Podcasts about SonicWall

GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/2057071579876753643 https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

Today’s headline news for Canadian IT solution providers: Zscaler launches Project AI-Guardian: Zscaler announced a new initiative on Tuesday called Project AI-Guardian, partnering with global systems integrators Cognizant, EY, HCL, Infosys, TCS, and Wipro to help enterprises secure AI deployments. The program leverages Zscaler’s AI Protect portfolio – covering AI asset discovery, access controls for AI services, and real-time guardrails for AI infrastructure – to address what the company describes as the security blind spots created by autonomous AI agents acting with delegated permissions. According to CEO Jay Chaudhry, the initiative is designed to “ensure that AI adoption does not come at the cost of security.” Jamf names Beth Tschida CEO: Jamf named Beth Tschida as chief executive officer, effective immediately, on May 20. Tschida moves from interim CEO and former CTO to the permanent role, becoming the first woman to lead the company in its more than 20-year history. The appointment comes roughly four months after Francisco Partners completed its $2.2 billion acquisition of Jamf in January 2026; Tschida’s tenure as CTO saw Jamf’s security ARR grow 40 percent year over year to represent more than 30 percent of total revenue. Aura + TD SYNNEX: Aura Business has partnered with TD SYNNEX to bring its identity-centric BYOD security solution to MSPs through distribution. Aura debuted the offering at MSP Summit 2026, with Omdia research finding that demand for BYOD security among MSP clients is surging. SOCRadar AI agents: SOCRadar launched an AI Agent Marketplace and Identity Intelligence platform designed to help security teams automate detection and response against identity-driven attacks, positioning the agents as additions to existing security stacks. Akamai acquires LayerX: Akamai Technologies announced a definitive agreement to acquire browser security vendor LayerX, extending its workforce security strategy with browser-level visibility and governance over AI usage. Cisco Canada marketing: Jennifer Rideout has rejoined Cisco as head of Canada marketing, noting on LinkedInthat she is about a week into the new role. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, May 21, 2026, and here’s what’s happening in the channel today. On Tuesday, Zscaler announced Project AI-Guardian – a formalized initiative that brings together six major global systems integrators under a common framework for securing enterprise AI deployments. The partners are Cognizant, EY, HCL, Infosys, TCS, and Wipro, and together they’ll leverage Zscaler’s AI Protect portfolio to deliver what the company describes as a full 360-degree view of an organization’s AI footprint. The program is designed to address what Zscaler calls the “agentic world” problem – the reality that AI models don’t just respond to queries anymore. They act autonomously, connect to data and apps, trigger downstream actions with delegated permissions, and in doing so, create blind spots that traditional security tools simply aren’t built to see. According to Zscaler’s CEO Jay Chaudhry, “AI adoption does not come at the cost of security” – and the GSI partnerships are meant to scale that posture across the largest enterprises in the world. The GSI framing is enterprise-scale, but the underlying framework – discover your AI assets, control who accesses AI services, secure what AI builds and runs – is a blueprint that maps directly onto the conversations solution providers at every level are already having with their clients. As more organizations ask harder questions about what’s actually running on their networks, the partners who have this conversation early will have an edge. Jamf named Beth Tschida as its permanent chief executive officer yesterday, effective immediately. Tschida has served as interim CEO since March, and before that was the company’s chief technology officer. She becomes the first woman to lead Jamf in its more than 20-year history. The announcement lands about four months after Francisco Partners completed its $2.2 billion acquisition of Jamf in January, taking the company private. Strosahl, who shepherded that transition, has stepped away. Brian Decker of Francisco Partners cited Tschida’s “technical depth, operational discipline, and strategic vision” in a statement. The headline number from her CTO tenure: Jamf’s security ARR grew 40 percent year over year under her watch and now accounts for more than 30 percent of total company revenue. Her stated priorities going forward include autonomous device management, opening the platform for third-party AI tools, and building out an AI governance layer – all of which signal where the product is heading. The Francisco Partners angle is worth a second look. The PE firm also owns SonicWall, BeyondTrust, and Boomi – a portfolio of security and integration assets that, taken together, creates interesting possibilities for cross-platform plays. Channel partners who move Apple devices, or who sell into environments where Apple is a growing presence, should keep an eye on where this leadership takes the product roadmap. In Brief – Aura Business partners with TD SYNNEX to bring its identity-centric BYOD security solution to MSPs through distribution. SOCRadar launches an AI Agent Marketplace and Identity Intelligence platform targeting identity-driven cyberattacks. Akamai announces a definitive agreement to acquire LayerX, a browser-based AI usage control and workforce security vendor. Jennifer Rideout has rejoined Cisco as head of Canada marketing. Full details and links in the show notes or the blog post. Later today on In The Channel, Anthony Tanoury from Dell Technologies joins me to talk about how distribution has become the primary on-ramp for mid-market AI, and what that means as Dell’s Modern Partner Platform takes shape. It’s the last of three conversations I had at Dell Technologies World this week and a good one to end on. And if you haven’t caught Wednesday’s episode yet, Rob Emsley from Dell makes the case that the backup is the target – and why data protection needs to be reframed as a full cyber resilience practice. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-459

Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-459

Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. This segment is sponsored by BigID. Visit https://securityweekly.com/bigid to learn more about them! Show Notes: https://securityweekly.com/esw-459

Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don't spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn't all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-459

Today’s headline news for Canadian IT solution providers: SonicWall is making its Gen 8 security platform available in virtualized environments for the first time with the launch of the NSv XS, a subscription-based virtual firewall purpose-built for MSPs and MSSPs delivering managed security to small and distributed environments. The NSv XS supports VMware ESXi, Hyper-V, KVM, AWS, Azure, and Proxmox and ships in three service tiers designed around recurring revenue models. The top tier adds co-managed security from SonicWall’s SonicSentry NOC team plus embedded cyber warranty coverage through Cysurance. SonicWall’s 2026 Cyber Protect Report found high and medium severity attacks surged 20.8% last year, and with 52% of enterprises now running most of their infrastructure in the cloud, the NSv XS is explicitly designed to close that gap. Huntress and specialty insurance firm Acrisure have launched a new cyber insurance program offering eligible organizations access to Cyber or Tech E&O policies with no deductible and a streamlined application process. Organizations running qualifying Huntress Managed EDR and ITDR solutions may benefit from simplified underwriting – demonstrating active security posture translates to better insurance terms. The two companies are positioning the program as a response to growing AI-driven cyber threats and an alternative to the traditionally complex process of securing adequate cyber coverage. Intruder has released its 2026 Attack Surface Management Index, based on anonymized data from 3,000 customers. The headline number: 26% of organizations have exposed MySQL databases, a known target for ransomware and data extortion. Midmarket companies in the 5,000-10,000 employee range take an average of 56 days to remediate exposures – nearly four times slower than small enterprises. Banks closed gaps in an average of 11 days; insurance and pharma firms averaged more than 40. The report frames this against the emergence of autonomous AI models capable of independently discovering zero-day vulnerabilities – which makes a 56-day remediation window a meaningful risk. ThreatDown has launched identity threat detection and response for MSPs, adding credential-based attack detection to its managed security stack. ITDR joins ThreatDown‘s existing endpoint protection capabilities as attackers increasingly target identity infrastructure rather than devices directly. Cycode has announced new capabilities for AI-driven development, declaring “shift left is dead” and repositioning its application security platform around the AI development lifecycle. The move reflects a broader rethinking of where security fits as AI-generated code accelerates development velocity and introduces new risk vectors. Toronto-based MSP roll-up AYCE Capital has acquired a cybersecurity advisory firm to anchor a portfolio-wide center of excellence in vCISO and managed security operations. The move signals a push to build differentiated security capabilities across its MSP portfolio rather than sourcing them piecemeal. MSPAlliance has launched new service lines under its Cyber Verify program, expanding the compliance and assurance framework available to managed service providers. The additions give MSPs more structured pathways to demonstrate security and operational maturity to enterprise and regulated-industry clients. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, May 13, 2026, and here’s what’s happening in the channel today. SonicWall yesterday announced the NSv XS, a new virtual firewall extending its Gen 8 platform to cloud environments, with managed service providers and MSSPs as the primary target. The product allows partners to deploy firewall security wherever customer workloads run – public cloud, private cloud, branch offices, and distributed infrastructure – under a management model designed for multi-tenant operations. According to SonicWall, the NSv XS carries the same Gen 8 security engine found in its physical appliances into a lightweight virtual form factor, which the company says closes a growing gap as customer environments increasingly span both physical and cloud boundaries that legacy appliances can’t follow. The announcement is a practical one for the channel: a cloud-native firewall with the Gen 8 engine that can be managed centrally simplifies both the sales conversation around security coverage and the operational overhead of delivering it across heterogeneous customer environments. Also yesterday, Huntress announced a partnership with insurance firm Acrisure to connect cybersecurity posture directly to cyber insurance outcomes for eligible organizations. Under the program, customers running the Huntress managed security platform can access Cyber and Tech Errors and Omissions policies through Acrisure with no deductible – with policy terms tied to the customer’s verified security posture rather than a generic underwriting baseline. According to Huntress, the program is built on the premise that organizations that have actually deployed layered security controls should not be underwritten at the same rates as those that haven’t. The arrangement is worth watching for solution providers who have been looking for cyber insurance integrations that go beyond co-marketing – this one appears to operationalize the connection between managed security delivery and insurance terms in a way that could strengthen both the MSP’s value proposition and the client’s risk profile. Intruder rounded out a busy Tuesday by releasing its 2026 Attack Surface Management Index, drawing on anonymized data from 3,000 organizations to assess how quickly companies are identifying and closing their exposed attack surfaces. The headline finding: more than one in four organizations still have MySQL databases exposed and accessible from the internet – a foundational configuration risk that the report says reflects a broader struggle to maintain visibility over sprawling and distributed infrastructure. According to Intruder, the data shows that human remediation is falling further behind the pace of automated exploitation, a trend the company calls the “Mythos Era” – a period in which attacker tooling has measurably outpaced defender workflows. The report gives solution providers a concrete, data-backed framework to bring into client conversations, particularly for customers still relying on point-in-time scanning rather than continuous monitoring. In Brief –  ThreatDown yesterday launched an identity threat detection and response platform, extending its security stack to cover credential-based attacks across Microsoft Entra ID, Okta, and Active Directory.  Cycode is declaring “shift left is dead,” releasing new agentic development lifecycle security capabilities designed to protect AI-driven software pipelines from code generation through deployment.  Toronto-based AYCE Capital yesterday announced the acquisition of a cybersecurity advisory firm to anchor a portfolio-wide security center of excellence.  MSPAlliance last week added Service Lines to its Cyber Verify platform, letting MSPs map audited controls directly to the services they deliver for cleaner, client-ready compliance reporting.  Full details and links in the show notes or the blog post. Later today on In The Channel, we’re sitting down with Steve Petryschuk from Auvik to dig into their 2026 IT Trends Report and what the data reveals about the gap between AI ambition and AI maturity in managed services. And if you haven’t heard it yet, yesterday’s episode is a good one – Joel Abramson from Top Down Ventures joins me to discuss the close of their C$38 million MSP-focused founders fund and why they believe managed service providers are the primary delivery vehicle for AI to the small and mid-market. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

A critical Linux flaw dubbed “Copy Fail” raises alarm. The House moves to extend Section 702. The White House pushes back on expanded Mythos access. cPanel and SonicWall rush out security patches. Researchers warn AI agents may leak credentials. Smishing targets key industries. Ukrainian police arrest suspects in a massive Roblox account theft scheme. Our guest is Jamie Moles, technical manager at ExtraHop, discussing how the pace of vibe coding is creating major AI blind spots. Honeypot hijinks get halted by curious clicks.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Jamie Moles, technical manager at ExtraHop, discussing how the pace of vibe coding is creating major AI blind spots. Selected Reading Copy Fail (Copy.Fail) House extends a controversial spy tool, but Senate path is unclear ahead of deadline (NPR) White House Opposes Anthropic's Plan to Expand Access to Mythos Model (WSJ) Critical Authentication Vulnerability in cPanel and WHM (Beyond Machines) Security Advisory: Firmware Update Required — Gen 6, Gen 7, and Gen 8 Firewalls (Sonic Wall) Phishing the agent: Why AI guardrails aren't enough (Okta) Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns (Group-IB Blog) Ukrainian police detain hackers suspected of stealing thousands of Roblox accounts for resale (The Record) I accidentally made law enforcement shut down their stresser honeypot (lina's blog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week in the security news: Are you a FIRESTARTER? Eavesdropping via fiber-optic cables Copy Fail - more Linux LPE Github RCE Running Linux on a PS5 BadUSB tricks SilentGlass and HDMI threats Sonicwall and vague details Universities are for porn? The Banshee Before CVEs comes scanning Vendor addresses AirSnitch GitHub and not serious work Routers have country-specific backdoors Phones with Hotspot are fine Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-924

This week in the security news: Are you a FIRESTARTER? Eavesdropping via fiber-optic cables Copy Fail - more Linux LPE Github RCE Running Linux on a PS5 BadUSB tricks SilentGlass and HDMI threats Sonicwall and vague details Universities are for porn? The Banshee Before CVEs comes scanning Vendor addresses AirSnitch GitHub and not serious work Routers have country-specific backdoors Phones with Hotspot are fine Show Notes: https://securityweekly.com/psw-924

This week in the security news: Are you a FIRESTARTER? Eavesdropping via fiber-optic cables Copy Fail - more Linux LPE Github RCE Running Linux on a PS5 BadUSB tricks SilentGlass and HDMI threats Sonicwall and vague details Universities are for porn? The Banshee Before CVEs comes scanning Vendor addresses AirSnitch GitHub and not serious work Routers have country-specific backdoors Phones with Hotspot are fine Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-924

