Connect with us

Expert Speak

Why and How Channel Partners Can Be Zero Trust Allies

Published

2 years ago

on

Jon Kane, Channel & Alliances Director EMEA at Gigamon, discusses the importance of Zero Trust adoption and how the channel can enable success for their customers

Zero Trust is a growing trend in cybersecurity. However, the term has previously been labelled a ‘buzzword’, with many admitting they have little understanding of what a Zero Trust framework includes. In fact, a growing number of IT and security leaders across EMEA are concerned about what it entails; 44% of those surveyed in 2022 claimed they worry it requires too much oversight and resources – up from 23% in 2020.

Yet at the same time, implementing a Zero Trust architecture seems to be a solution many want to prioritise. According to studies, 70% think it would be unwise not to consider Zero Trust in the current climate of rising cyber-attacks. As the threatscape continues to evolve and cloud security remains a concern on every IT professional’s mind, end-users require increasing support from partners across the channel to embark on their journey to attaining Zero Trust. This is where the channel can become the allies and trusted advisors, their customers desperately need.

Zero Trust is a mindset
First off, it’s crucial that organisations across the IT channel understand Zero Trust is not a product nor a technology, it’s a mindset. In order to bolster security resilience, teams need to shift away from the assumption that any user or asset within the network perimeter can be trusted. Indeed, the core aim of Zero Trust is to remove any implicit trust in a network and, in its place, require each individual case to be assessed before granting access.

Unlocking security success for customers therefore means channel partners acting as savvy advisors, differentiating from competitors by not only helping end-users to adopt better tools but also implementing better processes and educating them about the risk of implicit trust. The value of the channel for end-users therefore lies in the technical knowledge and expertise partners can share, supporting what is a complex, but necessary, shift towards a zero-trust mindset.

The good news is over three-quarters of global organisations accept Zero Trust is a journey, not a tick-box exercise. And with 83% of IT and security leaders in EMEA saying they now feel comfortable implementing Zero Trust in the next three years, the time is ripe for partners to become Zero Trust allies.

The role of deep observability
Vendors in the security space will continue to release products and solutions that play an important role in embarking on a Zero Trust journey – but there is no ‘silver bullet’ technology that could solve this conundrum alone. It’s therefore the role of the channel to support end-users in identifying and implementing an ecosystem of interconnected solutions that bolster their security posture and reduce implicit trust.

At the very foundation of this has to be deep observability. It’s impossible to monitor users, assets, devices and traffic that you can’t see, and consequently extremely challenging to assess and grant access on a case-by-case basis. Organisations therefore need to obtain a clear view of everything happening on their network to enable a comprehensive Zero Trust strategy.

It’s therefore positive that 98% of global IT and Security leaders believe that deep observability is connected to Zero Trust on some level. This addition of real-time network-level intelligence amplifies the power of metric, event, log and trace-based monitoring and observability tools to mitigate security risk and ease operational complexity. This is particularly important in the era of the hybrid cloud, where many traditional monitoring tools for on-premises cannot see into virtual environments and vice versa.

Security professionals who blend deep observability and Zero Trust will be best positioned to ensure business continuity by preventing bad actors from infiltrating their network and exfiltrating data. It’s up to the channel to educate on the value of this holistic visibility for creating a solid foundation on which a zero-trust mindset can be built.

A Zero Trust future
Zero Trust should no longer be a buzzword, but a recognised framework that is neither a quick nor simple security solution. It is an extensive and challenging approach to better cybersecurity and a journey that channel partners will need to guide their customers along. Although many in EMEA are yet to truly see Zero Trust as an attainable architecture for their organisations, it is certainly becoming a priority. In this environment, channel partners can be crucial allies to their customers by educating them on the value of deep observability – a pre-requisite for Zero Trust that will make the journey far easier.

Related Topics:
Continue Reading

Artificial Intelligence

How AI is Reinventing Cybersecurity for the Automotive Industry

Published

4 weeks ago

on

April 23, 2025

By

Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)

Continue Reading

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

2 months ago

on

March 25, 2025

By

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Continue Reading

Expert Speak

What the Bybit Hack Reveals About the Future of Crypto Security

Published

2 months ago

on

March 8, 2025

By

Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.