PCNSA testing - Palo Alto Networks Certified Network Security Administrator Updated: 2023

June 05, 2023, 10:00 AM EDT

Solution providers looking to bring managed security services to their customers -- without having to offer the services themselves --are finding growing options to do so through partnerships within the channel community.

For solution provider Alacrinet, its portfolio of specialized cybersecurity services has been a strong source of growth in recent years. The Palo Alto, Calif.-based company’s offerings range from implementation services for a full array of cyberdefense tools to risk assessment services such as penetration testing.

What the company is not, however, is an MSSP. And it doesn’t want to be.

“When we were looking at the MSP market, we saw that we could either build out another business unit around MSP—which in some cases might make sense—or we could partner,” said Daniel Duhaime, vice president of sales at Alacrinet. “We decided to partner.”

Amid the massive cybersecurity talent shortage, intensifying threat environment and relentless complexity of running a cyberdefense operation in 2023, many customers are asking their trusted advisers for help with security. Countless organizations are looking to outsource more of their cybersecurity management to a third party, and for many in the channel, building an MSSP practice would seem to be a huge opportunity.

But becoming an MSSP is far easier said than done due to a high barrier to entry, increased liability and a host of other factors, MSSP executives told CRN.

[RELATED: Cyber Insurance Primer: How To Avoid The Pitfalls]

How can solution providers bring much-needed managed security services to their customers without actually having to offer the services themselves? A growing number of solution providers are finding that partnerships—within the channel community they know so well—may be the answer.

Alacrinet partners with 10 different MSSPs in total, a strategy that allows the solution provider to match the ideal service provider to each customer situation, Duhaime said.

One of those MSSP partners is Cyderes, a 900-person cybersecurity services powerhouse formed through the merger of Herjavec Group and Fishtech Group in 2022.

Within its six Security Operations Center (SOC) locations around the globe, Cyderes analysts do the critical work of monitoring and responding to security threats around the clock, every day of the year.

For Cyderes, partnering with other solution providers on deals is increasingly proving to be a smarter growth strategy than competing with them, according to Anthony Aurigemma, CRO of the Kansas City, Mo.-based company.

The model is so promising, in fact, that Cyderes launched a partner program of its own in March. The new program serves as a way to formalize the process and build trust between the company and its expanding set of collaborators within the channel, Aurigemma said.

Case in point: Cyderes recently won two new customers within the retail industry and state, local government and education (SLED) market by teaming up with another solution provider. The solution provider partner handled the closing of the deals, which included managed security services from Cyderes as part of the packages.

The arrangement has increased Cyderes’ reach, Aurigemma said, while enabling the solution provider partner to meet customer needs and generate margin.

But that’s not all. The deals came together faster than usual “because we didn’t compete with each other,” he said. “The client got everything that they wanted, and the process was much cleaner and speedier.”

The new Cyderes partner program underscores a movement toward greater collaboration between solution providers and MSSPs, sparked by the rising demand for managed security.

And it’s not just VARs that could benefit from exploring these types of in-channel partnerships to meet customer needs for managed security services, channel executives said. Even for an MSP that is adept at delivering managed IT services, expanding into the managed security side can be a major undertaking.

“We have seen MSPs, both large and small, say, ‘We’re going to take some of that on ourselves.’ And it’s a big lift,” said Ben Masino, CRO of Avertium, a Phoenix-based MSSP.

And so, while it might seem like a natural progression for MSPs to evolve into MSSPs over time, that’s not realistic in many cases, according to channel executives.

“Doing security operations 24x7 is a significant investment of time, money and resources. You need a lot of expertise to build it and then to scale it, maybe even more so to scale it. And it’s not the same as running a Network Operations Center. It’s a very different business,” Masino said.

The bottom line is that “for MSPs out there that are trying and struggling [on managed security], or don’t want to try, or have tried and failed, I think the partner model really works well,” he said. “As long as everybody’s very clear and you build trust in how you engage, I think it can be incredibly successful.”

Focus On Enablement

For Avertium, which formed in 2019 through the merger of three MSSPs, collaboration within the channel would seem to be in its DNA. All three of the pre-existing companies already had partnerships with other solution providers prior to the merger, Masino said.