This week in the security news: Are you a FIRESTARTER? Eavesdropping via fiber-optic cables Copy Fail - more Linux LPE Github RCE Running Linux on a PS5 BadUSB tricks SilentGlass and HDMI threats Sonicwall and vague details Universities are for porn? The Banshee Before CVEs comes scanning Vendor addresses AirSnitch GitHub and not serious work Routers have country-specific backdoors Phones with Hotspot are fine Show Notes: https://securityweekly.com/psw-924

Master the Microsoft co-sell evolution today. Subscribe to our Newsletter:https://theultimatepartner.com/ebook-subscribe/Check Out UPX:https://theultimatepartner.com/experience/ In this deep-dive panel discussion, industry experts Erin Figer, Erika Irby, and Reis Barrie celebrate the 10-year anniversary of the Microsoft Co-Sell program by dissecting its evolution from its 2016 inception to today's data-driven, outcome-focused landscape. The group explores the critical shift from transactional sales to modern, frictionless co-sell motions, emphasizing the importance of signals, intentionality, and building credibility with Microsoft field teams. Whether you are navigating the complexities of the marketplace, struggling with reseller enablement, or looking to integrate AI into your sales process, this conversation offers actionable insights to align your organization's go-to-market strategy with Microsoft's evolving priorities and achieve results. https://youtu.be/KV1MGSoyWbQ Key Takeaways Effective co-selling has shifted from autonomous, fragmented motions to a highly collaborative, data-driven approach essential for modern cloud GTM strategies. Credibility is the currency of partnership; without trust from vendors and customers, technical go-to-market motions will fail to produce long-term outcomes. The “REO” (Reseller Enablement Offering) model is an operational unlock for ISVs to go global and sell local without the friction of multi-party private offers. Integrating AI into CRM systems is vital for identifying total addressable market (TAM) signals and maintaining sales velocity. “Don’t automate a bad process” remains the cardinal rule; technology should be used to refine existing, successful motions, not to propagate inefficient ones. The human element—community, in-person events, and empathy—is a necessary differentiator in an increasingly digital, automated B2B landscape. If you're ready to lead through change, elevate your business, and achieve extraordinary outcomes through the power of partnership—this is your community. At Ultimate Partner® we want leaders like you to join us in the Ultimate Partner Experience – where transformation begins. Key Tags Microsoft Azure, Co-sell evolution, Hyperscaler strategy, SMB partner investment, Cloud Marketplace, Veeam GTM, Partner Center alignment, Channel enablement, REO, Cloud consumption, ISV scaling, Go-to-market optimization, Partner-led growth, Azure consumption, Channel friction reduction, Outcome-driven sales, Microsoft ecosystem, Revenue acceleration, Partner alignment. Transcript Erin Figer Panel For Cut Out [00:00:00] Vince Menzione: So when we, so, uh, this all started ’cause I was trying to figure out what was next when I left Microsoft and I had this woman who was doing work, actually starting the co-selling process when we first started doing co-selling. And she was working with one of our partners and she was working with my team when I was at Microsoft. [00:00:17] And then I said, this lady knows a lot about this stuff. So I reached out, I left Microsoft, I said, I think we can help each other. Like, I think we’re gonna, I got these companies that I spoke at Microsoft’s conference. They’re like, can you come help us out? And we teamed up. And, uh, we’ve been friends and doing fun stuff ever since. [00:00:34] And she’s spoken at just about every event in some capacity or another, whether it was on stage or a workshop. Aaron Feiger. And then, uh, I, I found, I also, through Aaron, I met this other gentleman who had another company and he was doing amazing work with ISVs or SDCs, uh, Reese Barry from Carve. And then, uh, when I think we started up the event, I mean, Erica Irby came to one of our first events and spoke on stage. [00:00:58] I was like, yeah, this. The person knows what she’s doing. So I’ve asked the three of them to come up and kind of round out and end the day, but all three of ’em have a tremendous, uh, background in this whole process of co-selling go to market strategies. And I thought you, you can, I’m just giving it over to the three of you. [00:01:17] Erin Figer: I we don’t need [00:01:18] Vince Menzione: a, you don’t needer you don’t need a clicker and you, you know what you’re all gonna be talking about. But these are some really smart people about how to partner with Microsoft. So, yeah. No, thank you for having us. [00:01:27] Erin Figer: Um, hello. Hello. I think this is on. All right. So actually we’re gonna do an exercise. [00:01:32] Um, I want everyone to close their eyes. Close your eyes. Close your eyes. All right. I want you to think back to January of 2016. What were you doing? Where were you in your career? What company were you working for? What was going on in your Microsoft partnership in January of 2016? Okay, Erica, what was happening for you? [00:01:59] Erika Irby: So, uh, is this on? Sorry, I cannot tell. Um, I was at Veeam for the first time. We had just launched our first, uh, endpoint backup, uh, product in April of the previous year because nobody knew what cloud was yet, and people were scared. So we had to launch that product. And we had a relationship with Microsoft in a sense that about 20% of our business sat on Hyper V. [00:02:25] That equated to about, I think like around 90 ish million dollars, which at the time was incredible for us. But to Microsoft was, you know, like, who are you guys again? And, um, we begged and begged to have any type of communication with them. Events. Funding nothing. We did not know what Azure consumption was. [00:02:43] We didn’t have any of that information. And if somebody would’ve told me at that time that nine years later we would sign a five year contract with them and have multiple products dedicated to Microsoft, I would’ve been like, y’all are bananas. [00:02:58] Erin Figer: Reese, what were you doing in January of 2016? [00:03:00] Reis Barrie: Uh, let’s see, Jan, 2016, I was moving from Orlando, Florida to Seattle, Washington, uh, sight unseen with no place to stay. [00:03:10] Uh, to take a job at a place called Microsoft or Consulting Gig, a place called Microsoft. Um, kicking off some of the cool motions that we’re, uh, we’re gonna talk about today, I think. [00:03:20] Erin Figer: Does anybody know the significance of January, 2016 in the audience? Any takers? It was the launch of Cosell officially for Microsoft. [00:03:31] Congratulations. We’re celebrating 10 years of officially. Problematizing how you connect with the Microsoft sales organization in a programmatic at scale way. And try to build meaningful relationships. And I have been helping partners since the inception of Microsoft’s Cosell program. Um, I was on the partner side, Reese was on the inside. [00:03:59] You were at a partner. So we have all seen the evolution of Cosell across all three hyperscalers launching, you know, their co-sell initiatives. So I just wanted to take a moment to recognize. I didn’t know how many people realized that it’s been 10 years, it’s 10 year anniversary. I think it’s a big milestone. [00:04:15] Huge. So. Yeah. Yeah. Well, we, you know, when they launched it, I went, I was consulting for a startup outta Boston and we were trying to get Microsoft’s attention, competitor to fame, and I went to the business development guy and said, uh, do you, did you just see this program that Microsoft launched? I think we should include this in our branding strategy and we should use co-sell as a way to get our brand out to Microsoft and be able to tell our story of who we are and what we’re doing and that we’re in their accounts and they don’t even know it. [00:04:55] ’cause we’re the startup out of Boston who switched over from AWS to Microsoft. And we did, and I put every single opportunity in the system I could for the first six months, which was the last six months of their fiscal year. We go to partner of the, we go to, what was it called? Them WPCI think at the time. [00:05:13] Mm-hmm. Uh, in Vegas. And Nasuni won wins like all four wards worldwide. US Education, healthcare Partner of the year because I put 117 deals in the system and then it seeded Na Sunni’s Marketing for the next two years. ’cause Microsoft gave them tons of money and attention and we were off to the races. [00:05:35] Right. And then it was, can you repeat that? And we went and repeated it with Red Hat and Rubrik and Nintex and Quest and. I don’t know, lots more. But it was, it’s been fun journey co-selling. And it’s interesting to see now, um, how we continue 10 years later to evolve co-sell. And so Erica, what were some of the takeaways you had today listening to the conversation about how co-sell, how you’re modernizing and co-sell is changing inside your organization, especially now being a boomerang. [00:06:08] Erika Irby: Yeah, well we call it a Veeam ring ’cause everything a veer ring, everything has to start with with Veeam. Well, one thing I was gonna comment on, I think I’m sitting here thinking how wild is it that back in the day we actually had to define that co-sell was an action that, that, you know, partners and vendors needed to take or, and different vendors and alliances. [00:06:25] I mean, now we can’t even imagine going to market without, you know, that, that attach. But at the time, we were just very autonomous and everybody sold their own product and it, it took like this actual motion, um, to get us working together. But now look at us. I mean, this community is incredible. And we can also see this by, and even when AGU was mentioning earlier, all the bosses he had in his room, I mean. [00:06:47] How many people like know each other. I mean, this is like part of that, that ecosystem. But today, um, a couple of things I took away, and by the way, we want a lot of interactions, so we’re going to kind of throw it back out at you guys. But for me, um, outcomes came up repeatedly that was mentioned multiple times about outcomes. [00:07:04] Um, speed with intentionality. I think that was super critical. We have to go to market. There has to be a sense of urgency, but if we’re not intentional, it’s like, what are we doing? It’s just like a big mess. Um, and then credibility. And this is something I think is super important, regardless of, um, all of our emotions, all of our go to market, all of the, the things that we do, if we are not credible or not building trust with our vendors, our, our co-partners, our customers, we will never be successful. [00:07:35] Um, so those are the three main things that I took away from, from everybody talking today. And I, I thought, I mean, to me personally, I thought those were pretty powerful. [00:07:42] Yeah. [00:07:42] Erika Irby: So we’d love to hear. [00:07:43] Erin Figer: Yeah. And I know Reese, you have been doing a lot around outcomes and changing kind of the cosal, um, intention. [00:07:54] Reis Barrie: Yeah. The, uh, the, just thinking back to today, like that was like such a, it was really a, a big key theme of today. Like everyone talked about, whether it’s pivot of, of sales, partnership, um, even when you’re talking about AI and some of the, the, uh. POC discussions. So the live like type of stuff, everything was centered around that narrative. [00:08:17] And so, um, and it’s the same with, it’s the same with partnerships. It’s the same with your co-sell motion, same with your benefits utilization, um, and the way you’re utilizing partnerships. And so that’s, that’s a huge, huge component of, um, what I also took away from today. Um, and then somebody, I think it was Mark who said it that I’m gonna, I’m gonna steal this because the, the whole, um. [00:08:40] Near and dear to my heart of like, don’t, don’t scale automate ai, A-I-F-I-A bad process. Like as someone who deals with like, for the most part, bad processes, like day in and day out, um, and trying to refine them and improve them. Like, that’s one of the first things that we, uh, that we talk to partners about when it comes to their partnership and, and the processes they have in place. [00:09:03] So those are like two really big, just takeaways from [00:09:06] Erin Figer: Yeah. Nice. So we’re here to learn from each other, right? Like this is an ultimate partner community of learning from each other. So I’d really love to hear from the audience, like what are some of the things you’re doing in your cloud? Go to market approach and co-selling that you’re trying out. [00:09:23] Either you tried it, you failed fast, you learned from that, that you can share those lessons learned or like what’s working and how are you changing to be more outcome driven in your cloud go to market, uh, approach. Any takers in wanting to experience share? Great. Give that man a mic. [00:09:50] Audience Member: The SMB investments. Um, these, these new, I don’t know what they are. I partner accelerators, PBAs, uh, there’s kind of something going on in the SMB space where it just seems like they’re coming outta the woodwork to come help. On deals. I’ve never seen Microsoft really embrace the customer that they, the way they have in SMB in the cos sells. [00:10:10] I’m not sure if anybody else is seen that, but seems to be working. It’s two things. One, you at Data 60 [00:10:22] America. [00:10:54] I think, I think part of the rarity there is that. Typically you wouldn’t get a seller attached, right? They’re unmanaged that they’re kind of in the nobody cares category, but, [00:11:06] um. So Microsoft made a huge investment in the distribution space saying we’re gonna lean on distribution to help enable our 165,000 indirect resellers that we have as a business. And part of that enablement goes back to field sales alignment. So there’s these roles, ca roles called um, partner Solutions Sellers, PS. [00:11:30] And so they’re aligned by, um, solutions architecture, if you will, for Microsoft. So, or cloud solution area, whatever the new term, modern work, uh, or, uh, AI work, AI workforce, um, data and ai. And so they are there to help support your deal. So it’s, it’s a huge investment and one that I would just can say continue to advocate for it if you’re seeing success with it, because I mean, we’re heading into FY 27 planning for Microsoft. [00:11:58] So. Like there, there could be role changes. So I would say if it, if it’s helpful, like make sure you’re talking positively about it. [00:12:05] Reis Barrie: Yeah, yeah. Just to, to your point, like I, I’d say like, um, in the last six to 12 months, like that’s been a, a thing that’s like we’ve to go back and like, I mean we manage a portfolio of a couple dozen, dozen partners at this point, and so we’ve had to go back and rewrite some of our playbooks, reeducate some of. [00:12:26] Uh, some of the partnership folks that we use because, um, historically you kind of get into this like void of, you’re in partner center, you’re picking, you know, account alignment and it’s not managed. And so it’s like, okay, I expect to do nothing with this deal on the Microsoft side from a co-sell standpoint. [00:12:42] Um, but that’s kind of, that’s changed quite a bit, um, in the last six months where, um, it’s not like a, it’s hard to create, it’s hard to create processes and dependence around it ’cause it’s not like a guarantee that you’ll get, you get engagement, but. Uh, you see more eng engagement, more on more and more deals. [00:12:58] Um, and so we’ve had to go back and work with some of our partners to rewrite some of our, uh, deal sharing playbooks to account for, uh, things like that, which is, it’s super cool to see, frankly, um, to see engagement on these, like predominantly. [00:13:12] Erin Figer: So in that motion. So first off, for the folks that are on the other side of this black curtain by the food station, if you guys could please stop the conversation. [00:13:19] It’s really hard to pay attention to what’s going on in this room. Um. Thank you. Thank [00:13:25] Erika Irby: you for saying that. [00:13:26] Erin Figer: That was a great, that was a great, that’s a great point. And what I wanna talk about next is like in order to kind of continue to evolve the playbooks and they’re changing and people are changing, and priorities are changing, what are some of the signals that you guys are using internally in your organization, whether you’re building or buying, um, but would love to learn from all of you. [00:13:46] What kind of signals are you looking at to help you continue to like co-innovate, co-sell, co-market? Um, in your go-to market strategies? [00:13:58] Audience Member: Yeah, [00:13:58] Erin Figer: please. Um, [00:14:00] Audience Member: well, I’m, I’m, we’re building everything from scratch right now because we’re brand is integration. [00:14:39] Like having our, our engineer be able to interact with product [00:14:43] Erin Figer: engineer. [00:14:50] I’m gonna pick on trend ’cause I had just spent last week with them and Sanjay, I think like what you guys are building internally, um, using signals, building it into an AI agent. To help you understand your tam, you wanna share a little bit. [00:15:06] Audience Member: Happy to, and I’ll disclose. The first thing I did was hire Aaron Feiger to run my co-sell operations, uh, for the, for the second time. [00:15:12] It’s [00:15:13] Erin Figer: nice to be a GDI again [00:15:14] Audience Member: for the second, so well planted. Um, but honestly, like I can’t have an environment where I fail my sellers, like this process has to be frictionless in co-sell and marketplace operations. Or I lose trust in my own house, let alone in my channel and in my customer base. So. Uh, building that strong foundation is like job number one. [00:15:34] I’ve been, I spent a decade at Trend. I’m back, uh, five weeks on the job now. Um, but I’d say we’ve built a multi hundred million dollar cloud marketplace business thinking highly transactional. And what we’re trying to pivot to is a highly dated driven approach where we can look at any cloud in any region around the world, figure out roughly how many accounts they have. [00:15:57] Figure out what those customers are spending and things that we can protect from a cybersecurity standpoint, knowing that four or 5% of that total spend will be spent on cybersecurity, doing an overlap of where I have existing customers in that drawing a tam, overlapping that with my incumbent partners to get the Venn diagram of like, where’s my sweet spot to move this forward? [00:16:18] And then where’s my blast radius? So when I sit down with a guy leading France, or a person leading healthcare. I can have a really specific opportunity about how to leverage my cloud partnerships to accelerate deals and expand growth in a very surgical, data-driven, propensity driven way. And it like totally changes the conversation. [00:16:40] And the other thing we’ve done