Happy first week of December. Tis the season for … scams. Phishing is still the top attack, and according to the Verizon 2024 Data Breach Investigations Report, it takes less than 60 seconds for a user to fall prey. So if you were busy talking with your customers this week about their employees’ likelihood to fall for a shopping scam, we rounded up the channel news you may have missed.
Check out new security offerings from KnowBe4, Keeper, and Trustwave; what disti is planning a workforce reduction; who bought who; who’s moving where; and a new report from Hornetsecurity on what’s filling up our inboxes. All that and more below!
Products & Solutions
Tenable Introduces Autonomous Patching
Tenable, an exposure management company, released Tenable Patch Management, an autonomous patch solution. A strategic partnership and integration with Adaptiva, a provider of autonomous endpoint management, provides the foundation of the solution.
The integrated solution pairs autonomous patch functionality from Adaptiva with Tenable’s vulnerability coverage, built-in prioritization, threat intelligence, and real-time insight. The solution provides automated correlation of vulnerabilities to available patches. It aims to shorten the time from discovery to remediation by identifying the most impactful vulnerabilities across an environment, exposing priority gaps, and taking rapid, decisive action to close critical exposures.
The security team has full control to determine when, how, and where a patch is deployed autonomously. In addition, there are customizable controls and automatic patch testing that blocks problematic updates from going out.
Tenable Patch Management also includes automatic validation to confirm that a remediation was successful following the subsequent scan, and the ability to monitor compliance status to align with company policy.
Tenable Patch Management is available as an add on in Tenable One, Tenable Vulnerability Management, Tenable Security Center, and Tenable Enclave Security.
KnowBe4 Combats AI-Generated Phishing With AI Defense Agents
KnowBe4, a security awareness training and human risk management platform, announced a suite of AI-native defense agents (AIDA) designed to automate and enhance human risk management.
AI-generated content has made phishing detection more challenging. AIDA agents leverage multiple AI technologies to create personalized, adaptive training for end users. Underpinning the suite of agents is the SmartRisk Agent, which leverages end user behavioral data from across KnowBe4’s products to help measure cyber risk in humans. This agent’s multidimensional Risk Scores are designed to make it easier for security professionals to see potential problems at the user, group, and organizational levels.
KnowBe4 has released four agents. The Automated Training Agent analyzes end users’ learning history, job role, risk score, behavior patterns, and languages so AIDA can automatically assign the most relevant and engaging content. The Template Generation Agent creates realistic phishing templates that can mirror current attack vectors. The Knowledge Refresher Agent delivers bite-sized knowledge refreshers at optimal intervals. And the Policy Quiz Agent generates intelligent quizzes based on an organization’s specific security and compliance policies.
AIDA is available as an add-on for KnowBe4 customers with a Diamond level KnowBe4 subscription.
Keeper Introduces Risk Management Dashboard
Keeper Security, a provider of cybersecurity software protecting passwords, passkeys, privileged access, secrets, and remote connections, launched a Risk Management Dashboard within the Keeper Admin Console.
The dashboard provides a risk assessment score based on key metrics affecting the organization’s risk profile. This includes the deployment of end-user vaults, the utilization of password management tools, and multifactor authentication. In addition, the dashboard automatically adapts to Single Sign-On (SSO) environments.
Keeper’s Risk Management Dashboard leverages a continually updated set of Keeper Security Benchmarks. Administrators receive actionable steps to address security gaps and strengthen credential protection.
The dashboard also Integrates with Keeper’s Advanced Reporting and Alerts Module (ARAM), enabling detailed views on security events, such as a curated view of the most critical security alerts, frequency of occurrences, unique user activities, and 30-day trends.
Trustwave Launches Two New Microsoft Security Accelerators
Trustwave, a cybersecurity and managed security services provider, launched two new Microsoft Security accelerators.
Accelerator for Microsoft Purview is a data governance and compliance solution. The accelerator reviews sensitive information types (SITs) and data sensitivity labels and evaluates strategies to safeguard sensitive information more effectively.
Accelerator for Microsoft Entra ID delivers a roadmap to optimize security outcomes from Microsoft Entra ID. It includes assessments of authentication mechanisms and evaluations of device and application management capabilities to ensure a robust security posture.
With these accelerators, Trustwave’s expert consultants work closely with organizations to analyze their specific needs, identify gaps, and provide actionable recommendations for optimizing their security posture. Once this process is completed, Trustwave can help implement the suggested changes to your Microsoft Security environment.
Integrations & Partnerships
N-able Partners With CYRISMA, Cork, vCIOToolbox, and ImmyBot
IT management platform vendor N-able announced that CYRISMA, Cork, vCIOToolbox, and ImmyBot have joined its Technology Alliance Program (TAP).
The new integrations include:
- Cork, a purpose-built cyber warranty company for MSPs, offering an AI-enhanced cyber risk engine, integrates with N-able’s RMM solutions, N-central and N-insight.
- ImmyBot, a workstation and software deployment tool, and vCIOToolbox, an account management platform for MSPs, now integrates with N-central.
- CYRISMA, which offers a unified cybersecurity platform MSPs and MSSPs, now integrates with N-able MSP Manager to enable real-time data synchronization for tickets, assets, and users; automate ticket management workflows; and simplify cyber risk management.
