Bonus Post: Security News and Notes from the 2024 RSA Conference

I came home from last week’s RSA Conference with lots of news and insights from the world of cybersecurity. I also came home with a sinus infection of some kind, which is why the RSAC follow-up coverage I originally promised to post on Monday isn’t appearing until now. Worth the wait, I hope!

CrowdStrike wants to “democratize” enterprise security for SMBs

Regular readers may recall a post I wrote back in January about how big names in enterprise security are suddenly making a serious play for share among SMBs, and by extension the MSPs who serve them. I discussed the trend then with a couple of analysts I respect, but RSAC gave me a first opportunity to explore it directly with two of the vendors I called out by name—CrowdStrike and Cisco.

More on Cisco in a moment. As for CrowdStrike, the company does indeed have enormous interest in a market segment long dominated by names more familiar to MSPs like Fortinet, Sophos, and Trend Micro, according to Daniel Bernard (pictured), CrowdStrike’s chief business officer.

“There’s been this massive revolution and disruption that we’ve brought to the market, bringing AI to cybersecurity and bringing cybersecurity to the cloud,” he says. To date, that disruption has mostly benefited big businesses and governments, powering CrowdStrike along the way to over $83.4 billion in market cap as of today and 36% revenue growth in the fiscal year it completed in January.

“But the SMB is still left behind,” Bernard says. “I think what we have the power to do is really democratize something that is widely known and accepted as the best.”

CrowdStrike’s biggest move so far toward that goal came last November with the release of Falcon Go, an antivirus solution specifically designed for organizations with 100 users or less. According to Bernard, the system is affordably priced (it sells for $4.99 per endpoint per month), easy to use, and simple to install.

“We’re the easiest to deploy in the market,” he says. “No reboot required.”

Users can then pair Falcon Go with CrowdStrike’s also affordable Falcon Complete MDR service, Bernard continues, and layer on additional CrowdStrike modules in areas like DLP, cloud security, and identity threat detection and response.

“You don’t have to install anything else,” Bernard says. “It’s the same cloud-powered agent and console and just more things to turn on.”

If none of that convinces MSPs to give CrowdStrike a look, he continues, inquiries from their customers eventually will. As the analysts I spoke with earlier noted, CrowdStrike has one of the few names in security that even SMB decision-makers often recognize.

“We have the brand that people want to deploy,” Bernard says, and it’s generally easy to predict what partners will do when their customers want something. “They’re going to listen to their customers.”

CrowdStrike is forging alliances aimed at making that transition easier. The first came last June when the company became part of Pax8’s line card. The second (with more to come, Bernard hints) was an integration pact announced last week with NinjaOne, the swiftly growing, well-funded toolmaker rapidly staking a claim to a place atop the managed services software pyramid with ConnectWise, Kaseya, and N-able. Unlike those companies, however, Ninja (which signed a second cyber alliance agreement with Bitdefender this week) has no security portfolio if its own.

Though it’s introduced products priced for SMBs, Bernard acknowledges, there

will always be cheaper vendors than CrowdStrike for MSPs to embrace. Those companies though, he continues, are playing a different game.

“We’re here for the organizations that know that they want quality and they want best of breed that can stop the breach, and we will continue to take share in the market and be a dominant player there,” Bernard promises.

Thanks for reading Channelholic! Subscribe for free to receive new posts and support my work.

Cisco’s all in on SMBs too

Like CrowdStrike, Splunk made news at RSA last week too. The security observability leader (officially part of Cisco since March) announced a new asset and risk intelligence solution designed for use by MDR vendors and SOC operators rather than SMBs. Don’t be deceived, though, urges Brian Feeney (pictured), who became Cisco’s vice president of global security partner sales just over a year ago.

“One thing that I’ve been impressed with is that as we acquire technologies, as we lean into solutions like the Splunk acquisition and what that brings our portfolio, we don’t just take an enterprise-only mindset,” he says. “We’re always going to have a mindset to how can we increase opportunities for our managed services providers who are servicing that SMB space.”

Indeed, as I wrote last September, Cisco is pouring “tens of millions” of incremental dollars into sales and marketing resources for SMB partners during the fiscal year it entered in August. And that’s on top of the undisclosed sum Feeney has spent since joining Cisco to create a team of more than 20 salespeople dedicated to MSPs and other high-potential channel segments.

Other changes Feeney has made in recent months seek to make Cisco easier for SMB partners to do business with.

