Machine IDs DR Reposition March - April 2025 Sponsored by DATA FLOWS OVER THE EDGE Volume 24 Issue 2 | channelvisionmag.com SMB Security check Security shifts to edge devices Scan to Register
Your Single-Source Technology Solutions Provider... Managed Services | SASE & Security | Network Services | VoIP/Voice/POTS Replacement | Connectivity | EnVision Life Cycle Management (TEM/WEM) | Mobility | White Labeling APRIL 16th @ 1:00 PM EST Secure Access Service Edge (SASE) The addition of the Cato SASE Cloud Platform allows businesses to replace costly and rigid legacy infrastructure with a scalable, cloud-native security stack. Zero Trust Network Access (ZTNA) Cato ZTNA provides secure, identity-based access to corporate resources, mitigating risks associated with remote and hybrid workforces. Data Loss Prevention (DLP) With Cato DLP, organizations gain comprehensive control over sensitive data, ensuring compliance and protection against unauthorized access. Join EnTelegent’s Channel Chief & VP of Sales, Mark Sondergaard and CATO Networks Global Field CTO, Brian Anderson as we explore how SASE, Zero Trust Network Access, & Data Loss Prevention can simplify and future-proof your IT. (Attendees qualify to win a pair of RayBan Meta Sunglasses valued at $300! VISIT US AT CHANNEL PARTNERS IN BOOTH #1061 ENTELEGENT SASE & SECURITY WEBINAR: Future-Proofing Your Tech Stack Simplify, Secure, and Scale EnTelegent’s collaboration with Cato Networks, the global leader in Secure Access Service Edge (SASE), enhances our portfolio with advanced security offerings, helping clients streamline IT operations and strengthen network infrastructure against evolving cyber threats. LetsTalkSolutions@entelegent.com | www.entelegent.com | #getentelegent Follow Us Register!
MARCH - APRIL 2025 EMERGENT 8 AI and Cyber Threats 10 Automation Opportunity 12 Putting Data in Motion Why data integration and pipelining should be top of mind for technology advisors By Gerald Baldino CYBER PATROL 18 Rage Against Their Machines Machine identity security a growing priority By Martin Vilaboy 20 Sharing Their Pain A fresh look at SMB security challenges and priorities By Martin Vilaboy 26 Over the Edge As network capabilities move to edge devices, so have threat actors By Martin Vilaboy EDGE TO CLOUD 32 Lending a Helping Hand Quest goes above and beyond to help partners and customers thrive By Gerald Baldino 36 Changing the DR Conversation Disaster recovery can be a powerful revenue generator – if positioned right By Gerald Baldino 42 NUSO Eyes Further Growth, Expansion in 2025 By Gerald Baldino CORE COMMUNICATIONS 44 Snom’s MC10 Brings Modern, Efficient Charging to DECT Devices 46 Data Center Construction Hits New Heights By Martin Vilaboy 48 Permission-Based Communication Hits the Channel Phound offers a fresh approach to digital communication, built around privacy By Gerald Baldino 50 Accessorizing with Retail POS NRS enables partners to introduce POS services to small retailers By Gerald Baldino 52 Speedflow Keeps Partners One Step Ahead A Q&A with Vlad Ellis MOBILE & WIRELESS 54 LEO Lifts Off in the Channel ZeroOutages delivers low latency, high bandwidth internet via LEO satellites By Gerald Baldino BUYER’S SIDE 56 Serving SMBs Cracking the code of small business new service development By Martin Vilaboy CHANNEL MANAGEMENT 58 Why Redundancy Matters: The Channel Perspective By Glen Nelson 60 EnTelegent Unlocks Growth, Security in Evolving Managed Services Landscape A Q&A with Tom Turpin 6 Editor’s Letter 62 ICYMI 66 Ad index CONTENTS Volume 24 – Issue 2 4 CHANNELVISION | MARCH - APRIL 2025
The ongoing shortage of skilled workers, and the subsequent burden of long hours and employee burnout, continues to be a top challenge for IT departments and network administrators. Compounded by tool sprawl and rapidly evolving technology, the talent gap, argued executives at Auvik in its 2025 IT trends report, has led to the rise of “IT generalist,” defined as IT professionals who must possess knowledge across a very broad range of IT functions. “With an increasing eye on end-user experience, remote IT delivery and advancing AI tools, there is a lot on IT professionals’ plates,” said Auvik researchers. Moving forward, the gap in IT expertise is only likely to get worse. According to Auvik’s findings, IT professionals with more than 10 years of experience and the Baby Boomer generation currently experience the longest work weeks. Whereas 42 percent of Baby Boomer IT professionals work more than 40 hours per week, for example, just 29 percent of Gen Z IT professionals do the same. “A generational disparity in the workload is rapidly exacerbating issues around burnout,” continued the Auvik report, “since as many as 10,000 Baby Boomers will turn 65 and retire every single day between now and 2030, leaving even more work for remaining IT employees.” Certainly, AI and automation will help with workload burdens and burnout by taking over many of the repetitive and reactive tasks that IT and network professionals admit take up an inordinate amount of time. Beyond the more mundane, however, the rise of IT generalists, “who are limited in the time they have in their day for researching the field,” suggests a growing need for advisor specialists who can assist with the more strategic outcomes of supporting the productivity of employees, securing resources and expanding their technological possibilities. “With a continuing talent gap and increasing tool sprawl, IT professionals don’t have the bandwidth to develop deep expertise in any one area of IT,” continued the Auvik report. “They must be able to manage a broad range of tools and IT functions, while relying increasingly on AI and automation to complete the more menial, routine tasks that historically have been major time commitments.” Where will these IT generalists likely be seeking guidance and expertise? A look at respondents’ “wishlist” of network-related activities provides some insight as to where attention will go once automation frees up brain space, since the lack of time and insufficient human-power are the primary reasons wishlist items are not implemented. In terms of specific technology categories, IT professionals listed cybersecurity planning, cloud computing, automation, backup and disaster recovery and wireless networking as top areas in which they would like to dedicate more time and resources. Far and away, the top wishlist item among IT professionals was “researching new technology” that helps them drive greater value and productivity and a better user experience, Auvik’s data showed. Is your advisory firm ready to provide IT generalist with this expertise? IT Generalists Need Specialists LETTER Martin Vilaboy Editor-in-Chief martin@bekabusinessmedia.com Gerald Baldino Contributing Editor gerald@bekabusinessmedia.com Brady Hicks News Editor brady@bekabusinessmedia.com Percy Zamora Art Director percy@bekabusinessmedia.com Jen Vilaboy Ad Production Director jen@bekabusinessmedia.com Berge Kaprelian Group Publisher berge@bekabusinessmedia.com (480) 503-0770 Zach Zohdy Senior Sales Manager zach@bekabusinessmedia.com (310) 730-8018 Beka Business Media Berge Kaprelian President and CEO Corporate Headquarters 10115 E Bell Road, Suite 107 - #517 Scottsdale, Arizona 85260 Voice: 480.503.0770 Email: berge@bekabusinessmedia.com © 2025 Beka Business Media, All rights reserved. Reproduction in whole or in any form or medium without express written permission of Beka Business Media is prohibited. ChannelVision and the ChannelVision logo are trademarks of Beka Business Media 6 CHANNELVISION | MARCH - APRIL 2025