RingCentral Enhances Zendesk Integration
Business communications company RingCentral enhanced its Zendesk integration with the launch of Zendesk Talk Partner Edition for RingEX. This solution embeds RingEX’s voice capabilities and call data directly into the Zendesk customer support platform.
The Zendesk Talk Partner Edition for RingEX incorporates Zendesk’s latest Voice Comment and Standard Call Object features. These features enable a cleaner, more structured view of real-time call information, such as call duration and call recordings. With AI-driven insights, users can switch between voice, chat, email, and social media channels without leaving the Zendesk interface.
In addition, the enhanced integration allows users to easily log call details directly within Zendesk tickets, keeping all customer information in a central location. And users can make calls directly within the Zendesk browser interface, using the desktop application, or via a desk phone with RingOut, which initiates calls from the browser or desktop but connects via the desk phone. This allows users to choose the most convenient method based on their needs.
New Integrations Between Harmonic Security and KnowBe4 For GenAI Usage Training
Harmonic Security and KnowBe4 have announced new integrations between their two platforms that will enable security teams to dynamically assign security training based on real-world, GenAI data privacy risks.
When Harmonic detects a user attempting to expose sensitive data in GenAI, this automatically updates the user risk in KnowBe4. Customers can then set custom thresholds within KnowBe4 to dynamically assign security awareness training.
Cybersecurity
Trend Micro Gets FedRAMP Authorization
Cybersecurity company Trend Micro has received a FedRAMP Authorization to Operate (ATO) for Trend Vision One for Government, a purpose-built platform that enables agencies to track attacks across their organizations.
Established in 2011, the Federal Risk and Authorization Management Program is a government-wide initiative that standardizes security and risk assessment for cloud technologies and federal agencies, using NIST standards and guidelines.
People
Atera, the all-in-one IT management platform provider, announced three leadership appointments. Noam Vander joined Atera as chief information security officer. Previously, Vander was CISO at Fiverr. Nir Elharar moved into the role of chief marketing officer; he previously served as VP of marketing at Atera. And Emanuel Kanievsky moves into the role of chief revenue officer after serving as global VP of sales. The appointments come on the heels of Atera opening its flagship office in New York City in March and appointing a U.S. GM, Yoav Susz, who recently spoke with MSP Success about the company’s growth plans … ConnectWise appointed David Raissipour as the chief product and technology officer (CPTO), reporting to CEO Manny Rivelo. Raissipour most recently served as the CTO/CPO at Mimecast.
M&A – MSPs
The Ontario Municipal Employees Retirement System is acquiring Integris, one of the largest MSPs in the country, from PE firm Frontenac. (See an earlier Q&A with Integris CEO Rashaad Bajwa here.)
Magna5, a national MSP/MSSP and a NewSpring Holdings platform company, acquired ThreatAdvice, an MSP/MSSP, which serves Birmingham and Mobile, Alabama, as well as Atlanta, Georgia. The acquisition strengthens Magna5’s growing national customer footprint in the Southeast U.S. It also adds ThreatAdvice’s vCISO practice and cybersecurity education software platform to the portfolio.
Distribution/Marketplaces
LastPass’s identity and password management products are now available through TD SYNNEX’s distribution network … In other news, TD SYNNEX completed its acquisition of the cloud migration business of IPsense, a cloud solutions provider specializing in the design, integration, and deployment of AWS solutions in Brazil.
Ingram Micro is restructuring and said it will reduce headcount by approximately 850 associates by the end of the first quarter of 2025 … Ingram also announced a multi-year Strategic Collaboration Agreement (SCA) with Amazon Web Services, expanding its current relationship. The new SCA focuses on two key areas: enhancing and scaling Ingram Micro’s professional services capabilities and enabling Independent Software Vendors to list offerings at scale through channel partners. In addition, channel partners can build and list their offerings, including their own services offerings, into industry solutions such as Retail, Manufacturing, Education, Healthcare, Finance, and Government. Ingram Micro will assist in creating AWS Marketplace listings to drive co-sell greenfield opportunities.
By the Numbers
Malicious Content Is Filling Email Inboxes
Nearly half a billion emails to businesses contain malicious content, a new report from Hornetsecurity finds. The cybersecurity company’s annual report also revealed that a third (36.9%) of all emails received by businesses (20.5 billion) in 2024 were unwanted.
The research confirms that phishing remains the top form of cyberattack. Malicious URLs and advanced fee scams were responsible for 22.7% and 6.4% of attacks, respectively.
Nearly every malicious file type saw a decrease compared to last year, according to the report, but the decrease in the use of malicious attachments is due to a rise in reverse-proxy credential theft attacks over the past year. These attacks use social engineering and malicious links (not attachments) to trick users. These attacks redirect users to fake login pages that capture credentials in real-time, even bypassing two-factor authentication.
Commenting on the findings, Daniel Hofmann, Hornetsecurity CEO, said: “With over 427 million malicious emails still reaching inboxes, it’s clear that cybersecurity strategies must evolve to stay ahead of increasingly sophisticated threats. This data underscores the need for stronger email security coupled with user awareness to keep organizations safe.”