Masino joined Avertium the following year and said he brought an emphasis on in-channel partnerships as a “core part” of his growth strategy for the company. Since then, “we’ve built on that and made it better, made it more formal,” he said.

That included the 2021 hire of cybersecurity sales veteran Randy Rosenbaum to head up Avertium’s channel partner program. The program puts a major emphasis on partner enablement, which can be one of the biggest challenges when two solution providers decide to work together, Masino said.

“How do you teach sales teams, partner teams what each partner does and how it fits together?” he said. “That doesn’t happen by accident. It really needs to be a concerted effort between the two partners to make sure that everybody’s up to date on how we work together, why we work together, what value the customer has. It sounds basic, but it is actually the thing that differentiates a good partnership from a bad one.”

One solution provider that has turned to Avertium to deliver managed security services to its end customers is Towerwall, a longtime provider of solutions and professional services for security.

The Framingham, Mass.-based company’s offerings span proactive services such as penetration testing, which entails using hacking techniques to assess security weaknesses, to reactive services such as incident response and remediation. But Michelle Drolet, founder and CEO of Towerwall, said the company has steered clear of offering its own managed services in order to avoid a conflict of interest with the other services the company provides, she said.

“What’s happening is you have these managed service providers [that are] adding information security arms. And so it’s not church and state anymore. Now it’s, ‘I’m monitoring your endpoints, I’m managing your firewalls. And hey, I could do penetration testing—on myself,’” Drolet said. “It’s getting really muddy now. The same thing goes with managed security service providers.”

Still, in cases where Towerwall resells a tool that a customer needs to have managed—such as a security information and event management (SIEM) or endpoint detection and response (EDR) product—customers are often looking to bundle in management of those tools. That’s when Towerwall’s partnership with Avertium comes into play.

Avertium operates two “cyber fusion” operations centers in the U.S. that are staffed 24x7 by security analysts, providing the continuous monitoring that is increasingly a must-have for many businesses for compliance reasons.

Providers of managed security services usually offer a lot more than just managed detection and response (MDR), a fast-growing cybersecurity category often focused on management of endpoint detection tools.

Many solution providers and MSPs partner with MDR vendors to bring essential threat detection capabilities to their customers, though managed security services offers a more comprehensive approach that many organizations are looking for.

“[Managed security services] is like the department store of security,” said Pete Shoard, vice president and analyst at research firm Gartner. “MDR is a much smaller slice. MDR is like one of the boutique retailers in the department store.”

While managed security services can comprise a range of offerings and levels of involvement, it typically requires operating a SOC that offers around-theclock security monitoring. That usually entails SIEM and EDR administration, threat intelligence, automation and advisory services, said Eron Howard, COO of Novacoast, a large MSSP based in Wichita, Kan.

“Running a good MSSP that’s actually doing 24x7 SOC coverage is not trivial. It’s taken us years to learn to get it right. And it’s super nuanced,” Howard said.

Compared with professional services around security, with managed security services, “you can’t just jump into it as easily,” he said.

MSSP Challenges

Even for well-resourced organizations, getting a SOC up and running—and hiring the necessary talent from a coveted pool of professionals—can pose massive hurdles, MSSP executives told CRN.

For instance, management consulting firm MorganFranklin Consulting launched its line of managed security services about a year ago. A few months in, the McLean, Va.-based company hired SOC veteran Justin Klein Keane from Meta, where he was the manager of internal detection and response.

“I think they learned very quickly how challenging it is, which is part of the reason they hired me, because I’ve done this before,” Klein Keane said. “Standing up these services is not just logistically challenging, but providing a compelling value proposition to potential customers is also really hard.”

For example, articulating what a customer will get at different price points for managed security services can be particularly tricky for those who haven’t done it before, according to Klein Keane, who is director of MorganFranklin Consulting’s SOC.

The genuine day-to-day work of serving as an outsourced security operations team for customers is notoriously difficult as well.

“In security operations, you are responding to alerts of anomalous activity and then having staff actually conduct investigations to make determinations, whether that is a malicious anomaly or a benign anomaly. Or if it’s just an outlier, maybe the detection needs to be tuned,” Klein Keane said. “Whenever you make those judgment calls, there is risk that you get it wrong. And there’s risk of impact for getting that wrong. I would advise any MSP to think very carefully about that risk.”