EVANSVILLE SEATTLE SAN FRANCISCO BAY AREA SAN LUIS OBISPO/ SANTA MARIA LOS ANGELES SAN ANTONIO VANCOUVER, B.C. ODESSA/ MIDLAND PORTLAND DALLAS SAN MARCOS HOUSTON CORPUS CHRISTI SACRAMENTO ASHBURN ALLENTOWN WACO AUSTIN EVANSVILLE CENTRAL VALLEY CHIGACO Contact us for a free consultation astoundbusiness.com/channel Connectivity Ethernet, Wavelength & Dark Fiber Internet DIA, Business Class Internet & High Speed Internet Voice Solutions UCaaS, PRI/SIP & Business Lines Managed Solutions SD-WAN, Video (IPTV) & Wi-Fi National WAN Access Channel Partner Program Take a dierent path with our Astounding Nationwide Network. Here is an example of how dense our fiber is in Boston, one of our 20+ metro markets. BOSTON LEGEND Robust metro fiber footprint and/or data center presence High Capacity Backbone Links Coastal submarine cable access Transpacific and Transatlantic routes WASHINGTON, D.C. NEW YORK PHILADELPHIA
The buzz around artificial intelligence may be shifting from “what can it do to help us?” to “how can it hurts us?” An expanding body of evidence suggests AI is being harnessed more and more effectively by threat actors, according to researchers at Darktrace, which noted a 135 percent increase in novel social engineering attacks targeting its customers over the course of 2023, the same period when ChatGPT saw popular adoption. In turn, nearly three-quarters of the 1,500 cybersecurity professionals surveyed by the cybersecurity company agree that AI-powered threats now pose a significant challenge for their organization. Nine in 10 survey participants agreed that AI-powered threats will continue to have a significant impact on their organizations for the next one to two years. Interestingly enough, a majority of cybersecurity professionals (65 percent) indicated that their organizations consider AI-powered threats a separate issue from non-AI-powered threats. This distinction, however, may prove less and less meaningful, argued Darktrace analysts, as it becomes more difficult to determine whether or not an attack is AI-powered and as AI-powered threats make up a progressively larger portion of the attacks that organizations face. On the other hand, 95 percent of cybersecurity professionals believe AI can improve speed and efficiency in preventing, detecting, responding to and recovering from threats. Insufficient AI knowledge and skills, as well as a shortage of personnel are the top inhibitors to a successful defense. Communications technology company Unified Office announced that it is opening up its AI platform that empowers businesses to build their own custom, drag-and-drop, AI-powered communications services with unprecedented ease. For those businesses wanting to create more sophisticated services, APIs will be made available via a software development kit. This platform also provides access to Unified Office’s industry-specific, augmented small AI language models, tools and scalable, cost-effective infrastructure. “We believe that the power of AI should be accessible to everyone,” said Ray Pasquale, founder and CEO of Unified Office. “By opening up our platform, we’re enabling businesses of all sizes to harness the power of no-code, drag-and-drop AI services, virtually eliminating the need for a dedicated software engineering staff. Our approach is very different from those of the largest AI companies that typically require an expensive multivendor ecosystem in order to develop AI-based services, which puts it beyond the reach of most SMBs.” The offering takes advantage of the TCNIQ AI Analytics platform, which utilizes drag-and-drop building blocks inside its WYSIWYG Workflow Builder product. Unified Office also offers a suite of its own AI services available directly to customers or as a white-labeled offering through its many partners. Unified Office’s AI services include products such as EngageIQ to rapidly train staff while delivering a great customer experience; Sentiment Analysis; which detects caller sentiment, identifying positive or negative tones and/ or pre-determined keywords, and AI-based Whisper Coaching to provide immediate coaching and feedback to customer service reps. AI Impacting Cyber Threat Landscape Unified Office Opens AI Communications Platform for SMBs AI & AUTOMATIONSource: YouMail Robocall Index Strongly agree Somewhat agree Somewhat disagree Strongly disagree Source: Darktrace Feb-1 Aug-1 Aug-1 Feb-1 Feb-1 Aug-1 Aug-2 Aug-2 Aug-2 Aug-2 Aug-2 Feb-2 Feb-2 Feb-2 Feb-2 Feb-2 AI-powered cyber-threats 26.8% 5.6% 46.8% 20.7% 10.5% 30.0% 24.8% 34.7% 49.8% 2.7% 39.9% 7.7% 54.2% 2.8% 34.1% 8.8% ...are already having a significant impact on my organization ...will likely have a significant impact on my organization 1-2 years from now ...will continue to have a significant impact on my organization well into the future ...are not considered by my organization to be a separate issue or risk from non-AI-powered cyber threats 0 20 40 60 80 100 8 CHANNELVISION | MARCH - APRIL 2025
Exclusive M500 System Promotion Start the New Year with Seamless Connectivity – M500 DECT Solution! We’re excited to launch a special promotion on the M500 wireless family – the perfect communication solution for small to mid-sized businesses, including restaurants and retail outlets The M500 is built for simplicity, scalability, and high-performance, with the ability to use key system functionality in a hosted environment. ©2025 Snom Technology GmbH. All rights reserved. M500 DECT Base Station Discount $25 M55 DECT Handset Discount $5 M56 DECT Rugged Handset Discount $5 M58 DECT Desk Phone Discount $5 Wireless and hassle-free, the M500 ensures easy deployment, no cabling, and a worry-free installation process. Whether in the office or on the go, the M500 adapts as your business grows. Perfect for companies looking to streamline their communication with an easy-to-manage solution.