because you get a lot of pushback and when you’re working with Microsoft, uh, I was chatting with a few folks today, like if you’re in cybersecurity, it’s not easy. They got a 25 billion ish dollars cybersecurity business. So you gotta find your swim lanes. And the dialogue I have now internally with my sellers is a major League baseball analogy, which is, if you play major league baseball and if you hit the ball 30% of the time, you’re gonna go to this little thing called the Hall of Fame, right? [00:17:07] If you bat 300, if you’re in sales and Microsoft, or Amazon or whoever helps you, 30% of the time, you’re gonna go to this thing called President’s Club. That’s the difference between sitting at home in Ohio and sitting with your beach. You know, your, your toes in the sand. So it’s, we’re really trying to change. [00:17:25] Uh, one of the first things I ask my team is, what’s our brand promise to our sales leaders and our sales team? And if you don’t know that answer, you got a fricking problem. So you gotta get that. What’s your Brene Brown would call it? What’s your North Star? What are your values? Whatcha are you gonna deliver? [00:17:38] Right? So you gotta get that right and then you gotta be relentless in making it frictionless. And then you gotta hire Aaron Fier to run your co-sell. [00:17:46] Erin Figer: Okay? Okay. And so, I mean, I think like that’s a trend that I’m seeing across the partners that I’ve been working with is how they’re using data and doing more data driven, um, decision making and getting to their TAM faster so that as they start to then look at this pathway of, okay, now I’m trying to go to market, what. [00:18:11] Programs does Microsoft have or my other partners have that I can use to move me down that path faster. But getting that tam and feeling more confident about it, like, this is the group, this is the subgroup that I’m gonna start with until I see something that says, oh, I need to deviate and do something different. [00:18:30] Um, so I’m definitely seeing that trend. Like what are you seeing, uh, what are you guys doing at Vem? [00:18:35] Erika Irby: Um, so a couple different things. So like you were saying, we, we do leverage, um, AI more, uh, recently for New Deal Reg, um, automation. And we lit, literally just launched it this week. So this is the week that it’s exciting until the, someone tries to use it for the first time and then for. [00:18:52] Um, so I can’t wait to see my emails later, but, um, it, it’s, we’re seeing like that, that that movement, which is, uh, definitely good for that. We have a task force internally for marketing, so trying to figure out how we’re gonna, um, you know, leverage that, uh, um, internally. And I think that Veeam, you know, they, they have been on the forefront of technology for, for a while. [00:19:12] You know, they were the first with the. Virtual backup and, you know, all these things, you know, really trying to be ahead of the thing, ahead of the game. But, um, one thing I, I, I love how many people brought up the intentionality and the mindfulness because I think sometimes we can easily. Put out a whole bunch of tools. [00:19:28] I love that you called out the point about the bad processes, um, because it actually, I think, can just create more confusion, more of a mess, and that, um, really mindfulness will be so much more beneficial, you know, down the road for your partners, for your customers, for everybody that has to, you know, do that interaction business with you. [00:19:47] I did wanna call out that I thought it was lovely that you had a positive comment about Microsoft. I dunno if I, [00:19:53] Audience Member: yeah, [00:19:53] Erika Irby: I like rarely hear that. So like, awesome. I hope that does get back to Microsoft. I hope that they do, um, continue that. I’m sure their SMB is quite a bit bigger than maybe others, but that is a massive install base for, for Veeam as well. [00:20:07] And even though we’re driving and trying to push into the enterprise, protecting that install base is just absolutely critical for success. [00:20:15] Erin Figer: What about you race? [00:20:17] Reis Barrie: So if I’m looking at like signals, I, I think. Uh, I’ll focus on too, I think you mentioned, uh, the, the cycles of change at Microsoft. Like it used to be an annual thing and now it’s like a, then it was a half base thing, and then it was a, now it’s a quarterly thing basically. [00:20:30] Um, but there’s also like, there’s, there’s big signals and small signals, and so annually we still get like that, like the, the, the guiding direction so that we can align. How we talk about ourselves, how we talk about our partnership, how, how we enable our sellers and whatnot. And then we got a lot of programmatic shifts from a, from a quarter to quarter standpoint. [00:20:50] Um, and so focusing on the, like these, um, these signals so we can align our, our messaging and our frameworks to align with, with, with our partnership, um, is, is one thing that’s, you know, super, super important to keep, keep tabs on. Um, and the second one, I’ll, I’ll give, you’ll. Mention is more on the cus sorry, uh, customer side, but like the seller enablement. [00:21:15] And so how is your, on the marketplace side, how, how are your sellers talking to your customers about marketplace? Um, are they, are they bringing up earlier in the, in the qualifying discussions of how does the customer prefer to buy? Um, are there fire drills with two weeks to go, um, till the, till the deal closes and now the customer wants to go marketplace and, and no one knows how to do it? [00:21:37] Um, seen that way too many times. Um, and so, but how, how, like studying kind of the, uh, maturity of our sales org to see well, like where, where, where is our, our, where are our sellers competent to have this marketplace discussion? Um, because I often relate, like, this is kinda a silly analogy, but I, I, simple stuff works really, really well with me. [00:22:00] But I like, have you ever been to a farmer’s market and you’re like nervous to buy something? ’cause you don’t know if they take credit card. [00:22:07] Audience Member: Yeah. [00:22:07] Reis Barrie: And so like to me, I’m like, okay, well, like it’s the same thing with Marketplace to me. And so like, it’s, it’s the same concept of you want your customer to be able to buy, they want the way that they would like to buy. [00:22:19] Um, and you want the person that they’re interacting with to be able to, um, facilitate that, that transaction in, in a way that feels frictionless. Yeah. Right. Uh, and so that’s a lot. Like, those are the kind of, the really two deep signals, um, that we, we look at a lot. [00:22:37] Erika Irby: I wanna make a comment on the marketplace. [00:22:38] So I don’t know if anybody else is experiencing this, you know, Veeam being an ISV, we have a really strong traditional, traditional channel motion. So, to your point about how sellers are, are managing the marketplace, to be totally honest, we struggle on, um, that, because right now it feels like a deal that goes to the marketplace is taken away from a reseller, and that reseller loses out then on that upfront margin and. [00:23:06] Um, there’s not a clean path necessarily for, you know, just because the, the deal happened there. They really, they still need to maintain that because they’re the one pri providing the services. And somebody had brought up earlier that, um, A SMB customer will never be successful without a partner. And I, I totally agree with that, but it’s like that part is missing. [00:23:26] So we almost need like a mindset change. In the channel where the marketplace is just a route to market and how the customer receives the product. It shouldn’t totally matter because at the end of the day, the, they still have to provide the services. It’s like, I could go to Home Depot and purchase a bunch of pipe for my house, but can I install it a thousand percent? [00:23:49] No. I would destroy my house. I used to have to have a plumber. So I think there’s, we could help our channel by changing that mindset, and at the same time, we, we need the marketplace owners to, to provide the benefits so that it is still very attractive for those traditional. Partners to, to push their customers there or else I, I think we’re just gonna constantly have that strife. [00:24:11] Erin Figer: Yeah. Does anyone in the audience, has anyone in the audience activated REO with Microsoft? You have? Yeah. So how’s it, like, how’s it going? Yeah, there’s Bump. Yeah. [00:24:32] Audience Member: How that shifts making people more effective in their roles individually. So we’re early stage of it, but it’s, it’s been a good experience. [00:24:42] Erin Figer: Has it helped to kind of unlock some of that friction with the resellers and continuing to include them to get to the s and b customers? [00:24:49] Audience Member: Yeah, I think the, the challenge that we’re working through right now is, you know, Erica may have said it, but it’s. [00:24:56] It’s not just the, the view of the marketplace taking people out of the equation, it’s how do we use the marketplace for, for co-innovation to keep people in it. So if, if, if it’s gonna take three to five of, of us in this room to deliver that spectrum to innovation for the customer. Um, how do we use the marketplace as a force multiplier of bringing that together and making that transaction easy? [00:25:21] Yeah. If, if our consumers are more and more influenced by Instagram and TikTok Shop Now buttons, like my husband’s texting me about my stuff that showed up today, [00:25:31] Erika Irby: which is none of his business. [00:25:32] Audience Member: None of your business. That’s right. Just put it [00:25:36] Erika Irby: in my room. Thank you. [00:25:37] Audience Member: If people are, people as consumers in the, in the u, us consumer based economy is driving more and more people through like that social experience of purchasing, that is an area where I do think Microsoft could help us and we could help ourselves in marketing how that, how we leverage it to be a force multiplier versus another omnichannel. [00:25:58] Well, [00:25:58] Erin Figer: so on that note, how many of you have put a button on your website? Click to buy? Yeah, [00:26:02] Audience Member: that’s, that’s where I’m at with our marketing team. [00:26:04] Erin Figer: Right? [00:26:04] Audience Member: Yeah. That’s, I think, the next evolution for us in the, in the REO piece. [00:26:08] Erin Figer: Yeah. Yeah. [00:26:10] Audience Member: I, I don’t want it on our website. I want to, I want it on my Instagram, my LinkedIn, my TikTok reels. [00:26:15] That’s, we’re going to, sir, it’s coming next week at our sales kickoff. Yeah. [00:26:21] Erin Figer: Nice, nice. Anybody else? Uh, activated. REO [00:26:28] besides the, you know, RE speed wagon? Uh, it’s the Microsoft Reseller Enablement. Um, offering, so like you activate your resellers to just take your listing and be able to do a private offer so that you don’t have to do multi-party private offers anymore. Your resellers can just take the listing and sell it directly, and they don’t have to wait for you to send them the offer. [00:26:52] Then they have to go do, so it takes out some of the steps and that friction in the process streamlines it and it allows them to like. Add on and do their own pricing. And then the reseller, however you have your arrangement with that reseller, continues to pay you in the back end for, um, selling that through the marketplace. [00:27:11] Erika Irby: I think I’m going to have you come and do a webinar for our Veeam partners to, to help them with that, because to your point, I don’t, I don’t think it’s as prevalent yet. It’s, it hasn’t really caught on. [00:27:21] Erin Figer: Yeah. It’s been really an unlock of, I had a large, um, ISV that I helped. We implemented REO internally, so they have 34 marketplace offerings and they have this initiative. [00:27:36] They wanted to go global, sell local, and so they launched five more publishing accounts and they came to me and said, we need to replicate our catalog five times 34. And I was like, oh God, please, no. And luckily like two months later, Microsoft, like GAed, uh, REO, and I was like, here’s your answer. We’re not going to do that. [00:27:58] We’re going to enable each of your publishing accounts to be resellers of your quote unquote gold standard publishing account, and that we actually implemented REO as an internal mechanism for them to issue their own publishing accounts, to resell private offers in local currencies. Um, and that was really an operational unlock for them. [00:28:25] All right. Anybody you wanna ask a question to the audience? [00:28:29] Audience Member: Okay. I’ll just keep going. [00:28:32] Erin Figer: Um, all right. So what are some other, um, signals or ways that you guys are evolving the way you’re co-selling? Um, does anybody else have some experience shares that they want to, to share with the audience? We’ve got, we’re using data, uh, we’re using some ai, we’re helping us get to our audience faster. [00:28:51] I really loved work span, um, building in an AI tool inside your CRM system, um, so that you can get some of those signals. Any other signals that you guys are using, uh, to change the way you’re co-selling? [00:29:07] It’s quiet on [00:29:07] Reis Barrie: Maybe, maybe I’ll share one, but Yeah. Yeah. So, um, just when it comes to, like, for us, account alignment to me is like one of the most important things and consistently doing, uh, you know, account planning and account alignment against Microsoft their accounts. Um, now it’s a bit interesting ’cause you can include some s and b stuff in there. [00:29:27] Um, but also, uh, Jason you mentioned up there, the. Uh, marketplace rewards, having the propensity mapping. And so looking at not only from an account alignment, um, what Microsoft accounts are, we, um, you know, areas are we most penetrated in, but also of those accounts, which ones are already buying on marketplace. [00:29:47] Uh, maybe have a commitment to Microsoft in, in some way to help us just further, uh, further target and focus on, you know, if we have 500 opportunities that we’re trying to, um. I’m trying to work through, um, to Sanjay’s point, like what’s, what’s the 30% that I’m gonna get my batting average on? Um, and so that constant account alignment to us is like a, is a huge, huge signal, um, for us to focus on. [00:30:14] Um, and then you can even take it a layer deeper to identify, okay, well if I’m looking like, do I have density within Nina had the, the ou up here on the screen. So do I have densities with density within like specific. Uh, verticals or regions, um, or segments that I should maybe if I just focused on that one segment or one vertical, um, you know, then all of a sudden I, I’m super successful having an executive sponsorship in that, uh, in that ou, something like that. [00:30:44] Um, and, but that, that’s all starting with, um, the foundations of that being that consistent account alignment and leveraging some of the, some of the propensity stuff that Microsoft is, is providing. [00:30:56] Erin Figer: And then making sure you’re like bringing it back into your CRM and storing it so that you can continue to use that information ongoing. [00:31:03] And we’re trying to figure out how to embed more and more. [00:31:37] And are you integrating like. Microsoft and other partners into that data as well. It’s like, this is a great partner. Incorporate them at this point in the journey. Yeah, we um. [00:31:50] When [00:31:50] Audience Member: you’re in the process with, with Microsoft, we haven’t opened it up externally, so that’s our crawl, walk, run is we’re, we’re trying this out internally. Let’s see if we can work the bugs out, get the agents working, and then how do we now go to our MSP community and offer this up as an agent they can use within their sales team. [00:32:08] And on the end of. We’re still working in the middle, but front end profiling, it’s helping a ton, um, and giving us a lot of good intel that the sellers are driving through the agent on the back end. It’s, it’s giving us not, um, just propensity data, but what’s resonating. So if we launched 12 products this year and we trained sellers on. [00:32:28] What’s hitting, where’s my pipeline velocity coming from? Where’s my close rate coming from? So that every month when we have our sales town hall, it’s like, here’s the top three sales motions that are actually driving pipeline and fast to cash close rates. [00:32:42] Erin Figer: And I gotta imagine that helps you get to your differentiators. [00:32:45] Audience Member: Oh [00:32:45] Erin Figer: yeah. And refining your superpower story. [00:32:48] Audience Member: That’s right. That’s. Yeah, because it’s for, for our sales team. I mean, we were talking about it earlier, it’s all about simplification. There’s so many options, so much noise. It’s like, just go focus on these three things and this is where you’re gonna deliver impact and outcomes to your customer. [00:33:01] And if we’re doing that, we’re all winning. [00:33:03] Erika Irby: Yeah. I, I, um, just recently, this is why one of the coolest things that Veeam has done, we just launched this tool called, um, expansion iq, and it’s part of our command, the expand motion this year where we’re really. Upselling and cross-selling our, um, install base. [00:33:17] This tool takes all the partners individual propensity data, puts it against four solution plays that we think are the main plays, and then provides them, this is what you could be earning if you took this motion. And then from a marketing perspective, we provide them. And to do this, here’s your campaign. [00:33:37] Here’s your this, here’s your that. Step one, send this email. Like very, very, you know, just, uh, planned out. And I loved what Nina said earlier today when she shared that, um, org chart. Essentially with all the different, um, industry focuses we are driving. One of our go to market actions is a Microsoft healthcare campaign. [00:33:56] That is like very, very specific, but it’s helping our partners in that manner. Could they go to their own database and pull their own and do all this stuff? Of course. But for our sellers to go blink and then give them a report and be like, here it is. It makes it so much more relevant. And then the steps just, they just hand that to their marketing org and then they’re just off and running. [00:34:18] Going back into your team to say, Hey, we rolled out these 12 things, only three landing. You gotta go back to the drawing on the other side. Or We need more money for these three. Yeah, but let’s figure what’s not with customer [00:34:38] to record the. [00:34:47] Audience Member: A better, faster, uh, listening post for, uh, can I talk really loud? Um, it’s, it’s, it’s helped turning on a listening post for our engineering, our marketing, our service delivery organization that would’ve taken months or quarters to get spun up in an executive board meeting or something. Right now they get it real time every week. [00:35:09] Okay. [00:35:09] Erin Figer: So what I’m hearing, like the theme here is to really like. Understand your sales process. Also, your co-sell sales process that runs in parallel with that. And how do you continue to serve up the right data at the right time to help your people take the right next action to continue to drive those outcomes that you’re looking for, but then also using data to circle it back, to say what’s working, what’s not working, to continue to refine that whole motion. [00:35:43] Um, so if you’re not doing that, I think that’s a big aha moment and takeaway, uh, from today’s session or from here today is like, okay, am I really identifying all the opportunities in my process to involve data to help my people continue to drive outcomes? [00:36:04] Audience Member: You [00:36:04] Erin Figer: have a, [00:36:05] Audience Member: you have your head in up back there, Gary. [00:36:06] Yeah. I, I couldn’t tell if, uh, you were prompting me when you asked that question and I, I didn’t want to, you know, do a shameless plug for cloud, but I think everybody [00:36:15] Erin Figer: should shamelessly plug, plug away. [00:36:16] Audience Member: Yeah. Yeah. Well, you know, you brought up a mitt and, uh, the co-sell thing, but it, it does relate to what Reese had said about, um, you know, the being at the farmer’s market and. [00:36:26] Not sure what, you know, can I use a credit card or not? And I think that, um, or [00:36:30] Erin Figer: can I use Apple Pay? I still ask. I’m like, do you, do you accept Apple Pay? [00:36:32] Audience Member: Oh, yeah. Yeah. So it’s like, I think, uh, a lot of times you don’t understand the seller in that situation is not sure how to handle that conversation. So, and there’s not a lot of information about their, about that. [00:36:44] Like how to, when it comes to a seller talking about marketplace and asking about the commit. Because the commit obviously is one of the main drivers, right? 