An MSP might be convinced to add a managed security line of business on account of the revenue opportunity, but there’s a lot that needs to be thought through first, he said.

“You need to think about, ‘How am I going to be able to staff this and provide the expertise in a way that I’m comfortable and confident that my team is making the right calls? And where I’m going to have the assurance that, if I faced a situation where someone made the wrong call and there was a calamitous business impact, that my position would be somehow defensible?’” Klein Keane said.

Liability considerations should be top of mind for any solution provider or MSP that’s entertaining the idea of adding an MSSP practice, channel executives said.

“There’s a lot of liability just from putting yourself out there and saying you do it,” said Seth Kilander, founder and CEO of Denver-based Ki Security and Compliance Group. “That liability could be exponential, especially when it comes to insurance.”

Without a doubt, when it comes to a service provider’s liability, “they’re essentially signing up for a lot more” by making the leap into MSSP work, said Andy Anderson, founder and CEO of cyber insurance broker DataStream.

If an MSP is considering such a move, Anderson said, “I think they really want to make sure that they are not making that decision lightly and that they actually are going to take on the responsibility and have the expertise to do it.”

Ki Security and Compliance Group has intentionally stayed away from describing itself as an MSSP even though the company is “close to one” in terms of capabilities, Kilander said. For instance, the company doesn’t operate its own SOC or offer SIEM capabilities, “which an MSSP definitely should,” he said.

All in all, “we’re covering some of the MSSP [capabilities], and then we’re outsourcing the rest” to a trusted partner, Kilander said. “We work with them very closely so that all of our stuff is tying through theirs. [We want to] have that relationship where they are an extension of us.”

There’s a widespread mentality in the MSP community that prevents many solution providers from taking a similar approach, however, he said.

“Most MSPs come from the side of, ‘We do everything. You don’t need anyone else. And if you have anything else, our contract is void,’” Kilander said. “We have to get past this mindset.”

Managed Security Basics

For solution providers and MSPs that do want to explore expanding into managed security services, there are a few good places to start, channel executives told CRN.

For instance, an MSP could start by acquiring an inexpensive SIEM platform and collecting logs from different systems, according to Stel Valavanis, founder and CEO of onShore Security, a Chicago-based MSSP. From there, it could begin to build processes around managing the data, policies and reporting, he said.

By doing that work, “they can actually gain a lot of maturity in a pretty short time, if they really want to become an MSSP,” Valavanis said.

However, he said, MSPs on this journey need to recognize that delivering managed security services requires a different mindset than traditional management of IT. “Security is more like accounting than it is like firefighting,” Valavanis said.

Because attackers typically are inside victims’ systems for weeks or months before they’re detected, “you’re looking for activity that hints that there are things going on,” he said, which is akin to accounting work. “You’re not looking for attacks as they happen.”

For this reason, MSPs should not necessarily view the MSSP model as the next logical step, Valavanis said. “It has a very different nature to it,” he said. Too often, though, service providers looking to expand to become MSSPs run into problems from “dragging in some of that MSP thinking,” Valavanis said.

For an MSP that’s exploring the idea of offering managed security services to customers, a recommended initial step is to become proficient at managing its own internal cybersecurity program, according to FCI Cyber CEO Brian Edelman.

“If you do it [well] for yourself, then make that jump,” said Edelman, who founded the Bloomfield, N.J.-based MSSP in 1995. “But if you don’t do it well for yourself, then learn to do it well for yourself—and then make an informed decision that allows you to do something that’s good for you and your clients.”

Serving SMBs

For those solution providers and MSPs that want to play an important role in meeting customer needs for managed security services—but aren’t inclined to try to deliver those services inhouse— there are a growing number of choices.

In addition to working with MSSPs such as Cyderes and Avertium, another notable partnership option was originally devised by security service provider Novacoast.

The offering, Pillr, is targeted at MSPs that serve SMBs, with its platform that enables partners to bring 24x7 SOC services to SMB customers.

A platform like Pillr’s is needed because, first and foremost, most security vendors tailor their products to the requirements of large global enterprises, said Adam Gray, chief science officer at Pillr. But for SMBs, many products are “either too complicated or too watered down, or don’t really fit their budgets and people and expertise,” he said.