Research from Eagle Hill Consulting reveals a staggering 68 percent of employees said they regularly spend time on low-value, inefficient work. At the same time, however, 81 percent claimed that their organization delivers quality products and services, suggesting that output is strong, but the process could be more efficient. Indeed, according to the Wrike 2024 Impactful Work Report, organizations waste more than $15,000 per employee per year on inefficient ways of working. And while some might argue that workers can be reluctant to uncover or even protective of inefficiencies in order to protect their employment, the opposite may be true. The research also found that inefficiency appears to be top of mind for workers, as 78 percent of employees indicated that they regularly exchange ideas with colleagues on how to do their work more efficiently, but organizations often aren’t leveraging employee ideas. More than half (56 percent) of employees said their organization doesn’t incentivize them to find ways to be more efficient. Meanwhile, more than nine of 10 IT professionals recently surveyed by OnePoll for GoTo said they would consider the use of AI beneficial for work, with 94 percent saying they would be willing to delegate simple tasks to AI. About three quarters also would be willing to delegate even complex tasks to the technology. On average, IT workers believe delegating tasks to AI could save them more than two hours of work during any given workday, and 83 percent believe it would be easy for them to offload their simpler tasks to AI. The most commonly reported tasks IT teams are looking to offload to AI included monitoring network performance (44 percent), basic device troubleshooting (42 percent), and remediating basic problems (40 percent). AI security company Protect AI launched the Protect AI partner program, featuring foundational members such as World Wide Technologies (WWT), Forcespot and Ensign. The program offers dedicated tools and resources for reseller solution providers and channel distribution partners, helping them tap into the expanding market for securing enterprise AI systems and applications, said the company. The program is expected to help key resellers and channel companies empower their enterprise and government end customers to build, deploy and manage secure, trusted AI environments. It provides tools and strategies for continuous threat detection, proactive vulnerability management and robust response mechanisms for AI systems. “The need for AI security solutions is at an all-time high as enterprises deploy GenAI at scale,” said Ian Swanson, Protect AI’s CEO. “The Protect AI partner program provides partners with the resources and incentives needed to deliver safe, secure and trusted AI solutions, drive revenue and grow their businesses in the rapidly evolving field of secure and trusted AI.” The Protect AI partner program features three tiers, each tailored to a partner’s maturity and expertise in AI security. Partners gain access to a partner portal, with highlights including dedicated channel managers and solution engineers, and co-marketing and individualized training to build expertise in ML development and supply chain security, said the company. Protect AI has more than 60 partners in North America poised to join the program. Optiva, a provider of cloud-native billing, charging and revenue management software on private and public clouds, announced that its business support systems (BSS) platform and charging engine now incorporate agentic AI using advanced generative AI technology powered by Google’s Gemini models. While today’s chatbots are limited to queries and prompts, agentic AI has “agency,” with the ability to act autonomously and independently, adapt, complete complex tasks, make decisions and proactively achieve objectives, explained the company. Optiva’s agentic AI-powered BSS and virtual AI agents, integrated with the Optiva BSS Platform and Optiva Charging Engine, enable intelligent process automation, hyperpersonalized customer experiences and faster resolution times for communications service providers. By leveraging Google’s Gemini models, these AI agents enhance natural language understanding, proactive customer engagement and intelligent automation, reducing OPEX and accelerating time to market. Gemini models also power realtime insights using BigQuery and Looker, helping CSPs optimize and create innovative offerings, improve usage and billing transparency and drive new revenue streams. “We are not simply developing AI agents to streamline operations and improve customer experiences — we are establishing the foundation for a future where these agents can work together seamlessly,” said Chrisaman Sood, AI product strategist at Optiva. “This will create an intelligent, interconnected ecosystem that drives exponential value for telcos of the future.” Automation’s Efficiency Opportunity Protect AI Launches Partner Program to Protect AI Environments Optiva Launches Agentic AI for Telecom BSS AI & AUTOMATION 10 CHANNELVISION | MARCH - APRIL 2025