900 billion out there. And committed spend across all the hyperscalers. So how to actually bring that up with a customer and what if they don’t know, right? [00:37:05] So there’s a whole process that, you know, they, they need to be taught this. But the first thing that’s also come up multiple times is activating them also means how to engage them. So an approach there of how to engage your salespeople is critical because if salespeople aren’t in it, they’re nothing’s happening. [00:37:23] You’re not gonna do well with marketplace. And on the co-sell part, it’s kinda the same thing. The typical thing, and I remember talking to Aldo Desal about this at another Ultimate Partner event, but uh, you bring your salespeople into a call, like you set up a call with, with Microsoft and the seller comes in unprepared. [00:37:42] Typically they’re not sure what to say and it’s a little bit intimidating. How, how, how do I, you know, what do you do in this situation? Like, so you start talking about product ’cause that’s what you know, and it’s the last thing you want to do. You, you want to understand what they care about, like em stage and, and, uh, what’s your consumption story and what kind of MRR impact you’re gonna have. [00:38:03] So it’s, these things are just unusual topics for the salespeople to be prepared, uh, to talk about. But it’s critical if your salespeople are gonna be enabled that they can do that. So I think from a co-selling standpoint, that’s just what I want to mention. And by the way, we offered a tool that does that. [00:38:20] Erin Figer: Nice. Awesome. Thank you. Uh, I mean, I don’t know about you. Reese Cloud Atlas. Every time we helped an ISV with their cosell motion, we would say, okay, we’re ready to go share cos sells and drive introductions. Have you done your sales enablement? Oh, yeah, yeah, yeah. We’ve enabled the sellers we have, and then we launch like the first batch of cos sells and then they immediately come back. [00:38:43] Stop, stop, stop. Don’t share any more deals, like we’re causing too much confusion. Uh, we didn’t do our sales enablement. Wow. Grace, [00:38:52] Reis Barrie: I mean, sound [00:38:53] Erin Figer: familiar? [00:38:53] Reis Barrie: It sounds very familiar. It sounds too familiar. Uh, P-T-S-D-A little bit there, but the, uh, sorry, [00:38:58] Erika Irby: but that’s why you guys have jobs. [00:39:00] Reis Barrie: Yes. Go on. It’s, it’s, um, but this, you know, I, I always come back to the, the concept of like, if we showed up to a Microsoft co-sell call the way we do to a customer call, like, oh. [00:39:14] Erin Figer: It, [00:39:14] Reis Barrie: it would, it would be night and day difference of the value you’d get outta your Microsoft partnership and co-sell. That’s all. It’s [00:39:20] Erin Figer: Well, [00:39:20] Reis Barrie: but I think people [00:39:21] Erin Figer: forget Microsoft is your customer too. [00:39:23] Reis Barrie: Yeah. [00:39:23] Erin Figer: They’re your partner, but you have to sell to before you can sell with and through. So you first gotta like master the sell to. [00:39:30] Reis Barrie: Yeah, a hundred percent. So there, there’s there like, and then to your point, [00:39:34] Erin Figer: it’s still true. 10 years later, people, it’s still true. Back to the fundamentals, right? [00:39:39] Reis Barrie: Yeah. It’s, [00:39:40] Erin Figer: yes. Go for it. [00:39:44] Audience Member: The, um, Microsoft being customer, right? So, and I love what you said about sem uh, alignment. So we actually made it a point, um, in our co-sell process, we have a validation checkpoint with Microsoft. If we build a co-sell packages, um, we are an si We’re not primarily ISV, but I think that’s shifting as well gradually. [00:40:10] And ESI kind of becoming a little bit of ISV. Um, so why it’s important, I think like Ree said, like you come up, you show up to co-sell call and you just pitch your services or say, well, let’s do account planning with this and that. Right? But what if it doesn’t work in the field? So that validation became critical for us, and I can tell you that now we have success stories that are actually proven based on that multifaceted feedback, uh, as to it’s one thing to build it. [00:40:46] Yeah. But is it useful for seller, for Microsoft sellers actually in the field? Can they actually position it and help clients to be more successful? Because that’s the ultimate goal. So that validation became, uh, an important checkpoint for us, uh, to make those packages repeatable and successful for customers at the end of the day. [00:41:06] So when we talk about signals, you absolutely right. It’s not just customer signals like we use ZoomInfo, we use all this data points, et cetera, but it’s also signals from the field because while Microsoft is a huge organization, they’re also very dynamic. On very regular basis, a lot of things changed. So taking those signals into account, uh, has created that, what we call like, more of a holistic approach for us, uh, to make it more meaningful. [00:41:33] So [00:41:34] Erin Figer: I like it. And you made it sticky by making it like a required point in the sales process? Absolutely. That everyone stops. Take a moment. [00:41:41] Audience Member: Yeah. [00:41:41] Erin Figer: And make sure that we’re all on the same page. [00:41:43] Audience Member: Yeah. And I think for us as si it’s even more critical. Like I, I, I think there is a lot more to happen in marketplace as, as, as much as we talk about it, but being in si I, we still kind of figure it out, like how Mark marketplace actually becomes a place of transaction for a size. [00:42:01] Yeah. So that’s why, you know, we’re passionate about packages and it’s not just a matter of publishing it and say, oh, it’s co-sell ready? Then what? Yeah. Right. So yeah, so, so that’s why that, that checkpoint is very important for us. So [00:42:16] Erin Figer: definitely, definitely. I think you ladies over here in the corner had some, some hands up, Michelle and, and the other Michelle, Michelle Squared. [00:42:26] Audience Member: Thank you. Michelle Squared. I like it. Um, so. I’ve been a little quiet because I wanna just give my background. So I’m a global VP of channels and alliances and, um, I think it’s a bit of this, uh, the movement, right? So I love your farmer’s market analogy so much. I’m gonna steal that. Thank you. But the reason is because you don’t know unless you’re gonna meet your partners where you are or meet your customers where they are in that journey. [00:42:53] So the first time that they’re selling whatever their goods or wares are, and somebody says, do you take Apple Pay? That’s a clue. And then when you hear it over and over again, you realize there’s a correlation that there’s a need in the market. So in In my life, all roads read to Romes, right? Reseller and VARs, OEM, alliances, MSPs, MSPs, ISVs System integrators. [00:43:17] And as a partner leader, you wouldn’t necessarily think marketplace is first because you feel like you’re going around your partners. But am I meeting my partners where they are in their journey and choosing to procure the way they want to procure? And I think that’s the notion that I have a lot of learning from this team and everyone in this room to understand how do we in a company. [00:43:38] Prescribe the right solution to, to meet our partners in that journey. And I’ll use, kind of circling back to the MSP space, PAX eight, one of Microsoft’s largest partners created a marketplace dedicated to MSPs. And while I was the global Channel chief of SonicWall, a lot of partners said to me, I like you. [00:43:56] I like your products, I like your firewall, but unless you’re on the park, PAX eight Marketplace, I’m not gonna buy from you because they make my life frictionless. And easier to do business with. And I think that’s the motion that every vendor in this room needs to understand is, are we truly meeting our partners where they are? [00:44:14] PS I work for Carrero DDoS Solutions and come to talk to me about that. Thank you. [00:44:18] Erika Irby: Well, and a Guo owes you some money for that commercial right there. [00:44:30] Audience Member: From, we’re actually community first. Um, as an MSP, even though we’re national, like we really focus in on community local touch. Um. Like you said, um, um, Southern seldom me in a southern way. Like that’s what we focus on. I’m your [00:44:45] Erin Figer: huckleberry. [00:44:46] Audience Member: I love that. Exactly. Um, and we’re seeing a ton of success with actual in-person events now. [00:44:53] Like the majority of our business is come in, leads are coming from that right now. And even though, like I, I truly believe in digital first motions, we need to be on Instagram and have that self-serve motion as the next generation comes up in our. Buying and transitioning to their kids or whatever that looks like. [00:45:14] Like we have to remember that there’s also a trend of tactile in person people first coming with it. And so like we, I, I feel like there, there has to be that motion engaged and I would love to hear your thoughts around how are vendors thinking about engaging in that community driven approach, not just the platform itself. [00:45:37] Erika Irby: Yeah, I, I personally also, this is hilarious ’cause we’re like best friends, so we can talk about this later, but, um, from a Veeam perspective, Michelle, um, we are seeing a resurgence in like these thought leadership type of events. And I think there’s, this is, this is sort of related, but just to, this is kind of how I think about this. [00:45:57] Um, Barnes and Noble’s business has like gone through the roof lately, and they are, they’re actually like opening more stores, which is bananas because at one point they were like going outta business because nobody wanted to go and like, touch a book or talk to somebody. But that is changing, thank God. [00:46:11] Right? That is like changing and people are actually like becoming more social because they’re missing this. Um, my kids’ generation refers to places like Barnes and Nobles as the third place. Like this magical place that exists where you can talk to a real human that’s not on your phone. Like it’s, it’s amazing. [00:46:28] But anyways, we’re, I think we’re starting to see this in marketing. We used to like pump everything out digitally, but after a while people get that form and they’re like, I am not putting my dang information in this form. And then your ability to capture that lead completely dissipates. All it is, is, is now an impression, which is. [00:46:47] Fairly worthless. You can have millions of them and nothing happens. So we are definitely investing more into, um, uh, live events, but also with the live streaming because then people can, they’re still watching it live. They still have to register for it. They knew they couldn’t make it. So I think that there’s definitely that digital aspect that’s super helpful. [00:47:05] But a purely digital, you will never make that connection. [00:47:10] Erin Figer: Yeah, I mean, I think. Unfortunately, COVID made us, you know, all do things digitally. But now that we’re past that, getting back to that multifaceted approach, I think if we think about what’s going on in the B2C world, lots of communities within communities, there’s whole company’s getting created, like women are bringing women together to do craft circles. [00:47:37] And literally. Okay. But like I did that digitally. That was pretty awesome. I was like three years. That shameless plug. No, I, no. But like then now there’s like companies that are actually like renting space, bringing people together, like crafting and while they’re doing the activity, um, if anyone’s ever done therapy, a therapist will say. [00:48:01] You know, if you wanna get your kids talking, get them coloring, like distract them and they will start to open up. And so you distract people with an activity and they start to open up. And what they really are, thrive, like what they really need is in this digital world where we’re getting so much information, we still need. [00:48:22] The next layer of filter to help us vet out and validate and confirm like our thinking or like our suspicions on things like, am I in the right going down the right path? Is this the right direction? So there’s still a human element that needs to be involved in that buyer journey, and you’re seeing that with these little micro communities inside communities. [00:48:45] Um, and so I’ve. I mean, I love micro communities inside of bigger communities. I’ve started two of them, three of them. So I, it definitely, like, we need still that in person, uh, interaction and I love seeing it coming back in our space. [00:49:04] Erika Irby: I, I was just thinking about ear, the, the previous panel and the, the topic came up about who can assist partners as they transition from that direct to CSP motion. [00:49:15] And I mean, yes, it, I think Microsoft plays a role there, but I think it would behoove Microsoft to invest in these communities and they would enable that change. Yeah, [00:49:26] Erin Figer: yeah, yeah. There is a person inside of Microsoft who has that remit, but she’s like one person, one person trying to do that. I was like, wow. [00:49:36] Okay. Grace, what are you seeing amongst your partners and also your perspective with working with Microsoft? [00:49:42] Reis Barrie: Yeah, yeah. Um. There’s a really good, uh, the frontier study, the work like door work study that they did, um, which talks really heavily about just like in this, you know, post 20, you know, 2020 culture, how like the amount of busyness has just increased in an insane amount and how a, a really strong use case for AI is to buybacks from that time essentially, um, for us to, you know, return back to a, a normal state and I think social creatures, right? [00:50:10] And so, um, in this. I run a fully remote company, which is like a blessing and also like really interesting to try to create a really strong culture within people that are, you know, 13 times zones apart times. Um, and so it’s uh, it’s a really interesting thing and coming together and, um, into an in-person space or a place here or a place where you can actually talk to your customers, talk to, um. [00:50:39] Step away from that, like that busy day to day where like, I, I can’t even fit a 15 minute break in to grab lunch. You know, days like how much, supposed to find 15 minutes to just have a, a casual conversation and these types of events, which I’m sure Vince is cheering back there that we’re talking about this right now. [00:50:57] But the, uh, but these type of events, they let you decompress from that day and they let you kind of just have these really important conversations that, you know, bring us back to just being humans To me. [00:51:10] Erin Figer: And being human and co-selling with each other. And on that note, we’re 44 seconds over. Yeah, we’ll give it back to Vince, [00:51:18] Reis Barrie: but we were plugging Vince’s events, so I think we’re okay. [00:51:21] Vince Menzione: We One more question. We have one more question from, sorry. Oh yeah. [00:51:23] Reis Barrie: It’s [00:51:23] Audience Member: maybe more a, a shared just as we’re talking [00:51:25] Vince Menzione: by the clip, right. [00:51:27] Audience Member: And to compliment everything that you guys have been talking about around co-sell and. Getting ready in line with Microsoft to speak to the customer and speaking. So the signals that we’re going after are on the actual conversations that are happening in the conversation. [00:51:41] So aside from all the planning, which I agree on, we’re building agents to hear what’s going on on the calls with Microsoft, on the calls with customer, and grab those actual signals. Are we answering the questions in the right way? What types of questions are coming back to us that we weren’t able to answer. [00:51:58] Maybe we forgot some information that we planned on and thought about can we signal and provide that feedback to the user, the seller, or whatnot on the call. And so as we’re doing this, ’cause we’re in the communication space, so we have some self-interest here ’cause that’s sort of the future of our business. [00:52:12] But it’s a really interesting opportunity for us to grab these signals to improve how we’re selling with our customers, how our partners are selling with our customers, with Microsoft. It’s just an interesting way with everything that’s going on full circle, we’re trying to complete that sort of sales journey with AI and, and grab those signals and keep getting better all the time. [00:52:32] Erin Figer: Yeah, I love that. And I think it’s like the ongoing balance of people, process and technology and how do you continue to keep the human in the loop? It, as we continue to introduce and evolve AI and use of data in our companies is like continuing to be mindful about the human in the loop. Um, part of that journey. [00:52:54] So thank you all. [00:52:55] Vince Menzione: Very cool. Great conversation. [00:52:56] Erin Figer: Thanks for all the audience engagement. We appreciate it. [00:52:59] Vince Menzione: Co-selling the house, co-selling the house. [00:53:02] Audience Member: Thank you, Vince. [00:53:02] Vince Menzione: Thank you. And I remember that January, 2016. Yes.