“We’re a large complex organization, and if you’re an MSP or a reseller in that space in particular it can be challenging to work with a very large organization,” he says. In response, Cisco has introduced a new “concierge desk” designed to simplify deal registration and streamlined its sales incentives.

“There was a significant amount of programs and promotions available, but it’s challenging to keep track of all of that,” Feeney says. “So we asked the team to really reduce the number of programs and promotions, increase front end margin, and increase backend rebates.”

The company has boiled its sprawling family of security solutions down to three suites for breach, cloud, and user security as well, and introduced a new sales incentive for them simple enough for Feeney to explain in four words.

“Sell suites, earn 30%,” he says. “Very simple message.”

The expansive functionality in those suites resonates with partners large and small, according to Feeney.

“The tools rationalization process is a conversation we’re having over and over with both partners and with customers,” he says. That’s consistent with what partners have been telling IDC and CompTIA, both of which have recently documented ongoing efforts among channel partners to reduce vendor relationships.

Like CrowdStrike, of course, Cisco has a well-known brand. It also handles over 80% of the world’s internet traffic, Feeney emphasizes, and has products like Splunk and ThousandEyes to scrutinize all that data for threat intelligence. “The convergence of security and networking is really what gives us a great differentiator at Cisco,” he says.

And yes, he acknowledges, Cisco is a very big company courting very big businesses alongside very big partners. But it’s dead serious about SMBs and MSPs.

“We’re all in,” Feeney insists. “It’s a very strategic route to market for us and customer segment.”

XDR from Acronis is just weeks away

XDR is the biggest thing since EDR. No surprise then that Acronis, which added an EDR solution to its Cyber Protect Cloud platform a year ago and an MDR solution last month, has an XDR offering coming very soon as well.

Most of the details are under wraps until June 12th, the tentative launch date, so there’s not too much more I can tell you. Except that:

The feature set will prioritize simplicity, to suit the needs and capabilities of the somewhat smaller MSPs Acronis principally targets. “Big brand XDR is nice, but a little bit expensive and also too complicated to follow up,” says Candid Wuest, the vendor’s vice president of cyber protection research.

The new system will feature a generative AI chatbot that technicians can use to query the tool about incidents. Acronis’s EDR solution will soon get the same functionality, which is actually the second AI-based enhancement to the vendor’s detection and response products. GenAI has been producing summarized, simplified incident summaries for EDR users since last December.

The solution will ingest information from and coordinate remediation with a wide range of third-party products, drawing on earlier investments in integration by Acronis that we’ve discussed here before. “Acronis already has about 180 different integrations,” Wuest notes. “We’re about to launch one with Sophos as well [as] with Microsoft Defender.” Both are arguably competitors, he concedes, but MSPs should be free to combine whichever solutions they like best. “We say, look, if you’re happy with SentinelOne, fine, go for it,” Wuest explains.

Pricing, while still TBD, is likely to be on the lower end of the spectrum in keeping with rate cuts rolled out earlier this year that reduced EDR licensing to $1 per endpoint per month. “With a higher commit, you can even get it down to 55 cents,” Wuest says. “We believe EDR is the bare minimum that you need nowadays, and we want to make it affordable.”


More choice, more leads for the SMB channel from ESET

Acronis isn’t the only security vendor using generative AI to help overwhelmed technicians keep pace with proliferating threats. ESET demo-ed a similar feature, currently in beta testing, at RSAC.

“You can contextually ask the dashboard using an LLM model about something that’s happening, and it’ll come back with a proper contextual answer based on the information in there,” says Tony Anscombe (pictured right), the vendor’s chief security evangelist.

When generally available, that feature will join a succession of other recent product updates, including a new MDR subscription option specifically for smaller businesses that relies more heavily than others on automation to provide what ESET says is comprehensive protection at a more affordable cost.

“We basically have developed an MDR play that’s a little bit more targeted and specific for SMB type customers and partners that they can understand better, at a price point where they’re not having to spend gobs of money for full-time humans that are going through and looking through their environment full time,” explains Ryan Grant (pictured left), vice president of sales for ESET North America.

ESET has been investing in SMB-friendly solutions elsewhere lately too, including a new offering named ESET Small Business Security for businesses with up to 25 devices.

“We looked at our B2B product and then we looked at our consumer product,” Grant says. “We saw businesses that were using the consumer-grade product and they needed more protection.” Small Business Security gives them functionality for safeguarding online banking transactions, protecting servers, encrypting sensitive data, and more not found in ESET’s consumer offerings.