Putting Data in Motion To succeed in business today, leaders must be able to confidently make informed decisions in real-time. Yet for many companies, high-quality data remains out of reach due to poor integration and availability. In a recent Confluent study from the UK, 52 percent of C-level executives said the data they receive is outdated by the time it reaches their desks – often forcing them to rely on gut instinct instead of intelligence. Despite having troves of data at their disposal, organizations today still struggle with a lack of actionable insights – impacting everything from customer experience to AI performance. According to Adeptia CIO Deepak Singh, data integration is “the critical foundation for AI success in 2025.” Singh also believes that “partners who master modern data integration will become indispensable as they help clients not just connect systems but actually transform business operations.” To Singh’s point, 86 percent of respondents in a Presido study reported having significant data challenges, including ensuring real-time access and gaining meaningful insights. A separate study from Atlan also revealed that data governance – which centers around the quality, availability and security of data – is now a top priority for 65 percent of data leaders, which is higher than AI (44 percent). Data Leaders’ Top Priorities Data governance 65% Data quality 47% AI 44% Self-service 32% DataOps 19% Source: Atlan With GenAI losing steam in the market and business leaders looking for greater ROI, partners are encouraged to shift conversations toward data quality and availability to help customers achieve stronger outcomes and improve decision-making. Unlocking the Value As Steve Jobs once alluded, innovation is all about making connections between seemingly unrelated topics. Likewise, the true value of data doesn’t come from individual points but from the connections that arise when you bring them together and make observations. Considering this, it’s not just about hoarding data. Companies must use data to tell stories that resonate By Gerald Baldino AI & AUTOMATION Why data integration and pipelining should be top of mind for technology advisors 12 CHANNELVISION | MARCH - APRIL 2025
Easton Telecom has been has been a full service business-to-business telecommunications supplier for 30 years. Easton is a great fit for multi-location accounts, all services and locations are billed on one invoice with one place to call for customer service. Easton Telecom Distributor Program Partner with Us Today! Why Choose Us? Consultative Sales Approach- Easton will qualify, quote and complete all necessary paperwork for you Buy Rates Offered- YOU control the commission percentage by setting your own retail rates Provisioning, Customer Service & Monthly Invoicing- All handled by our experienced representatives 24/7 Customer Service & Expertise- Always answered by a live person. On average, our reps have 25+ years industry experience Get in Touch Have questions or need a quote? Our Channel Manager is here to help you find the best solution for your customers. 1-800-222-8122 Channel Manager Jim Leedy jleedy@eastontelecom.com www.eastontelecom.com Internet Fiber, Broadband, COAX, SD-WAN, Fixed Mobile Broadband, Collocation Services & MPLS Voice Sip Trunks, UCaaS, SIP PRI, Business Lines & POTS Replacement Services Wireless Voice/Data/Text
with both internal and external stakeholders. All types of business analysis – descriptive, diagnostic, predictive and prescriptive – ultimately require clean, accurate and high-quality data. But raw data is similar to crude oil. It’s messy, unstructured and unrefined. Before businesses can use it, they must have a system in place to process, analyze and store it. Otherwise, data is more of a liability than a strategic asset. And this is where data integration and pipelining come into play. Integration Overview Companies today pull in vast amounts of data from various sources such as IoT sensors, websites, social media, spreadsheets and applications. The challenge is that these sources are often siloed. In addition, raw data has varying levels of quality and consistency. Before data can be used, it must be cleaned and transformed into a unified format. To accomplish this, companies need to move data from source locations to staging areas and warehouses or lakes. This process is called data pipelining. There are several types of data pipelines to consider. For example, companies may use batch pipelines to process data at intervals or streaming pipelines for real-time data flows. Various strategies exist which involve extracting, transforming and loading data into storage for easy access. Some examples include extract, transform, load (ETL); extract, load, transform (ELT); and extract, transform, load, transform (ETLT). By implementing modern data pipelines, companies can ensure they are giving different AI and machine learning algorithms and data visualization tools clean, accurate and reliable information – resulting in stronger outputs with fewer errors. “Companies have realized that AI models are only as good as the data feeding them, yet most struggle with fragmented, inconsistent data trapped in silos,” Singh said. “This creates a massive opportunity for channel partners to solve the ‘first-mile’ data problem – helping businesses transform raw, messy data from customers and partners into structured, usable information.” Ideally, every company should have comprehensive pipelines for moving data from ingestion to production. But for many companies, their environments look nothing like this. All too often, information flows into the business and winds up stagnating, which leads to missed opportunities. What’s interesting is that businesses will go to great lengths to protect their data or recover it from ransomware attacks – especially mission-critical data. At the same time, companies often neglect data processing and integration which leads to stagnation and poor data ROI. This limits a company’s ability to unlock value and drive growth. In addition, companies often rely on bad data to make decisions. This can be especially risky when using AI systems. For example, Harvard Business School found that poor input management and flawed training data can negatively impact AI’s output. In a study, researchers analyzed work schedules for thousands of retail employees during a five-year span. They discovered that 7.8 million shifts (7.9 percent of the total) required manual modifications resulting from incorrect information that was provided to the AI model. “If you put in garbage, the AI tool – no matter how sophisticated it is or how complex it is or how much data you feed it – will produce something that’s suboptimal,” explained Caleb Kwon, a doctoral student who led the study. “And that’s exactly what we found: the schedules generated by this AI tool do not reflect the reality of what employees can and can’t do. The generated work schedules were effectively useless.” The study indicates that companies typically experience the strongest benefits when they have “strong, principled controls in how AI tools are set up and managed before deployment, rather than treating them as autonomous solutions.” Source: 64 Squares 14 CHANNELVISION | MARCH - APRIL 2025 Source: Datamation