Today’s headline news for Canadian IT solution providers: Google Cloud has launched the new Google Cloud Partner Network, formalizing a shift in how the provider interacts with the channel ecosystem. The rollout is designed to streamline partner engagement and provide clearer pathways for partners building out generative AI practices, offering Canadian solution providers a strong secondary option to Microsoft’s ecosystem. Microsoft and OpenAI have altered the terms of their landmark partnership, including significant revisions to their revenue-sharing agreements. The restructuring points to a maturation of the relationship as both companies seek to maximize returns on infrastructure investments, a shift that will ultimately dictate pricing and margin opportunities for MSPs building practices around Copilot. Cybersecurity provider Guardz has released its 2026 MSP Threat Report, highlighting that non-human identities now outnumber human users by a ratio of 25 to one across client environments. The data indicates that threat actors are actively exploiting this expansion, using AI to accelerate attacks and bypass traditional perimeter defenses, forcing MSPs to expand their focus to comprehensive identity and access management. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, April 29th, and here’s what’s happening in the channel today. Google Cloud has officially launched its new Google Cloud Partner Network, formalizing a shift in how the provider interacts with its channel ecosystem. According to the company, the rollout is designed to streamline partner engagement and capitalize on solution providers looking to diversify their cloud infrastructure bets away from Microsoft’s dominant ecosystem. The new structure represents a strategic realignment for the hyperscaler, providing clearer pathways for partners building out generative AI and data analytics practices. For Canadian solution providers, the formalized program offers a tangible secondary option in the cloud space. Having a strong alternative ecosystem provides crucial leverage in vendor negotiations and gives MSPs a viable path for clients who are seeking different commercial models for their AI transformations or are wary of vendor lock-in. Microsoft and OpenAI have altered the terms of their landmark partnership, including significant revisions to their revenue-sharing agreements. The move signals a shift in the underlying dynamics of the tech industry’s most closely watched artificial intelligence alliance. While the specific financial splits remain undisclosed, the restructuring points to a maturation of the relationship as both companies seek to maximize their returns on massive infrastructure investments. This realignment happens just as both vendors are aggressively expanding their respective channel footprints. The economics forged at the top of this partnership will inevitably dictate the pricing, packaging, and margin opportunities available to the broader ecosystem. Canadian MSPs building practices around Microsoft Copilot, or those exploring OpenAI’s recent moves to build a dedicated channel program, need to monitor these developments closely. When tier-one vendors adjust their revenue expectations, those shifts frequently cascade down to partner profitability. Cybersecurity provider Guardz has released its 2026 MSP Threat Report, highlighting how AI-driven attacks are reshaping the threat landscape. According to the report released yesterday, non-human identities now outnumber human users by a ratio of 25 to one across client environments. This expansion is being actively exploited by threat actors, who are using AI to accelerate attacks targeting identity, email, and cloud infrastructure. The data indicates that traditional perimeter defenses are increasingly being bypassed by attackers leveraging unmonitored service accounts and API keys. This is a shift that lands directly on the service desk. Securing human endpoints and implementing standard multi-factor authentication is no longer sufficient. Solution providers now have to govern the massive web of non-human identities accessing their clients’ data. This represents a significant vulnerability that requires immediate remediation, but it also opens a distinct avenue to expand managed security practices around comprehensive identity and access management. Later today on In The Channel, we’re talking about the seven deadly sins of SMB cybersecurity. Michael Crean, senior vice president and general manager of managed security services at SonicWall, joins the show to discuss the 2026 Cyber Protect Report and why MSPs need to stop ignoring the fundamentals. And if you haven’t heard it yet, yesterday’s episode features a conversation on why networking is not sexy until it doesn’t work. Doug Houghton, director of global channels at Alkira, explains why legacy networks weren’t designed for the elasticity demanded by today’s AI workloads. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Michael Crean, senior vice president and general manager of managed security services at SonicWall SonicWall published its 2026 Cyber Protect Report in March with a deliberate reframe: rather than threat intelligence for its own sake, the report is built around actionable content for solution providers. The centrepiece is the seven deadly sins of SMB cybersecurity – seven predictable, preventable failure patterns drawn from real breach data. The headline numbers are sobering: 88 percent of SMB breaches involve ransomware, more than double the enterprise rate, average dwell time sits at 181 days, and 85 percent of actionable alerts trace back to identity and credential compromise. Michael Crean, senior vice president and general manager of managed security services at SonicWall, came to the company through the acquisition of Solutions Granted, the MSSP he built – one of the early pioneers of SOC-as-a-service for the MSP market. He’s direct about what the data means for partners: the seven sins aren’t just an SMB customer problem. They’re an MSP problem too. His core argument is that mastering fundamentals – MFA, patching, privilege management – is non-negotiable, and owning the right tools doesn’t change that. You can have the same toolbox as your mechanic; that doesn’t make you a mechanic. On the MSP-to-MSSP question, his answer channels Yoda: do or do not, there is no try. A month after the report’s release, Crean says partners have already been using the sins framework directly in customer conversations – which he describes as the whole point. One postscript: his personal favourite of the seven sins is number five, cost-driven security decisions. His test – ask a room of MSPs how many bought the cheapest car on the lot. Nobody raises their hand. But too many of their customers are doing exactly that with cybersecurity. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. SonicWall has published annual threat research for years, but this year they did something different. They stopped calling it a threat report. The 2026 Cyber Protect Report reframes the conversation away from data for its own sake towards something MSPs can actually use – a set of tools and talking points for strategic conversations with customers. The hook they chose? The seven deadly sins of SMB cybersecurity. Seven predictable, preventable failures that show up in breach after breach. My guest is Michael Crean, senior vice president and general manager of managed security services at SonicWall. Michael came to SonicWall through the acquisition of Solutions Granted, the MSSP he built and one of the early pioneers of SOC-as-a-service for the MSP market. Before that, nine years in the military. So when he talks about what MSPs are getting wrong on security, he’s speaking from a fairly unusual vantage point – inside the SOC, inside the vendor, inside the partner community itself. The report had been out about a month when we sat down and I was curious what the actual conversation had looked like since launch. We got into that, the sins themselves, the 181-day dwell time that should make many MSPs uncomfortable, and what it really means to be or partner with a true MSSP. Let’s get right into it. My chat with Michael Crean. Michael, thanks for taking the time. I appreciate it. Michael Crean: Absolutely, sir. Robert Dutt: You called this report the Cyber Protect Report, not the threat report that you guys have been publishing for years. That seems like a deliberate choice. What are you trying to signal with that shift and who are you really talking to with this report? Michael Crean: I think every other threat report just looks the same. It’s got some different colors, it’s got some different logos, but everybody talks about the same exact thing and it felt boring. It felt like, “Why do we have to fit into the same role as everyone else? Why can’t we do something different that’s purposeful and should be meaningful to people?” It actually gives them something to talk about – not just with themselves internally, but also to their customers. That was the reason we went down this path and decided to call it the Protect Report. Robert Dutt: I’m guessing that also sets up why you went with the framing of those seven deadly sins – the seven predictable, preventable failures. I thought that was a really neat hook for it. When you look at that list, which one do you think most MSPs would be surprised to see themselves in? Not so much their customers, but themselves as MSPs? Michael Crean: Number one – ignoring the fundamentals. I mean, it’s incredible the amount of times – because of the work that we do at the SonicWall Security Operations Centers and the amount of compromises that we’re brought in to participate in, investigate, help people with – that you just find it’s this overwhelming amount of: you had the right tools, you had the right tech, and you didn’t know what to do with it. Or you did and you just didn’t take the time to really learn how to ride the bike well. We had a compromise today where a customer of ours got hit with Akira [verify], a ransomware, and we thought we probably knew that the penetration point was the firewall, but we had to do some more investigation. And when we did the investigation, the amount of misconfiguration was staggering [verify]. You pay for all these security services, and they weren’t even enabled – IPS, IDS disabled – and they paid for them. So it’s just unfortunate. These are just, again, what we call ignoring the fundamentals. Robert Dutt: Do you have any thoughts on what’s driving that? Is it a matter of, this is up and running, moving on to the next shiny thing, moving on to the next opportunity? What’s behind that? Michael Crean: I think some of it is that MSPs have found themselves in this place of challenge where they have so much responsibility and customers are looking at them. And I heard this a long time ago when I was a child – the smart person is the person that says what they don’t know. I think a lot of people are fearful to show that side of, “I don’t know something.” But saying “I don’t know” doesn’t mean you don’t know and you’ll never know. It just means, “Hey, I don’t know that, but I’m going to go here and ask this person, or I’m going to go to this vendor and get more information, or I’m going to do some more research and come back to you with a really solid answer.” Instead, there’s this constant – I hate to use the word – but it feels like there’s this constant necessity of yes that we have to keep giving our customers. I prefer somebody to tell me, “Nope, I don’t know how to do that, but I’m going to give you a great contact so that you can get it done right.” So I think that’s part of it. And then we, as manufacturers, we keep telling people all along the way, “Hey, buy my stuff, it fixes your problems. Just buy my stuff.” Well, I can go buy the same box of tools that my mechanic has, but that doesn’t mean I’m a mechanic and it obviously does not mean that my car is going to get fixed just because I’ve got the tools. Robert Dutt: Can attest to that. Fortunately, not with great experience, but there’s a reason I do take my car to someone else to get looked at. Michael Crean: Oh my goodness, you and me both. I want it done right. And as hard as I tend to drive my cars – because I have a thing for speed and adrenaline – I would actually like them to be as proper as they can be. Robert Dutt: Well, especially given that it’s important, when you’re testing the limits shall we say, that the thing stays together while you’re doing so. Michael Crean: Absolutely. Robert Dutt: And back to that point, I think there’s also the factor of when you are presenting yourself – and most MSPs do – as the trusted advisor, the expert on this, who’s going to take care of all this, that creates an even greater disincentive to admitting, “You know what? I need to check on that. Let me find out more,” rather than saying, “Yeah, I got this.” Michael Crean: I think it’s human nature, just in general. Because the moment you admit you don’t know something or you’re not certain, at that very moment in time, we just assume that to be a point of weakness. I believe through the military – I served for nine years – and being a CEO and founder for 22 years, what I really realized, and even when it came to my kids, sometimes when you just don’t know, it’s okay to say you don’t know, but I’m going to find out, or I’m going to figure it out, or we’re going to do it together and we’re both going to be better for it than we were when we started with the question. Robert Dutt: Funny, that came up early in my journalism career too. My editor at the time would say, “Your job is not to know. Your job is to find the person who does.” Along the same lines, a little bit of a different lens. You said something that I quoted in the news piece we did on the release of the report: that the danger isn’t that AI isn’t working – it’s that we’re using it as an excuse not to do the things we already know we should. That’s a remarkably direct thing for a security vendor to say, and it touches on that eating-your-vegetables kind of advice. What are you seeing that made you include that line? Michael Crean: It’s not what I’m seeing today. It’s what I’ve seen for the last 20 years in this industry. I mean, we went from deep packet inspection firewalls to next-generation firewalls. We got all of these extra added capabilities in the firewall, but then we got lazy on doing proper firewalling – controlling ports both inbound and outbound the way we used to do it – because we felt that we were overcompensating because we had so much power and capabilities. Then we went from signature-based AV to next-gen AV where we had these mathematical algorithms doing predictive analysis to understand whether a file is good or bad. Then we got EDR technologies helping us with the behaviour behind it. We just keep adding and adding and adding. I see AI as nothing more than just another tool. But how good can a tool be when you’re not performing the fundamentals? It helps, but it just can’t – I don’t know if you’re a sports guy or not, but think about it. When you look at the best of the best, whoever that may be – I’m a hockey guy – I’ll call Alex Ovechkin today. The best of the best, the all-time goal scorer. He beat Wayne Gretzky, he took that last year. That man works hard and he works on the fundamentals. I love what AI can do for us – to help get rid of some of the tasks that we don’t want to do, that we hate to do, that we can use for automation and make things faster, help us find bugs in our code, and in a security operations center, get through just mounds of data quicker. But you still have to do the fundamentals and you have to do the right things. Because when you do the right things and then you add something like AI to it, the world becomes a much different place. Robert Dutt: 88% of the SMB breaches you’re reporting on involved ransomware. That’s more than double the enterprise rate, if I’m remembering correctly. That’s a striking gap. What’s causing that? Do you see it as primarily resources, primarily end-user training, or something structural about how SMBs get attacked that’s different from enterprise? Michael Crean: I think it’s a little bit of everything that you mentioned, but mostly what it is, is this perception of, “I’m too little. I don’t have anything valuable. Why would somebody want to attack me?” When these large threat actors are going after huge enterprises – Colonial Pipeline, JBS, some massive organization – those organizations have better tools, better resources, better people, and they probably have more maturity to respond when they start to notice an attack taking place. When you think nobody’s ever going to break into your house, you may not lock your doors. You may not care about having the 70-pound German shepherd on watch when you’re not there. Because, I don’t have anything in my house of perceived value. But when you take that shotgun approach and you can knock down a hundred SMBs and get $10,000 out of each one, that’s a hell of a payday. It’s logical what we’re seeing right now. What it requires is that we all understand we have responsibility for the data that’s been entrusted to us – whether it’s customer data or supply chain data you’re responsible for because you’re supporting another vendor. The data we have is far more valuable than we give it credit for. Robert Dutt: And I guess there might also be an element of the ability to fly under the radar – the opposite of security through obscurity – in that you make that hit on Colonial Pipeline and it’s front-page news everywhere. You hit a bunch of small businesses for ten grand each, it gets a lot less attention from media. Michael Crean: I mean – I’m sure you’ve heard this, you’ve been doing this long enough – the idea around news and media: if it bleeds, it leads. And it’s not really sexy when you talk about a two-chair dental practice that gets hit with ransomware. And the two-chair dental practice doesn’t really want to talk about it either, because they’re a small community-based organization and it’s really damaging to how people potentially look at them. Whereas a Target, a Home Depot, a Lowe’s, whoever gets hit with ransomware – they’ve got the marketing machine, the attorneys, the dollars, the insurance. And at the end of the day, they’ll be as profitable, if not more profitable, a few quarters later. Robert Dutt: The report surfaces the number of 181 days of dwell time. For an MSP who’s running monthly security reports, quarterly reviews, thinks they have things in order – that number has to sting. What does it require of an MSP’s operating model to address that? Michael Crean: One, making sure that the investments you’ve made and the technologies you’ve decided to procure – the tools you’re going to use – make sure you’re well-trained on them and well-versed on the best practices so that you can get optimal outcomes. Patch management, man – I can’t tell you the amount of times we’ve seen… you talk about this 181 days, it comes down so many times to pure patch management. And the vast majority of manufacturers give you the patches for free. But we don’t think about it, we get distracted, we don’t see it as valuable as it really is. And it’s the really simple things. Again, it’s that number one – ignoring the fundamentals. Patching has been a fundamental thing we’ve talked about for so long. And I also think that for an MSP that just magically adds the additional S and starts calling themselves an MSSP – don’t dabble in security. Either do or do not. Do not try. We’re going to throw a little Yoda in here for the day. And if you’re not going to be a real MSSP, partner with one. There are so many great organizations out there – I’ll say we’re a great organization to partner with, that’s how we go to market – but there are lots of others out there who are purpose-built for this. It’s like being the best doctor in the world but you’re not a surgeon. So you refer somebody to a surgeon to get that surgery done. Robert Dutt: Your own background includes Solutions Granted – building out one of the first SOC-as-a-service models for MSPs before SonicWall acquired you. I’m curious, when you look back at your time on the other side, when you were the MSP – are there any of those sins you look at and go, “Hmm, that sounds awfully familiar”? Michael Crean: Oh, absolutely. I will say I went through that transition – 22 years of being a VAR, to being a government contractor, to being an MSP – realizing I was a really crappy MSP. Not going to lie. My bedside manner wasn’t great. I wasn’t passionate about what I was doing. And I think that’s something that gets lost sometimes. I was super passionate about security – getting out of the military, transitioning away from that, getting into IT and the tech space. And when I found my way into this SOC-as-a-service MSP space, it’s where I found my passion and love again. And I think that means a lot. Don’t do it for the sake of doing it. I think we all have to keep the lights on and put food on the table and clothe our kids and find a way to retirement one day, but find some happiness in that too and be really passionate about what you’re doing. And you’ll probably find a lot of these seven deadly sins aren’t as deadly for you. Robert Dutt: That’s one way of mitigating it, that’s for sure. The report is framed around protection outcomes and it’s explicitly aimed at giving MSPs the language to have strategic conversations with SMB decision-makers. But there’s a responsibility question underneath that. If the MSP is the last line of defense for most SMBs – and I think we’ve talked about this a little bit already – what does good actually look like? What’s the bar you have to reach before you either back off from security and/or partner with someone else who’s much more committed? Michael Crean: I think, one, it’s a team effort. It isn’t just the MSP’s responsibility. The business owners, the decision-makers, the board, whoever you’re dealing with that’s making these decisions – they have to buy in. And if they don’t, well, then you’re at a disconnect. You’re bringing in a subject matter expert – the MSP – to help make them more secure, for survivability, for all the things they’re asking for to make sure they can operate at the highest levels possible, and then you don’t allow them to do their job. That’s a huge risk. What I will say – and this is a hard lesson to learn, but one of the most valuable lessons to learn – is when you fire your first customer. Not get fired, but you actually fire your first customer because it wasn’t the right fit and the financial impact was going to hurt. It didn’t feel good. Nobody ever really wants to get fired or be fired. But when you do that, you start to mature. And inevitably, you also help that customer mature – because if they hear the same message from multiple people: “We’ve got to do patch management. Don’t tell me we can’t. We’re going to use MFA. We’re going to have a SOC monitoring this 24 hours a day, seven days a week, 365 days a year. We’re going to take away administrative privileges. We’re going to do the fundamentals. We’re going to make investments in tools and put the right people, process, and technology in place.” The outcomes really start to matter. But it is a team sport. I can’t tell you – and I’m sure you’ve heard this – MSPs talking about, “I can’t get my customer to use MFA, so I got them to sign this indemnification clause.” How many MSPs are getting sued, and these indemnification clauses aren’t holding up? Because you’re the expert. If you believe it’s 100% the right thing to do, then if they don’t follow – you fire them. Robert Dutt: It’s funny how often it comes down to that. I’ve heard that same sentiment from MSPs in the move towards, “This is what you have to take. It is not negotiable. It is the cost, as it were, of doing business with us.” I think that’s sage advice. Michael Crean: We accept it from our surgeons, right? If I’ve got a bum knee and I need it fixed and I’m a little overweight and he knows I’m drinking a little too much bourbon or eating a little too much red meat and he wants me to lose ten pounds so that he can be successful – if I’m not doing my part, well, why does he want to do surgery on me? Robert Dutt: Point taken. The report’s been out for a few weeks now. Curious – what’s the question you’re getting most from partners that you didn’t expect as they sit with this? What’s hit differently than you thought it might? Michael Crean: I thought we were going to get more pushback on why we called it a Protect Report instead of a Threat Report. That really isn’t the question we’ve been getting. What’s been surprising to me is the commentary. The unsolicited emails, the LinkedIn requests, the comments – people have really enjoyed receiving a report that just wasn’t like everything else. There’s been a lot of commentary along the lines of, “I’m going to have this discussion and use these analogies and use these seven deadly sins to have conversations with my customers.” That’s what we were hoping for, but you never know when you go against the grain how well it’s going to hit. I think we got lucky. Robert Dutt: It sounds very much like mission accomplished. I know it’s something that caught my attention and that I’ve heard out there as well. I look forward to seeing what comes next as you continue to reinvent what these kinds of reports do and what they look like. Michael, I thank you for taking the time to talk through this and to offer some advice. Michael Crean: I appreciate your time as well, sir. Thanks a lot. Robert Dutt: There you have it – Michael Crean from SonicWall. I’d like to thank Michael for his time, and for a conversation that felt a little different from the usual vendor security briefing. His background – building Solutions Granted from scratch, running a real MSSP, operating inside a SOC, and now sitting on the vendor side – gives him a perspective that’s harder to find than you’d think among people who are now in vendor roles. A few things will stay with me. The mechanic analogy – you can own the same box of tools, but that doesn’t make you a mechanic, and it doesn’t mean your car is going to get fixed. The surgeon line – if the patient won’t follow the pre-op advice, why are you doing the surgery? His answer on when an MSP reaches maturity – it’s the moment you fire your first customer who won’t implement MFA or basic patch management, even when it hurts. And the Ovechkin riff – even the greatest goal scorer in NHL history never stopped working on the fundamentals. Now, after we stopped recording, Michael mentioned something he wished he’d worked into the interview, and I promised I’d pass it along. Of the seven deadly sins in the report, I asked which one is most personally interesting to him and he landed on sin number five – cost-driven security decisions. He illustrated it this way: he’d been speaking at a conference recently and asked how many in the room had bought a car in the last eighteen months. A lot of hands. Then he asked how many of them had bought the cheapest car on the lot. Not one hand went down. Because we think about safety ratings, about the features, about whether the thing will hold together when we need it to. But when it comes to cybersecurity, too many businesses just reach for the cheapest option. As Michael said himself, it’s a little strange to have a personal favourite deadly sin. But there you have it. The 2026 Cyber Protect Report is well worth a look for any MSP or solution provider thinking about how to have a more strategic security conversation with their customers. Links in the show notes. If you found this useful, follow or subscribe to In The Channel from ChannelBuzz.ca wherever you get your podcasts – you’ll find us on Apple Podcasts, Spotify, YouTube, and all the major directories. Ratings and reviews are always appreciated and genuinely help other people in the channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

