This month the media has reported various serious data breaches throughout Europe.
The Netherlands has experienced its second largest breach until now with data belonging to millions of Dutch citizens having been leaked on Torrent sites. In Germany, a shipbuilder which makes military vessels as well as luxury yachts, has become the target of a ransomware cyberattack. Belgian authorities have opened an investigation into a cyberattack against at least two energy companies based in the port cities of Antwerp and Ghent. While this made headlines, these breaches are not new, and we expect news headlines like these to abound in the upcoming months and years.
I believe this is a result of boards and management teams of organizations not understanding the full weight of the need to be in control of their networks. While there is a growing awareness of this, it still falls short of what is required for robust information security.
To my disappointment,
this laxness was quite evident at Cloudfest in March of this year. Only a few booths at the tradeshow were occupied by information security firms and only a handful presentations were related to the topic of information security.
We still have a long way to go.
In this partner newsletter you will receive updates on progress in the Lighthouse platform, be reminded of the importance of certification, be introduced to the “Drafting an incident response plan workshop” to our partners, we will mention a proposal of Google to reduce maximum certificate validity and much more!
Kind regards, On behalf of the Guardian360 team,
Jan Martijn Broekhof
Managing
Director
Lighthouse
update
In our frontend feature factory, this month we have seen a focus on how we can add value to our partners sooner rather than later while still rolling out our new platform. We decided to roll out our front-end as a Minimal Viable Product.
Minimal – What is the fastest way we can add the most value? Viable – It must be useful and add value to our client’s workflow. Product - It must be complete and production ready.
Our focus is on delivering a new dashboard as our first standalone feature. The dashboard will have a date range filter on it that to allow information on the dashboard to be filtered by a timeline of events.
The filtered results will also be able to be exported to PDF and an image so that it can be used for reporting.
Reporting has been high on the agenda for our partners, and we believe this will offer the first steps to provide a meaningful interface that will help save time and allow our partners to show
insights to their clients with less effort than they do now. This functionality will be expanded in the future as we receive feedback.
Features will be added incrementally as we progress through our various features.
While all of this is very much client facing, there is some ground-breaking work being done by our Site Reliability Engineers as they are finally testing Lighthouse on Kubernetes! They have been painstakingly working towards this moment for the past two quarters, and while there is still some work to be done, it’s looking very sunny.
What does this mean for our customers? It means a more robust, faster and more scalable solution. The work done by our SRE’s while often unseen, is at the heart of what we do and is what allows us to offer innovative scanning solutions that can complete with the best!
Earlier this year we introduced our new partner program. The details are available in a dedicated newsletter that can be found on our partner portal.
Change of partner status
Partners with an Authorised status will be relegated to our Sales status as of July 1, 2023, unless they meet the Certified, Advanced or Premium status requirements.
Training is mandatory for Partners who wish to obtain and maintain the new Partner levels (Certified, Advanced or Premium). These certificates are valid for 1 year.
Please ensure that you and/or a colleague are certified before July 1, 2023, to receive the partner status that is relevant to your organisation. You can sign up via the links below.
Training
In order to accommodate our partners’ preferences, locations will alternate from month to month between our Guardian360 office in Utrecht or online. Certificates will be awarded on completion: sales representatives will obtain the Guardian360 Sales Expert certificate, and engineers will obtain the Guardian360 Technical Expert certificate.
Goals of the commercial training
To enable Partners in a way that they can:
present themselves as an information security authority to clients
present the right pitch and offer the correct services
create Guardian360 quotes by themselves
demonstrate Guardian360 Lighthouse to their clients
Goals of the technical training
To enable Partners in a way that they:
understand the technical infrastructure of Guardian360 Lighthouse
support their sales colleagues during presentations
know how to onboard customers on Guardian360 Lighthouse themselves
learn about the prerequisites and how to perform troubleshooting
can setup a demo account for their sales colleagues
Over the past few years, our partners have become increasingly in control of their customers' information security. The Guardian360 services and the 9-plane model have ensured that a number of preventative, mitigating and curative measures have been taken in relation to people, process and technology. We have, however, also observed that many partners do not yet have a good playbook on how to act and communicate when an
incident is in progress. For example: -where to assign people? -who should be notified? -in what way should systems be available? -which systems should be available first? This is why Guardian360 is planning to hosting a workshop for its partners to set the foundations for a solid playbook. We have teamed up with Lucinda Sterk and Lisa de Wilde, to come up with a workshop to share a foundational principals needed to
implement a comprehensive playbook on how to act in the event of an incident. If you're interested to join the workshop, please let us know via the button below.
Reduction of TLS certificate maximum validity from 398 to 90 days
On March 3, Google proposed to reduce the maximum validity of TLS server authentication subscriber certificates from 398 days to 90 days. “Reducing certificate lifetime encourages automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes. These changes will allow for faster adoption of emerging security capabilities and best practices, and promote the agility required to
transition the ecosystem to quantum-resistant algorithms quickly. Decreasing certificate lifetime will also reduce ecosystem reliance on “broken” revocation checking solutions that cannot fail-closed and, in turn, offer incomplete protection. Additionally, shorter-lived certificates will decrease the impact of unexpected Certificate Transparency Log disqualifications.” This development makes it even harder for managed services providers and IT-services providers to keep up with certificate management. Keep a keen eye on the Guardian360 Lighthouse dashboard to be informed about outdated certificates.
Jeff is present at Cybersec Europe 2023 today at Brussels Expo. Please drop him a message if you’d like to catch up.
Together with a few other Dutch information security firms we’ll organize a Kingsday networking event at Schloss Nymphenburg in Munich, Germany on 26 April. This is part of the partners in business Germany program we enrolled for in 2022.
Much has happened since we shared a G360DAO update! Community manager Emmanuel started reaching out to renown information security experts from his New York residence. He also hosted a few fireside chats via Twitter spaces with smart contract auditors and security specialists. The content on the G360DAO blog is growing.
This has resulted in more participants having joined and contributed on Discord, as well as more robust discussions and interactions via Twitter. While we are off to a good start, we still need plenty more participants so that we can harness the wisdom of the crowd to create “the definitive information security solution”.
We invite you to join us on our journey; simply join the G360DAO Discord and start interacting with other G360DAO participants.
On the 10th of May Jan Martijn will be interviewed at the EY Global Blockchain Summit in London where he will share his insights gained from the setup of G360DAO. We're excited to share what we have learned until now! The event will be broadcast via YouTube, please refer to the button below to find out more about the full program.
Guardian360 is on the lookout for a Software Engineer and a Site Reliability Engineer with passion for automation and software engineering to join our team. We are not looking for just anyone. The new colleague must fit seamlessly into our team and culture. We place high demands on the knowledge, experience, and motivation of this new colleague. Finding these “jacks of all trades” may take a little longer, but we are happy to take that time to find the perfect colleagues!
If you know someone who fits one of the profiles, would you kindly point them to our vacancy?
Schedule a meeting with one of our Partner Success Managers or Customer Reliability Engineer?
Do you have something you would like to ask us? Getting in touch with one of our Partner Success Managers of Customer Reliability Engineers has never been easier! Simply click the button below and schedule a meeting in their calendar.