QUESTBLUE Cloud Based Communications ADAPTABLE API MESSAGING VOICE CLOUD PBX Power your business with QuestBlue’s reliable cloud solutions. Enjoy guaranteed call quality, customizable APIs, 24/7 support, and much more! Contact us! | questblue.com | 877-686-4787 Capacity + Quality, Guaranteed Call Delivery! Visit QuestBlue at Channel Partners Booth 1954
Creating Urgency It’s unrealistic to suggest that partners can transform the way companies manage data overnight. A complete data management overhaul can take several months and require input from both IT and business units. That said, time is running out for companies that want to stay ahead of the game with AI. As businesses become increasingly AI-driven, the need for reliable and consistent data integration is accelerating. Partners who want to be early movers with agentic AI must ensure that customers have refined data integration strategies and efficient pipelines. According to Tray.ai, more than 86 percent of enterprises will require upgrades to their current tech stack in order to deploy AI agents. And in a separate study from Salesforce, 62 percent of respondents said their data systems aren’t fully configured to leverage AI. In light of this, now is the time for partners to create a sense of urgency and start helping customers mature data integration. Doing so will help drive stronger returns from technology investments and create additional sales opportunities around networking, cybersecurity and data center services. “The key to helping customers transition beyond legacy integration is showcasing the business impact of modern approaches versus the technical limitations of traditional tools,” Singh said. “Partners should focus conversations on business outcomes – like reducing customer onboarding from months to days or empowering business users to manage connections without IT dependency rather than technical features.” Singh recommends partners start with a “quick win” approach by focusing on a high-visibility, high-pain use case where traditional integration is causing business bottlenecks. “This creates a compelling internal success story,” Singh said. “Also, help customers understand the hidden costs of their legacy approach – not just licensing fees but the opportunity costs of delayed onboarding, IT bottlenecks and inability to scale partner connections. When customers see integration as a business accelerator rather than a technical hurdle, the transition becomes much more compelling.” o How IT Leaders Describe Plans for Autonomous Agents Already in place 40% Intend to implement within a year 41% Intend to implement within two years 13% Intend to implement in more than two years 4% Do not intend to implement 2% Source: Atlan TRAILBLAZING SOLUTIONS Dark Fiber Dedicated Internet Access Ethernet & Wavelengths Data Center Interconnect (DCI) Fiber Connectivity into 260+ DataCenters Ability to fully leverage bandwidth up to 100Gbps Fiber reach into rural areas Higher Payouts Earn high commissions & SPIFFs Dedicated Team Easy access to personalized service Master Agent Choice FiberLight partners with all 10 top Master Agents so you have the freedom to choose Quick Quoting Turnaround No longer than 24 hour response time for all quotes CREATING HAPPY CAMPERS SELL S’MORE | WORRY LESS LEARN MORE 3x 5G MRR and below 2x 10G MRR and over/100G Wave 1x 100G MRR Dedicated Internet Access -One-time payment upon customer service installation. -On-Net Data Center to On-Net Data Center Only -3yr Minimum Term Required -Customer is Responsible for Cross Connects -DIA- /29 included; Anything Over is Cost Associated These one-time payouts are exclusive to New FiberLight End-User Customers (defined below) or current FiberLight Customers who are adding a new location for Service and are paid upon FBL’s sole discretion. New FiberLight End-User Customers are defined as a Customer who (i) is initiating Services (defined below) with FiberLight for the first-time, or (ii) formerly was a FiberLight Customer but terminated all Services with FiberLight and is initiating Service with FiberLight again. All Service orders must be classified as “Closed Won” in FiberLight’s Salesforce.com to be eligible for payment. Notwithstanding, payment and New FiberLight End-User Customers classification shall be at FiberLight’s sole and absolute discretion. FiberLight reserves the right to terminate this program at any time without notice. This offer will apply for a limited period of time, beginning Feb. 1, 2025 and expiring on May 30, 2025. Limited Time Offer 16 CHANNELVISION | MARCH - APRIL 2025
877-884-5200 channel-sales@granitenet.com granitenet.com Partner with Granite and add the best future-proof, reliable, and cost-effective POTS replacement solution to your portfolio. Offer your clients the stability to navigate today’s disruptive telecom environment with confidence. THE SUPERIOR POTS Replacement Solution Endorsed by CAL Fire PATENTED TECHNOLOGY APPROVED BY CALFIRE APPROVED BY FDNY NFPA 72 COMPLIANT HIPPA COMPLIANT PCI COMPLIANT KNOW YOUR REAL COST. BATTERY BACK UP SWITCH TO 4G LTE END TO END ENCRYPTION BACKED UP INTERNET CONNECTION BUILT-IN SBC & IAD SOFTWARE FLAT-RATE PRICING BUILT-IN CLASS 5 SWITCH ADVANCED ACTIVE MONITORING NFVN Gold Standard Checks Off All Your Compliance Needs Checks Off All Your Technology Needs Granite cares about the Partner Experience, which is why we include everything, up front, in a flat rate quote. Suprises are for birthdays, not business.