“I founded the Pillr side specifically to fill that market and that void,” said Gray, who is also the CTO of Novacoast. Now a separate entity from Novacoast, Pillr currently works with 1,300 partners in North America and Europe.

Notably, for the MSPs that work with Pillr to bring SOC coverage to their SMB customers, something interesting tends to happen: They naturally Excellerate their capability for delivering valuable security services, according to Gray.

“They become much better practitioners around remediation and response,” he said. And from there, MSPs will often get more involved with deploying vulnerability management controls and helping their customers with improving their cyber hygiene, Gray noted.

By working with Pillr, MSPs also “get better at studying the threat intel reports, they get better at the advisory reports, and they start to get a lot more proactive,” he said. “They become much better stewards of security simply by having access to the information and having it digested in a way that is suitable for them.”

Building Trust

For Cyderes and its recently introduced channel program, the focus so far has been on working with reseller partners. The program includes the major components of a typical channel offering: discounts and margins, deal registration and protection, training, dedicated channel account managers and co-selling opportunities.

Jamie Wolf, formerly a channel executive at cybersecurity vendors including Black Kite and Onapsis, leads the partner program as Cyderes’ head of global channel, alliances and ISVs.

By working with channel partners, MSSPs such as Cyderes get the classic benefit of a boost to their scalability, noted Alacrinet’s Duhaime: “It’s cheaper to supply us margin than it would be to try to acquire all those customers on their own.”

There are some differences with a partnership between two companies in the channel, however, as compared with a partner-vendor relationship. For instance, from the get-go, extra effort may need to be put in around building trust—especially when it comes to navigating potential areas of competition.

As part of establishing its in-channel partnerships, Cyderes has made clear to its VAR partners that product resale is not a top priority, according to Cyderes’ Aurigemma.

“They need to be assured when working with you that you aren’t going to step into their space,” he said. “That’s the piece of the puzzle that I think we’re starting to unlock. I think others will figure that out as well.”

Ultimately, “when they meet us and realize that we’re not looking to encroach on some of their core services—that we know our swim lane—we’ve had some great outcomes.” 

Archer Aviation Inc., a leader in electric vertical takeoff and landing (eVTOL) aircraft, announced it has now completed the final assembly of its first Midnight aircraft. With final assembly and initial testing complete, last week the aircraft was shipped from Archer’s Palo Alto facility to its flight test facility in Salinas, California and reassembled. Archer will now take this aircraft through a series of ground tests leading up to its planned first flight this summer. The Midnight aircraft has recently garnered significant attention from the U.S. Department of Defense given its payload capabilities.

This Midnight aircraft will enable Archer to perform critical “company testing” to accelerate and reduce risk on its certification program with the Federal Aviation Administration (“FAA”) in advance of “for credit” certification testing that the company plans to begin early next year with piloted Midnight aircraft. Our strategy with this aircraft is to allow Archer to fly many of the same test points that will be needed during piloted “for credit” flight testing in order to further validate the aircraft before the FAA witnesses and participates in the testing – a customary practice in many aircraft certification programs.

Component manufacturing is already underway for Archer’s conforming Midnight aircraft. Archer is targeting the completion of final assembly of its initial conforming Midnight aircraft in Q4 2023 and to begin piloted flight test operations in early 2024. 

“Today we announced our exciting progress that the final assembly of our first Midnight aircraft is now complete and it is preparing for its flight test program,” said Adam Goldstein, Archer’s Founder and CEO. “This aircraft will accelerate and reduce risk on our certification program paving the way for our team to focus on building and conducting piloted operations with conforming aircraft to support the goal of entering into service in 2025.”

Archer’s industry-leading team, alongside its key strategic partners, Stellantis and United Airlines, continues to advance its aircraft development and commercial operations with impressive speed and efficiency. The company has also established a significant lead over industry peers on the manufacturing and commercial operations fronts with the build out of its high-volume manufacturing facility in Covington, Georgia underway and announced key strategic electric air taxi routes in New York and Chicago.

With a range of up to 100 miles, Archer’s Midnight aircraft is designed to perform rapid back-to-back flights with minimal charge time in between. Archer’s goal is to transform inter-city travel, replacing 60-90 minute commutes by car that can take over an hour in traffic with ~10-20 minute electric air taxi flights that are safe, sustainable, low noise and cost competitive with ground transportation.