To make selling solutions like that more appealing for partners, ESET has recently updated its Partner Connect Program. Gold and silver members who maintain an 80% renewal rate can now earn up to a 5% annual rebate. Gold partners now have access to a revamped North America partner locator tool as well.

Those changes, according to Grant, join previously introduced efforts to generate leads for Partner Connect members. “The big thing we’ve doubled down on this year is really driving more demand,” he says. “We’ve made a pretty big investment in what we call our ‘high-touch team’ that’s calling directly on customers to really find opportunities.”

Like Acronis through its XDR solution, meanwhile, ESET has been adding integrations lately, including two just in the last few weeks with MDR vendor Arctic Wolf and SIEM provider Elastic Security.

Egnyte’s arming integration partners for action

It’s not just ESET and Acronis, either. A lot of RSA Conference exhibitors have integrations on their mind these days, according to Kris Lahiri (pictured), co-founder and chief security officer of data management, compliance, and governance vendor Egnyte.

“I’ve been in quite a few different vendor meetings and that feeling of needing to integrate with other providers is the highest that I’ve ever seen,” he says. “I’m not selling you or allowing you in to take my secret sauce, but I will absolutely let you integrate in, because at the end of the day our customer is better off.”

Egnyte’s big news at RSAC, in fact, directly reflects that trend. Thanks to an integration with Microsoft’s widely supported Purview data protection platform, third-party security vendors including CrowdStrike, Netskope, SkyHigh Security, Zscaler, and others can now apply “sensitivity labels” to Egnyte content and use them to enforce DLP policies remotely.

The new feature arms vendors already securing data in motion to safeguard data at rest as well, and do so without spending time and money coding API connections. “We already handle sensitive data at scale,” Lahiri says. “Our customers are taking the next step [with] the ability to either remediate or take some other action.”

Egnyte expects the new functionality to help it expand a technology alliance ecosystem focused primarily on SIEM vendors to date. “We have lots of integrations with the Splunks and Rapid7s,” Lahiri says. “This is the logical next step.”

It’s an important one too, he continues, because it allows vendors to respond automatically to unauthorized data exfiltration and other incidents rather than simply see that they’re happening on a dashboard.

“That’s how our ecosystem’s growing,” Lahiri says. “Vendors are now taking action on the alert.”

SonicWall’s tying it all together

Is it any surprise given everything you’ve read so far that cross-vendor integrations figure prominently in SonicWall’s vision these days too?

“One of the principles for SonicWall is we can’t win this alone,” says Chandrodaya Prasad, the company’s EVP of global product management. “Cooperation is a very healthy thing in the cybersecurity space.”

It’s also what MSPs facing a wider range of threats than ever want, according to Michael Crean (pictured), SonicWall’s senior vice president of managed security services, who notes that vendors ignore that wish at their own peril.

“If your customers are telling you they need something and you don’t give it to them, then they’re going to go find it somewhere else,” he says.

Crean was CEO of MDR vendor Solutions Granted until SonicWall acquired the company last November, shortly before buying cloud edge protection vendor Banyan Security. Both transactions broadened a product family that already included threat protection solutions, email and endpoint security systems, and most famously cloud and network firewalls. A new management platform introduced during RSAC aims to give administrators a single view into all those offerings.

“It’s really, really important that we tie all that together,” says Bob VanKirk, SonicWall’s president and CEO.

The Solutions Granted and Banyan deals, he continues, are recent components of a two-pronged strategy to give MSPs and MSSPs the integrated security stacks they need by both expanding SonicWall’s native portfolio capabilities and delivering outsourced management of third-party products. VanKirk freely admits that he would have vetoed a proposal to support solutions from potential competitors when he stepped into his current job back in 2022.

“Now based on what [Crean] has brought to the table and really taking a step back and seeing the value that we can provide across cloud, endpoint, and firewall, it’s very, very different,” he says. “That is absolutely where we’re going.”

Combined with the launch of a new partner program last year offering bigger discounts, added MDF, new enablement resources, and more, that newfound commitment to inter-vendor and intra-vendor integration has paid rich rewards in a strikingly short period: SonicWall says it’s seen a 42% increase in partner growth over the last year and 91% membership growth in its Service Provider Program. According to VanKirk, giving partners what they want is a factor in those results too.

“It’s not rocket science, but it’s working,” he says. Additional acquisitions, he suggests, could play a role in keeping the strategy working.

“The attacks change overnight,” VanKirk says. “We have to be agile, and we have to stay current.”

