months. Most (70%) say successfully implementing long-term home IT for remote workers will prove difficult for three main reasons. They are compliance regulations (26%); cybersecurity risk management (25%); and balancing employee privacy with cyber risk mitigation (19%). That’s all according to another in a series of vendor-commissioned reports, this one from Tanium, which provides unified endpoint management and security.

Of course, those challenges come on top of those IT leaders already were trying to untangle before the pandemic hit.

For example, 71% of IT departments said that, every week, they were finding IT assets they didn’t know about or have in their inventories. IT ends up paying for items it doesn’t know it owns, which affects budgets. It also misses the opportunity to secure these devices and applications, which exposes the organization to more threats. Indeed, most IT chiefs (53%) cited this last gap as a primary concern, according to Tanium’s report, When the World Stayed Home, released in late July.

Tanium's Chris Hodson

Tanium’s Chris Hodson

The reality is, shadow IT has only grown more pervasive during COVID-19. As organizations made sudden shifts to remote work, employees were cobbling together their own tools to remain functional. This led to the use of unsecured, consumer-grade resources that increased cybersecurity risk. Plus, shadow IT has inflated IT spending. As the pandemic continues, hurting the economy and inviting cyber breaches, IT departments must have full visibility into their environments. MSSPs rank among the partners best positioned to handle both security and spending oversight on behalf of customers.

“An MSSP cannot measure what they don’t manage,” Chris Hodson, global CIO at Tanium, told Channel Futures. “If users are running business applications on personal devices, for example, how does the MSSP provide visibility and control of the assets?”

Roy Duckles, MSP sales and program lead at Tanium, agreed.

Tanium's Roy Duckles

Tanium’s Roy Duckles

“With the advent of home working on such a large scale and over such a short time period, MSSPs found that many of the point solutions they relied on were unable to discover, track or identify where company assets now lived,” Duckles told Channel Futures. “This caused serious problems for ensuring that remote assets accessing the corporate IT environment were secure and trusted, and were compliant.”

Hackers Continue Capitalizing on Pandemic Fears

To the point about security, it shouldn’t be surprising that 90% of respondents have seen an increase in attack frequency. Bad actors continue to capitalize on COVID-19 fears and changes — to the tune of 30% more threats than usual, according to Tanium’s findings. This makes IT’s job even harder. On that note, CXOs identified their three biggest security challenges for Tanium:

  • Visibility of new devices (27%). Nearly half (45%) of these respondents said they will prohibit personal devices on corporate networks from now on.
  • Overwhelmed IT capacity due to VPN requirements (22%). As Tanium noted, failing VPNs can make patching problematic. They can force IT teams to abandon routing employee traffic through corporate security controls.
  • Greater security risks from video conferencing (20%). This finding speaks for itself, especially with rampant “Zoombombing” example.

COVID-19 Took Focus Off Security Projects in Motion

The onset of the pandemic not only created new problems, it interrupted IT security projects organizations were just starting. To that end, 93% of executives told Tanium they have had to cancel or delay security priorities to accommodate the transition to remote working. They said the biggest impacts were on identity and access management, along with security strategy work (coming in at 39% and 40%, respectively).

According to CXOs and VPs, security concerns now rank as …

Jul 31

COVID-19 Pandemic Challenges IT Departments to Support Remote Workers

By | Managed Services News

IT pros agree that cloud and automation will boost resiliency.

The COVID-19 pandemic challenges IT departments to support the remote workers with confidence. LogicMonitor research finds that 84% of global IT leaders are responsible for their customers’ digital experience, but three in five (61%) don’t have a high level of confidence in their ability to do so.

That’s according to Evolution of IT Research Report, which the cloud infrastructure monitoring platform provider just released. The commissioned research surveyed 500 IT decision makers across a variety of roles and geographic regions in May and June. The goal was to find out how global IT departments are adapting in the era of remote work.

A second key finding in the research is the accelerated shift to cloud amid the COVID-19 pandemic challenges. The third is around automation. There is overwhelming agreement among IT departments that automation is key to efficiency. As a result, adoption is on the table over the next few years.

LogicMonitor's Kevin McGibben

LogicMonitor’s Kevin McGibben

“Maintaining business continuity is both more difficult and more important than ever in the era of COVID-19,” said Kevin McGibben, CEO and president of LogicMonitor. “IT teams are being asked to do whatever it takes – from accelerating digital transformation plans to expanding cloud services – to keep people connected and businesses running, as many offices and storefronts pause in-person operations. Our research confirms that the time is now for modern enterprises to build automation into their IT systems and shift workloads to the cloud to safeguard IT resiliency.”

Common Concerns

The report findings echo the sentiments expressed by IT executives at a recent CompTIA Partner Summit session – Preparing for the Next Challenge: Preparedness from Today’s IT Leaders. The session focused on COVID-19 pandemic challenges.

At the virtual summit, a trio of IT executives discussed the impact of the pandemic on their companies and departments, and how they’re rethinking their IT strategies.

Business worldwide took a hit when the COVID-19 pandemic struck. For IT teams, resiliency plans were suddenly in the spotlight. As record numbers of employees were forced to work from home, businesses quickly discovered whether they had the right infrastructure in place to support them.