A new type of cyberattack is bypassing every security tool you've invested in — and it starts with a simple Microsoft Teams message. No malware. No exploit. No zero-day. Just someone pretending to be IT support. At the same time, new data shows 73% of ransomware attacks are now entering through VPNs, and small businesses are absorbing an average of $422,000 per incident. Meanwhile, KPMG just released its 8 cybersecurity priorities for 2026, sending a clear message to executives: the biggest risk isn't technology — it's leadership. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three critical developments every business leader needs to understand right now. This Week's Cybersecurity Breakdown 1. Microsoft Teams Hack (UNC6692 Attack Campaign) Hackers are impersonating IT support inside Microsoft Teams to gain access to enterprise environments. No software vulnerability exploited Targets C-suite and senior leadership (77% of victims) Uses legitimate platforms like AWS and Heroku to evade detection 2. VPNs Are Now the Front Door for Ransomware (At-Bay 2026 Report) New insurance data reveals a sharp increase in ransomware attacks targeting VPN infrastructure: 73% of attacks originate through VPNs 60% of victims had EDR deployed — and still got hit SonicWall vulnerabilities linked to a significant percentage of attacks Average loss: $422,000 for SMBs 3. KPMG's 8 Cybersecurity Priorities for 2026 A strategic warning for boards, CEOs, and executives: AI is now an attack surface Non-human identities (APIs, service accounts) are a major blind spot Supply chain attacks are becoming the primary entry point Cybersecurity is no longer an IT issue — it's a leadership responsibility The Bottom Line The biggest cybersecurity gap today isn't technical. It's leadership. You can't patch employee trust You can't rely on tools without oversight You can't delegate cyber risk and expect protection If you're running a business, this is required awareness. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of real-world cyber threats, ransomware trends, and executive-level security insights.