Download Palo Alto Online App
from the Google Play Store for Android

Unfortunately, this is a brand new app and will have to be downloaded again. An upgrade is not possible.

The Palo Alto Unified School District is expediting plans to address student violence and other harmful behaviors, Superintendent Don Austin said in a Superintendent's Update released on Friday, May 26.

The actions, which were previously planned to roll out in stages, are meant to address teachers', parents' and students' concerns regarding behavior issues, communication and student support.

The rapid rollout comes after two teachers were injured during a May 5 incident involving a special needs student at Jane Lathrop Stanford Middle School. One teacher was struck on the head with a folding chair and kicked in the stomach, and another teacher was punched several times in the face. The student's parents said he sustained injuries to his arm, according to Palo Alto police.

Numerous teachers spoke emotionally about students' behavioral problems at the May 23 Board of Education meeting. They said they can no longer handle situations and pleaded with the board to institute remedies quickly.

"Behavior has been tough for us as teachers. It has kind of gotten away from us, and we need help," one teacher tearfully told the board. "We're being asked to be therapists, teachers, administrators, behavior analysts — everything on our own, isolated in our classrooms, and we can't do it."

In his update, Austin acknowledged what teachers have said.

"We have listened attentively to the valuable feedback provided by our staff members, families, advocates and other stakeholders, which has guided us in formulating the most effective steps forward," Austin wrote. "The unfortunate incidents involving injuries to staff, along with other impactful events throughout this school year, have compelled us to take swift action for the coming year."

The district has started a third-party external investigation into the incident at JLS. A system-wide review will produce beneficial insights to help all schools improve, Austin said.

Hiring 'behavioral intervention' staff

The district is also committing to hiring 12 new behavioral intervention coaches for the school sites, a significant staffing increase. The new staff would ensure each school has consistent support. The move is in response to feedback the district received from its behavioral support team, classroom professionals and additional stakeholders, Austin said.

"We recognize that this increase will have budget impacts; however, doing so is a top priority based on the feedback from our professional team of district educators and the concerned community," Austin said.

The district's professional unions, Palo Alto Educators Association (PAEA) and California School Employees Association (CSEA), have also expressed concerns regarding staff members' training in de-escalation techniques and handling physical altercations.

Austin said the district will be providing a modified safety-care-training program for all employees next year. The training will equip staff members with skills to navigate challenging situations, he said.

The district will also fully staff a second therapeutic services (TS) program at Fletcher Middle School, alongside the existing program at Greene Middle School, to enhance school support services. The elementary and high school TS program will continue operating at Duveneck Elementary and Palo Alto High School respectively, so that students across all grade levels receive needed therapeutic support.

On June 6, the Board of Education will consider adopting a districtwide social emotional learning program called Second Step, which will provide consistent support and guidance to elementary programs. Second Step aims to foster healthy emotional development and build strong interpersonal skills among students, Austin said.

Taking on social media

The district will also address social media behaviors and online bullying.

"Recognizing the impact of social media on our school community, we have formed a new partnership with Josh Ochs and SmartSocial. Together, we will address the challenges associated with appropriate conduct on social media platforms. This collaboration will provide learning opportunities for both our families and students, empowering them to navigate the digital world responsibly," Austin said.

The district is also starting the PAUSD Speaker Series, six districtwide events that will cover a range of relevant Topics and offer insights to the community, fostering a sense of togetherness and shared learning, he said. The district will work with the PTA and local partners to create the programs. A calendar will come out prior to the start of the 2023-2024 school year.

A new ad hoc committee consisting of parents and staff members will discuss district communication strategies and clear expectations for staff and students, promoting better understanding, and reducing potential confusion, he said.

Austin acknowledged that the planned initiatives will take funding but said that the cost of not implementing them will far outweigh the investment.

"We understand that the ending of this year has been challenging for some members of our community, and we empathize with the difficulties you have experienced. As we move forward, we are optimistic about the positive changes that lie ahead," he said. "By working together and implementing these measures, we can create a safer, more inclusive, and supportive learning environment for all members of our school community."

Reference #18.ad7dd17.1686018116.6763ea77

May 28, 2023, 11:14 a.m.

Scott Atlas, Kyle Duncan and Academic Freedom

The Institutional Highway