The LogicMonitor research found that 86% of companies had a business continuity prior to June. The exception was the education sector. Only one in four (24%) IT professionals there reported having a continuity plan.

With or without a business continuity plan in place, IT decision makers had reservations about their IT infrastructure and its resilience in the face of a crisis. One in three (36%) felt “very prepared,” 53% were “somewhat prepared,” 10% reported a small chance of withstanding a crisis and 1% had no confidence in preparedness.

Cloud and Automation

Here are top 5 crisis concerns for IT leaders. This is if people must work remotely or can’t access the office in a reasonable time frame.

  1. Having to deal with internet outages or other technical issues remotely (49%).
  2. Strain on the network from having too many individuals logging in remotely (49%).
  3. Having to deal with coworkers logging in through VPNs (38%).
  4. Not being able to access the hardware they need (33%).
  5. Teleconference software not being secure enough (28%).

It’s no surprise that accelerated cloud adoption is seen as one strategy for resiliency. Here are some survey results about where workloads reside pre-COVID-19 and will reside post COVID-19.

  • Pre-COVID-19, 35% of workloads were on-premises. Post-COVID-19 that number will shrink to 22%.
  • Pre-COVID-19, 23% of workloads were in the public cloud. Post-COVID-19 that number will increase to 28%.
  • Pre-COVID-19, 25% of workloads were in a private cloud. Post-COVID-19 that number will increase to 30%.
  • Pre-COVID-19, 17% of workloads were in a hybrid cloud. Post-COVID-19 that number will increase to 20%.

The lion’s share (94%) of IT leaders surveyed expect IT automation to become a focus in the next three years. In fact, in the midst of a crisis, only 39% of organizations felt “very confident” in their IT department’s ability to maintain continuous uptime and availability. For organizations that have already automated, that percentage rose to 50%.

Jul 31

FASTCHAT: Why MDR is Essential to Battling Ransomware and Boosting Channel Partner Revenue

By | Managed Services News

According to Gartner, 90 percent of security buyers have shifted their focus from traditional security asset management to threat detection and response. In this video, Fortinet Sr. Director of MSSP & Service Enablement Stephan Tallent explores why Managed Detection and Response (MDR) is so hot, addresses the challenges that channel partners face in offering MDR solutions, and explains why single-vendor MDR stacks translate to higher profit margins.

Jul 31

Claroty: VPN Vulnerabilities Endanger OT Networks

By | Managed Services News

Numerous servers are still vulnerable to exploitation.

Claroty has discovered VPN vulnerabilities that could threaten industries like oil and gas, water and electric utilities.

The VPNs access operation technology (OT) networks that these industries use. And while updates have been issued to fix the VPN vulnerabilities, numerous servers are still vulnerable to exploitation.

The National Security Agency warns that VPN vulnerabilities could pose a threat if not properly secured. The agency’s warning came amid a surge in remote work as organizations adapted to COVID-19 related office closures and other constraints.

As remote work persists in industries that use OT networks, the VPN approach for remote security might not be as secure as previously believed. The findings from Claroty note that vulnerable remote access servers can be highly effective attack surfaces for threat actors targeting VPNs.

To find out more about these VPN vulnerabilities, we spoke with Nadav Erez, research team lead at Claroty.

Channel Futures: How did Claroty discover these VPN vulnerabilities?

Claroty's Nadav Erez

Claroty’s Nadav Erez

Nadav Erez: The Claroty research team constantly tracks global trends in security. We inspect possible attack surfaces in our customers’ networks. In the past few months, we have seen a great increase in the use of remote access solutions that lead directly into OT networks, and as the usage increases, so does the exposure to vulnerabilities in these types of platforms. Based on that, we chose to deeply investigate several products that are widely used in different OT domains. Once we identified these products as Moxa’s EDR-G902/3, Secomea’s GateManager, and HMS Networks’ eWon solution, we further investigated them to discover those reported vulnerabilities.

CF: Are these VPN vulnerabilities still dangerous? Can malicious hackers exploit them?

NE: Claroty maintains a responsible disclosure policy; therefore, we made sure all involved vendors have issued updated versions where the vulnerabilities have been fixed. Having said that, Claroty is monitoring internet-facing servers. … We still see hundreds of such servers that have not yet been updated; therefore, they may be exploited to gain access to the networks to which they provide access.

CF: What sort of damage could result from exploiting these VPN vulnerabilities?

NE: The affected VPN-based remote access solutions are used primarily to provide offsite personnel with access to OT networks within industrial enterprises and critical infrastructure – including oil and gas, water utility and electric utility providers – where secure connectivity to remote sites is critical. Successfully exploiting the vulnerabilities would give an attacker direct access to OT field devices and the ability to inflict physical damage to them; for example, shutting down or otherwise disrupting production.

CF: What aren’t organizations doing that they should be doing to protect themselves from these VPN vulnerabilities?

NE: Many organizations don’t realize the unique risks of enabling remote access for OT, as opposed to IT. While the security features of most VPNs make them generally well-suited and secure for IT remote access, such features tend to be …