ソニックウォール・ジャパン株式会社は4月1日、2026年版SonicWallサイバー保護レポートを発表した。

A ransomware attack on one software vendor exposed 823,000 people's Social Security numbers and bank account data across 80 community banks — and those banks didn't find out for 74 days. That's just one of three stories on today's Security Squawk that show exactly how the vendor trust chain is failing businesses right now. Bryan, Randy, and Reginald break down: a brand-new extortion crew called UNC6783 that's been hitting "several dozen" high-value corporations — including an alleged Adobe breach of 13 million support tickets — by breaking into their outsourced call centers and help desks instead of the companies themselves. Then Microsoft's new research on the Medusa ransomware group (tracked as Storm-1175), which is exploiting zero-day vulnerabilities before patches even exist and can go from initial access to full ransomware deployment in under 24 hours. And finally, the full Marquis Software story: a fintech vendor breach that cascaded through 80 community banks, led to a ransom payment, and ended with Marquis suing their own firewall vendor SonicWall for gross negligence while defending 36+ consumer class action lawsuits. If you trust vendors with your customer data — and you do — this episode is about what happens when that trust gets broken.

Iran-linked hackers signal cyberattacks will continue despite the cease-fire. Microsoft restores access after suspending open-source developer accounts. John Deere settles its right-to-repair fight. A suspected Adobe Reader zero-day surfaces. Palo Alto Networks and SonicWall patch high-severity flaws. New macOS malware targets crypto wallets. A threat cluster abuses live chat to bypass MFA. CISA orders urgent Ivanti patching. Researchers track a stealthy DDoS-for-hire botnet. Our guest is Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. macOS has a 49 day time limit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. If you enjoyed this conversation, check out the full interview here. Selected Reading Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long (SecurityWeek) Microsoft suspends dev accounts for high-profile open source projects (Bleeping Computer) John Deere to Pay $99 Million in Monumental Right-to-Repair Settlement (The Drive) Adobe Reader Zero-Day Exploited for Months: Researcher (SecurityWeek) Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities (SecurityWeek) New macOS Malware notnullOSX Targets Crypto Wallets Over $10K (Hackread) Google Warns of New Threat Group Targeting BPOs and Helpdesks (Infosecurity Magazine) Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion (Trellix) CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday (Bleeping Computer) We Found a Ticking Time Bomb in macOS TCP Networking - It Detonates After Exactly 49 Days (Photon Blog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, pro-Iranian hackers claimed responsibility for a devastating cyberattack against U.S. medical device company Stryker. They have also targeted data centers and industrial facilities in both the United States and Israel. As the war with Iran continues, experts are expecting an increase in such cyber-attacks in an effort to degrade the war effort, strain cyber security efforts and cause as much damage to American companies, and the economy as possible. FOX's Tonya J. Powers speaks with Michael Crean, Senior Vice President of Managed Services at SonicWall, a comprehensive, AI-driven cybersecurity solutions company that specializes in next-generation firewalls and cloud security, who says the goal is to wear down the war effort and hit Americans at home. Click Here⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ To Follow 'The FOX News Rundown: Evening Edition' Learn more about your ad choices. Visit podcastchoices.com/adchoices

This week, pro-Iranian hackers claimed responsibility for a devastating cyberattack against U.S. medical device company Stryker. They have also targeted data centers and industrial facilities in both the United States and Israel. As the war with Iran continues, experts are expecting an increase in such cyber-attacks in an effort to degrade the war effort, strain cyber security efforts and cause as much damage to American companies, and the economy as possible. FOX's Tonya J. Powers speaks with Michael Crean, Senior Vice President of Managed Services at SonicWall, a comprehensive, AI-driven cybersecurity solutions company that specializes in next-generation firewalls and cloud security, who says the goal is to wear down the war effort and hit Americans at home. Click Here⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ To Follow 'The FOX News Rundown: Evening Edition' Learn more about your ad choices. Visit podcastchoices.com/adchoices

This week, pro-Iranian hackers claimed responsibility for a devastating cyberattack against U.S. medical device company Stryker. They have also targeted data centers and industrial facilities in both the United States and Israel. As the war with Iran continues, experts are expecting an increase in such cyber-attacks in an effort to degrade the war effort, strain cyber security efforts and cause as much damage to American companies, and the economy as possible. FOX's Tonya J. Powers speaks with Michael Crean, Senior Vice President of Managed Services at SonicWall, a comprehensive, AI-driven cybersecurity solutions company that specializes in next-generation firewalls and cloud security, who says the goal is to wear down the war effort and hit Americans at home. Click Here⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ To Follow 'The FOX News Rundown: Evening Edition' Learn more about your ad choices. Visit podcastchoices.com/adchoices

This week's Security Squawk episode isn't about phishing. It's about structural weakness. Three separate incidents. Three different industries. One uncomfortable pattern: the systems organizations trust most are expanding risk quietly — and in some cases, architecturally. First, a lawsuit that should make every board member pay attention. Marquis Software Solutions, a fintech serving 74 U.S. banks, is suing SonicWall. The allegation centers on SonicWall's cloud backup system, where firewall configuration backups were allegedly accessible and contained credentials — including MFA scratch codes. Those backups were reportedly used to compromise Marquis, leading to a ransomware incident and downstream exposure. What began as a scoped 5% customer exposure was later reported as potentially impacting all customers. This is not a misconfigured endpoint. This is a control-plane failure. For CEOs, this reframes vendor risk. It's no longer a questionnaire exercise. It's a litigation vector. If a security provider's design exposes authentication artifacts, your internal diligence may not matter. The liability chain now includes vendors and MSPs in a very direct way. For IT Directors, the operational question is simple: what exactly is inside your firewall backups? Are reusable authentication artifacts stored? Who can access vendor-hosted exports? If attackers obtain your configuration backups, can they replay your defenses? For MSPs, the exposure is real. If you manage firewall exports or MFA deployments, you are part of the architecture. And potentially part of the courtroom. Then we shift to UFP Technologies, a medical device manufacturer. Intrusion detected. Billing and shipping label systems disrupted. Data stolen or destroyed. Insurance expected to offset financial impact. But this isn't primarily a data story. Attackers disrupted order-to-cash and fulfillment velocity. In healthcare supply chains, slowing billing and labeling can create immediate executive escalation without touching the factory floor. Modern ransomware groups increasingly target business process choke points — ERP, labeling, scheduling — because leverage doesn't require full encryption anymore. For CEOs, “no material impact expected” is accounting language. Customers measure impact in delayed shipments. For IT leaders, the question becomes operational: can billing, labeling, and fulfillment functions recover independently? Are those systems segmented? Tested? Immutable? For risk managers and insurers, this represents a shift in underwriting focus — from endpoints to process resilience. Finally, the University of Hawaiʻi Cancer Center ransomware incident. Roughly 87,000 study participants directly impacted. But historical datasets, including Social Security numbers collected from driver's license and voter registration data dating back to 1998, expanded potential exposure to nearly 1.2 million individuals. They engaged the threat actors. They received a decryptor. They received “assurances” that data was destroyed. That's not verification. That's negotiation. The uncomfortable truth: legacy identity data becomes modern ransom currency. Research environments often have weaker governance than clinical systems, yet they can contain decades of sensitive identifiers. For boards, the issue isn't just security posture. It's data retention discipline. What obsolete identity data are you still holding? Why? For how long? And who owns the risk? Across these stories, three themes emerge: Control-plane trust is fragile. Operational choke points are the new leverage strategy. Data retention is compounded liability. Cybersecurity is no longer just about stopping intrusion. It's about architectural accountability and governance maturity. If you value independent, executive-level analysis without vendor spin, support the show at: buymeacoffee.com/securitysquawk The real question is this: Are your greatest cyber risks coming from external attackers — or from design decisions you haven't revisited in years?

Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-559

Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-559

If you like what you hear, please subscribe, leave us a review and tell a friend!

Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-559

Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-559

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week's cybersecurity news, including: Notepad++ update supply chain attack has been attributed to China The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess The Epstein files claim he had a personal hacker? Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again. Telco hides a free trip in its privacy policy, someone actually reads it and wins! This weeks's episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login. This episode is also available on Youtube. Show notes The Chrysalis Backdoor: A Deep Dive into Lotus Blossom's toolkit Notepad++ Hijacked by State-Sponsored Hackers | Notepad++ Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++ Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Blog lcamtuf on X: "Moltbook debate in a nutshell" / X Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site AndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / X Signal president warns AI agents are making encryption irrelevant Massive AI Chat App Leaked Millions of Users Private Conversations Runa Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson EFTA01683874.pdf Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog Nobel Committee says Peace Prize winner likely revealed early by digital spying | Reuters County pays $600,000 to pentesters it arrested for assessing courthouse security - Ars Technica Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity Dive CISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future News CISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity Dive Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch We Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - Cape Between Two Nerds: The internal logic of Russian power grid attacks - YouTube

Hewlett Packard Enterprise patches a maximum-severity vulnerability in its OneView infrastructure management software. Cisco warns a critical zero-day is under active exploitation. An emergency Chrome update fixes two high-severity vulnerabilities. French authorities make multiple arrests. US authorities dismantle an unlicensed crypto exchange accused of money laundering. SonicWall highlights an exploited zero-day. Researchers earn $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components. A U.S. Senator urges electronic health record vendors to give patients greater control over who can access their medical data. Our guest is Larry Zorio, CISO from Mark43, discussing first responders and insider cyber risks. A right-to-repair group puts cash on the table.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Larry Zorio, CISO from Mark43, to discuss first responders sounding the alarm on insider cyber risks. To see the full report, check it out here. Selected Reading HPE warns of maximum severity RCE flaw in OneView software (Bleeping Computer) China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear (SecurityWeek) Google Chrome patches two high severity vulnerabilities in emergency update (Beyond Machines) France arrests 22-year-old over Interior Ministry hack (The Record) France arrests Latvian for installing malware on Italian ferry  (Bleeping Computer) FBI dismantles alleged $70M crypto laundering operation (The Register) SonicWall Patches Exploited SMA 1000 Zero-Day (SecurityWeek) Zeroday Cloud hacking event awards $320,0000 for 11 zero days (Bleeping Computer) Senator Presses EHR Vendors on Patient Privacy Controls (Govinfosecurity) A nonprofit is paying hackers to unlock devices companies have abandoned (TechSpot) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Maybe a Little Bit More Interesting React2Shell Exploit Attackers are branching out to attack applications that initial exploits may have missed. The latest wave of attacks is going after less common endpoints and attempting to exploit applications that do not have Next.js exposed. https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Interesting%20React2Shell%20Exploit/32578 UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager Cisco s Security Email Gateway and Secure Email and Web Manager patch an already-exploited vulnerability. https://blog.talosintelligence.com/uat-9686/ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 SONICWALL SMA1000 APPLIANCE LOCAL PRIVILEGE ESCALATION VULNERABILITY A local privilege escalation vulnerability, which SonicWall patched today, is already being exploited. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 Google releases vulnerability details Google updated last week s advisory by adding a CVE to the mystery vulnerability and adding a statement that it affects WebGPU. No new patch was released. https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html