Subscribe now

Veeam’s getting into the security space

So does Veeam, of course, and like everyone else profiled in this post, integrations figure prominently in the data protection leader’s plans for achieving that goal. We’ve already written at length about its alliance with Sophos to provide coordinated backup/MDR services. More agreements like that are on the way, according to Jeff Reichard, Veeam’s vice president of solution strategy.

“You can expect that there will be more explicit integration announcements like what we had for Sophos last fall coming,” he says.

A further part of Veeam’s integration strategy quietly arrived late last year in the form of what the company itself calls a “small but significant feature” easily missed in its 12.1 release: support for the syslog logging standard, which opens the door to a huge array of additional cross-vendor links.

“We’ve tested internally the ability to alert CrowdStrike or the ability to alert Fortinet or a bunch of other ones that are out there about what’s happening in the Veeam environment” using syslog, Reichard says.

Veeam’s less easily missed acquisition of incident response vendor Coveware last month is a big step in another strategic direction for the company toward providing security services in addition to BDR solutions.

“We’re certainly getting into the security space,” Reichard says. “The reason that we’re so excited about doing that is that while we’ve played in one particular facet of that before—protecting data securely and recovering it quickly without reinfecting—now we’re basically expanding into a much wider spectrum of that effort by an organization to manage their risk profile, and if they’re unfortunate enough to get hit, recover as quickly and securely as possible.”

The incident response services Coveware is best known for are just part of its place in Veeam’s longer security game. The company also makes a post-breach forensic triage solution for ransomware that Veeam plans to use as a pre-breach risk assessment tool too.

“That will almost certainly be integrated at some level into one or more editions of the Veeam Data Platform so that organizations can proactively look at their environment to see what vulnerabilities might be out there,” Reichard says.

Which will get Veeam into what we told you days ago appears to be the “it” solution in security right now.

“With Coveware, not only do we have the data recovery and data protection spectrum of that whole data security posture management, to use a common phrase nowadays, covered but we also can work with organizations to help them understand what their vulnerabilities are in advance and do tabletop exercises,” Reichard says.

The key phrase there, though, is “data security,” which is a logical, lateral extension of Veeam’s data protection legacy. According to Reichard, the company has no intention of becoming a full-blown security vendor.

“We don’t plan to start to write our own virus definitions or be an AV company,” he says, like the aforementioned CrowdStrike and Fortinet. Nor, Reichard continues, does Veeam intend to provide MDR like Sophos.

Incident response won’t be the only service it delivers directly to at least some end users though, he adds, noting that Veeam has been offering Microsoft 365 and Azure backup as a service directly since last October. Details about additional service offerings, Reichard hints, could emerge as soon as the vendor’s VeeamON conference early next month.

Object First’s readying new appliances. We think.

Object First, the Veeam backup storage specialist we’ve written about here before, apparently has news coming at VeeamON as well. Anthony Cusimano, the company’s chief evangelist and director of technical marketing, is willing to share clues about that for the moment, but little more.

“We have a 64 and a 128 TB box,” he notes. “That’s pretty limiting for a lot of folks out there, so we’ve been listening. We’ve heard a lot of their comments as far as if they want something bigger, if they want something smaller, and we’ve evaluated all of that and that’s providing us with a lot of good data on what direction to scale for future releases.”

More to come in a few weeks. In the meantime, Object First (which officially turned 15 months old yesterday) has just enhanced its partner program. Updates include access to MDF for gold and platinum members and a new “Partner Rewards” program offering members at all levels the ability to earn points for taking online training courses, completing account mapping exercises, performing demos, closing deals, and more. They can then redeem those points for rewards.

Founded by Ratmir Timashev and Andrei Baronov, who also co-founded Veeam, Object First addresses one of the most critical security challenges Veeam users face: storing backup date locally in a manner that lets authorized users in during disaster recovery but locks ransomware out.

“Our box is designed to give you zero [write] access,” Cusimano says, “zero access to root, zero access to the operating system.”

No matter what privileges you enjoy elsewhere, adds Sterling Wilson, product strategist at Object First. “You can’t go in and raise your level, can’t make yourself an admin and go in and delete the data,” he says. “You can’t say, ‘oh, well, I’m going to clone somebody’s account or spoof root and get in.’ There literally is no way in.”

And that, Wilson observes, qualifies Object First like Veeam itself as something of a data security posture management vendor—which in turn brings Channelholic’s 2024 RSA Conference coverage more or less full circle.