Machine identity security is quickly becoming a critical aspect of modern cybersecurity strategies, and it’s more than likely that many of your customers are struggling to build a cohesive approach to protect these digital credentials, suggest findings from identity security company CyberArk. Playing a foundational role in connecting devices, applications, APIs and cloud services securely, machine identities are the unique descriptors that “identify” servers, computers, phones and other devices to enable communication and system access. And as their use continues to expand, so does the complexity of managing them effectively, warned CyberArk researchers. For starters, machine identities now outnumber human identities by an overwhelming margin. Driven by factors such as the rise of cloud native technologies and personal devices, AI and IoT, not only are there more machine identities than ever in corporate networks, but the shrinking lifespans of machine credentials in today’s fast-paced development cycles further adds to the sheer scale. “Each instance requires a unique identity to authenticate and communicate securely, adding to the already staggering growth in machine identities – particularly as organizations begin to embrace agentic AI,” researchers at CyberArk pointed out. Moving forward, 79 percent of organizations expect the number of machine identities to grow during the next year, with 63 percent projecting increases of up to 50 percent, and 16 percent anticipating more aggressive growth between 50 and 150 percent per year. The end result is more points of potential failure. Not surprisingly, malicious actors have taken notice. Cybercriminals now target machine identities as entry points for attacks, and those types of attacks are increasing in numbers, reported CyberArk. “By exploiting weaknesses in authentication systems or leveraging expired or mismanaged credentials, attackers can move laterally within networks, access sensitive data and disrupt critical operations.” Among the most concerning machine ID assets vulnerable to compromise are API keys and SSL/ TLS certificates, both reported by about a third of security administrators as having been compromised, with SSH keys, code signing certificates and mobile certificates closely behind. Also not surprisingly, this list is for the most part consistent with the list of machine identities that are perceived as difficult to secure. Already, half of organizations surveyed reported security breaches linked to compromised machine identities in the past year. And the business impact of these breaches is significant, with victims reporting delays in application launches, outages that hurt customer experience and unauthorized access to sensitive data or networks. In addition to compromises, certificaterelated outages, which prevent access to business-critical systems, are especially prevalent, with 72 percent of organizations experiencing at least one in the last year and 34 percent suffering multiple. Most organizations recognize the critical role of machine identities in securing systems and data. A full 92 percent work under a machine identity security program, and 44 percent plan to expand their use. On the other hand, the broad adoption doesn’t always equate to maturity. More than four in 10 security leaders admit their organizations lack a cohesive machine identity security strategy across environments, business units and machine identity types. o Top Machine IDs Involved in Security Incident API keys 34% SSL/TLS certificates 34% IoT certificates 29% SSH certificates 28% Service account tokens 27% Top Machine IDs Challenging to Secure API keys 36% SSL/TLS certificates 34% IoT certificates 33% SSH keys and certificates 27% Mobile certificates 26% Source: CyberArk Machine identity security a growing priority By Martin Vilaboy CYBER PATROL Rage Against Their Machines 18 CHANNELVISION | MARCH - APRIL 2025
MAKE INTELLIGENCE YOUR ADVANTAGE JOIN THE REVOLUTION INTELLIGENT CELLULAR www.cellsmart.io INTELLIGENCE Leverage 15 million RF data point and bespoke testing carried out for your customers. SIMPLICITY Gain a dedicated team that are experts in monetising FWA. AGILITY Deploy FWA in 5 working days or less across the continental US. We’re ready to help you win high-margin contracts, and rapidly grow profitability with FWA. Contact our partner TMR on: cellsmart@ask4tmr.com. Call the team on: (248) 419-7120.
Sharing Their Pain For the past several years, executives in charge of keeping business networks safe and secure have been dealing with the widely noted disparity between the demand for cybersecurity expertise and the available pool of qualified professionals. This so-called “IT security skills gap,” in turn, has been a staffing priority for the majority of IT administrators. Given the breakneck pace of technological advancement, compounded by the ever-shifting and increasingly complex threat landscape, perhaps it’s not surprising that companies have found it difficult to keep security operations staffed with the skillsets needed to defend them from sophisticated attackers or AI-generated exploits. Perhaps it’s not even surprising when companies throw in the proverbial towel when it comes to internal staffing efforts. According to a new survey of mid-sized to small businesses by security provider Forta, the number of respondents – when asked about their cybersecurity staffing strategy – that said they were “improving the skills of [their] staff” actually dropped this year to 61 percent from 68 percent that said the same in 2024. When asked about their top five cybersecurity initiatives for the next six months, the percentage of respondents that cited “improving security skills” likewise dropped, from 58 percent in 2024 to 51 percent in this year’s survey. This shift in staffing strategy and priorities could very well stem from expectations that emerging AI-infused tools will help to alleviate some of the IT expertise burden. On the other hand, “We continue to see an increase in managed security services adoption,” said researchers from Forta. CYBER PATROL By Martin Vilaboy A fresh look at SMB security challenges and priorities 20 CHANNELVISION | MARCH - APRIL 2025
SCAN TO LEARN MORE! y Data center connectivity y Tower locations y Full coverage maps y And more! gpcom.com/carrier | gpcwholesale@gpcom.com Access exclusive, high-capacity fiber routes designed for resilience, speed and performance - with 100G and 400G connectivity for the most demanding applications. y Unique routes for redundancy and security y Diverse, low-latency paths for ultimate reliability y Seamless scalability for future growth Denver Denver Denver Cheyenne Cheyenne Omaha Omaha Omaha Kansas City Minneapolis Des Moines St. Louis Chicago Davenport Chicago Chicago Indianapolis Indianapolis Cincinnati Cincinnati Key Routes UNMATCHED ROUTES Go where others can't
Its survey found that the number of respondents utilizing managed security services has risen from 33 percent to 39 percent. And, “It is very probable that this trend might continue,” said the annual state of cybersecurity report. The primary driver is to transfer a portion of operational burden to a third party to free up resources for higher value projects, the research suggested. “Given the problem of always trying to find (or train) enough experts … keeping SOCs constantly staffed with the skillsets needed to secure a rapidly changing digital world can be a task,” the report continued. “If you take advantage of a third party that has the skills your organization lacks, you’ll save costs on employees (hiring, training, etc.). Plus, with a more skilled security workforce, you increase your chances of saving any expenses you might otherwise risk in a breach” Of course, in order for MSPs and technology advisors to gain the attention and trust of SMBs that are considering a move from in-house to outsourced security, they must be in tune with the proper pain points, priorities and desired outcomes of the buying circle. When SMBs were asked to identify the top five plaguing security concerns facing their organizations in 2025, results were pretty consistent with 2024. Phishing/smishing and malware/ransomware once again topped the list of perceived risks, followed by social engineering and data loss/leakage. However, due to the explosion of sites, tools What are your organization’s top 5 cybersecurity initiatives for the next 6-13 months? Source: Uptime Institute; 2022 How confident are you in your knowledge, of the security tools you deploy? Source: Forta 2025 State of Cybersecurity Survey Source: Forta 2025 State of Cybersecurity Survey US Monthly Robocall Volume Very confident Somewhat confident Confident Not confident 73% 77% 66% 75% 74% 73% 62% 59% 63% 54% 58% 51% 44% 50% 36% 39% 25% 22% Identifying and closing security gaps Improving security culture and awareness Limiting outsider threats (e.g.; phishing, ransomware) Compliance Securing data in the cloud Improving security skills Limiting insider threats Security in the supply chain Consolidating tools 2024 2025 58% 20% 19% 3% 6,000,000,000 Despite any hype and hyperbole, even the most trusted and tried cybersecurity frameworks are only getting slightly more than 50 percent use by most mid-sized to small business today, show Forta’s findings. While this isn’t indicative of the value they bring to the table — only organizations’ abilities (or desire) to implement them – the NIST Cybersecurity Framework (CSF) saw the highest adoption rates at 54 percent, which is 5 percentage points down from last year. The U.S. Defense Department-specific CMMC unsurprisingly saw only 7 percent adoption. However, the international standard ISO 27001 was almost as widely in use as NIST CSF, boasting a 48 percent followership, and MITRE ATT&CK took home slightly less than a third (32 percent). All told, 61 percent of companies claimed they knew what they needed to do in terms of compliances and were on track to get there. That left nearly four in 10 that admitted to needing help. Compliance Conundrum 22 CHANNELVISION | MARCH - APRIL 2025
and services leveraging emerging technologies such as GenAI, one in two organizations now consider “evolving technology” as a primary security threat in the coming 12 months, up from the 35 percent that said the same in 2024. Another interesting phenomenon seen in the Forta findings was the perceived risk of zerodayattacks dropping dramatically, falling from 50 percent of respondents in 2024 to 38 percent this year. “This could be due to better detection and response tools in the market (and in security stacks) and the fact that so many of this year’s AI-driven cyber tools claim to specialize in zero-day mitigation,” surmised the survey. Turning from perceived threats to organizations’ top cybersecurity initiatives for the year, security experts responded that identifying and closing security gaps was first on their list (77 percent). “It could be that companies are on the defensive as new forms of AI-based threats loom on the horizon and sprawling data feels exposed in an ever-growing cloud,” said Forta analysts. Notably, improving security awareness, including through explicit company policies and employee training, took the number two spot, listed by 75 percent of respondents (up from 66 percent last year). “It was encouraging to see a bump in these metrics, as teams know you can implement as many tools as you want, but your first line of defense is always your staff (especially in an era when social engineering sophistication is rapidly on the rise),” Forta analysts continued. Somewhat surprisingly, the priority of “securing data in the cloud” dropped from 63 percent in 2024 to 54 percent this year. That could be less about the importance of the cloud, however, and more because cloud security is so ubiquitous now that it has ceased to be an “initiative” and has just been adopted into the “day to day,” argued the Forta study. Partners that are able to discuss solution procurement and vendor consolidation, meanwhile, are more likely to get a seat at the table, as well. “Speaking of security concerns, it seems that the vendor sprawl ‘boom’ of the past decade or so might finally be ready to ‘bust,’” said Forta analysts. When asked how many security vendors were currently in use at their organizations, 70 percent of respondents answered that they use fewer than 20. “This is a huge departure from the 60 to 75 vendors estimated in use by the average company even earlier this year,” they continued. Indeed, a full 61 percent of cybersecurity professionals surveyed expressed that they had already begun the process of vendor consolidation or were planning to start it, possibly leveraging the help of managed services. Vendor consolidation, as Forta analysts pointed out, has been encouraged by the fact that vendors themselves are taking on more tasks. “Now, instead of offering single-solution products, more vendors are offering multiple features on a single product,” said the survey report. “This helps to eliminate unnecessary overhead and remove the management burden that comes with multiple tools and companies.” Overall, among those respondents that engage in managed services, the majority (60 percent) used them for penetration testing services to satisfy compliance requirements – representing a significant increase in outsourcing – followed by email security/anti-phishing (56 percent) and vulnerability management (47percent). “This is a notable trend as these solutions are proactive and preventative, rather than reactive and response oriented,” Forta analysts concluded. “It would denote a priority shift among defenders to stop breaches before they start, rather than investing solely in outside entities that could help with cleanup alone.” o Top Drivers of Vendor Consolidation Improved security posture 71% Cost savings 69% Reducing operational management 66% Time savings 44% Other 6% Source: Forta 2025 State of Cybersecurity Survey How confident are you in your knowledge, of the security tools you deploy? Source: Forta 2025 State of Cybersecurity Survey US Monthly Robocall Volume Source: YouMail Robocall Index Very confident Somewhat confident Confident Not confident 58% 20% 19% 3% 6,000,000,000 5,000,000,000 4,000,000,000 3,000,000,000 2,000,000,000 1,000,000,000 Feb-17 Aug-17 Aug-18 Feb-18 Feb-19 Aug-19 Aug-20 Aug-21 Aug-22 Aug-23 Aug-24 Feb-20 Feb-21 Feb-22 Feb-23 Feb-24 AI-powered cyber-threats 24 CHANNELVISION | MARCH - APRIL 2025
Since 2011, we've been a financial lifeline, providing fast, easy funding when others can't. Our commitment to innovative solutions for your growth continues to exceed expectations. All-Inclusive Financing: includes delivery, installation, and software.
Over the Edge By Martin Vilaboy As network capabilities move to the edge, so have threat actors There are at least two notable findings that should concern MSPs within ConnectWise’s most recent MSP Threat Report, which draws from millions of endpoint detection and response (EDR) and security information and event management (SIEM) alerts across thousands of MSPs and their clients to gauge trends within cybersecurity. For starters, “MSPs are increasingly in the crosshairs of attackers targeting the IT ecosystem,” warned the report. Instead of risking the government and media attention that tends to come with attacking larger entities, threat actors are shifting interest to several smaller payloads and are using MSPs – which may have fewer cybersecurity resources – as gateways to attack all their small and midsized (SMB) customers, said the ConnectWise research team. “Additionally, they are shifting tactics more quickly to try and find vulnerabilities faster than MSPs can fix them.” Secondly, threat actors increasingly are focusing their attention on the network edge, the report continued, underscoring the expanding attack surface that MSP must defend. While phishing continues to be the prevalent attack vector, “vulnerabilities in edge devices provide an alternative and often highly effective method for compromising company networks,” said the ConnectWise research unit. While edge devices such as firewalls, VPNs, RDP gateways, cloud edge solutions and IoT devices often are the first line of defense against cyberthreats, bad guys “are consistently exploiting flaws in these devices to gain initial access to networks,” often leveraging them as entry points for ransomware campaigns and other post-compromise activities, said the report. Indeed, ConnectWise noted a “sharp increase” since January 2024, in attempted attacks on edge devices, including more than 84,000 recorded alerts targeting specific vulnerabilities in major brands such as Cisco, SonicWall, Palo Alto, Citrix, Check Point and Ivanti. Of course, as remote work becomes the norm, hybrid cloud environments proliferate and organizations expand their digital footprints, the importance of securing edge systems cannot be overstated, as their security directly impacts the integrity of the entire network. Perhaps that partly explains the increasing popularity of secure access service edge CYBER PATROL 26 CHANNELVISION | MARCH - APRIL 2025
(SASE), which according to Gartner surveys has been adopted already by 39 percent of enterprises with 60 percent having a clear-cut strategy to adopt SASE in 2025. A top driver for SASE adoption, after all, is its ability to deliver “secure remote access,” show recent surveys by security provider Xalient and HP Enterprise. All the while, the most widely used component being actively used by SASE customers is SSE, or secure services edge, shows the Xalient survey. Edgy Trends Within the rising tide of attacks targeting edge systems, the ConnectWise research unit observed and recorded some common trends in the tactics used. For example, many highprofile breaches have been traced back to edge devices running obsolete or outdated software, such as the Moveit vulnerability, which allowed attackers to exploit unpatched file transfer systems, leading to significant data breaches and financial losses. Meanwhile, exposed remote access, such as through RDP gateways, VPNs, SSH and other remote capable services, are frequent targets for brute-force attacks, said ConnectWise. “Many attacks that targeted these services were perpetrated with compromised or default credentials. A notable example involved ransomware groups exploiting exposed RDP services to infiltrate a network and encrypt files,” said the report. Misconfigured services likewise are a trending issue. That includes misconfigured firewalls, open ports and poorly secured cloud gateways that create opportunities for unauthorized access, said ConnectWise researchers. In one instance, a misconfigured Citrix appliance was exploited, enabling attackers to bypass authentication and gain administrative control over a network. And this year, many of the widely exploited vulnerabilities involved zero-day attacks targeting network edge technologies, showed the report. Of course, it’s not just edge devices that are of concern; ConnectWise reported a mass exploitation of edge software. “Threat actors have increasingly targeted vulnerabilities in edge software such as Moveit, CitrixBleed, Cisco XE, Fortiguard’s FortiOS and Ivanti ConnectSecure,” said the MSP Threat Report. “These services, which are often exposed to the internet, are attractive entry points for attackers seeking initial network access.” And not so surprisingly, threat actors have intensified attacks on edge platforms that lack traditional endpoint detection solutions. Attacks on IoT devices and OT devices surged due to their limited monitoring capabilities, showed the findings. On the flip side of things, MSP face several challenges in the implementation of strong and secure edges for their customers. Arguably the fault of no one is the complexity of today’s environments. “The convergence of on-premises, cloud and IoT systems creates a complex environment that can be difficult to monitor and secure,” ConnectWise researcher pointed out. This can lead to a lack of awareness in which many organizations simply are unaware of the extent of their exposed services or the potential risks associated with misconfigurations, they continued. 31% 30% 28% 28% 27% 23% 23% Secure Service Edge (SSE) Secure Web Gateway (SWG) Cloud Access Security Broker (CASB) Software Defined Wide Area Network (SD-WAN) Firewall as a Service (FWaaS) Domain Name System (DNS) layer security Zero Trust Network Access (ZTNA) Respondents were actively using the following components of their SASE solution: Source: Xalient tacks against edge device vulnerabilities over time rce: ConnectWise 1/15/24 2/15/24 3/15/24 4/15/24 5/15/24 6/15/24 7/15/24 8/15/24 9/15/24 10/15/24 11/15/24 12/15/24 8000 7000 6000 5000 4000 3000 2000 1000 0 Timestamp Per Week Recommendations to Mitigate EDR Evasion ▪ Enable tamper protection: Many EDR vendors allow for the activation of tamper protection features that can prevent attackers from disabling or changing configurations. ▪ Block vulnerable drivers: Consider blocking drivers that are vulnerable or unnecessary for business operations or create a specific allowlist only for the drivers you require. ▪ Regularly audit and patch systems: Ensure all systems, including EDR tools, are up-to-date and secure against known vulnerabilities. ▪ Segment networks: Ensure networks are segmented to prevent lateral movement in case of a breach. ▪ Enhance logging and monitoring: Maintain robust logs and use SIEM solutions to identify anomalies across environments. ▪ Consider red team exercises and vulnerability assessments: Simulate attacks and conduct automated scans or manual vulnerability assessments to identify weaknesses in your network’s defenses. Source: ConnectWise 28 CHANNELVISION | MARCH - APRIL 2025
channelvisionmag.comRkJQdWJsaXNoZXIy NTg4Njc=