Cybersecurity Today: The Rise of Living Off the Land Strategies & More In this episode of Cybersecurity Today's Month in Review, host Jim Love is joined by Laura Payne from White Tuque and David Shipley from Beauceron Security. They discuss several pressing cybersecurity issues, including the growing threat of 'living off the land' strategies where attackers use legitimate software to stay undetected, the risks associated with public Wi-Fi and QR codes, and the recent breaches involving Oracle's E-Business Suite and SonicWall's management devices. The panel also reflects on the often conflicting cybersecurity advice circulating today and emphasizes the importance of nuanced communication in security practices. Plus, find out who wins the 'Stinky' award for cybersecurity blunders and what you can do to stay safe. Special thanks to Meter for supporting this podcast. Tune in for a deep dive into these crucial cybersecurity topics and more. 00:00 Introduction and Sponsor Message 00:19 Welcome and Guest Introductions 00:50 Unique Coffee Partnership 02:27 Living Off the Land: Cybersecurity Tactics 04:33 Social Engineering and AI Threats 13:51 The Role of Social Media in Cyber Fraud 20:05 Microsoft's New Teams Feature: A Security Risk? 26:39 Oracle Vulnerability and Enterprise Security 27:26 Patching Core Systems: Challenges and Necessities 28:12 Clop Ransomware: A Persistent Threat 29:09 University Data Breaches: The Case of U Penn 30:18 Security Culture and Leadership Accountability 33:49 Debunking Security Myths: Juice Jacking and QR Codes 39:15 Public WiFi and VPNs: Proceed with Caution 41:18 The Importance of Effective Cybersecurity Communication 48:33 SonicWall Security Concerns and the Stinkies Awards 51:13 Wrapping Up: Reflections and Future Episodes

Cyber Command names a new head of AI. The UK introduces its long-delayed Cyber Security and Resilience Bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns customers of a third-party data breach. Italy's state-owned railway operator leaks sensitive information. SonicWall patches firewalls and email security devices. The US charges four individuals with conspiring to illegally export restricted Nvidia AI chips to China. The SEC drops its lawsuit against SolarWinds. NSO group claims a permanent injunction could cause irreparable and potentially existential harm. Maria Varmazis of the T-Minus Space Daily show sits down with General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. Roses are red, violets are blue, this poem just jailbroke your AI too. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Maria Varmazis of the T-Minus Space Daily show sits down with Lt. General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. This is an excerpt of T-Minus Deep Space airing tomorrow in all of your favorite podcast app. Selected Reading Cyber Command Taps Reid Novotny as New AI Chief (MeriTalk) UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers (Fortra) Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day (SecurityWeek) Salesforce alerts customers of data breach traced to a supply chain partner (CXOtoday) Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack (Security Affairs) SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance (SecurityWeek) Four charged with plotting to sneak Nvidia chips into China (The Register) SEC voluntarily dismisses SolarWinds lawsuit (The Record) NSO Group argues WhatsApp injunction threatens existence, future U.S. government work (CyberScoop) Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models (Arxiv) Freesound Music Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Oracle Identity Manager Exploit Observation from September (CVE-2025-61757) We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in October, indicating that exploitation may have occurred prior to the patch being released. https://isc.sans.edu/diary/Oracle%20Identity%20Manager%20Exploit%20Observation%20from%20September%20%28CVE-2025-61757%29/32506 https://slcyber.io/research-center/breaking-oracles-identity-manager-pre-auth-rce/ DigitStealer: a JXA-based infostealer that leaves little footprint https://www.jamf.com/blog/jtl-digitstealer-macos-infostealer-analysis/ SonicWall DoS Vulnerability Sonicwall patched a DoS vulnerability in SonicOS https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016 Adam Wilson: Automating Generative AI Guidelines: Reducing Prompt Injection Risk with 'Shift-Left' MITRE ATLAS Mitigation Testing

Emoticons, Sonicwall, Global Protect, Pop-ups, WhatsApp, 7Zip, Roblox, Josh Marpet, and More on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-531

In this episode, host Jim Love discusses several significant cybersecurity events and updates. The Washington Post confirmed a security breach affecting nearly 10,000 individuals due to an exploited Oracle E-Business Suite vulnerability. CrowdStrike's 2025 Global Threat Report highlights the rise of 'enterprising adversaries' and a surge in malware-free intrusions. In addition, a new phishing scam targets iPhone users by mimicking Apple's device recovery alerts. Finally, a listener raised concerns about security issues with SonicWall's management devices and systems. The show concludes with information on upcoming content and thanks to Meter for sponsoring the podcast. 00:00 Introduction and Sponsor Message 00:40 Oracle Breach Affects Thousands 02:53 CrowdStrike's Global Threat Report 07:04 New iPhone Phishing Scam 08:35 Listener Concerns About SonicWall 12:10 Conclusion and Upcoming Episodes

This week: Minecraft on your lightbulb Sonicwall breached, who's next? Ditch Android, install Linux Hacking your face Thermostat freedom Pen test fails HackRF hacking times 2 Going around EDR Hackers in your printer Chinese data breach NFC relays and PCI Constructive construction hacks FlipperZero firmware update ICS, PLCs, and attacks Bayesian Swiss Cheese, taste good? Do you want to hack back? Keeping secrets Enforcing CMMC OWASP top ten gets a make over Android Spyware makes a LANDFALL Gemini's deep research into your documents Slopguard and AI datacenters in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-900

Take a Network Break! We start with listener follow-up on security browsers, and then dive into a deep pool of Juniper vulnerabilities to pick two critical ones affecting Juniper Space. We also get an update from SonicWall that the breach of its cloud storage service affected all users of the service. Cisco announces a new... Read more »

New Oracle E-Business Suite Patches Oracle released one more patch for the e-business suite. Oracle does not state if it is already exploited, but the timing of the patch suggests that it should be expedited. https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Widespread Sonicwall SSLVPN Compromise Huntress Labs observed the widespread compromise of the Sonicwall SSLVPN appliance. https://www.huntress.com/blog/sonicwall-sslvpn-compromise Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371) An unpatched vulnerability in the secure file sharing solutions Gladinet CentreStack and TrioFox is being exploited. https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw Two 7-Zip Vulnerabilities CVE-2025-11002, CVE-2025-11001 7-Zip patched two vulnerabilities that may lead to arbitrary code execution https://www.zerodayinitiative.com/advisories/ZDI-25-949/ https://www.zerodayinitiative.com/advisories/ZDI-25-950/

Building Better Defenses: RedTail Observations Defending against attacks like RedTail is more then blocking IoCs, but instead one must focus on the techniques and tactics attackers use. https://isc.sans.edu/diary/Guest+Diary+Building+Better+Defenses+RedTail+Observations+from+a+Honeypot/32312 Sonicwall: It wasn t the user s fault Sonicwall admits to a breach resulting in the loss of user configurations stored in its cloud service https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330 Crowdstrike has Issues Crowdstrike fixes two vulnerabilities in the Windows version of its Falcon sensor. https://www.crowdstrike.com/en-us/security-advisories/issues-affecting-crowdstrike-falcon-sensor-for-windows/ Interrogators: Attack Surface Mapping in an Agentic World A SANS.edu master s degree student research paper by Michael Samson https://isc.sans.edu/researchpapers/pdfs/michael_samson.pdf keywords: ai; agentic; attack surface; crowdstrike; sonicwall; ivanti; zero day; initiative; redline

From a massive SIM farm takedown to dealing with supply chain attacks targeting npm, our news roundup provides context and commentary on a fresh crop of security news. We discuss exploits against Cisco firewalls and switches, a SonicWall firmware update to remove a rootkit targeting its SMA 100, and GitHub’s plans to harden npm packages.... Read more »

A Chinese state-sponsored group exploited enterprise devices in a global espionage effort. The UK Government guarantees £1.5 billion financing to help Jaguar Land Rover's recovery efforts. A maximum-severity flaw in Fortra's GoAnywhere Managed File Transfer product is under active exploitation. The AI boom faces sustainability questions. Akira ransomware bypasses MFA on SonicWall devices. Dutch teens are arrested for allegedly spying for Russia. Luxury retailer Harrods confirms a data breach. An Interpol crackdown targets African cybercrime rings. We've got our Monday business briefing. Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. Cyber crooks offer a BBC journalist an early retirement package. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today our guest is Brandon Karpf, friend of the show, and he joins to discuss the Cybersecurity ecosystem in Japan. Selected Reading Chinese hackers breached critical infrastructure globally using enterprise network gear (CSO Online) UK government bails out Jaguar Land Rover with $2 billion loan (Metacurity) Maximum severity GoAnywhere MFT flaw exploited as zero day (Bleeping Computer) The AI boom is unsustainable unless tech spending goes ‘parabolic,' Deutsche Bank warns: ‘This is highly unlikely' (Fortune) Akira ransomware breaching MFA-protected SonicWall VPN accounts (Bleeping Computer) Dutch teens arrested for trying to spy on Europol for Russia (Bleeping Computer) Harrods: Hackers contact firm after 430,000 customer records stolen (BBC) Africa cybercrime crackdown includes hundreds of arrests, Interpol says (The Record) Cyberbit acquires RangeForce. Terra Security raises $30 million. (N2K Pro)  'You'll never need to work again': Criminals offer reporter money to hack BBC (BBC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Send us a text

Exploit Attempts Against Older Hikvision Camera Vulnerability Out honeypots observed an increase in attacks against some older Hikvision issues. A big part of the problem is weak passwords, and the ability to send credentials as part of the URL. https://isc.sans.edu/diary/Exploit%20Attempts%20Against%20Older%20Hikvision%20Camera%20Vulnerability/32316 Cisco Patches Already Exploited SNMP Vulnerability Cisco patched a stack-based buffer overflow in the SNMP subsystem. It is already exploited in the wild, but requires admin privileges to achieve code execution. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte SonicWall Anti-Rootkit Update SonicWall released a firmware update for its SMA100 devices specifically designed to eradicate a commonly deployed rootkit. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0015 Extended Windows 10 Support Microsoft will extend free Windows 10 essential support for US and European customers. https://www.straitstimes.com/world/united-states/microsoft-offers-no-cost-windows-10-lifeline

Exploring Uploads in a Dshield Honeypot Environment This guest diary by one of our SANS.edu undergraduate interns shows how to analyze files uploaded to Cowrie https://isc.sans.edu/diary/Exploring%20Uploads%20in%20a%20Dshield%20Honeypot%20Environment%20%5BGuest%20Diary%5D/32296 Sonicwall Breach SonicWall MySonicWall accounts were breached via credential brute forcing https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330 DeepSeek Bias Cloudflare found significant biases in code created by the Chinese AI engine DeepSeek. Code for organizations not aligned with China s politics contained significantly more bugs https://www.washingtonpost.com/technology/2025/09/16/deepseek-ai-security/ Google Chrome 0-day Google fixed an already-exploited vulnerability in Google Chrome https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

SonicWall confirms a breach in its cloud backup platform. Google patches a high-severity zero-day in Chrome. Updates on the Shai-Hulud worm. Chinese phishing emails impersonate the chair of the House China Committee. The UK's NCA takes the reins of the Five Eyes Law Enforcement Group. RevengeHotels uses AI to deliver VenomRAT to Windows systems. A major VC shares details of a recent ransomware attack. A lawsuit targets automated license plate readers. Our guest is Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. From mic check to malware, a crypto phishing story. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. You can hear the full conversation with Brock here. Selected Reading SonicWall MySonicWall platform breached, firewall config files exposed (Beyond Machines) Google patches sixth Chrome zero-day exploited in attacks this year (Bleeping Computer) "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Palo Alto Networks) China-backed attackers spoof Congressman for US trade data (The Register) NCA Singles Out “The Com” as It Chairs Five Eyes Group (Infosecurity Magazine) New RevengeHotels attack targets Windows with VenomRAT (SC Media) VC Firm Insight Partners Notifies Victims After Ransomware Breach (Infosecurity Magazine) Police cameras tracked one driver 526 times in four months, lawsuit says (NBC) Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer (HackRead) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

DShield SIEM Docker Updates Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276 Again: Sonicwall SSL VPN Compromises The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices. https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-active-exploitation-of-sonicwall-ssl-vpns-in-australia Website Keystroke Logging Many websites log every keystroke, not just data submitted in forms. https://arxiv.org/pdf/2508.19825

The House passes a defense policy bill that includes new provisions on cybersecurity and artificial intelligence. Senator Wyden accuses Microsoft of “gross cybersecurity negligence” after a 2024 ransomware attack crippled healthcare giant Ascension. The White House shelves plans to split U.S. Cyber Command and the NSA. The Pentagon finalizes its long-awaited Cybersecurity Maturity Model Certification (CMMC 2.0) rule. Akira ransomware group targets SonicWall devices. Officials warn solar-powered highway infrastructure should be checked for hidden radios. The Atlantic Council maps the global spyware market. Researchers uncover serious flaws in Apple's AirPlay. A European DDoS mitigation provider thwarts a record-breaking attack. My Caveat cohosts Ethan Cook and Ben Yelin unpack the cyber elements of the Big Beautiful Bill. Who fixes the vibe code?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ethan Cook joining Caveat hosts Dave Bittner and Ben Yelin for this month's Policy Deep Dive. Together, they unpack HR1, the “Big Beautiful Bill”, and how its investments in technology, supply chain security, and defensive resiliency reflect the Trump administration's push for long-term technological dominance. If you want to hear the full conversation, head over to Caveat. Selected Reading House moves ahead with defense bill that includes AI, cyber provisions (The Record) FTC should investigate Microsoft after Ascension ransomware attack, senator says (The Record) Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' (The Record) Pentagon Releases Long-Awaited Contractor Cybersecurity Rule (GovInfo Security) Akira Ransomware Group Utilizing SonicWall Devices for Initial Access (Rapid7) Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure (Reuters) Mythical Beasts: Diving into the depths of the global spyware market (Atlantic Council) Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance (SecurityWeek) DDoS defender targeted in 1.5 Bpps denial-of-service attack (Bleeping Computer) The Software Engineers Paid to Fix Vibe Coded Messes (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware. The campaigns involve techniques such as disabling defenses, clearing logs, credential theft, and Bring Your Own Vulnerable Driver (BYOVD) attacks with legitimate Windows drivers. Organizations using SonicWall devices are strongly advised to disable SSL VPN access or restrict it via IP allow-listing, rotate credentials, and hunt for indicators of compromise as this remains an ongoing and evolving threat. Complete our annual ⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠ before August 31. The research can be found here: Huntress Threat Advisory: Active Exploitation of SonicWall VPNs Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit