Today is Monday, March 23, 2026. Welcome to In Case You Missed It, our weekly five-minute rundown of important channel news stories that might have flown under the radar last week.

This episode of In Case You Missed It is brought to you by ESET Canada. ESET’s Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women pursuing careers in cybersecurity. Applications close April 8. Learn more and apply.

On this episode:

This week on In The Channel:

Welcome to In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca. Today is Monday, March 23rd, 2026. Let’s get your week started right.

This week’s In Case You Missed It is brought to you by ESET Canada. ESET’s Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women pursuing careers in cybersecurity. Applications close April 8th. Learn more and apply at eset.com/ca. ESET – protecting progress.

The biggest Canadian tech infrastructure story in a while landed last week, and it didn’t come from Toronto or Montreal or Vancouver. Bell Canada announced a partnership with SaskTel and SaskPower to build a 300-megawatt AI data center outside Regina, Saskatchewan. The facility is projected to generate up to $12 billion in economic value for the province, and it’s being positioned as Canada’s largest purpose-built data center.

The anchor tenants tell you where this is headed: Cerebras Systems and CoreWeave, two of the biggest names in AI compute infrastructure, are signed on. This isn’t a general-purpose facility — it’s built for the kind of GPU-dense, power-hungry workloads that AI training and inference demand.

For the Canadian channel, there are a few things to watch. Local IT providers in Saskatchewan and Western Canada could see downstream opportunities in connectivity, edge infrastructure, and professional services around AI deployments. The data sovereignty angle is real — keeping AI compute on Canadian soil is increasingly a selling point with public sector and regulated-industry customers. And the scale of this investment signals that Canada is becoming a serious destination for AI infrastructure, not just a market that consumes AI services built somewhere else.

If you’re quoting hardware right now, you need to see WBM Technologies’ March procurement update. It’s the most useful thing a Canadian partner has published this month, and the message is blunt: They’re telling customers to buy the RAM and storage you need to support your systems for the lifetime of that system.

Every single vendor category WBM tracks is now listed as constrained. HPE has seen a 24 to 30 percent list price increase in March alone, with quote validity down to just 14 days. Fortinet is implementing monthly 10 percent price increases. Dell expects further adjustments on March 30th. And HP is coming with another minimum 10 percent increase on April 1st.

WBM is linking to Nature magazine, which is calling this “RAMmageddon.” If you’ve been following our coverage of the component shortage over the past few weeks, this is the same story, but it’s accelerating. We’ll have a link to the full WBM update in the show notes. It’s worth bookmarking.

Two weeks ago on this podcast, we talked about Ingram Micro’s AgenTeq platform and the push to bring agentic AI into the distribution workflow. Now AWS is doing something similar inside Partner Central.

At its Global Partner Summit, AWS announced AI-powered sales agents built on Amazon Bedrock AgentCore. Partners can upload meeting notes and have opportunity records auto-updated. The agent flags whether a deal qualifies for AWS funding programs like MAP and can generate draft funding requests pre-filled with deal details. AWS says partners using its solution matching engine are seeing 15 percent higher win rates and 44 percent faster close times.

The pattern is becoming clear: vendors are using AI to fix the messy middle of partner selling — the admin, the quoting, the funding applications, the administrivia. Worth watching how quickly this becomes table stakes.

And finally, Exabeam launched a new commercial framework for MSSPs last week, offering two licensing models: a single pooled multi-tenant option and a federated subscription model. The idea is to give managed security service providers more flexibility in how they package and price Exabeam’s SIEM and analytics platform for their customers. For partners building or scaling MSSP practices, it’s worth a look. We’ll have a link in the show notes.

Those are some of the things we were paying attention to last week. 

Big week ahead on In The Channel. 

Peter Kujawa from ConnectWise’s Service Leadership practice on why Canadian MSPs are planning the lowest pay increases of any region — and why that might not be a bad thing. 

Rob Scott from Monjur on why most MSP contracts wouldn’t survive a courtroom. 

Cisco Canada on the perfect storm driving a multi-year infrastructure refresh. 

And our very first Life After the Channel episode, with Martin McNicoll, who went from NetSuite President’s Club to making grain-to-bottle whisky in the Eastern Townships. 

For ChannelBuzz.ca, I’m Robert Dutt. Have a great week, and I’ll see you in the channel.

For as long as I’ve covered the channel, someone has been predicting the end of distribution. The models change — direct sales, e-commerce, cloud, marketplaces — but the argument stays remarkably consistent: a new, more efficient path to market has arrived, and intermediaries are no longer needed.

It’s a compelling argument. It’s also been wrong every time — not because the new models failed, but because the predictions misunderstood what distribution actually does. They described a transaction. Distribution operates as an ecosystem.

In this episode, I step back from the news cycle and think out loud about why distribution keeps surviving the predictions of its death, and what that tells us about how the channel actually works.

Some of the threads I pull on:

The recurring cycle of disintermediation predictions, and why they keep sounding convincing without ever quite landing. How the market consolidated from what many considered an over-distributed landscape into something closer to right-sized — through real churn, mergers, and the emergence of entirely new distribution models built around cloud and subscription commerce. The core scale functions that distribution provides (logistics, credit, enablement, and relationships) and why those become harder, not easier, to replicate as the market gets more complex.

I also spend some time on why distribution’s role in Canada is amplified — the realities of geography, Canadian-dollar credit, bilingual support, and regulatory compliance make the aggregation function less optional than it might appear from south of the border.

And I look at what’s next: distribution’s integration with hyperscaler marketplaces, its emerging role in AI enablement and governance, and why the platforms that were once supposed to replace distribution are increasingly working alongside it. Recent industry research from the GTDC suggests that distribution is now being positioned as a “digital force multiplier” — a framing that would have been unthinkable a decade ago.

This is a solo essay episode — no guest, no interview, just me working through an idea I’ve been circling for a long time. I’d love to hear how you see it, especially if you’re a partner, vendor, or distributor who’s lived through a few of these cycles. Drop me a line or find me on LinkedIn.

Related: Your Citrix relationship just changed: Inside the Arrow Electronics transition

Hello and welcome to In the Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always your host for the show.

Before we get started, a quick note on today’s episode.

This one’s a little different from what I usually do here. There’s no interview, no guest — just me, thinking out loud about something I’ve been circling for a long time.

It’s less about breaking news, and more about sense-making.

And it starts with a thought I’ve had more times than I can count…

I could have been writing that distribution was about to be disintermediated since the late 1990s. And if I’m honest, sometimes I probably should have — because every few years, there’s a new reason why this time feels different.

E-commerce.

The cloud.

Marketplaces.

Vendors going straight to partners.

Vendors going straight to customers.

Pick your era — the argument has always been there.

And yet, here we are.

Distribution didn’t disappear. It didn’t even really shrink in relevance. What it did instead was something quieter, and maybe more interesting: it evolved — repeatedly.

So today I want to talk through why I never quite bought into the “this finally kills distribution” argument… even though, on the surface, it often sounded very convincing.

If you’ve been around the channel long enough, you’ve heard this cycle before.

A new model emerges that looks cleaner, faster, more efficient. Someone points out that vendors don’t need intermediaries anymore. Someone else argues that software margins can’t support the old model. And suddenly, distribution is framed as legacy — or worse, inertia.

What makes these arguments compelling is that they’re not wrong in isolation.

Yes, vendors can sell direct. Yes, marketplaces remove friction. Yes, partners want fewer hops between themselves and the vendor.

But what these predictions often miss is that they’re describing a transaction, not an ecosystem.

And distribution has never really been about a single transaction.

So what actually happened?

Distribution didn’t disappear — but it also didn’t stay the same.

Over the last twenty-plus years, there’s been real churn. Companies have come and gone. The market consolidated dramatically. What many once grumbled was an over-distributed landscape gradually became something closer to right-sized.

That’s important, because survival here didn’t mean freezing the model in time. It meant pruning, merging, specializing — and in some cases, starting over entirely.

Broadline distributors gave way to value-added distributors. Value-added distributors made room for cloud-centric distributors.

And you can trace this through specific inflection points. The largest merger in distribution history created the world’s biggest technology distributor — not as a retreat, but as consolidation at scale. Cloud-native distributors that barely existed fifteen years ago have grown into billion-dollar businesses by building entirely new models around subscription commerce and lifecycle management. And just in recent weeks, we’ve seen a major vendor shift more of its partner management to a distributor — not less.

These aren’t the moves of a model in decline. They’re the moves of a model still being invested in.

Through every major shift that was supposed to bury distribution, what actually emerged was a new version of it.

The form changed. The function endured.

And that function — at its core — has always been scale.

Scale of logistics.

Scale of credit.

Scale of enablement.

Scale of relationships.

That last one is easy to underestimate. Over the last couple of decades, many distributors moved well beyond transactional relationships and invested in building partner communities — creating spaces for peer learning, business planning, and strategic engagement that had nothing to do with moving product. That shift quietly changed where distribution sits in the ecosystem.

Even in a cloud world, someone still has to aggregate demand, mitigate complexity, and make it economically viable for thousands of partners to transact with hundreds of vendors — without every interaction becoming bespoke.

That problem never went away.

And for those of us in Canada, these dynamics are amplified. In a market this size, spread across this much geography, with a relatively small and diverse partner base, the aggregation function of distribution isn’t optional — it’s essential. Canadian-dollar credit facilities, in-country logistics, bilingual support, compliance with Canadian regulatory requirements — these aren’t things a vendor portal south of the border can easily replicate. Distribution in Canada has always had to earn its place a little more visibly, and arguably, that’s made it more resilient.

Years ago, I heard many solution providers describe distribution as a “necessary evil.”

Not evil in the moral sense — just unavoidable. Sometimes frustrating. Sometimes slow. Sometimes misaligned with how partners wanted to operate.

I hear that sentiment less today.

That’s not to say distribution is perfect now. It isn’t. And it’s not to say frustrations are gone. They aren’t.

But I think the shift itself is telling.

When parts of the model stopped working, they didn’t get defended forever. They got replaced. When value became unclear, it had to be re-articulated — or the model lost relevance.

That evolution didn’t eliminate criticism, but it did change the tone of it. And tone is often a lagging indicator of whether an industry is adapting in the right direction.

Here’s the thing about disintermediation narratives: they tend to assume that if you remove one layer, everything becomes simpler.

In practice, complexity doesn’t vanish — it just moves. It expresses itself differently.

Vendors still don’t want to manage thousands of small relationships directly. Partners still don’t want to onboard dozens of vendors one by one, each with unique billing, support, and enablement models. And customers still expect solutions to work together, reliably, at scale.

Distribution absorbs a lot of that complexity — quietly — and that’s why it often looks invisible right up until the moment you try to remove it.

And what’s striking is that distribution’s next chapter may be its most ambitious yet.

The major cloud marketplaces — the very platforms that were once framed as distribution’s replacement — are becoming a space where distributors are actively carving out a role. Not competing with marketplaces, but integrating with them — helping partners navigate multi-cloud procurement, manage billing complexity across platforms, and make sense of an increasingly fragmented buying landscape.

Industry research suggests the channel will handle the majority of enterprise marketplace transactions within the next few years. That’s not despite distribution — it’s increasingly through it.

At the same time, distribution is stepping into AI enablement — not just listing AI-powered products in a catalogue, but helping partners evaluate what to trust, how to deploy responsibly, and how to build services practices around fast-moving technology. That’s a governance and advisory function. It’s a long way from moving boxes.

None of that was in the job description twenty years ago. But it’s a natural extension of what distribution has always done: absorb complexity so the rest of the ecosystem doesn’t have to.

Some distributors disappeared. Others merged. New ones emerged with radically different focuses. That’s not failure — that’s evolution doing its job.

The broader lesson here isn’t really about distribution at all.

It’s about ecosystems.

Industries that survive disruption aren’t the ones that never change. They’re the ones willing to let old versions of themselves die so that new ones can emerge.

Distribution didn’t survive by insisting it was always right. It survived by changing often enough — and decisively enough — that its role stayed relevant even as individual players did not.

That’s a much harder path than simply defending the status quo. And it’s one that doesn’t always look graceful from the outside.

So yes — I could have been writing that distribution was about to be disintermediated since the late ’90s.

And every few years, the argument probably sounded stronger than the last.

But the reason I didn’t is simple: the prediction never accounted for how adaptable the model actually was — or for the fact that the underlying problems distribution solves never really went away.

If anything, they just changed shape.

And as long as that’s true, the obituary for distribution is probably still a long way from being written.

At least, that’s how I see it.

But this is a space built on the experience of those who live with distribution day in and day out, not theory — and I’m very aware that my view is only one angle on a long and complicated story.

If you’re an MSP, a VAR, a vendor, a distributor, or someone who’s lived through a few of these industry transitions yourself, I’d genuinely love to hear how you see it.

What am I missing? What has distribution gotten right — or wrong — in your world, to allow it to survive?

You can leave a comment, drop me an email, or find me on LinkedIn. I read it all, and it shapes where this conversation goes next.

That’s it for me today. For ChannelBuzz.ca, I’m Robert Dutt, and I’ll see you in the channel.

The last time the channel faced a shift this fundamental was the rise of the hypervisor. That transition reshaped everything, but it happened inside the four walls of the data center. What’s different about the current moment, argues WanAware CEO Jeff Collins, is that AI workloads, inference nodes, IoT, and SCADA infrastructure are being bolted onto customer environments without the kind of formal network redesign that virtualization demanded. The result is a growing visibility gap that most MSPs don’t realize they have.

Collins points to a striking finding from a WanAware survey conducted in late 2025: when business leaders were asked about their visibility gap, they rated it extremely high. When IT was asked the same question, they rated it low. Both were technically right. IT was measuring visibility against the machines in their purview – Active Directory, database servers, web front ends. The business was measuring it against everything else: Kubernetes workloads, cloud functions, agentic AI processes, and infrastructure that might not exist tomorrow. That disconnect is why MSPs can show perfect MTTR and SLA performance while the customer is saying you’re failing.

The conversation covers where traditional monitoring breaks down, why 30% false positive rates persist even after major platform investments, and how ephemeral workloads designed to disappear create alerts that will never resolve. Collins makes a compelling case that MSPs need to push visibility up the OSI stack, from layers one through three into the application and business logic layers where margin is significantly higher. He shares a practical framework for how to start, using vertical industry knowledge – particularly in sectors like Canadian oil and gas, where SCADA networks and AWS IoT Core infrastructure represent opportunities to grow a $1,000-a-month customer into a $30,000-a-month engagement.

Robert Dutt: Hello and welcome to the ChannelBuzz.ca podcast, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and still your host for the show. Today we’re talking about a problem a lot of MSPs and channel partners are starting to feel, even if they don’t always have a name for it yet, and that’s visibility. As AI workloads, hybrid architectures and distributed endpoints become the norm, network traffic is changing faster than the tools that many partners rely on to understand what’s actually happening inside their customers’ environments. My guest today is Jeff Collins, CEO of WanAware. Jeff spends a lot of time with service providers and enterprise teams dealing with this shift, where accountability for performance, security and uptime is increasing, even as environments become harder to see and harder to diagnose when something goes wrong. WanAware operates in the network and infrastructure visibility space, but this conversation isn’t about the tools, the dashboards. It’s about how blind spots form in modern networks, why they’re easy to miss until there’s an outage, a security issue, or an SLA failure, and what partners need to understand as AI-driven infrastructure quietly reshapes traffic patterns and dependencies. In this discussion, we’re going to explore where traditional monitoring starts to fall apart, how partners can rethink what good visibility really means today, and why the ability to see what’s happening across distributed environments is quickly becoming both a risk issue and a business opportunity for MSPs. If you’re responsible for customer outcomes, but you don’t always feel confident you can see everything that matters, this conversation is for you.

[MUSIC]

Robert Dutt: Jeff, thanks for taking the time. I appreciate it.

Jeff Collins: Thanks, Rob. Thanks for having me on.

Robert Dutt: You’ve been advising partners, MSPs, VARs, these types of folks through a lot of change over time. Why does this moment with the rise of AI workloads and the continuing trend of hybrid networks feel like a real inflection point rather than sort of just the next evolution of the way things look?

Jeff Collins: I think one of the biggest reasons why is because it’s so transformational to what MSPs and resellers and VARs and distributors have dealt with for, let’s say, the last 25 years. If we think about the last major inflection point that they dealt with was really kind of the realm of the hypervisor, this ecosystem where no longer did we have to have a server running an operating system, and that created kind of the whole ecosystem we deal with today. It created cloud, it created containers, all those things were built off this concept of a hypervisor. That was really the last major transformational thing that has happened. Now we fast forward to today and we’ve got this era of AI. We’ve got this era where we’re now taking agentic approaches, generative approaches, to things that our customers deal with every day. When I talk about our customers, those are the customers of the MSP, those are the customers of the reseller, the distributor. Not only are they dealing with that, they’re dealing with this massive evolution in the customer base, but they’re also having to do that same evolution in their own environments. If you’re an MSP and you’re focused on infrastructure, or you’re an MSP and you look more like an MSSP where you’re focused on security, now you’re starting to have to deal with, “Okay, I’ve got these tools, I’ve got these people, I’ve got these agents, I’ve got all these entities inside of my business that are doing something for my customer.” But now I have to think about how am I going to do that faster? How am I going to do that better? How am I going to do that more effectively? Because our customers are getting much more advanced. That’s really one of the biggest things that I see that we’re seeing a lot of, that “Where do I start?” from the channel partner community. When we think about the channel, we know all this stuff is going on, but it seems like such a Herculean lift that I think sometimes it’s hard to know where we make that first step.

Robert Dutt: That makes sense. A lot of this, a lot of AI especially, and to a degree sort of the hybridization of the network, that complexity has come on without kind of a formal network redesign. Like you mentioned the transition to hypervisors and that necessitated rethinking how things were done because it was a physical change. Whereas a lot of, especially with AI, it’s kind of being bolted in, added on as you go. Why does that make the environment today harder to understand than maybe it was for past transitions when you’re sitting there watching it as an MSP or other partner?

Jeff Collins: Well, I think one of the biggest reasons why this era is so much more difficult than the last transition is because we’re not bound by the four walls of our proverbial house. If we think about when we dealt with the last transition, every customer, their physical server sat inside of something they control. So we’ll refer to it as their house because that’s the easiest kind of comparison we can do. In today’s world, there’s certainly a lot that exists in our customers’ houses and in the houses that the MSP or the reseller or the channel partner or whomever it is are engaged in. But so much of that’s going outside of those walls. And when we think about AI, AI is certainly outside of those walls. I mean, we might be dealing with Anthropic, we might be dealing with ChatGPT or Gemini or the thousand other agentic or generative approaches that are out there. Those are all over the place. And now we’re asking these entities to take oftentimes a process-driven approach that they’ve had for 20, 25 years. And how do you change that process-driven approach when you don’t really know where those workloads, where those assets, where that data is going to reside either today or tomorrow, or even if that data that we’re looking at is even going to exist tomorrow. That’s this whole realm. I mean, we’ve been talking about ephemeral workloads for, you know, let’s call it 14 years, 15 years since really the rise of AWS. But now we’re starting to deal with these ephemeral workloads, not just in the realm of infrastructure, but also in data, in generative concepts, in agents. You know, historically, we had Bob Smith, who might have worked in the NOC. Well, tomorrow, Bob Smith is an agent. What does that look like? It’s AI. What did Bob Smith do yesterday? Did Bob Smith, the new agentic version of Bob Smith, did that person do the right thing, the wrong thing, the incorrect thing? How do we manage that? How do we deal with that? How do we process that? Those are all the things that are across the board, just happening at massive rapid scale. And so, you know, it’s a really difficult time right now to be an MSP or a channel partner, but it’s also an amazing time to be an MSP or channel partner. You know, our world, our capabilities are advancing so fast. You think about one of the simplest use cases that’s out there that all of us think is simple, that MSPs deal with every day, is a circuit outage. You know, a telecom circuit goes down and it’s connected to SD-WAN or it’s connected to a router or it’s connected to some type of device that’s out at the prem. And historically, every MSP on the planet’s dealt with it kind of in a similar way. We get an alert from a monitoring system that feeds a ticketing system. It pops up on a tier one agent’s dashboard. The tier one agent looks at it, they verify power, they verify if the router’s operational, and then they open a ticket with a carrier. And then they, and that’s the hurry up and wait type of world. Well, now in the era of AI, that changes that quite a bit, because every one of those things are very process driven. We don’t need people for that anymore. So now we can have a system take that process flow on, do that. Now, historically, we could use a system to do that. We could write automation and a lot of MSPs did that historically, but the problem with automation is automation is static. When we leverage AI, we can leverage enrichment that helps influence that agentic approach. And so now if there’s a nuance going on, let’s say an example is there’s a global power outage. So let’s say there’s a power outage in the entire Vancouver area. We know that. Well, historically, if we’re looking at that, we see all these customers that are down, we might through a tier one agent approach, a person-based approach that following a process, or even an automated approach, not really correlate that. Because if the MSP is in, let’s say, Montreal, they might not realize there’s a large scale power outage in Vancouver, which is thousands of kilometers away. And so when we think about that, that’s really where these things can change a lot from an agentic perspective. And then the MSP gets the joy of being able to repurpose that person to be much more valuable to their organization, that tier one person can become tier two, and that can really start changing that dynamic a lot.

Robert Dutt: Most MSPs would have historically said we have good visibility across what our customers are doing. And probably I would say most believe they have good visibility today. Where does that confidence most often turn out to be misplaced or to start to break down as the model shifts?

Jeff Collins: Yeah, so I would 100% agree that most MSPs, when workloads are static, have great visibility. The problem is that in today’s world, so many workloads are becoming dynamic. And we see that change happening consistently. You know, customers, you know, historically MSPs had problems monitoring services inside of a cloud provider. You have ephemeral workloads, you have workloads that aren’t necessarily a server, they’re much more like a service. So you have things that might be a Kubernetes instance, they might be a Kubernetes runtime instance, they might be a function. Those are all things that are crucial to the operation of a customer. They’ve taken those workloads that historically operated on a machine. And they’ve taken those workloads and now they’re in some type of small form factor instance that exists for a very short period of time. That’s been very difficult for MSPs to deal with across the board. But now we take that same concept and that same concept goes outside of the cloud providers. We now have that moving into inference nodes. We now have that moving into IoT and IIoT and OT, where we’re starting to deal with these ecosystems where these workloads are very ephemeral by nature. They might exist for a short period or components of those might exist for a short period, or the way that those are correlated and analyzed might exist. But if you think about inside of a customer from a business risk perspective, those actually carry the highest business risk. An individual Windows 2012 server has some level of business risk. If it’s running SAP, probably a higher level of business risk. But if it’s one Active Directory node and the customer has 100 machines in Active Directory, it doesn’t really matter in the scheme of the world. And so those are the realities of what happens as we kind of think through this stuff. And so for MSPs, this really drives that visibility gap. You know, we did a survey earlier this year, or actually late last year, sorry, in 2025. We did a survey across the board asking business leaders really what the visibility gap was and what they believed. And we asked business leaders and we also asked IT. It was really interesting to see kind of the dichotomy. When you ask the business what the visibility gap was, it was extremely high. When you ask technology what the visibility gap is, it was really low. Now they were both technically right. And here’s why. So IT was thinking about the visibility gap of the machines that they understand, the machines in their purview. So those might be, you know, an Active Directory server, a database server, maybe you have a web front end. Those are all there. And those are 100% being monitored to that IT team or to that MSP. The problem is, is the business itself is operating on a whole bunch of additional workloads that IT doesn’t necessarily have purview to. And so because of that, we start ending up with this difference of visibility. And that’s why oftentimes when you’ll go and you’ll talk to a customer or you’ll go and you’ll talk to the business itself. And the business is saying, why do we have this MSP who works for us? This MSP isn’t doing anything. And the MSP is coming back with these great reports that are showing MTTR is consistently dropping. You know, initial response time, triage time is consistently dropping. We’re blowing out every single metric that we provided you in an SLA or an SLO. And the business is coming back and saying, but you’re failing. And the MSP is saying, I don’t understand. We are not. And here’s all the metrics. And it’s because of this difference in resources that exist, that is what is happening. And so I think that’s one of the big areas that we always have to think through is, you know, as we’re looking at things and as MSPs look at things, they have to continue to be pushing upward inside of the business to understand all those areas that the business is driving that IT, who they’ve historically sold to, may not know about those resources, especially in a lot of these other spaces, AI, IoT, IIoT, OT, ephemeral workloads, cloud workloads, those types of things that are often outside of that scope.

Robert Dutt: Yeah. I guess when you’re looking at sort of your visibility stopping basically at the edge of the organization, you’ve got all of this out there, pretty significant impacts on real world issues like latency, like security exposure, like the ability to meet those SLAs that you signed up for, those kinds of things.

Jeff Collins: Yeah. Yeah. 100% agreed. And, you know, when you think about the core components that an MSP does, you know, MSPs generally deal with availability and they deal with performance. When you add in the MSSP, now we add in the security component. And some MSPs and MSSPs are more hybrid-based approaches. They may deal with all three. But as you kind of look at those, those core tenant areas have become much more difficult, especially in the last 10 years, certainly in the last year. I mean, the last year has been so disruptive for all that we do. And it’s because those pieces have become much less simple. You know, if I go back 25 years or even 20 years, customers by and large used MPLS networks, rather simple to monitor. You have guaranteed jitter, you have guaranteed latency, you have, you know, all these things that are very easily assumed by an MSP. So if latency exceeds 74 milliseconds between these two individual locations, that breaks the SLA that the provider provides and it’s an easy conversation. You need to go fix this. This is not okay. Well, in today’s world, most of our customers don’t have MPLS networks. Most of them have, you know, sometimes now it’s satellite. They might have Starlink for LEO. They might have 4G or 5G, depending on what portion of the world they’re in. They might have some type of broadband service, fiber broadband, or copper broadband, or some other type of realm. Well, those don’t necessarily have SLAs for that in any way, shape, or form. We may luck out and they have an availability SLA. Maybe it’s three nines or two nines, or maybe not even two nines, depending on what type of service that is. And then when we start moving inside of the network, outside of the service provider, outside of the circuit provider itself, we start moving into other arenas that look like this. You know, historically we had a Dell server, an HP server that had a mean time before failure. Well, that’s pretty easy to understand. If I have a server and it’s going to run for 25,000 hours, it’s easy to understand that life. But when now we’re starting to get services that have an expected failure, and that expected failure is generally measured in less than a year, because the assumption is that the software, the application, resolves that issue. If you’re an MSP and you’re not monitoring the application and you don’t understand the application, you’re now chasing outages that don’t matter. And that’s one of the other things that’s really hard. And we see this all the time. You know, I’ll talk to MSPs and they’re like, “Jeff,” and it goes back to that same conversation we had before of not knowing the business. “Jeff, we get, today we have 30% of our tickets that become false positives. What do we do about that? We’ve gone out and we’ve bought the newest monitoring platform. We’ve implemented AI. We’ve implemented all this automation. We spent $20 million doing that.” These are all real things that I have in conversations with MSPs. And at the end of the day, they still have 30% false positives that they’re working. And the reality is, is because it’s certainly an outage. There was 100% an outage that happened. But the reality is that outage was never going to get restored because the outage was designed. You know, that workload disappeared. A DevOps team or a DevSecOps team deployed a new environment and that workload is now gone. And there’s a brand new workload that you’re not monitoring right now. You know nothing about it. And those are the things that we all collectively have to continually evolve to. It’s that driving up the stack. You know, one of the things that I often see is, you know, we have this proverbial thing that we’ve all dealt with, the OSI model. You know, there’s seven layers to that OSI model. So often in MSPs, we focus on four of them. The problem is, and most MSPs only focus on the first three. They don’t even focus on the fourth one. The issue is, is there’s three more. And those three more are what get driven by the business. And so the more that we can focus on visibility within those three, understanding that, bringing that into our tools, that drives additional value. It also drives significantly larger margin. You know, if we think about margin contribution at monitoring a telecom circuit, that’s a pretty low margin at this point in time. There’s a lot of automation around that. Monitoring a server – that world used to be high-margin, but it’s compressing. Customers are increasingly doing more of this themselves. They’re doing automation directly into their CI/CD pipeline. So it becomes this knife fight. And there’s more and more MSPs that are out there that are also fighting for that same share of market. And so the key is, the more that MSPs can go up market, they can understand, you know, I hate to use this term digital transformation because it literally gets overused every day by every marketing team on the planet. But the reality is, is that if we go behind this marketing abomination of this term, and we actually look at what happens, there’s a ton of value that we can go after. And if we go after that value, and we go after what people are trying to do, we align with that, we can now take those same products, those same processes that we’ve historically had as MSPs, and we can really start evolving that. Moving upward, driving in significant value, taking our tool sets that we may have today, maybe those can evolve with us, maybe we have to make new changes in our tool sets. But the reality is we’re driving that margin upward. So we’re going from maybe our contribution margin to our business today is 30%, let’s say, we can start moving back up into 60, 70, 80% contribution margin from a managed services perspective, which is where we all want to be. We don’t want to be fighting knife fights for 30%. It’s just hard, it’s difficult. Our customer acquisition costs are still generally high. We have salespeople, we have marketing efforts, we have all those things that we’re burning through every day. And we need more and more market share, we need more and more assets that we’re monitoring. And as a result of that, we need better ways that can contribute higher margin and create stickier customers that we’re not in those knife fights with.

Robert Dutt: The situation seems to be putting MSPs in a situation where they’re increasingly accountable for outcomes that they can’t fully see the contributing factors of. Before you move on, I just wanted to double click on that just a little bit and just ask, how does that change kind of the risk profile for an MSP when you’re accountable for those things that you don’t completely understand or have complete control over?

Jeff Collins: Yeah, I would say a lot of that. And one of the things that MSPs have to think through is a lot of that starts at the sales cycle. If you don’t ask the right questions at the sales cycle stage, oftentimes you get pushed into that ecosystem. When you’re looking at the core functional plumbing behind what a customer is trying to do, and that’s the only thing you’re looking at, you often get siloed into that ecosystem. You’re looking at a server, you’re not looking at SAP. One server going down in SAP doesn’t necessarily mean SAP has a problem. But if that one server is the only HANA server in SAP, that’s catastrophic. You know, it’s this realm of contextual knowledge. Historically MSPs have that contextual knowledge, but it’s all the way at tier three and tier four. That contextual knowledge has to move to tier one. If MSPs want to get to the arena where that is no longer a problem, the contextual pieces have to move downward. You have to go from a hero-based MSP to a process-driven MSP. So many MSPs are built on heroes. It’s really hard to build a scalable business off heroes. You have to have heroes. Heroes are the people that when everything breaks and the world is on fire, they’re the ones who carry you through. And those heroes we want to have, we want to empower them, but they can’t be doing the stuff that should be done at tier one. So if we take that exact same question that you had, Rob, that question is, you know, how do we make, at the end of the day, how do we make MSPs more relevant to their clients and much more aligned with what the client’s trying to do? And that’s by taking the contextual knowledge of what the customer is trying to do, aligning that with the tactical approaches that the MSP is trying to do, and having a very crystal clear playbook of how this tactical component makes up this strategic initiative inside of the business. So we’ll take that, we’ll take that simple example. I shouldn’t say simple. SAP is far from simple. But the reality is, is that SAP is something that customers rely on. And when they rely on that, if SAP goes down the business goes down. And if you have an MSP that’s monitoring that, and at the same second of the same day, the MSP gets 36 tickets. We’ll just pick a random 36 number. 36 severity one tickets come in at that point in time. One of those severity one tickets is for SAP HANA. And the customer only has one instance of that. And that is taking down a large company. So that’s the first ticket. The next 35 tickets are for ephemeral workloads that the customer migrated off of, you got the alert, they migrated to a brand new ephemeral workload. And the 35 don’t matter. They’re false positives. But the one fully matters. In every single MSP on the planet, those 36 tickets are eligible for the same response interval. That’s a pretty tough average to be able to. Are you going to luck out and get the one? Or are you going to luck out, or not luck out, for lack of a better term, and work 35 false positives before you get to the one that matters? Now, most MSPs are going to tell me and they’re going to tell us that, well, we have more than one tier one path. That’s great. But the reality is you need to be responding to that one ticket right now. And you need to understand that that one ticket matters. And the only way you can do that is by starting at the beginning, starting with the sales cycle, understanding what customers are doing. If you’ve already gone down the path and the customer’s embedded, use your customer support teams. Understand what your customers are doing, start layering in that context, start enriching that data, knowing what that actually feeds, and understanding the dependencies and interdependencies inside of that. So if that server goes down, certainly you could by virtue say a database server going down is a SEV-1, but it may not be. If they have four database servers, they’re running in a high availability group, who cares? If one goes down, not the end of the world, go fix it tomorrow. That’s where context, that’s where understanding those dependencies is so crucial. And I mentioned at the beginning of this is how do you take that first step forward? We always take this first step forward and how I instruct MSPs is start doing things like this, take this step forward, break this down into simple programmatic approaches. And when we think about AI, it’s the exact same idea. We move steps forward, we have agentic, we have generative. Pick one, pick an area you want to focus on with your customers, understand the business outcome they’re trying to do. And if you have an inference engine, that’s going to be really crucially important here. So let’s understand that. Let’s monitor that. Let’s understand the intricacies related to how that customer is leveraging it, why it’s important. Are there latency constraints? Are there packet loss constraints? Those types of things. Let’s monitor to that and let’s understand how that happens. And if a customer has an application on the back end, you know, maybe they have New Relic or they have AppDynamics or they have some type of APM toolset, great. Let’s start bringing those into our monitoring. Let’s start bringing that intelligence in, understanding application flows, understanding dependencies, building that to be part of our story. And now we create so much more opportunity for us as an MSP driving that contribution margin northbound.

Robert Dutt: So it sounds like we’re kind of defining good visibility in a modern environment and kind of setting up for looking forward as understanding what actually matters to the customer and understanding what kind of flows into it, what all results in that thing that’s important to the customer still being up, still being running, still being functional, and kind of work backwards from there as opposed to the more “this machine is working, this machine is not” kind of approach.

Jeff Collins: Yep. Yeah. You want to go from tactical to transformational. That’s really the idea.

Robert Dutt: And you shared kind of the idea of the first step to do towards that. I guess as you’re moving towards that first step, you know, is there any one question or kind of mindset that you find works for MSPs to have in mind or asking customers to surface those blind spots and really start to understand what that context is that they have to have?

Jeff Collins: Yeah, that’s a really good question, Rob. And, you know, there’s some things that I do tell MSPs to start with before you ever ask that first question. One of them is kind of some of the simple, let’s call it research that you can do before you ever reach out to your customer. One of the easiest things you can do is start by what industry are they in. You know, in Canada, Canada has a lot of oil and gas, lots and lots of oil and gas companies exist in Canada. And so if you have an oil and gas company, we can start right off the bat with a lot of the things that oil and gas companies live and die with. And we’ll just pick on this one as an example. So oil and gas companies have SCADA networks. They have industrial IoT devices that are out there. They’re processing massive amounts of data. That data may be going into the cloud. It may be going into a data center. It may be going into some type of vault or something like that, depending on what they have. But each one of those are things that, as an MSP, you can start out before you ever ask your customer anything. You know that those are the things that exist in their environment. And you can quickly look and see, well, am I monitoring any of those? Well, no, I’m only monitoring Active Directory. Okay, Active Directory is probably important to the oil and gas company. But if it goes down, do they quit producing oil? The answer is probably no. And so if your answer is ever no, you know right off the bat that you’re not monitoring something that’s strategic to your customer. And so the first thing that you should always think about is, okay, if we have this industry, we should be monitoring the things that are strategic. Well, how do we do that? Well, we start with that one step forward. The first thing we talk to them about is just like when we went out and we sold that initial monitoring of Active Directory, they did it because they didn’t have time for it. There’s no oil and gas company on the planet that has time to be monitoring their SCADA networks. They just don’t. They may tell you that they do, but they don’t. So leverage your relationships, leverage your engagement with them and go after those pieces. Understand, you know, if they’re in AWS IoT Core, understand what that looks like. Understand who’s monitoring that. Understand how DevOps is working within that space. Maybe it’s DevSecOps inside of that environment. Understand that convergence of the teams and then start building a story around, you know, let’s take that on for you. Let’s start changing that. Let’s use the same paradigm that we’ve done, driving MTTR down, driving availability up, driving resolution times down, all those types of things. Let’s bring that into the era of SCADA networks, IoT, our core infrastructure. That’s where we start changing the value inside of our customer engagements. And that’s really where I see a huge opportunity for MSPs across Canada, where you can take that environment, you can take those opportunities you already have, and you can grow them from, you know, maybe you bill that customer $1,000 a month. You can grow it to billing them $20,000 or $30,000 a month, but it’s the most crucial $30,000 they spend. Because, you know, if that offshore environment or that, you know, oil sands environment or whatever it might be within the oil and gas space or in the energy sector, whatever it might be, those things are crucial to their business. And so the more that MSPs can kind of make that step forward, and then also start incorporating AI, every single one of those entities is incorporating AI. They’re incorporating it directly into their pipelines. They’re incorporating it directly into their data pipelines, not just the oil and gas pipelines, but each one of those, the more you can incorporate that, the more you can monitor, the more you can show value of everything that you do amazing as an MSP, that’s really where you start creating that intrinsic strategic value and you get out of that tactical approach.

Robert Dutt: And the good news is for a lot of these folks in the MSP space, presumably they have some of these pieces already in place, just not necessarily connected up to the technical side, i.e. sales and marketing have been focused on a vertical. And even if they haven’t, because they have customers in this space, they’ve built some of that muscle memory, some of that knowledge of what really matters. Now it’s just a matter, hopefully, of connecting it into the services that they’re offering.

Jeff Collins: Yep, totally agreed.

Robert Dutt: All right. Well, it’s been a really interesting look at sort of where visibility is at. And I think a real interesting opportunity that you’ve surfaced in terms of how it can be turned into a value conversation. I appreciate your taking the time.

Jeff Collins: Sounds great. Thanks so much for having me on, Rob.

Robert Dutt: There you have it, my chat with Jeff Collins from WanAware. I’d like to thank Jeff for sharing his insights. The thing that stuck with me from this conversation is how much of what’s changed in the modern network hasn’t been designed in, it’s been bolted on. AI workloads, hybrid architectures, IoT, SCADA, all of it layered into environments without the kind of formal rethinking that happened when we moved to virtualization. And Jeff made a really compelling case that for MSPs, closing that visibility gap isn’t just a risk management play, it’s a revenue opportunity, and potentially a significant one, especially in verticals like energy and critical infrastructure where visibility is tied directly to uptime, safety, and compliance. We’ll be back on Monday with In Case You Missed It, your weekly news roundup. Thanks for listening. I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Every year, security vendors publish threat reports. Most say variations of the same thing. But Barracuda’s Managed XDR Global Threat Report stands out for a reason that matters to MSPs: it’s built on operational data from a managed SOC that protects the kinds of organizations MSPs actually serve. More than two trillion IT events. Nearly 600,000 security alerts. Over 300,000 protected endpoints, firewalls, servers, and cloud assets. This isn’t a survey of sentiment. It’s a record of what actually happened.

Merium Khalid, director of SOC offensive security at Barracuda, joins the podcast to walk through the findings. The headline stat — that 90 per cent of ransomware incidents exploited firewalls through unpatched vulnerabilities or compromised accounts — sets the tone, but the conversation goes deeper, including why the most commonly detected vulnerability dates back to 2013.

Merium explains how attackers are abusing the same tools MSPs rely on every day — ScreenConnect, RDP, PowerShell, and in one case, Datto RMM — to move laterally while mimicking normal IT operations. As Help Net Security noted, attackers keep finding the same gaps, and Merium makes a compelling case that the 100 per cent rogue endpoint finding is fundamentally an asset management problem that doesn’t get the attention it deserves.

We also cover the growing role of supply chain risk, with 66 per cent of incidents now involving a third party (up from 45 per cent the year before), and what that means for MSPs who are themselves the trusted third party for their clients. We close with Merium’s practical advice for resource-constrained security teams.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT solution provider community for the last 16 years now. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always, your host for the show.

Last month, Barracuda released its Managed XDR Global Threat Report, drawing on more than 2 trillion IT events from 2025 to map how attackers are actually getting into networks and what’s making it easier for them. Some of the numbers were striking. 90% of ransomware incidents exploited firewalls. The fastest case went from breach to encryption in three hours. And every single incident the team responded to involved at least one unprotected or rogue device on the network. Today I’m sitting down with Merium Khalid, director of SOC Offensive Security at Barracuda, to dig into what the data actually means for MSPs and the customers they protect. We’re talking about why firewalls keep failing despite years of the same advice, what it looks like when attackers hide inside the legitimate tools MSPs use every day, and where the blind spots are that most organizations don’t even know they have. So let’s get right into it. My chat with Barracuda’s Merium Khalid.

Robert Dutt: Merium, thanks for joining us.

Merium Khalid: Thanks, Rob. Thanks for having me.

Robert Dutt: The report’s been out there for about a month or so, I guess. From your vantage point, running offensive security and in the SOC at Barracuda, what conversations has it sparked with MSPs and with their customers? What’s resonating and what are people still not taking seriously enough?

Merium Khalid: Yeah, great question, Rob. So in terms of the key findings, I think that’s really what the report is focusing on, and that is really what is resonating to our MSPs and our customers and our core customers, is that there is at least one rogue device involved in any of the security incidents that we’ve worked on. And what I mean by a rogue device, it’s basically a device that’s unprotected, unmonitored within your environment. So that kind of becomes like a home or a ground for the threat actor to kind of stay and go under the radar. And I think a lot of our MSPs are finding that interesting. And I think it was one of the most shocking findings as well for us too. It’s the asset management. I don’t think asset management and making sure you are aware of all the assets in your environment, I don’t think that is emphasized enough. And I think that this report kind of makes that in the forefront.

Robert Dutt: A couple of things that can certainly shape customer conversations.

Merium Khalid: Yeah, for sure.

Robert Dutt: One of the headline stats is that 90% of ransomware incidents exploited firewalls, often through old vulnerabilities. The most common detected vulnerability in the report dates back more than a decade, 2013. So this isn’t new advice, but why does this keep happening? Is it a tooling problem? Is it a process problem? Is it a human prioritization problem? Why do we keep running up against these old flaws as current foes?

Merium Khalid: I think it’s both. I think it is a human problem, resource problem, resource gap. It’s also not having proper policies in place. It’s also just the advancements with AI as well. Being able to, threat actors are using it, being able to exploit firewalls at a faster level. And essentially what’s happening here is firewall exploitation is very, very common because it is kind of the low hanging fruit in terms of it’s usually the first public-facing asset in a customer’s environment. So you have people working remotely, so they’re VPNing into their organization’s environment. They’re using some sort of SSL VPN. And SSL VPN, I found, is to be one of the biggest root causes for ransomware attacks because we don’t have the proper tools in place. So there’s no MFA in place, or maybe there is a leaked password out there on the dark web where the account is still active, so no, there isn’t proper account management. So I think it’s not one thing that you can point at like, hey, this is a root cause and this is causing all the problems. I think it’s a combination of people, process, and technology.

Robert Dutt: So if I’m an MSP and I can’t patch everything overnight, especially in multiple customers and complex environments, where should I be triaging firewall risk more intelligently?

Merium Khalid: Well, prioritizing. Prioritizing what are your critical vulnerabilities? If you have a FortiGate firewall, if you have a SonicWall firewall, and there is a zero-day out there, there’s a new vulnerability out there, that is something you want to prioritize right away. But again, you need visibility for that. You need to know that there is a vulnerability out there. So with XDR, what we do is we actually release advisories. So if there is something critical out there, we try to inform our customers as soon as possible. And we have also released a managed vulnerability service as well. So we will scan your environment for any critical or low-medium vulnerabilities and prioritize it in order and give you a report of what you need to patch and how you need to patch it. So having some sort of vulnerability scanning, quarterly, monthly, yearly is very, very important, but also having some sort of visibility as well.

Robert Dutt: In the report, the fastest ransomware case went from breach to encryption in about three hours, if I recall correctly, and 96% of incidents involved lateral movement that ended up in ransomware deployment. What does that timeline say about how realistic it is for an MSP security team to detect, contain, mitigate an attack manually?

Merium Khalid: Even the three hours, I would say, is sufficient time because you don’t want to detect a ransomware attack after the three hours. You want to detect a ransomware attack in the beginning of the attack life cycle. So in the initial act, if they’re trying to brute force your firewall or you’re seeing some sort of suspicious login within your SSL VPN, before they even start moving laterally, you want to detect that before it happens. But again, with XDR, what I think what stands out the most for us is that we have detections across each of the attack phases. So if there is lateral movement, we want to be able to detect that. If they are using some sort of remote code execution or some sort of PsExec tool or some sort of tool to move laterally across the network, we want to be able to detect that with our endpoint detection or our server monitoring. So the three hours may seem like a short time, but it’s actually not. I think most important is detecting early on. So prior to the three hours, detecting at the first phase of the attack rather than the threat actor being there and encrypting.

Robert Dutt: And those things you talked about were the earliest reliable signals that something’s going wrong, but we aren’t to the encryption point yet. Or is there another, this is the thing you should watch for first?

Merium Khalid: Yeah. I mean, again, you want to watch for early signs, right? You want to watch for any sort of privilege escalation that’s happening, any sort of logins from suspicious locations, any sort of spike in your baseline behavior, any sort of brute force activity. I think those are the early signs you want to watch for. But I think the main thing I would say is monitoring. Make sure all your assets, you have server monitoring, EDR monitoring in place. Because a lot of the times, this is actually very important to the data in the report, is these customers that did get hit with Akira or RansomHub or Cactus, they had some sort of gap in the monitoring. So they did not have the full XDR suite deployed. It’s just like protecting a house. You don’t want to just protect the front door. You want to protect the back door and the windows as well. So there was some sort of gap in the monitoring, which then led to the threat actor going undetected. So the first thing you want to do is actually make sure you are monitoring everything, that you have comprehensive monitoring across your environment. And that’ll make it a lot easier to detect the threat actor in the early phases.

Robert Dutt: One of the themes that stood out to me and something that I feel like I’m hearing a lot more recently is the theme of attackers abusing legitimate tools. ScreenConnect, RDP, PowerShell, even to your monitoring point, RMM tools in some cases. And these are tools that MSPs are invested in and living in every day. How should MSPs be thinking about what normal IT behavior looks like in their own network and on their clients’ networks?

Merium Khalid: Yeah, I think that’s a really, really good point. So when it comes to using legitimate tools, you always want to look at who is initiating the usage of a tool. Is it an admin account or is it a service account that’s dedicated to this sort of activity for their regular operations? Usually when it’s associated with some sort of admin account, that can be indicative of malicious activity, but also you want to look at activity before and after, right? So if you have brute force activity, you have privilege escalation, any sort of activity that’s not in the norm, and then you’re seeing the use of like PsExec, RMM tools, RDP, then that could indicate some sort of attack. So I think, yes, it is a kind of tricky area or a blurry area, but that’s where your intelligence and different tactics and techniques come into play, right? So threat actors are known for using these tools so they could go under the radar. But because of that, we’ve learned from all the incident response that we’ve done the different tactics and techniques that they use. So we know what to look for and we know what is suspicious and what is maybe normal business operations.

Robert Dutt: And those are the kinds of things that they should see and kind of immediately see, okay, that’s a red flag. We should drop everything and deal with this urgently.

Merium Khalid: Yeah. Yeah. And I think that’s where you want to make sure you have the right skillset and the right people in place looking at your environment, right? Maybe someone from IT might not have the knowledge or the skillset to identify something that’s malicious or normal. So it’s important to have like a 24/7 SOC in place. It’s important to have your security tools in place so you have people with the right knowledge or the right experience looking at your environment.

Robert Dutt: We touched earlier on the number about basically every incident involving at least one unprotected rogue endpoint. And also this report talked a lot about the number of attacks that had third party involvement, that was two thirds or so, up from less than half a year ago. Along the same note as the tools, MSPs themselves are a trusted third party to their clients. How should they be thinking about the risk that they themselves are introducing into the equation and the risk their clients’ other vendors are introducing, especially in situations where it’s a complex network?

Merium Khalid: Yeah. I think when you are using a vendor, or I mean, everyone is bound to use some sort of vendor or third party tool, right? I think when you are incorporating that in your environment, it’s very, very necessary to make sure you have the right legal and compliance process to make sure that they have, they are doing the best security practices. So making sure they’re SOC 2 audited, making sure they have the right policies in place. So when you’re picking a vendor, I would say, have your legal team involved, have your compliance team involved and do a very comprehensive security review before you kind of incorporate them in your environment. Because yes, like the risk is not just for your organization, the risk carries over to how well is your third party vendor actually practicing the best security practices.

Robert Dutt: For the MSP listening to this and feeling like, okay, my tools are potentially compromised, I could be introducing risks, third parties could be introducing risks. What are two or three changes that an MSP can make in what they do or how they do what they do, that would meaningfully reduce risk without blowing up their own mode of operation basically?

Merium Khalid: Yeah. Yeah. So I think when it comes to key recommendations from the report, of course, there’s a long list of things you could do, but I think what’s going to have the most impact on your environment is having an audit. So auditing all your active accounts, disabling those that are no longer in use, because as I said, that could become a home for threat actors to kind of make their ground and to move laterally. Also audit devices, right? Having a strong asset management policy is very, very important. This will reduce the number of rogue devices that you have. Also having a patch management policy. So as I mentioned before, 96% of incidents that happened with ransomware, it had some sort of vulnerability or exploitation. I think if you have a patch management policy in place, you can reduce that. And I’m not saying to wait for a vulnerability or a zero-day to then implement it. I think having some sort of patch management policy on a weekly or quarterly basis is really important. And someone who’s dedicated to that in your environment. And then also, I think one of the most important things is having a robust security program to prevent these complex threats. Essentially what that means is having that full coverage across your environment. So across endpoints, servers, cloud, network appliances, email appliances, all your Microsoft 365 environments. So the top three things is auditing accounts and devices, patch management, and having visibility and a security program in place to prevent this.

Robert Dutt: The report covers a lot of territory. I think we’ve walked through a lot of the areas that I was kind of most taken by. Any other major takeaways especially for this audience that you’d like to surface in terms of what you found and what it means for the solution provider or MSP?

Merium Khalid: Yeah, sure. So I think one of the things I want to talk about is the report is derived from real life data. So we actually, XDR in 2025 logged more than 2 trillion IT events. And this report is derived from real life data from our customers. So 600,000 security alerts issued to our customers. And then from the 600,000, we had 53,000 high severity alerts that led to an automated threat response. So what that means is we had 53,000 high alerts that led to either blocking a firewall, disabling an account, isolating a network. So we blocked 53,000 high severity incidents that could have led to a very high scale attack in their environment. I think that’s a really important thing to emphasize. And we also protected 230,000 endpoints in 2025. So I think just one of the main things here is the data, the report is derived from real life data and real life findings and from real life engineers and analysts that are right in the forefront of these attacks.

Robert Dutt: It always blows me away when we talk about security metrics and you have these sample sizes of trillions of alerts, of occurrences. It certainly adds to my awareness of that sense of potential for alert fatigue and just the overwhelm of there is so much going on. One last question for me. If MSPs remember three things from this report, from this conversation, what should they be?

Merium Khalid: So three main takeaways is understanding the severity of ransomware. How devastating it can be in your environment. It could literally take your business out if it is a severe enough ransomware. Second, the importance of patch management, making sure all your assets are patched, making sure if you do have public-facing assets in your environment, prioritize that, make that your number one priority. And third, have a security monitoring solution in place. I think that really makes or breaks having the right practices.

Robert Dutt: All right. I appreciate that. Thanks again for taking the time to talk through this and go through some of these results as it relates to the channel community. Greatly appreciate it.

Merium Khalid: Thanks, Rob. Thanks for having me.

Robert Dutt: There you have it, my chat with Merium Khalid from Barracuda. I’d like to thank Merium for sharing the findings of the report and her insights from life in the SOC. If there’s a thread running through this conversation, it’s that the threats aren’t getting more exotic, they’re getting faster. Three hours from breach to encryption, 96% of lateral movement ending in ransomware, and every single incident the team responded to involved at least one device that nobody was watching. The basics still matter. And this report makes a pretty compelling case that audit, patch, and monitor is still where it all starts. Tomorrow on In The Channel, I’m talking to Jeff Collins, CEO of WanAware, about a related problem. The blind spots that form in modern networks as AI workloads and hybrid architectures quietly reshape how traffic moves. If you’ve ever felt that you can’t quite see everything that’s happening inside a customer’s environment, that’s probably a conversation for you. Thanks for listening. I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Microsegmentation has been on a lot of security roadmaps, but for many MSPs the category has felt like it belongs to the enterprise world – complex to deploy, hard to explain to customers, and unclear as a services opportunity. Zero Networks is making a case that it doesn’t have to be that way, and it’s betting on the channel to prove it.

In this episode, Adam Hofeler, vice president of go-to-market strategy at Zero Networks, joins us to talk about the company’s shift from roughly 20 per cent partner-led to a fully channel-first model, built around its updated Zero to Sixty partner program. Adam shares details on new tiering, deal registration protections, enablement resources, and a structural commitment to never compete with partners on deals.

The numbers back up the momentum: Zero Networks reported 45 per cent year-over-year revenue growth through MSP partnerships and says it’s targeting a doubling of that figure this year. The company also earned the only five-star rating in the 2026 Gartner Peer Insights Voice of the Customer for microsegmentation, with a 100 per cent willingness-to-recommend score.

For Canadian listeners, there’s a specific angle worth noting: Zero Networks currently has no Canada-based staff and is actively looking to build its presence in major Canadian markets through new partnerships. Adam discusses what that early-mover opportunity looks like and how interested partners can get started.

We also dig into the growing role of microsegmentation in cyber insurance conversations, how Zero Networks’ identity segmentation capabilities address lateral movement risks in Active Directory-heavy environments, and what “containment as a recurring service” actually looks like for an MSP in practice.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always your host for the show.

Microsegmentation has been on a lot of security roadmaps for a while now, but for many MSPs and solution providers, it still felt like something that lives in the enterprise world. Complex to deploy, hard to explain to customers, not always clear where the recurring revenue opportunity is. Zero Networks is looking to change that, and they’re making a big bet on their channel to do it. The company recently went full channel first with an updated partner program called Zero to Sixty, reported 45% year-over-year revenue growth through MSP partners, and earned the only five-star rating in Gartner’s 2026 Peer Insights Voice of the Customer for microsegmentation. Joining me today to talk about all of this is Adam Hofeler, vice president of go-to-market strategy at Zero Networks. We’re going to dig into what the channel first shift really means in practice, where Canadian partners fit into Zero Networks’ plans, and why the conversation around containment and identity segmentation may be more relevant to your next customer meeting than you think. Adam, thanks for taking the time. I appreciate it.

Adam Hofeler: Yeah, good to see you, Robert.

Robert Dutt: Your team recently published research that analyzed three plus trillion activities across 400 enterprise environments, and the big finding was that most security risk comes from routine abuses of normal trusted access paths, and not from the zero-day exploits, the big attention getters. For MSPs and VARs that are listening, what does that actually mean about where the real risk is in customers’ environments right now?

Adam Hofeler: Yeah, that’s a good question. I think when you look at it, we already know that most customers or end users, the bad guys are already in their organization in some form or fashion. They just don’t know it yet. So that if when you look at a security stack that might have detection and response capabilities and some other of those high valued propositions, because when we look at what we do, we’re one piece of the puzzle. But when you look at that, we know that exists. And we already, I think most people say, assume the breach is how fast you can kind of detect it. So when we look at what we do from a technology perspective, we help that blast radius, right? We help organizations prevent attacks, we minimize that blast radius, we maintain business continuity, even when attackers are already inside. So I tell our partners and MSPs to say, “Hey, look, we all agree that something is going to happen, but how do we control that? What does that look like?” And that’s really where Zero Networks comes in.

Robert Dutt: And that’s, you know, you touch on sort of going from detect and respond to what I’ll call sort of contained by default as an approach there. How do you explain that shift to a partner who’s kind of built their practice around EDR, around a traditional SOC stack, that kind of thing?

Adam Hofeler: Yeah. So our motion today is not like, “Hey, look, displace all these things that you’ve sold your customers today. That doesn’t make sense.” But most of our customers are being asked from a compliance standpoint or regulatory compliance standpoint to do, “Hey, I don’t love using the term, but the zero trust architecture or platform pieces of it, right? That’s a real thing.” And we’re one piece of that puzzle, although a very, very big piece. So when I talk to partners of like, “Hey, look, things that still matter to end users are protecting uptime, revenue, safety while meeting compliance requirements amid financial and operation cyber risks. It exists today.” And regulatory and compliance pieces are still coming down, even though they’ve sold multiple various technologies in cyber. So we’re really good at helping them solve that piece in parts. There are times where we talk about, “Hey, look, this is what an EDR does. This is what we do. This is why we work well together, and we’re not telling you not to have an EDR.” But we also look at it as if you look at all the breaches, and again, we’re not trying to scare anybody, but if you look at all the breaches, almost all of them had an EDR. They all had some kind of technology in that stack, but it didn’t prevent what had happened from a breaching perspective, and we really control that.

Robert Dutt: Okay. On the partner program side of things, you’ve moved from, I think it was around 20% partner led to 100% channel first over the course of three years. To step back in time a little bit, what either broke or didn’t work about the old model that led you down that path?

Adam Hofeler: Yeah. It was more of a people-type scenario when we started three years ago, we were a younger company, but didn’t have the people or process. We didn’t really have a programmatic approach, and we didn’t have relationships in the partner community. So I don’t view it as a fault of Zero Networks at all, but when I came in and the hiring that we’ve done with the team on the go-to-market side as well as our sales, we really just kind of dug our trenches in to say, “Hey, look, the partner community is where we want to be. They do a fantastic job. They’ve got great relationships. They’ve got technical resources. Let’s embrace it.” So it wasn’t that we were shying away from it. We were just a much, much smaller company. And so with the growth of the people that we brought on board, allowed us to say, “Okay, now we are ready to kind of really do this and focus and concentrate to making sure that the partners not only are happy, but focus on what will make them grow even further or faster with us.”

Robert Dutt: A tale as old as time, I think, in the channel space, the sort of company starts to build up direct to some level, then realizes, “Okay, how do we multiply this?” And that’s when you bring in folks who understand the channel and start to build that out. Totally familiar. And that’s exactly it.

Let’s talk about Zero to Sixty, the program update specifically. So if I’m a VAR or MSP that’s already working with you guys, what are the two or three changes that I’m going to feel most immediately in how I sell, how I deliver, and how I work with you?

Adam Hofeler: You’ll get additional registration or partner protection, not only on the length of time, but the dollars in which you’re going to be protected. So there’s usually some money, financial pieces tied to it. So most individual partners like that. From a company perspective for those partners, we have set an alignment of marketing dollars affiliated with that. So there’s some good things that we can do based on marketing with our partners, having end user events or various things internally as well. Do we have that available to us? And the third thing is enablement, not only on the sales, but the technical side. So those partners that can really embrace our technology, learning it from a technical perspective, we’ll reap some benefits along those lines as well.

Robert Dutt: Deal reg and pricing friction in general are perennial pain points or points of discussion in the industry. You’ve talked publicly about mandatory deal registration and no direct competition with partners. I guess the question is, as you scale that, how do you enforce that structurally and culturally?

Adam Hofeler: Yeah. It’s a big thing for me and for our company. When we talk about it, in my time of doing something like this, partners really want a couple of things. They want trust. Trust not only from the company, but from the people that they do business with at the field level. They want to be profitable. They want to make money because there’s a lot of technologies that they don’t make as much money, but it’ll cost them just as much on their time, energy, and effort, the value of time. And they want to make sure the technology works. So they can go and sell something else and they can have happy customers. So there’s three things that play a part in that. So we’re really trying to solve those three things and make sure that it’s sustaining, not just for our first year of changing the Zero to Sixty model, but making it a long-lived solution for them that they had a good experience so they’ll keep coming back and back and tell their friends within the organization to say, “Great experience, treated us well, made some good money, and oh, by the way, I’ve got a happy customer.”

Robert Dutt: You reported 45% year over year growth in MSP partnerships. Just to clarify there, is that growth in number of MSPs and revenue through MSPs both? What’s the point there?

Adam Hofeler: Good question. Yeah, the 45% growth was in revenue from the MSPs, and we’re looking to actually double that this coming year in revenue. We are not looking to scale and grow to just be MSP-centric, but it is a big focus and attention for us. Our technology does lend itself to a great MSP practice. In this space, not a lot of MSPs have the chance and opportunity to leverage microsegmentation based on some other providers and their complexity of the way they can do it. For us, we’ve solved that issue, so we really want to get out in front of the MSP and MSP practice. For those companies that are interested from a partnering perspective, we’d love to talk to them and see where it goes. Making it profitable will have its own separate, unique process from a pricing perspective and procedure, let alone what the technology can do for their end users from a manageability perspective when they manage that.

Robert Dutt: You’ve described the MSP opportunity as shifting from reactive incident response to a recurring resilience kind of position. Practically speaking, what does that service look like and what is the MSP actually delivering on an ongoing basis once the initial containment deployment is done?

Adam Hofeler: Yeah, so we have the unique ability to produce a risk assessment report so an MSP can show their end users the value that this technology is bringing them from a security, from a compliance piece. Manageability is pretty light on the MSP piece. Our system has an automation approach to what we do and how we do it, so that it takes some hours away from our MSP to focus on maybe some other things while the technology really can help them deliver some of the other initiatives that they might have. While we continue to tag all the assets, which is a challenge in the microsegmentation world, as well as building rules and policies that the MSP would have to do, now our technology can take that burden off of them for the most part. So it’s really helping our MSPs hit a core, I guess, end user state for them, not leveraging maybe all the services that they might have had on another technology. So really a lot of big value added to an MSP and to end users.

Robert Dutt: One angle that I think MSPs – MSPs anywhere – are interested in right now is cyber insurance. Insurers are increasingly requiring proof of segmentation and zero trust controls before issuing or renewing a policy. How are you seeing partners use that fact as sort of a door opener with customers who might not otherwise consider this a priority?

Adam Hofeler: Yeah, great question. When we do see it, there are some times where cyber insurance comes and we’ve been able to reduce some of that cost for cyber insurance because they have our technology. So there’s a benefit for the end users, I don’t want to say quite immediately, but once they find out that they do have a zero trust or microsegmentation strategy, because at the end of the day, we reduce downtime and minimize serious incident costs. We lower incident severity and faster recovery, improve executive confidence from a governance posture perspective. So these are all things that cyber insurance agencies are looking at that we can accomplish with our technology. So one, I’m thankful that we have it, but two, we do see that question come up. I’ll say maybe 20% these days with that number probably only growing at an exorbitant amount based on the relevance of that cyber insurance question that you asked.

Robert Dutt: Let’s zoom in on Canada a little bit. The press release announcing the Zero to Sixty developments mentions distribution partners in Europe, Australia, Japan, some major US-based enterprise partners. I didn’t see Canada specifically called out, but can you help me out with what the channel footprint actually looks like here in Canada today and especially where you need more help from Canadian partners, whether that’s geographically, whether that’s vertically, whether that’s whatever measure.

Adam Hofeler: Yeah. If I say all over, would that be too much, Robert? When you’re a fast growing company, there’s different areas of focus that you have, right? And we don’t have anybody from a Zero Networks perspective based in Canada. So everything has been through the partners and the partner community. We’ve had interest there and we do have some partners today. It is a great market for us. And we are kind of diving in this year in 2026 more into the Canada market in the major markets. And my ask would be if there’s a partner that’s interested in a fast growing cybersecurity company unique in the market and industry, we’d love to talk to them. So that’s typically in the major markets, but we’re not excluding anyone that might have some great customers that are interested in the product or services that we offer. So the partners that we have today, there’s a few that are headquartered and based in Canada, but some of them are the national partners that cover all of North America that we have today.

Robert Dutt: For Canadian partners who are evaluating the space, there are some established players – Illumio, Akamai Guardicore, those kinds of folks. You guys are combining network segmentation with identity segmentation, restricting admin and service account access, and not just network traffic. How do you explain that distinction to a partner who thinks, “All right, I’ve already got microsegmentation covered.”

Adam Hofeler: Yeah, it’s not easy, by the way. I think sometimes we have a preconceived notion of, “Oh, I already have that already,” or, “I have this technology and they do that.” And we have to take a step back and say, “Well, they do parts of it and not completely.” So yeah, with our unique approach of having an identity-based access enforcement at the network layer with just-in-time access for administrative and lateral movement pathways, this allows us to kind of dive into deeper of what network segmentation is and identity segmentation is. By default, we close privileged ports or privileged access, and then only when the customer identifies themselves will we open to that. So I take the scenario as such of, “Hey, look, you have some of these other providers. That’s great.” There’s three superhero things that we do differently. One, we don’t have an agent, so you don’t have to worry about it from an agent approach and sending agents across the entire infrastructure. So right away, partners like that, “Oh, okay, now I don’t need an agent.” The second piece that’s one of our superpowers is we have an automation engine, and the automation engine tags all the assets and builds the rules and policies, which customers in the past have been a big, big challenge, and then I have that just-in-time MFA aspect of things. So I tell the partner that’s just learning about microsegmentation is you have a neighborhood, and if there’s bad guys who are trying to get into one of the houses, what do they look for? They look for an open garage or a window or a screen door, whatever the case might be. That doesn’t mean that the house doesn’t have some protection around it. It’s got a fence. It might have a dog. You might have a Ring camera. All of that helps. So what we do is we’re like, “Hey, look, if someone gets in because you left a screen door open or a window open, they walk into that room. They won’t be able to move, and if they want access to open the door, they’ll have to identify themselves with who they are.” So I try to put in some terms of those folks that may know what we do from a network and identity segmentation and kind of go a little bit deeper. Or if I’m just starting out from a partner and they’re looking for something in their portfolio, I use that house analogy because it usually lets them understand it just a little bit easier to say, “Hey, look, I’m in a neighborhood. Bad guys want to find the easiest way.” Once they find a way, we just prevent anything from happening anywhere else in the house.

Robert Dutt: Identity segmentation feels particularly relevant, particularly in the sweet spot for MSPs that are in Active Directory heavy environments with lots of service accounts today. How quickly do you find partners can deploy that and start to show customers measurable risk reduction when they start with you?

Adam Hofeler: In the identity aspect of things, within two weeks. Once we’re implemented, we’ll be able to gather most of the information that we need from a service or an admin accounts, which is a big challenge for most of these companies and organizations where they don’t know where anything is or where they sit or who might have access. Within two weeks, we’d be able to identify it. Now, it’d be easy for me to say right away or immediately, and that is the case. But for the identity piece of our platform, usually we say seven to 10 days.

Robert Dutt: You guys earned a five-star rating in this year’s Gartner Peer Insights Voice of the Customer for the microsegmentation space. The only vendor to score a perfect 100 and 100% willingness to recommend, that’s a nice piece of business for you. What’s one piece of customer feedback from that process that surprised you or changed how you think about the product?

Adam Hofeler: Man, I will go to my very first week of being at Zero Networks. I come meet our CEO, Benny, up in New York. I’m at a customer site. This is where I’m meeting him. I’m in the conference room, and the CIO says, “We love your product.” And I’m still new. I really don’t know exactly what we do, to be honest with you, Robert. I’m like, “Okay, I love hearing that. That’s good.” He absolutely gushed for five or 10 minutes about our product and who we are and what we do and how we’ve helped their organization. I’m like, “All right, this is great.” We go to a dinner that night, and there’s probably a room of 20 individuals, about 20% of the room is a customer of Zero Networks and the others are prospects. And they could not stop raving about our product. And I look to a colleague to the side of me, I’m like, “What’s happening here?” Really, where did I just go? Customers just sing our praises. And so that set the tone for me being here for almost three years of customers really love what we do. And it’s great that we have a technology that customers love it, but we’re actually solving a business challenge they have and they’ve had. And it became a reckoning to say, “Our technology really does it.” So we are growing very, very fast and it’s primarily because our customers are recommending us to other customers. They talk about their challenges that they might’ve had. They talked about how we solved it and how quickly we’ve had the ability to solve it. So to some degree, I thought I was in the Twilight Zone the very first day and it continues to grow and manifest itself as we continue to grow. And so when we talk about the five-star rating and how customers really sing our praises, it’s very much true. I haven’t had this in my sales career for quite some time that if I put a customer on the phone and I just hop off, I really feel that whoever they’re talking to is going to become a Zero Networks customer as well, just because it’s not just the technology works, but how do we support them? What is our sales engagement? How does our partner community embrace them? It’s great you have technology, but if we gouge them in some form or fashion or they felt uneasy about it, they wouldn’t recommend us.

Robert Dutt: Two quick ones before we wrap up here. You’re talking about expanding in Canada, expanding the MSP business. It sounds like there’s opportunity there. If I’m a Canadian MSP listening and I wanted to start a conversation tomorrow, what’s the literal first step that you’d recommend they take to engage with you guys?

Adam Hofeler: Yeah, they can reach us on our website that would go to our go-to-market team or an email at [email protected] would be the very, very first step. And again, if they’re just trying to learn about the technology or interested, let’s have a conversation and see if it’s the right mutual fit for not only Zero Networks, but for them to be brought into their portfolio.

Robert Dutt: All right. And we have to ask this one. The partner program is called Zero to Sixty. I love that branding. It’s a cute little bit of marketing business, but here in Canada and other metric markets, Zero to Sixty just doesn’t have the same ring to it. It’s like a nice drive down a country road. Any chance we’ll see a Zero to 100 program for Canadian partners?

Adam Hofeler: And if you like that, maybe we need to. I think I’m in. We would love to do nothing more but to gain more access to partners. And if it’s the naming convention that works, I’m in. Whatever works.

Robert Dutt: Adam, I appreciate you taking the time. Thank you.

Adam Hofeler: Thanks, Robert. Appreciate the time.

Robert Dutt: There it is. My conversation with Adam Hofeler from Zero Networks. If there’s a line from this conversation that I think is worth sitting with, it’s that most security risk isn’t coming from exotic zero-day exploits. It’s coming from routine abuse of normal trusted access paths. That’s a finding from over 3 trillion activities across 400 enterprise environments. And it makes a pretty strong case for the shift from detect and respond to contained by default isn’t just marketing language. If microsegmentation is on your radar, whether as a security play or as a way to open cyber insurance conversations with your customers, maybe Zero to Sixty is worth a look for you. Tomorrow on In The Channel, I’m sitting down with Merium Khalid from Barracuda’s SOC to go through their managed XDR threat report, including the finding that 90% of ransomware incidents exploited firewalls, often through vulnerabilities more than a decade old. That’s tomorrow right here on ChannelBuzz.ca. Thanks for listening. I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

This episode of In Case You Missed It is brought to you by ESET Canada. ESET’s Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women pursuing careers in cybersecurity. Applications close April 8. Learn more and apply.

On this episode:

Welcome to In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca. Today is Monday, March 16th, 2026. Let’s get your week started right.

This week’s In Case You Missed It is brought to you by ESET Canada. ESET’s Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women pursuing careers in cybersecurity. Applications close April 8th. Learn more and apply at eset dot come slash ca. ESET – protecting progress.

If you needed a single data point to explain the mood in the channel right now, Omdia may have just provided it. A new global survey from the analyst firm found that close to 60 percent of channel partners expect their Q1 profits to decline by double digits compared to last year. Less than a third predict that profits will grow at all.

The revenue picture is slightly more encouraging – 45 percent expect Q1 revenues to increase year over year, and about a third are forecasting double-digit revenue growth. But there’s a dangerous disconnect between topline and bottom line, and the reason is straightforward: costs are rising faster than partners can pass them through.

Hardware vendors are increasingly refusing to hold pricing until the point of shipment, and in some cases are cancelling orders even after a purchase order has been received. If you’re locked into contractual pricing with a customer, you quoted a price, the vendor changed theirs, and you’re absorbing the difference.

Layer in Middle East conflict pushing oil prices higher, component shortages showing no signs of easing for at least another 12 months, and the downstream effects on cloud providers, MSPs, and SaaS companies all being forced to raise their own prices – and Omdia’s Alastair Edwards warns the risk of channel bankruptcies is set to increase dramatically. If you haven’t stress-tested your quoting and procurement processes for a world where vendor pricing is no longer reliable, that conversation needs to happen now.

Check Point Software launched a dedicated Canada data region last week for its CloudGuard Web Application Firewall. All configurations, logs, and security data generated by Canadian customers using CloudGuard WAF will now stay within Canadian borders.

This is a data sovereignty play, and the timing isn’t accidental. Data residency is becoming a real differentiator in how Canadian organizations evaluate security vendors. Whether it’s regulatory pressure, customer demand, or the reality that storing data with U.S.-headquartered cloud providers carries CLOUD Act risk, the partners who can have an honest conversation about where data lives are the ones winning deals.

For Check Point partners, it removes one of the more common objections. And in a broader sense, it’s another signal that global security vendors are recognizing that having a data region in Canada actually matters to this market.

CRN published its annual MSP 500 list last week, and several Canadian companies made the cut. WBM Technologies out of Saskatoon landed on the Elite 150 – now in its 75th year and still reinventing itself. Bulletproof, a GLI company based in New Brunswick, made the Security 100. Nucleus Networks, which has expanded from Vancouver to five cities across Western Canada, appeared on the Pioneer 250. Arctiq, Converge, and Premier Cloud also showed up across the three categories.

We don’t dwell on awards lists on this podcast, but the MSP 500 is one of the few that gives Canadian partners real visibility alongside the larger U.S. players. If you’re building your practice and wondering whether you’re on the right track, it’s worth looking at who made it and asking what they’re doing that you could learn from.

Since our friends at ESET Canada are sponsoring this episode, it’s worth flagging something they’re doing that goes beyond product. The ESET Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women in Canada pursuing careers in cybersecurity. The deadline to apply is April 8th.

This is the 11th year of the program. 

Since 2021, ESET has supported 14 women in Canada with more than $50,000 in scholarship funding. Last year’s Trailblazer recipient, Constance Prevot, is now a working SOC analyst while finishing her degree at Concordia. If you know someone who should apply, point them to eset.com/ca. Link’s in the show notes.

Finally, two moments from the past week that remind us this industry is built by people, not just products.

The Canadian channel lost Rob Megaw last week. Rob was the president of Compu-SOLVE Technologies in Midland, Ontario, and had led the company for more than 30 years – from its early days as a local ISP and PC repair shop through its evolution into a managed services provider. That’s the Canadian channel story in miniature, and our condolences go out to his family and the Compu-SOLVE team.

On a more hopeful note, CIOCAN announced the CanadianCIO Fawn Annan Memorial Award, recognizing women in IT leadership whose work reflects Fawn’s enormous contribution to Canada’s technology community. Fawn founded the CanadianCIO of the Year Awards and the CIO Hall of Fame. Nominations are open, and we’ll have a link in the show notes.

Those are some of the things we were paying attention to last week. 

This week on In The Channel: Zero Networks goes all-in on the channel and why Canadian partners should pay attention. Barracuda’s Merium Khalid walks us through their latest threat report. And Jeff Collins from WanAware makes the case that you’re hitting every SLA metric and your customer still thinks you’re failing. 

For ChannelBuzz.ca, I’m Robert Dutt. Have a great week, and I’ll see you in the channel.

On March 14, 2006, Amazon Web Services launched S3, its first generally available cloud service. Twenty years later, AWS is a $100-billion-plus business, and the cloud has fundamentally reshaped how technology gets to market in Canada and everywhere else.

To mark the occasion, we sat down with Eric Gales, president of AWS Canada, for a conversation about what those two decades have meant for Canadian partners – and where things are headed.

Eric has been at the centre of the Canadian tech channel through every major platform shift. Before joining AWS in 2015, he served as president of Microsoft Canada during the company’s push to the cloud and as country manager for VMware Canada. Few people in the industry have watched the Canadian channel evolve from as many vantage points.

In this conversation, Eric talks about the early skepticism partners had about buying cloud services from “a bookseller,” the moment it became clear that cloud wasn’t a passing trend, and what separated the partners who made the transition successfully from those who struggled. He also discusses how the launch of AWS regions in Montreal and Calgary changed the data sovereignty conversation for Canadian customers, and how that conversation is evolving again as AI enters the picture.

Looking ahead, Eric shares his perspective on what Canadian MSPs and resellers should be focusing on right now, why he believes AI represents a generational opportunity for the channel, and what the latest AWS partner program updates mean in practice. He also offers a candid reflection on what he’d tell the channel if he could go back to 2006.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca, joining you for a special Friday episode. Thanks for pressing play.

On March 14, 2006 – Pi Day, for those keeping track – Amazon Web Services launched S3, its first generally available cloud service. Tomorrow marks 20 years since that moment, and whether you were paying attention to AWS back then or not, it’s hard to argue that any single technology shift has reshaped the channel more than cloud.

To mark the occasion, I sat down with someone I’ve known for close to 20 years in this industry – Eric Gales, the president of AWS Canada. Eric’s been at the center of pretty much every major platform shift in the channel. He ran Microsoft Canada during the cloud push, led VMware Canada, and has been heading up AWS Canada since 2015. So there aren’t many people better positioned to reflect on what the last two decades of cloud have meant for Canadian partners, and where AI is taking things next.

This one’s a conversation, not an interrogation. I hope you enjoy it. Here’s Eric Gales from AWS Canada.

Eric, thanks for taking the time. I appreciate it.

Eric Gales: My pleasure, Rob. Great to talk to you.

Robert Dutt: We’ve known each other for quite a while, going back to your Microsoft Canada days, and it’s been close to 20 years now. Before we get into AWS at 20, when you look over the arc of your career in Canada – Microsoft, VMware, AWS – you’ve been fortunate enough to be with and to lead some really transformative companies. What’s the single biggest thing that you’ve seen that’s changed about how technology gets to market here in Canada over those two decades?

Eric Gales: Yeah, you know what, as you indicated, it’s been fascinating. It’s been super fun to be in the tech sector. I’ll take a few things. One is, I think about it as eras of computing. I actually started at the dawn of the PC era, the end of that mid-range era. The PC changed everything, and then local area networking, and the internet, and mobile computing. Then my time in Canada – when I first came to Canada I worked for Microsoft, and I worked for Compaq before I came to Microsoft.

In this era, technology has only become more important to more customers. That’s one storyline, is that it’s become more and more important. One thing I think is the most profound change in recent times is, it was always just the domain of technologists. I was working for technology companies, selling to technologists. Now, because the impact of technology is so profound, it’s a lot more about businesses, and business leaders, and lines of business understanding what the technology can do. I think that’s been the biggest evolution, and certainly in the last decade, is the importance that everybody within an organization appreciates the importance of technology, and what it can do, and how to apply it.

Robert Dutt: That has been pretty transformative for the channel, hasn’t it? Selling into line of business, selling into the C-suite rather than going to the CIO. That’s a good point. For all the technology changes, that’s kind of been the thing, right? Not a technology, but rather the “who cares about it” part of it.

Eric Gales: Exactly. I think, just like as someone in this business myself, if I look out to that partner ecosystem, they’ve been on that same transformation that creates new challenges for every partner, as well as new opportunities. Those that have been most successful have of course been the ones that continue to evolve their businesses to meet the needs of, ultimately, the end customer.

Robert Dutt: When AWS launched S3 back on Pi Day 2006, I don’t think many folks in the Canadian channel were paying attention on that day in particular. As you moved through your career path, when did you first realize, “Okay, cloud isn’t a buzzword. This is a fundamental change both in technology, and it’s going to rewire the channel”?

Eric Gales: Yeah, I think there were two things back then. One was, at the time, of course, Amazon was not synonymous with being a technology provider. It was a consumer of technology. So point one was, “Amazon’s launched something.” I didn’t work for them then, and I would be in that community that says, “Why would you buy those services from a bookseller?”

So that was one dimension of it. And then the second thing was, there had been managed services before, but I think the thing that a lot of people missed for a while was, a few things had changed. The internet was ubiquitous. People were using the internet for lots of different things. And so it was that new transport that the internet gave you that enabled a company like Amazon to come along with AWS and offer a service that was available to everybody.

And then it also changed the way that people thought about consumption. Because up until that point, most software and consumption of services was a long-term contract or a license. And this was pay as you go, use on demand. It was a whole new construct. And I think it took a while for people to realize that AWS had changed a whole set of characteristics about how technology was going to be consumed.

And the rest is history. That whole idea took off because it just made so much sense to customers, and many partners got behind that very quickly in terms of seeing the opportunity to transform how they interacted with their own customers.

Robert Dutt: You’ve said, and I don’t think this is too much of a secret to the industry, to anyone who’s observed the Canadian business and technology scene, that Canadian businesses are slower to adopt new technology than especially the US, but also European counterparts. There’s that kind of tendency to let someone else see where the mines are in the minefield before you go walking. Looking back over 20 years of cloud in Canada, do you think that gap has closed, or has that sort of conservative approach to technology shifted forward to a new frontier? Are we going to see the same thing with AI now?

Eric Gales: I think, you know what, when I first started working over here with the cloud 10 years ago, a lot of my conversations were about why cloud and why it was important, both with partners and end customers. And at that time, I had felt this sort of theme that Canada was slower to adopt technology. And I felt there was a real opportunity there because everyone was at the beginning. And so here’s an opportunity for us to take these capabilities to our customers and help them to play catch up with other jurisdictions.

And I learned back then – I’d already learned by then – that it was important to point to Canadian customers to make it okay. To avoid the sort of “first to be second” thing. “Canadian customers are doing this.” And so we went out of our way early on to get key brands on our platform in every industry so we could make it okay.

But I’d say in aggregate, yes, we’ve made a huge amount of progress, but the Canadian landscape moved a little bit more slowly than other jurisdictions. I see the same opportunity now, but the landscape has changed, the circumstances have changed. I think politically, geopolitically, there’s a new opportunity, particularly with AI. And I think there’s a great opportunity for Canada, for Canadian firms, for Canadian government, and for Canadian partners to take this opportunity to really see if we can accelerate the consumption and the application of this technology to real business problems and productivity challenges.

And again, once again, the world is all at the same starting point. So I think there’s a great opportunity here to accelerate the Canadian adoption of these kind of capabilities in this next era.

Robert Dutt: One of the things that certainly arguably helped close that gap, helped make cloud much more de rigueur here in Canada, is that we kind of eliminated the “okay, so my data is going to live where?” question. For you guys, rolling out Montreal in 2016, I think it was, and Calgary a couple years ago – not just data center announcements, these were things that unlocked data residency and sovereignty conversations that Canadian partners and their customers really needed. As those conversations shift from “where does my data live” to “who controls my AI models and my training data,” how does that change the work that partners do and how they frame that to customers?

Eric Gales: Yeah, I think it’s interesting again, but go back to the history of it here. Many things have changed that have stayed the same. The importance of security – that hasn’t changed. Arguably, it’s more important. The management and the financial controls of technology they might be using – those haven’t changed. They’ve changed the application of those, but there are some key themes.

This question of sovereignty and control of one’s data and the policies around it – those things are very important. They were very important to us. One of the reasons that we built our infrastructure here is the control of this for our customers.

That’s why in this AI era, the same things apply. And so we’re super focused on maintaining the same principles that allow customers to use these models with their data in a secure way. That means that their IP doesn’t leak out somewhere. We don’t use their data for anything else. And so to us, the same philosophical approach and the same technical approaches to making sure that customers can be confident that there’s a way of taking advantage of all of these capabilities without compromising the security, the privacy, and their own intellectual property. That is a key feature of our value proposition to our customers – we help you get all of the benefits of these capabilities without the risks associated with using models which sort of live on the internet somewhere.

Robert Dutt: For Canadian VARs, MSPs, folks who’ve been around since the early days of cloud, the ones who made that transition from selling boxes to selling services – what did the ones who succeeded have in common? And sort of the flip side of that as well, what did the ones who struggled to make that transition miss?

Eric Gales: Yeah, I mean, I think – you’ve heard me say this before, Rob – but I’m a maniacal believer that the only sustainable competitive advantage is innovation. And whatever business you’re in, if you’re not innovating, if you’re not willing to change, then you’re losing. It’s just at what rate.

And that’s not a new problem. I’d put it out there that, think of any company that you knew that was top of its game and then it wasn’t. In whatever industry, I would posit that you could trace it to a lack of innovation on product, customer service, supply chain, whatever. And that’s the case with the IT sector and with partners. If you think that you’re going to be able to hold the tide back in a world that’s changing, that’s going to come to a stop.

And I’d say the characteristic of those partners that were able to most benefit from these eras of computing were those that were prepared to transform how they were going to make money, where they were going to make money, what they were going to contribute to their customers. And those that didn’t do that are the ones that typically end up in a position where their business isn’t sustainable anymore because that market went away.

When I started in the industry, my first job, I was an installation engineer, and there’ll be some people out there – maybe you’re one of them – that remember, we used to put Harvard graphics cards into PCs. People paid money for us, for me, to do that work. And then, you know, graphics cards came in the PC. And so that business went away. And that’s the case. Where the money can be made, where you can build a profitable business, it’s been evolving.

But the actual surface area to build businesses and be partners that help customers translate this technology into value for them – that opportunity has only got bigger. And that’s the case today. If you think about the potential for AI and AI services, there’s just a tremendous opportunity out there for partners to help customers translate these capabilities into value for their businesses.

Robert Dutt: You guys have talked about partners being the lifeblood of AWS, I think the language that the leadership team has used. The fact that partners are generating $7 for every dollar of AWS service sold. That’s a great number. But for a Canadian MSP who’s in that long tail of the channel, that isn’t a Deloitte or an Accenture – maybe they’re a 15-person shop in the GTA or Calgary or wherever they may be – what does that $7 actually look like for them, and where is that value being created?

Eric Gales: Yeah, I’d say there’s a few different areas. So if you think about the continuum, there are many customers out there who have yet to move their on-premises infrastructure to the cloud. And so there is a whole decade’s worth of work or more in helping customers to transform what they’re doing on-prem into the cloud. And there’s a necessity to do that, because the opportunity to leverage these new sets of capabilities like AI, for example – they have a dependency on having proximity of your data to these cloud services.

And so at one end of the spectrum you’ve got migrations and modernizations of legacy technologies and architectures to the cloud. And at the other end of the spectrum, there’s building new capabilities, using the features of the cloud, using these new capabilities with AI. And we see three big categories there: helping businesses generate more employee productivity, helping streamline business processes and doing new processes in new ways, and then also thinking about new business models.

And so there’s a continuum. The technology itself is a set of tools that can be applied to every business. But the services around that, the people and process part – that’s where that $7 is. That $7 is the people and process, largely, around helping customers to adopt and deploy and take advantage of these capabilities.

And then there’s both the SI partners and then ISVs that live on the AWS platform. And we’ve tried to create new opportunities for those too, with things like Marketplace, to help our customers be able to consume software from our partners that build software that runs on AWS too.

Robert Dutt: You guys rolled out some pretty significant program changes for 2026 – growth incentives, different benefits, changes to deal registration. For a partner who’s been doing this for a while, what’s sort of the biggest practical change they’ll feel day to day this year in terms of being an AWS partner?

Eric Gales: Yeah, I think a lot of those changes are built in sympathy to what we were hearing from our partners and from our customers, to allow us to streamline the way that we’re working with our partners, to allow us to focus more explicitly in solution areas as well as specific industries.

Think back to some of my opening comments at the beginning there – it’s more important than ever to be able to translate these capabilities into the language of the customer. And so we have a lot of focus on industry, for example, to help our customers put this technology into context.

And so thematically, we’re trying to translate everything we’re learning from our partners and our customers into programming that allows us to jointly focus on the right things. And for us to make sure we’re getting the right support to the right partners in the right places to help them to scale their business.

We think this next era of compute, particularly led by AI, provides a tremendous new opportunity for our partners to translate this technology into value for our customers. And so we’re trying to line up our execution and programming in a way that is much clearer, simpler to engage with, more transparent about what we think is important, and allows us to get the right support to the right people at the right time.

Robert Dutt: You talked about the idea of AI kind of resetting that starting line, creating a new starting point where everyone’s on a more even footing because, like we were with cloud, it’s a new start. A lot of MSPs that I talk to are still figuring out the basics of it – the where to start, what’s real, what’s hype, how do I find value for my customers? I think you touched on that a little bit in the last answer. But if you were advising a Canadian MSP right now on their first meaningful AI conversation with a customer, what would you tell them to focus on?

Eric Gales: I think it’s all about business value. Whenever you have a new era of technology like this, there are a bunch of people just trying to sell stuff. And customers want this stuff to be translated into value for them. And so I think really looking for where is the business value of the application of this technology, and being the translator of that for customers.

Because there are tremendous opportunities for AI and generative AI and symbolic AI and machine learning to be applied in whole new ways with our customers. And what we’re finding is our customers need help to translate that into value for them.

And so the real opportunity is to identify where are the sweet spots today that you can take a value proposition to a customer that is all about real business value and the “how” part. How do they get that value?

And so I think at this stage, that is most important. There’s a high noise-to-signal ratio right now in this world because it’s moving so quickly. And customers are looking for people that can help to translate all of this noise into signal that’s valuable to them. And so that’s my general advice: find the opportunities where you can translate all of this stuff into real business value, whether that’s a particular use case, a particular portfolio of customers. And at the same time, every partner needs to have a business model here, a business that supports scaling and growing into the future, to translate this opportunity into business value for themselves.

Robert Dutt: And sort of the flip side of that, what’s the biggest risk for a Canadian partner who looks at it and says, “Okay, still early in the game, going to wait for clarity”?

Eric Gales: Yeah, I’d say that there can be no waiting. What we’re finding is that every customer, every partner needs to get moving. There’s a huge amount to be learned by doing here, and every era of compute that you and I have been involved in and the IT sector, it has gone at a faster rate than the previous one. And this one is going at a rate that we’ve never seen before.

I think last year, 160,000 customers volunteered that they are adopting some form of AI. And that’s the highest rate of adoption we’ve ever seen of any technology, including internet and mobile phones. So this is happening. One needs to be moving.

And there is a certain amount here, I think, for partners, of moving the train whilst laying the track. Those two things are important. I think the folks that wait will find themselves at a disadvantage just because it’s moving too quickly.

And in fact, you have to build a business model, just like we’re doing here from my own organization, that is dynamically learning and evolving, because the rate of change here and the applicability – I mean, if you think about two years ago, 18 months ago even, you and I were talking about LLMs. But now we’re talking about agentic workflows. We’re past the LLM. It’s really about the application of this technology with agents. And so even in that very short period, the applicability of this technology and how people consume it has changed pretty profoundly.

And so I think it’s super important every partner starts moving, because there’s a lot to learn and a lot to keep up with as this thing continues to accelerate.

Robert Dutt: All right, I’m going to ask this one just a little bit tongue in cheek, maybe. 2006, you arrived in Canada and AWS launched. 20 years later, you’re running AWS Canada. If the next 20 years of cloud and AI are as transformative as the last 20 years have been to this business, to this business model, what does the Canadian IT channel look like in 2046? Are there still resellers and MSPs, or has everything been reinvented? Just crystal ball for me.

Eric Gales: I think a lot is going to change. There’s no doubt about that. A lot is going to change. We very much see that, just as has been the case to date – if you think about it, IT has been about augmenting and working with humans and human processes and business processes. It’s created new business models. It’s allowed us to do things in new ways and to live, work, and play in all different ways.

This next era of the application of AI, in particular at scale, follows the same themes but creates incredible new opportunities. So I think we’re going to see a tremendous amount of change in terms of how we live, work, and play with this technology. But within the context of that, tremendous opportunities to be part of the solution versus part of the problem. Part of helping people to embrace and use and deploy all of these capabilities in ways that are value-added and respecting the things that we know are important – security and privacy and intellectual property protection. There is a tremendous opportunity, I think, ahead.

But I would not underestimate how profound the change is going to be over the course of, if you take that 20-year horizon, tremendous change. I think even over the course of the next few years, we’re going to see a lot of change in terms of how we work and how we live and how we interact with each other.

Robert Dutt: All right, a more sane final question for you, especially since it is the 20th birthday of AWS. If you could go back to 2006 and tell the Canadian channel one thing about where the cloud was going to take them, 20 years on to 2026, what would it be?

Eric Gales: I think, drafting off what we just talked about, it’s: don’t underestimate the opportunity here. When you have a new set of capabilities, back then with the birth of the cloud, there were people that embraced it very early on and were real beneficiaries of it. There are some partners I can think back to at the beginning, when I first came here to Canada, that really embraced that opportunity. And those that waited – those that waited missed out on a tremendous opportunity.

So I think I would go back, if I could, and just try and do a better job of helping people to appreciate what the opportunity was here and why the people that were early adopters of it had the most to gain.

And I think we’re in that moment now with AI. So the same again – I think tremendous opportunity here for Canada, for Canadian companies, Canadian partners to be the leaders in how these capabilities get applied to businesses and governments and how we work and live together. And so I’d say, lean in. Now is the time to lean in and work out how you can leverage this stuff to build a business and help businesses.

Robert Dutt: All right. A very happy 20th birthday to AWS. And Eric, thanks so much for taking the time.

Eric Gales: Thanks, Robert. Great to talk to you.

Robert Dutt: There you have it. Eric Gales, president of AWS Canada, on 20 years of AWS. Again, the official anniversary is tomorrow, March 14th.

I thought Eric’s point about the Harvard graphics card was a great one. The work disappears, but the opportunity doesn’t. It just changes shape. That’s been the story of the channel for as long as I’ve been covering it. And that’s the story again right now with AI.

Thanks to Eric for joining us. And thank you for listening. The podcast will be back on Monday with In Case You Missed It, our weekly roundup of some of the headlines that might have flown under the radar this week.

And next week on In The Channel, expect to hear about microsegmentation and why “contained by default” is replacing “detect and respond,” what Barracuda’s latest threat data says about how fast ransomware actually moves, and why the network visibility your business relies on might have more blind spots than you think.

Between now and then, we’d invite you to subscribe to or follow the podcast in your podcast app of choice. And if it allows you to, please leave a rating and review.

Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Nutanix has published the 8th annual Enterprise Cloud Index, its flagship survey tracking how organizations are building and managing infrastructure. This year’s findings hit three themes that matter for the channel: the rapid spread of unmanaged AI tools, the growing weight of data sovereignty, and the accelerating shift toward containers.

Lee Caswell, Nutanix’s senior vice president of product and solutions marketing, joins us to dig into the data. Lee spent years at VMware before joining Nutanix, giving him an unusual perspective on how the infrastructure market is reshaping itself – particularly as organizations navigate Broadcom’s changes to VMware alongside the push to build AI-ready environments.

The numbers are striking: 79 per cent of respondents encounter AI tools deployed outside IT’s oversight, 80 per cent consider data sovereignty a top infrastructure priority, and 87 per cent expect containerization to increase. But Lee’s read goes beyond the headlines. On shadow AI, he argues most of this is rational behaviour by teams testing in the cloud before committing on-prem – the real challenge is providing a structured path, not clamping down. On sovereignty, he draws a memorable distinction between a “noisy neighbor” and a “nosy neighbor” in multi-tenant environments – a framing that matters for how MSPs position managed services around compliance. Lee, who recently wrote about what he calls the “sovereign edge”, goes deep on what sovereignty means in practice when AI workloads need to stay local.

The conversation also explores the MSP opportunity. While 65 per cent of respondents say their AI runs via managed service providers, Lee candidly notes that figure includes SaaS-delivered AI. The bigger play, he argues, is MSPs becoming the “governed alternative” to shadow AI – a sanctioned service layer offering sovereignty compliance, optimal application placement, and predictable costs. His closing advice: be “AI smart,” not just “AI fast.”

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to Canadian IT solution providers for 16 years now. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always your host for the show.

If you’re an MSP, there’s a good chance your customers are already using AI tools that your team doesn’t know about. Nutanix recently released the 8th annual Enterprise Cloud Index, their big annual survey of how organizations are building and managing infrastructure. And this year, the data paints a picture that would be uncomfortable for anyone who thinks they’ve got a handle on where AI is running in their environment. Nearly 80% of respondents say they’ve encountered AI tools or agents deployed outside IT’s control. Data sovereignty has become a top priority, and containers are quietly becoming the default for new applications.

My guest today is Lee Caswell, Nutanix’s senior vice president of product and solutions marketing. Lee came to Nutanix from VMware, so he’s been watching the infrastructure market reshape itself from a vantage point that very few people have. We dig into what the survey data actually says, where the contradictions are, and what it means for MSPs and solution providers. Here’s our conversation.

Robert Dutt: Lee, thanks for taking the time.

Lee Caswell: Well, Robert, thank you.

Robert Dutt: You come to Nutanix from VMware, and your CEO now, Rajiv Ramaswami, he was the COO over there. Now you’re running this survey while the virtualization market is being reshaped by Broadcom’s changes. How does sitting where you sit now, having been kind of on both sides of that fence, shape how you look at this year’s data?

Lee Caswell: Well, I think it’s fascinating that for years, maybe 20 years, people just assumed that the underlying virtualization layer was fixed. That vSphere was well established, super product, exciting. A lot of people built their careers, frankly, on learning the ins and outs of vSphere. And to a lesser extent, some of the later add-on products. But the idea that the underlying virtualization layer has changed has, for the first time in years, had people reconsidering how they will build out their IT infrastructure for the next 10 years.

Robert Dutt: And we’ll circle back to that theme and that infrastructure theme a little later. But I wanted to dive in off the top into shadow AI, because it’s something that we’ve been talking about a fair bit on the podcast, and it’s something that a lot of partners are thinking about and trying to get their heads around how to deal with it. According to the survey, 79% of your respondents say they’re encountering AI tools or agents that are deployed outside the purview of IT. That’s a striking number. I’m curious, though, about the quality of the problem. Is this mostly folks who are using ChatGPT carelessly or without permission, or are we talking about the worst-case scenario of actual AI agents making business decisions willy-nilly without oversight?

Lee Caswell: Well, we’ve certainly seen some of those later examples, but I think the majority of this is rational decision-making on IT and developer teams. Thinking about the fact that AI infrastructure itself can be relatively expensive. GPUs, new servers, new hardware. You’re generally bringing new hardware into the mix to start with. And what customers have been doing is before they go and make their investment strategy, and particularly in on-prem environments, they’ve been trying things out in the cloud where you can rent infrastructure, you can basically start something up, spin it down. That’s kind of a classic test-dev model, by the way, not different from what we’ve experienced in the past.

And yet, when you look at how you’re going to deploy AI long-term with considerations around sovereignty and privacy, and particularly around predictable and lower costs, you start thinking about how you can take your on-prem infrastructure skills, which could include a data center but might also include the edge, and start thinking about how do you bring your already-strapped IT teams into this? And from a channel perspective, it’s how do you leverage some of the skills where people have been trained, particularly on virtualization. We’ll come back to this in just a minute. And basically apply this now into the new world of AI LLMs, AI hardware, and containerized infrastructure running on VMs.

Robert Dutt: So if I’m an MSP supporting that kind of mid-market client, the 200 to 1,000 seat kind of space, what does a practical response to shadow AI look like at this moment in time? Because, you know, “implement an AI governance framework,” that’s great in concept, but that’s the kind of consulting engagement that’s a little hard for a lot of MSPs to deliver.

Lee Caswell: Well, first off, you want to start thinking about what are the risks you’re trying to address. One is you want to look carefully at what LLMs your user base is actually using. One of the things that we’ve been able to do, for example, is have an audit trail, so you can look at who’s using DeepSeek, for example. Who’s using OpenAI? Who’s using some of the Llama 2, Llama 3 models, for example, or NVIDIA models? So the ability to go and look into the user base and get an assessment of that.

Secondly, you’re looking at how do you make sure you don’t have a runaway cost model? This was one of the risks in the early cloud days, you remember. You had users getting shocked with the amount of unplanned, unmanaged cloud costs. And so you’ve got this opportunity now to look at how do you manage a brand new metric of consumption, by the way, called a token. I defy you to find somebody who knows exactly how tokens are created and the like. That’s a very difficult challenge. If you can provide a predictable way to manage, monitor, and control the usage of tokens, we do that as a way to basically protect against runaway costs.

And then finally, the idea of sovereignty. So where is your data? Specifically, as you look at geopolitical considerations, we have, I think, a stunning finding that showed that 57% of our respondents said that they wanted their AI workloads to be within a sovereign country. Now, that doesn’t mean a single location necessarily, but it does show the concerns around where’s my data? Who can subpoena my data? Who’s got access to my data? And it may be, Robert, that the data model is more sensitive than the data itself, because the data model shows how you’re interpreting the data. And that’s actually a really interesting finding, I think, for a lot of folks, as AI takes hold so quickly.

Robert Dutt: And data sovereignty is an area that we want to drill down on. It’s an area that’s of key interest to our audience, obviously. You touch on the 57% number in terms of how customers want infrastructure in a single country. 80% say it’s a high priority. You wrote recently about what you called the “sovereign edge,” the idea that AI is forcing compute closer to data within sovereign boundaries. For a Canadian audience that’s been navigating this between different regulation at different levels, the US hyperscalers and the CLOUD Act, for years, what’s new here? Is this kind of validation that what they’re seeing is real, or is the ground really shifting here?

Lee Caswell: I think the sensitivity is a continuation of the trends that we’ve seen in the past. What’s changed is the understanding that in an AI world, data will be more distributed than it is today. And so imagine if you’re a hydro company, let’s say. And you’ve got different dams and facilities and hydro control points. These are distributed. They need to be able to run in a disconnected manner. You want to have AI applied locally. If you’re doing things around video processing, you don’t want to send all that data back to a central location.

And so the ability to have a distributed model where your data and apps are more distributed and yet be connected so that you can do patching, for example, day-two operations, security updates, and push those out to a distributed environment. Now the realization is sovereignty has grown in importance, and at the same time, my data and applications will be more distributed. That’s a double stressor for IT teams looking at how to maintain that control and let the agility of distributed operations continue on.

Robert Dutt: So are you seeing organizations redefine sovereignty in terms of operational control rather than just “the data lives here”? Because I think that distinction can matter pretty significantly for how MSPs ultimately architect their solutions and try to address this challenge.

Lee Caswell: Yeah, I think for MSPs, there’s a few important areas to think through. One is that customers who were looking for, let’s say, an infrastructure link are now looking for an AI dial tone. They’re expecting to have AI available, always on, no matter where they are, accessing it for their users. Because AI is quickly, as you can see from the data here, becoming a top corporate priority. So that’s one thing.

The second one is that the sovereignty means you need to make sure you’re controlling where is your data replicated to? Where does DR happen? How do you fail back within sovereign boundaries? Being able to establish that, something where the data services, something that you can establish or set as a differentiated capability, has been extremely important.

And then lastly, you start thinking about what about within the MSP? There’s a noisy neighbor issue, but there’s a nosy neighbor issue, which is how do I make sure that someone inside can’t cross boundaries internally in an MSP and look at your data being hosted in a common location? This is an area that you’re going to want to look carefully at multi-tenancy and how the infrastructure protects your data even when some of the infrastructure is shared across users.

Robert Dutt: So let’s shift and talk about containers, because I think that’s one of the areas that’s impactful but kind of hard for the audience to act on immediately. You have 87% increasing their containerization, 83% building new apps in containers. For MSPs who are still living in a virtual machine-centered world, which is probably a lot of them at this point in time, what’s the practical on-ramp? And honestly, how urgent is this? Do they have years to kind of figure this out and re-strategize, or is this a situation where if you’re not there, you’re already behind?

Lee Caswell: I think for many customers who are running traditional applications and let’s say they move from an owned data center into a service provider model, the idea is that the applications may not be changing as fast as the container world might have them think. However, what you’re seeing is that new applications are built with containers because developers benefit from running in containers.

What we’re finding though is most customers, the far majority of containers, are running in VMs. And they run in VMs because you’re able to now get the benefits of software agility – develop apps faster, eliminate testing dependencies, be able to run in distributed environments more quickly. Those benefits are married or matched with the resiliency of the underlying infrastructure so that individual components can fail. You can have day-two operations intact, and you’ve got integrated privacy and security and sovereignty.

The idea that you’re going to run these both – it turns out we allow customers to run containers depending on their use case. If they were going to run on a bare metal instance, they can. If they want to run in the public cloud on EKS, for example, they can run our container Kubernetes stack, take advantage of our orchestration capabilities, but they don’t have to. For many customers, the fastest path to adopting containers will be to run containers in VMs, very familiar to our users and to the service provider base.

What we’re encouraging them to get ready for is that even if they weren’t considering containers for traditional workloads, the fast adoption of AI workloads will bring a requirement for supporting containers. Think carefully around how do you leverage the training you already have, resilient infrastructure, all the things that our teams have been able to protect their downside, and still get access to the upside of new AI applications. We think running containers in VMs actually makes that the fastest path to container adoption.

Robert Dutt: On AI agents, the survey shows a great deal of optimism around them. The productivity gains, the new revenue streams, all of that. But you also note that, as we talked about before, 79% of organizations can’t quite figure out how to manage the tools their employees are already using. Can you walk me through that disconnect? How do you go from “we can’t govern what we have” to “let’s deploy autonomous agents”?

Lee Caswell: Yeah. Well, as you start thinking about what people have realized about AI, first, most customers have figured out that AI training will happen in the public cloud and that training requires huge investments, large power outlays that can only be taken on by the development of the models by the largest hyperscalers and some sovereign nations themselves. And so customers have been looking at, “I’m going to take models,” but then they quickly realize that the ability to have these models be useful in a particular company environment is dependent on having access to proprietary data.

Think of support. If you want to support a product, it’s not interesting to have support in a general sense. You want to have support for your products, things that you may not want to expose, internal documents that are proprietary and private to your specific company. So now what you’re doing is basically taking these models, giving them access to your private data. And now the idea is, “I’m going to be able to take that inferencing model,” which is what this is called. Taking inferencing means you can take advantage of a software platform that abstracts the new hardware that’s required, GPUs, and abstracts the different types of models that you may choose over time.

And so this is where you have these different LLMs. The ability to access those – we certify and validate the leading models so that they will run on the GPUs that are certified by our OEM partners. And so what we’re doing is taking out the risks. Effectively, what you do is leverage all the expertise you have for building an enterprise-level application today, and now be able to assimilate GPUs at the hardware layer and new LLMs at the software layer. And we’ll make it operate exactly the same as what you have today.

Robert Dutt: 65% say that their AI applications are running today via managed service providers. That’s a pretty validating number for our audience, except for maybe the few who are going to say, “Well, what about the other 35%?” But, you know, can’t please everyone every time. I want to push though on what running AI via MSP actually means in practice. Are we talking about infrastructure hosting, model development and management, governance and compliance? What’s the service that MSPs are actually delivering today versus what they should be thinking about building towards for the future as this evolves?

Lee Caswell: Yeah, I think the numbers overstate a little bit about how much training and skill building has actually happened already, because this would include things like SaaS-delivered services. And as you think of SaaS-delivered services like Copilot or ServiceNow or Salesforce, you’ll have AI-enhanced SaaS services that can be delivered by a service provider. What we’re anticipating and preparing service providers for is the idea that customers will, as they have private data to run their private models, be requiring dedicated equipment or provided services that give access to GPUs and LLMs that are beyond a SaaS-level model and now are actually specific applications for specific customer use case models.

Robert Dutt: We talked about shadow AI a little earlier. I’m curious, speaking of future states for MSPs, is there a world where the MSP becomes kind of the governed alternative to shadow AI? Essentially the sanctioned AI service layer? Because that seems like a bigger play and a little bit harder to get your head around, but a bigger opportunity than just, “Hey, we host applications on GPUs now as well as CPUs.”

Lee Caswell: I think so. And I think there’s a terrific both revenue and profit opportunity for service providers around this. First, there’s a services aspect of thinking about where do these applications run? Do they run in one location? Do they run across the hybrid cloud? So for anyone who’s working with cloud providers, how do I bridge this world out to this sovereign edge as we talked about? So that idea of how do I optimally locate applications, AI applications, and their associated data – that’s a very interesting workflow model to start with.

And then next up, I think, is the idea of, well, where and how do I maintain sovereignty within this model? Service providers have a terrific opportunity to say, “Here are the limits within which your data and applications can move. And I’m going to provide that and give you some audit capabilities to manage any compliance risks that you have.” So terrific opportunity, I think, for service providers to become, as you mentioned, that governed alternative.

And then finally, the idea that you would have a predictable cost model with tokens that allow you to share GPU resources means not just predictable, but lower cost than having an unpredictable model from the hyperscalers. We think this is actually a really compelling opportunity for service providers going forward.

Robert Dutt: Can’t let you go without asking this one directly. A lot of our audience is in the middle of evaluating their virtualization platforms because of what’s happened with Broadcom and VMware. Within the survey data, is there anything about how those infrastructure decisions intersect with AI and sovereignty, the things we’ve been talking about, that you’d like to share? Are organizations treating this transition and the AI buildout as separate projects, or do things start to connect in an overall infrastructure refresh rethink?

Lee Caswell: Well, I think some of the excitement from a service provider standpoint should be based on modeling or following what’s happening with the largest hyperscalers. I mean, you’re watching hyperscalers build out tens of billions of dollars of capital per month. We’ve never seen anything like this happen. And so that model, at a hyperscaler level, now what you’re thinking about is 82% from the survey of our respondents felt that their infrastructure was not fully ready for AI.

And so building this out – I called this an AI dial tone earlier. The idea that similar to how you remember, Robert, how when you went to hotels, when Wi-Fi came along, all of a sudden Wi-Fi became de rigueur. You had to have it. If it wasn’t fast enough, people knew right away and responded very quickly. My view is we’re going to have exactly the same response to having fast, secure, and managed AI dial tones, if you will, for AI workloads, where you can apply your custom data or your private data and do that quickly using skills that you already have.

For me, that means using a platform based on servers, based on certified GPUs, getting access to a changing set and world of LLMs. And being able to abstract both the hardware elements and the software elements means that you’re going to have customers be able to take all of the fast-changing AI world and bring it to their business problems more quickly.

Robert Dutt: Before we wrap, a couple of lightning round questions, if you will. If a Canadian MSP is listening to this and thinking, “Okay, I need to do something differently,” what’s kind of the one thing based on what this data is showing that you’d tell them to prioritize in the next 12 months in terms of transforming their business?

Lee Caswell: Yeah, I’d say number one is AI is coming. So prepare yourself. If you think you can get started nicely with small clusters, for example – one of the nice things about the Nutanix model is you can start small and grow from there. So start small, get a usable cluster ready for customers so they can try out how they can assimilate new GPU hardware, new AI LLMs. I think that’s essential.

Also, in the process, what will happen is they’ll get experience with this new world of containers without giving up their virtualization expertise. That’s an extremely important step. If you try and do everything at once, it can be a lot. There are competitive solutions that force you to go to a Kubernetes-oriented management model. That’s a step too far for most service providers. If you think now what you could do instead is leverage your familiar virtualization skills, bring in the containerization, and allow customers to get started on shared infrastructure with a predictable cost. That’s a winning strategy for providing an on-ramp to AI with the lowest risk and a fast uptake.

Robert Dutt: All right. And finally, so that the MSP audience can kind of keep an eye on what they need to keep in mind on the customer side, what’s the most dangerous assumption that you see IT leaders making right now about AI infrastructure?

Lee Caswell: I think the most concerning thing I see is customers who are racing to be AI fast without being AI smart. And we saw some of this in the early days of the cloud. We remember “cloud first” versus “cloud smart.” And what happened was you had blown-up costs, you had programs that weren’t successful. But I’d say the most important thing actually has nothing to do with the infrastructure itself. It has to do with corporate management making sure that the application of AI is tied to a specific business problem. That’s the most important element.

This is the thing I look for first. If you’re trying to solve an important business problem where you can ideally show that you can save money, generate more revenue, or do things more efficiently, those are the areas where you say AI is going to help here. Don’t just apply AI because it’s cool. Apply it because it’s going to solve a business problem, and you’ll find that you can actually move any infrastructure. We’ll bring that and make that work for you.

Robert Dutt: Once again, it all kind of flows back to business outcomes. That’s great advice. I love that. Lee, thanks so much for taking the time. I appreciate it.

Lee Caswell: Robert, I really appreciate it. Thank you.

Robert Dutt: There you have it. Lee Caswell from Nutanix on their 8th annual Enterprise Cloud Index. A couple of things I’d like to flag from that conversation. Lee’s distinction between a noisy neighbor and a nosy neighbor when it comes to multi-tenant environments and data sovereignty – that’s a framing worth sitting with if you’re thinking about how to position managed services around compliance. And his point about organizations racing to be AI fast without being AI smart – that’s one you can take directly to client conversations.

We’ll have a link to the full Enterprise Cloud Index report in the show notes, as well as a full transcript of the conversation. Tomorrow on the show, AWS Canada celebrates 20 years of the cloud. I sat down with Eric Gales to talk about what that milestone looks like from a Canadian perspective, and we’ll be back next Monday to catch you up on the headlines with In Case You Missed It. Between now and then, we’d invite you to subscribe to or follow the podcast in your podcast app of choice. And if it lets you, please do leave a review. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Tony Anscombe, chief security evangelist at ESET, returns to the podcast for a wide-ranging conversation about the cybersecurity landscape in early 2026. From the emergence of AI-powered malware to familiar weak points that keep showing up in breach after breach, Tony shares practical insights for MSPs advising their customers on security strategy this year.

The conversation opens with a look at major incidents from the past year, including the Jaguar Land Rover cyberattackthat disrupted thousands of supply chain businesses and led to a £1.5 billion UK government loan guarantee, the Ingram Micro ransomware incident, and breaches affecting Salesforce and Oracle. Tony shares a striking insight from a cyber insurer: open VPN servers without MFA have overtaken RDP as the leading driver of claims.

The discussion moves to shadow AI risks, with real-world examples of what goes wrong when companies deploy AI tools without security guardrails, and why MSPs have an opportunity to embed themselves as trusted advisors by being the security voice in the room.

Tony also walks through the emergence of AI-powered malware, including ESET’s research on PromptLock, the first documented AI-powered ransomware – originally a proof of concept from NYU researchers that ended up in the wild – and PromptSpy, the first Android malware to use generative AI at runtime.

The conversation closes with Tony’s advice for MSPs to stop talking about “cyber risk” and start talking about “business risk” – framing security in terms of downtime, continuity, and financial impact rather than technical threat statistics.

Robert Dutt: Hello and welcome to the ChannelBuzz.ca podcast, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, still editor at ChannelBuzz.ca, and your host for the show.

Cybersecurity is one of those areas where the threats never stand still, and lately the pace of change seems to be even faster. As we head further into 2026, factors like artificial intelligence, global geopolitical tensions, and increasingly organised cybercrime are reshaping what risk looks like for businesses of all sizes.

Today we’re stepping back from the day-to-day headlines to talk about what’s coming next, what really matters beneath the noise, and what IT service providers and resellers should be paying attention to as they advise their customers.

My guest is Tony Anscombe, chief security evangelist at ESET, and a frequent flyer on the podcast. Tony spends his time analysing emerging threats, talking with security teams around the world, and translating complex security trends into practical guidance.

This conversation is focused on thought leadership and the big picture trends shaping cybersecurity this year, from AI-driven attacks and mobile threats to ransomware and the impact of global events on the digital world Canadians rely on every day.

It’s a great conversation, so let’s get right into it. My chat with ESET’s Tony Anscombe.

Tony, thanks once again for taking the time.

Tony Anscombe: Oh, it’s always a pleasure to chat with you, Rob.

Robert Dutt: I just wanted to take this opportunity to kind of take a look at where we’re at in cybersecurity in the early part of 2026 and get your thoughts on what to expect this year, sort of help our listeners, the VARs and MSPs of the world, get an overall feeling for where things are at, where they’re going. I guess to throw things open, when you look ahead at this year, what feels genuinely different about the threat landscape compared to, say, a year ago? I was going to say a year or two, but I think even a year in this rapidly changing place is plenty.

Tony Anscombe: Well, I think you’ve seen some pretty big incidents last year. None of them, I would say, are a catastrophic incident, whereas the year before we saw the likes of Change Healthcare and there was the CrowdStrike update and things that affect hundreds of millions of people all at the same time. But you had Jaguar Land Rover with a significant issue. You saw the Salesforce ransomware, the Oracle zero day that was exploited in their systems. Ingram Micro ransomware incident took down a lot of the distribution channel. So I think there were incidents that are interesting.

I think to an element, I’d kind of say that you’re going to see more of the same, but the same is becoming more sophisticated and is starting to change. Now, if you go back four or five years, we’d have told you that cybercriminals at some stage will start using AI technologies in there as we go. Then I meet people frequently that turn and say, “I’m being attacked by AI.” The answer to that is, no, you’re not. Stop watching Terminator at weekends. That’s my recommendation. You’re getting paranoid.

I say that, but the use of AI within cybercrime is making it more sophisticated. It’s making it more challenging to detect in certain instances and it’s becoming more challenging from a social engineering perspective. The sophistication and the likelihood of you clicking on something is unfortunately increasing.

I think if you look at cyber insurance reports that talk about claims and stuff like that, still 40% of people are paying. A lot of the things are business as usual. In fact, I spoke to a cyber insurer a couple of weeks ago, Rob, who gave me a snippet of information that I thought was fascinating. We talked about RDP a couple of years ago, you and I, about the issue of… and he said the majority of their claims are open VPN servers, where people have got a login page, ID and password to log into the VPN and they haven’t put MFA on it. VPNs have now taken the place of where RDP was, so that one seems to be moving down the chain a bit.

I took a look, I went on Shodan. I took a look on Shodan and sure enough, you can find lots of open VPN servers.

Robert Dutt: Just goes to show how some tools which are at least adjacent to security can be flaws as well. There’s no shortage of that. You already touched on a couple of them. You mentioned AI and obviously that’s the big subject of the industry and of business in general in 2025 and 2026. It seems like we’re at a place where right now, in many cases, it’s coming out in front of security, in front of management and in front of IT control, the whole shadow AI thing. I guess, what are your thoughts on where organizations are most exposed because of that gap that exists?

Tony Anscombe: Well, that’s a good point. The boardroom or the management teams in companies are going, “We need AI, we need AI,” because that’s what they’re hearing. Sure, it’s a great tool. If you look at a company like us at ESET, we’ve used AI in our products for two and a half decades or so. It’s not that new to us. But if you look at the latest iterations where a customer can get natural language help and stuff like that, you can sort through our threat intelligence easier. Those type of tools are where companies are at, isn’t it? It’s the customer interaction or it’s the knowledge base searching or it’s being able to get reasonable information quickly and meaningfully and in a nice way.

The problem is, a company takes all its data, throws it into an AI model and says, “Hey, AI, can you start helping my customers?” There’s likely to be personal information in there. They’re likely to leave APIs open and such like that then get abused. Before you do this, you need to have a cybersecurity person in the room. Now, that doesn’t mean you don’t do it. What that means is you do it in the right way. The cybersecurity person might turn and sit there and be the doomsday person and say, “Oh, no, we don’t want to do this.” But it’s then about explaining to the people that want it in the business about the risk and understanding where the level of risk lies and whether you’re comfortable and accepting of that risk.

We’ve seen some great examples of it, haven’t we? What was it, somebody bought a car from one of the car companies for a dollar or something, they managed to trick the AI chatbot into it. That’s the type of thing you want to be protecting against, making sure that you’ve got those guardrails in place. Also making sure it’s not going to surface some customer’s phone number or customer data inadvertently. Some customer in a previous call may have turned around and said, “Here’s my email address,” or “Here’s my phone number.” Of course, if that’s in your knowledge base somewhere or stacked in your support tickets, the right teasing of that information might bring it out and suddenly, in effect, you’ve got a customer data breach, which your AI told somebody. I’m just saying you don’t want that. You need to do it with security in mind. Make sure the agents are tied down correctly.

Now I saw there was an incident last year. I can’t remember which vendor it was with, Rob, but they had an API. It was an AI tool. They had an API for their customers to use. I think it was about 30 different customers were using it, or using the same ID and password. The password, by the way, I think was “default.”

Robert Dutt: Perfect.

Tony Anscombe: Right? So there you go. That’s just somebody doing it without too much thought. Put a cybersecurity person in the room, every customer would have had their own ID. There would have been stronger authentication, maybe certificate-based, and you wouldn’t have had that issue. It’s about having the cybersecurity people in the room with the business at the time you discuss it.

Robert Dutt: That’s an interesting place for MSPs because especially in the smaller end of enterprise and into SMB, when those discussions are taking place, often that MSP is going to be serving as the security person for an organization. It speaks to, I think, the need for you, even if you’re a third party to the company, you’ve got to have a strong seat to be able to say, “Hey, customer, this is all sounding great as far as innovation goes, but there’s stuff you need to think about here too.”

Tony Anscombe: Yeah, absolutely. But it’s also somewhere where the MSP actually shows up and provides the real value because if you can show that you’re reducing the company’s business risk, then that’s what you’re there to protect, isn’t it? I would have thought it actually cements you further into the company because the more projects you get involved in, the more you understand their business, the harder it is for that company to actually change MSP. You embed that customer relationship, which is kind of the holy grail, isn’t it? That’s what you want as a service provider.

Robert Dutt: Absolutely. Your research talks about smartphones as an increasingly attractive target. No argument there, it makes sense. It’s where a lot of people are doing their computing, right? It’s an interesting space in that sometimes it’s under IT control. Sometimes it’s not. Sometimes it’s a little bit of both. I guess what’s changed about mobile threats that MSPs and businesses should be paying more attention to right now?

Tony Anscombe: Well, I’m smiling, Rob, sat here listening to you say that because I’ve got two phones on my desk. One of them is very controlled and one of them is mine.

Robert Dutt: Wild West.

Tony Anscombe: Yeah, well, it’s not the Wild West. Mine is controlled by me, not the company. But it’s a good point because if you look at people’s phones, they need to be under some sort of MDM service. If you’re allowing somebody to use their own device, then you need the ability to delete data. You need the ability to track the phone if it’s lost, delete the data and control the apps. Potentially have some sort of compliance on the security settings that are on the phone. If the person hasn’t got biometric unlock on the phone, then maybe you don’t want to install your stuff on there at all. It’s not just about having that container for the company data that you control, but it’s also having a minimum set of security standards on the phone, that the phone itself is secure. Bear in mind, you’re helping actually your employees secure their phone in that scenario as well. But yeah, the more and more devices you see, the more and more I think compliance you need to do on them. I don’t think that will change anytime soon.

Robert Dutt: Ransomware, obviously the constant presence, the constant scourge. It keeps evolving, but the pattern keeps repeating in that a lot of the successful attacks are relying on maybe not the same weak points, but familiar weak points. I guess, why do we still see these same mistakes playing out? And what, if anything, can I do about that as an MSP?

Tony Anscombe: Well, certainly one of the things MSPs need to do is make sure the customer is being trained, but also make sure your own staff are being trained as well. If you look at… and I wouldn’t want to put a percentage on it, but it’s a big number. If you look at the number that involve some form of social engineering, unfortunately – social engineering, you know, phishing, text messaging, physical phone calls – it’s never-ending. The elements of social engineering are huge there.

I mean, I can’t remember whether we spoke about ClickFix last year. ClickFix was an interesting malware family. They used, one of the variants used the screen that says, “Are you a robot?” We all click the box, don’t we? And they’re very creative. Then it says, “Can you press these three keys on your keyboard to verify you’re human?” And what actually the three keys do is they invoke a PowerShell script. And there you go, you’re now breached.

But it’s those sophisticated mechanisms such as that, that you need to make sure your employees understand, and your staff and your customer staff. So within the MSP, that you’re doing regular training, regular, even for your technical people.

I worked for a company, Rob, when I first started my career in finance. It was a credit card company. And they used to run a program where a fictitious fake card member would sit there ringing numbers in the company each day, internal numbers. And your phone would ring and you’d pick the phone up and it would be a fake card member. And you had to own the call. Everybody in the company had to own the card member, regardless of whatever your job was. I’d love to see tech companies doing something similar.

Robert Dutt: Yeah.

Tony Anscombe: MSPs could be doing something like this with their customers. Can I randomly phone up your staff and see if I can socially engineer a password out of them? Not because I want to embarrass them, but because I want to be able to show that it can be done and then improve things beyond it. Wouldn’t that be a great service? It’s like phishing simulation, but with a person.

Robert Dutt: Interesting idea.

Tony Anscombe: Yeah. But if I ran an MSP myself, I think I’d be doing that on my own staff because I wouldn’t want to be, unfortunately, the supply chain into my customer that gets breached, that ends up seeing my customers breached. And there were a few of those, unfortunately, I think last year. I think Marks & Spencer were that way. And I think Jaguar Land Rover may have been through a third party as well. So I think there are some really interesting examples where third parties were unfortunately responsible.

Robert Dutt: Well, yeah. It speaks to kind of that trend too, where a lot of times those who are doing the attacks are looking at that as an increasingly viable way in because there’s potential for there to be a gap between organizations that no one’s really… everyone assumes that everyone else is kind of looking at it, maybe.

Tony Anscombe: Yeah, absolutely. There are other things I think MSPs… MSPs need to show their customers that they’re 100% secure, that they’ve gone through the same programs that actually customers

do as well. One thing I think, if an MSP doesn’t go through what I define as regular cyber insurance type requirements, to me that would be a good thing for them to do, because cyber insurers kind of push that whole reduction in risk.

Robert Dutt: That is rapidly becoming table stakes, isn’t it? That’s an expectation. Continuing along that line, for MSPs who are kind of planning out their security strategy, their security approach for the rest of the year, I guess what’s one assumption or one thing they’re doing that they should probably challenge or change at this moment in time?

Tony Anscombe: One thing to change, that’s a big question. Only take on customers that are secure.

Robert Dutt: Problem solved.

Tony Anscombe: Yeah. Don’t allow your customers to have any connectivity. No. It’s to make sure that you’re keeping pace with the advanced technologies that are out there. For example, we’ve seen EDR become MDR and XDR, but are you now plugging in good, accurate threat intelligence feeds into that EDR? Whoever’s EDR you’re using, obviously, I’d love everybody to use ESET’s, by the way. But if they’re offering that as a managed service from an MSP, I’d also couple that with threat intelligence feeds and APT reports. If you’ve got government customers, actually start taking it to the next level so that it’s not just about relying on the monitoring and detection of an issue, but also that you’re intelligently looking beyond where other issues might come through other industries or what’s happening elsewhere.

Robert Dutt: And taking that same kind of idea, but turning it around from a customer-facing perception. If you were advising an MSP on how to talk to clients about cyber risk this year and what they should be thinking about going forward, how does that conversation need to change in light of the changing threatscape?

Tony Anscombe: Well, firstly, now that’s an interesting term. I’m guilty of using the term cyber risk. If I was in the MSP shoes today, I would not be talking about cyber risk. I’d be talking about business risk. I think cyber is becoming a risk just like any other risk to a business, i.e. theft, fire, building collapsing, earthquakes, whatever it might be that we tend to have risk. And cyber now needs to be treated as that risk. You’ve got to talk to a business in the terms of it being a business risk.

There are some really good examples in the market now. I mentioned Jaguar Land Rover just a moment ago. Think about that entire incident. A third party to them gets breached and Jaguar Land Rover gets taken down through it. It affected 5,000 businesses. The UK government stepped in and bailed them out with PS1.6 billion. That’s a huge amount of money.

If you and I had a little company, we’re making screws for gearboxes. It’s all very well somebody coming to me and turning around and saying, “Cyber risk.” But what I really want to know is the business risk. How much is it going to cost my business if I have this incident? What is my downtime going to be? Talk to them in the business language and put it in real terms. It self-justifies, by the way, then the expenditure on cybersecurity because you’re talking to them about the finance of the business. I kind of stopped talking about, you know, “70% of ransomware attacks start as phishing.” Great, those are supplemental, but talk to them about actually how they keep their business running.

Robert Dutt: I think it speaks to a broader trend in the channel of over time, moving from speaking about technology to speaking about solutions to increasingly speaking about outcomes. I think we’re talking about now the business outcomes of security investment.

Tony Anscombe: Yeah, absolutely. To a lot of this, this is the decision of the CFO of where is the acceptable business risk. Then it’s about putting the right cyber plan in place to meet the line of business risk. And by the way, we all have risk in different… our line will all be in different places. If 10 of us stand in a casino in Las Vegas and we’ve all got $200, we’re all going to behave completely differently when we walk up to the roulette table.

Robert Dutt: Yeah, absolutely. And depending on where we’re at, we may have additional oversight, which colours our risk decision-making and depending on what… in this case, in what industry you’re in, for example.

Tony Anscombe: Well, exactly. Every CFO and every business will have a different line in the sand of where their business risk is.

Robert Dutt: You obviously get to spend a whole lot of time looking at what’s there and what’s coming in terms of security. I’m curious, is there anything that’s surprising you about the current security scene?

Tony Anscombe: Well, the one thing that we’ve seen in the last six months… we’re being attacked, but let’s come back full circle here. We’re being attacked by AI. We have seen a couple of examples of malware. At this stage, they appear to be proof of concepts of AI-based malware. What that means is it’s actually dynamically using AI within the malware to generate the attack. It’s looking at the environment and then using the environment, asking AI to then generate scripts and code on the fly in real time. They’re using public AI models to do this. It will create the script and then they attack with that script.

Now, in theory, that means you’re using a never-before-seen piece of code within the attack, which obviously makes it very challenging to detect. The two instances we’ve seen, one was PromptLock. The other one, we published details in the last few weeks, PromptSpy. One was on a Windows, macOS and Linux platform. The other one, a few weeks ago, was on an Android platform.

We’re seeing the emergence of that type of code. So lower barrier to entry. Now that code’s out there in the marketplace. Difficult-to-detect attacks. I think you’re going to see that expand over this next year.

Now, interestingly, one of those examples I just used, PromptLock, was a project by a university student. That’s what it transpired to be, but they put it in the public domain. Need I say more? Please don’t do this.

[Laughter]

Robert Dutt: I guess it was a matter of time that once the idea of vibe coding became kind of mainstream, that it was going to get turned back around and used in some sort of malicious way. That is one true trend across security over time. They will take advantage of the tools that are available.

Tony Anscombe: They will. But I expect to see more of that AI-generated code out there over this next year. The challenge then is making sure the technologies that are in place, those advanced technologies, are picking up those advanced attacks because it will become more challenging as it goes.

Robert Dutt: Tony, as always, so much going on in the security space, but you’ve given us some good things to think about. I think most importantly, some actionable things to think about as you’re running the security practice of an MSP. Appreciate your taking the time, as always.

Tony Anscombe: Hey, always a pleasure, as I said, Rob.

Robert Dutt: There it is, my conversation with Tony Anscombe, chief security evangelist at ESET. Whether it’s the rise of AI-powered malware, open VPN servers quietly becoming the new weak link, or simply learning to talk about security in business terms, there’s a lot here for MSPs to think about as we move through 2026. I’d like to thank Tony for joining us once again. Thank ESET Canada for their ongoing support of the site. And of course, thank you for listening today.

We’ll be back in your feed tomorrow as we’re joined by Lee Caswell from Nutanix to discuss the company’s 8th Annual Enterprise Cloud Index Report, and with a special episode on Friday as we discuss Amazon Web Services at 20 with AWS Canada chief Eric Gales. You’ll want to be sure you catch those, so please do subscribe to or follow the podcast in your podcast app of choice. And if it allows you to do so, please consider leaving a review or rating of the show.

Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Check Point Software has been on an acquisition tear. Under new CEO Nadav Zafrir, the company has picked up five startups since early 2025, with three announced simultaneously in February: Cyclops, Cyata, and Rotate. But these aren’t opportunistic bolt-ons. They map directly to a four-pillar strategy that Check Point says defines the future of its security platform: Hybrid Mesh Network Security, Workspace Security, Exposure Management, and AI Security.

In this episode, we sit down with Roi Karo, Check Point’s Chief Strategy Officer, and Angelo Valentini, head of channel sales for Canada, to dig into the thinking behind the acquisitions and what they mean for the channel. Roi brings an unusual perspective to the table, shaped by 25 years in Israeli defense intelligence and a stint as Chief Risk and Strategy Officer at blockchain infrastructure company Fireblocks before joining Check Point.

The conversation covers how each acquisition fits into the broader strategy: Rotate brings MSP-native expertise to the Workspace Security pillar, where Check Point is consolidating endpoint, email, browser, and mobile security under a single management layer. Cyclops completes a full Continuous Threat Exposure Management cycle by adding internal asset scanning alongside CyberInt’s external scanning and Veriti’s automated remediation. And Cyata addresses the emerging challenge of governing autonomous AI agents operating on user endpoints, a category that barely existed a year ago but is evolving fast.

We also explore what Check Point means by an “open garden” platform, including how its tools integrate with and remediate across competitors’ products, and how that philosophy plays out in practice for MSPs managing multi-vendor security stacks. Angelo adds a Canadian lens, touching on the opportunity in Canada’s SMB-dominant market and the compliance implications of Bill C-26. Check Point’s MSSP Partner Program offers consumption-based pricing and multi-tenant management for solution providers looking to explore the opportunity.

Roi closes with a pointed message for partners: the assumption that there’s still time to learn and prepare is “terribly wrong.” The threat landscape is accelerating, and the window to adapt is narrower than most people think.

Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always your host for the show.

Check Point Software has been making some big moves. Under new CEO Nadav Zafrir, the company has acquired five companies since early 2025, including three announced simultaneously in February: Cyclops, Cyata, and Rotate. And these aren’t random bolt-ons. They map to a deliberate four-pillar strategy that Check Point says defines the future of the platform.

Those four pillars are: Hybrid Mesh Network Security, covering data centers, cloud, SASE, and SD-WAN. Workspace Security, protecting endpoints, email, browsers, and SaaS applications. Exposure Management, giving organizations visibility into their full attack surface. And AI Security, governing the new wave of autonomous AI agents operating inside enterprise environments.

For solution providers, the most interesting piece here might be the Rotate acquisition. It’s an acqui-hire that brings in a team with deep roots in the MSP ecosystem, including veterans of Datto and Kaseya. Cyclops adds a data lake with over 150 integrations for attack surface management. And Cyata tackles a category that barely existed a year ago: identity management for AI agents.

To unpack the strategy and what it means for the channel, I sat down with Roi Karo, Check Point’s chief strategy officer, and Angelo Valentini, who leads Check Point’s Canadian partner business. Roi brings an unusual perspective – 25 years in Israeli defense intelligence and a stint as chief risk and strategy officer at blockchain infrastructure company Fireblocks before joining Check Point.

Here’s our conversation.

Gentlemen, thank you for taking the time. I appreciate it.

Roi Karo: Thank you very much.

Angelo Valentini: Thanks for having us.

Robert Dutt: Roi, before we dive into strategy itself, you come to Check Point from Fireblocks, and before that, 25 years in the IDF and on that side of the world. Pretty unique lens. I’m just curious, how does that shape how you think about security strategy versus someone who’s grown up and spent that kind of time inside the cybersecurity vendor world?

Roi Karo: Yeah, that’s interesting. I think it gives a unique perspective, being part of the Israeli intelligence security, and it gives, I think, a wide view of how things are shaping. And it’s part of what we’re trying to answer today. The biggest hurdle I’m trying to uncover is what is going on. What’s going on in the world, what is going on in the market, and of course, how should we react as a security company. And I think my background gives an interesting perspective for that. And stating what is obvious, in Israel, many people in the cybersecurity industry are veterans of the Israeli defense forces. So it’s an interesting background and a very useful background to be part of the security ecosystem in Israel.

Robert Dutt: You guys announced three acquisitions simultaneously, and that’s following last year, which saw Lakera and Veriti. That’s an aggressive pace. I guess, what do you see as the strategic urgency driving the acquisitions? Is it about AI creating new categories of risk, or is it about the competitive landscape forcing your hand? Is it a little bit of both? What’s driving this?

Roi Karo: Yeah, I think both and maybe some more. Stating the obvious, things are changing faster than before. Everybody’s talking about how AI is changing the world. Something that everybody says in their first sentence: everything is faster. Things that before took years now take weeks and even days. So we can’t just wait. We need to move fast, faster than we moved before. So acquisition is a great way to move faster. When we find a very strong team that has a very good product that can help our portfolio and give us good products that we can suggest or offer to our customers, this is something that we’re very interested in.

And I think, as you mentioned, the competitive landscape – competitors are also moving faster. So we need to keep pace. And the last thing I would add, Check Point as a large company offers a wide variety of solutions. We’re very known for our firewalls and network security, but if we’ll have more time, we can talk about the other pillars. And actually all three new acquisitions are supporting and accelerating our other product pillars. So offering a consolidated solution to our customers is one of our biggest strategic moves, and all of those acquisitions are helping us to get faster through this target.

Robert Dutt: You kind of presage where I was going next, which is, in your blog post, you frame four pillars of where Check Point is going, what you want to be locking down. And as you rightly point out, Check Point has that history, that strength in network security. The newer bets, especially both exposure management and AI security, which is obviously nascent – it seems like they require different muscles, different skill sets, different approaches from Check Point and from partners alike. Where are the real capability gaps that needed filling?

Roi Karo: Yeah, so I think when talking about gaps, there are different types of gaps. One type of gap is mostly on the AI front. Everything is new. So to be very honest, I think that the security industry is still learning how to secure AI. So we have gaps. Everybody has gaps because it’s so new. We’re inventing new things. We’re building new kinds of security solutions. And that’s one type of a gap.

A different type of a gap is that we have products for many years and we want to have better solutions, acquiring features or products that can help us accelerate closing those types of gaps. But I think the first type is more interesting because those are purpose-built solutions that did not exist before. This is where the true innovation is happening. And without that, nobody will be able to secure the new types of attacks that we’re seeing in the wild.

Angelo Valentini: Robert, if I could just add – on the partner side, I think some of the gaps and concerns are really about visibility, governance, and also about operational efficiency. I think that’s one of the things that we’re trying to help partners with in terms of what their concerns are relative to AI, relative to exposure management, all these areas.

Robert Dutt: You describe this whole scenario as an open garden platform, which is a nice framing versus the walled garden approach. For MSPs who are running multi-vendor security stacks and representing multiple security vendors, which, let’s be honest, is the vast majority – what does that open garden mean in practice for them?

Roi Karo: Yeah, so I think a couple of things. Our philosophy is openness. We’re not trying to create any kind of vendor lock. We play with all vendors. You mentioned the acquisition from last year of Veriti. That’s a great example because what Veriti offers is the ability to patch or virtually patch all of your security vendors. If you have a threat that you discovered, now you want to make sure that you’re actually being defended against it. So what Veriti does is go over all of those exposures and close them. And when they say close them, they close it using a Check Point security product, but also all other vendors. So we have integration even with our competitors, other types of vendors.

So that’s one example of how we try to build our solutions in a way that supports all the other players, because we acknowledge what you said. Most vendors and even most companies, they don’t want vendor lock. They want to use several vendors. They want all of them to play together. So we design our solutions in an open way. It can be used with APIs, it can call to other types of solutions and help MSPs or customers, other types of customers, to build their full stack of solutions.

Robert Dutt: That kind of maps, I think, with things that I’ve been hearing more and more from partners. Back in the day, you’d hear a lot of, “I want to work with fewer security vendors.” Still, no one’s saying, “Hey, I want to sign up 400 security vendors and try to understand the nuance of what all of them are doing.” That’s operationally impossible. What I hear more, I think, is the idea of, “I want to have a few strategic security vendors and I want them, where possible, to play nicely together in my environment.”

Roi Karo: Absolutely, I can’t agree more. I think consolidation is important. Nobody wants 400. Nobody wants even 40 vendors. It’s hard. But nobody wants one vendor. I think that in a way, we’re trying to figure out this balancing, this sweet spot between having hundreds of vendors and having one vendor.

And what we do is – the reason we picked those four pillars is because we truly believe that we’re leaders in each one of them and we have the best solution in each one of them. And anywhere that we don’t have a solution, we partner. So a good example is CNAPP. We have a strategic partnership with and other CNAPP vendors. So we don’t have our own CNAPP solution. We integrate it with another vendor. And everywhere we don’t have the best solution, we’ll integrate with the best vendors that are out there.

Robert Dutt: Okay, let’s talk a little bit about the acquisitions that were made that start to build out this platform, or continue to build out this platform. And I wanted to start with Rotate specifically, because I think it’s really interesting for this audience. You acquired them, it seems, primarily for the team. And that team includes key people who come from a background in Datto, in Kaseya – companies that really built up the foundations of the MSP ecosystem of today. What does that signal about how you guys are looking at the MSP market and the MSP opportunity for Check Point?

Roi Karo: Yeah, so I will zoom out a bit and then focus specifically. When we announced the workspace pillar, we realized among other things that companies want to manage the whole end user security through one vendor, through one unified management, and not point solutions. So we took our endpoint solution, our email solution, browser, mobile – all the solutions we have around the end user – bundled them together, and are offering a way to manage all of them from a unified management.

That is something that is unique and I think is very compelling to all types of customers and mostly MSPs, for obvious reasons. They want to manage all of this end user security from one vendor, from one management. And doubling down on MSPs, we understand their needs. We have many MSPs as customers and we want to provide an easy way to manage all their tenants, all their end users in one single pane of glass. And that’s what we’re building, and this is what we want to accelerate with the team of experts coming from Rotate.

Angelo Valentini: So Robert, in Canada, as you know, 90% of the businesses are SMB. So this is a huge opportunity for partners as we go and develop this and enhance that solution for our partners. It’s a huge opportunity.

Robert Dutt: And speaking of huge opportunity, the email security business that’s already – I think I saw 160 million is the figure for Check Point’s revenue line there – as well as being one of the most foundational tools that MSPs bring to market and have fueled that business. I’m curious to get your thoughts on how you build from that beachhead that you’ve got established in email security and into that broader workspace security story that Rotate is facilitating.

Roi Karo: I think email security, as you said, it’s so fundamental. And when we try to explain to people how AI is changing the hackers, this is the easiest example because it’s most common and easy to explain and imagine. Phishing attacks look different now with AI-based attacks. We all did this training that you need to find spelling mistakes and grammar mistakes to identify phishing. As you can imagine, there are no spelling and grammar mistakes anymore when phishing emails are being built or crafted with AI.

So email security is being changed and being reinvented. And we are building new types of email security to make sure that we’re securing also for the most advanced AI-based phishing attacks. Our email security is something that we take a lot of pride in and we can prove that it is better than many others. So that’s, as you said, a great beach entry through many of what we’re doing with our customers. And adding the other capabilities on top of the email is super important.

Because again, using a very simple example: someone got a link, they pressed it because it wasn’t blocked. And now they have malware on their computer. You want that endpoint security to be connected to the email security and have one platform that can see everything and can actually prevent attacks before they happen. So we integrated our endpoint solution, our browser extension, our mobile solution, and the email together into one threat intelligence layer that provides data to all of those solutions.

Robert Dutt: Cyata is about governing AI agents, which as well as being the buzzword of the day is also a category that didn’t exist a few years ago, because AI agents themselves did not exist a few years ago. For an MSP today, is security around AI agents something that their customers are asking about? Or is this one of those things that’s in a “be ready for this now so you can sell it tomorrow” kind of space?

Roi Karo: Yeah, I think that this will grow very fast because, as I’ve mentioned, AI is moving faster than we imagined. When we say agents, I think there are two separate use cases, and one of them is very relevant to the MSP.

One that is less relevant is building AI applications that use agents. This is for bigger organizations and more sophisticated organizations that have engineers and are building their own software. But all of us are using agents. ChatGPT and Claude today, you just press a button and you’re running an agent from your endpoint. That is something that is happening. It’s the more advanced user today, but tomorrow it will be all of us using agents running on their endpoints.

And one of the things that Cyata built, and we’re now adding to our products, is a capability running on the laptop of the end user, identifying agents that are running there on behalf of the users. It can identify and, first of all, give visibility into all the agents that are running from the end user’s computer, but also provide governance and policy that make sure that they’re doing only things that they’re allowed, that they’re using the right identities, that they have access only to things that they are supposed to have access to. And this is something that I believe will be very relevant to MSPs in the near future, sooner rather than later, because it’s related to all the end users, all the people that are using AI.

Angelo Valentini: Robert, this also plays nicely with some of the government compliance developments with the Canadian government. So Bill C-26, for example, is all about governance and compliance. This is a great way in which this acquisition plays right into the government legislation. Insurance is another big thing where we’re seeing a lot of compliance requirements, and also financial institutions. So this is just another way that this plays into that compliance as well.

Robert Dutt: Last but not least on the acquisitions, can you give me a bit of a feel for how Cyclops fits in, what they bring to the table, and the opportunity you see there for your partners?

Roi Karo: Yeah, absolutely. And again, zooming out and zooming back into Cyclops. We just announced our Exposure Management pillar. We acquired, I think almost two years ago, CyberInt. They’re doing external risk management – they’re scanning the organization from the outside and providing all the data you can achieve from looking at the organization, the company, from the outside. Dark web and the organization itself.

Six months ago, we acquired Veriti, that takes all of the data, all of the exposures, all of the threats, and mitigates them automatically. So you have automatic remediation. And now with Cyclops, we completed the full cycle, because they are scanning the organization internally. This is an asset management capability that actually connects to hundreds of vendors that provide data. And then you have the full picture of what’s going on inside your organization.

So CyberInt’s capabilities are scanning from the outside, Cyclops’ capabilities are scanning from the inside, and Veriti’s capabilities take all of this intelligence – and all the intelligence we acquired in decades of building our capabilities – and make sure that all of this is being remediated. In this way, we accomplished the full cycle of what Gartner calls CTEM, Continuous Threat Exposure Management, and provide a very unique value proposition to our customers of having the full cycle of understanding what is happening across your attack surface, identifying the threats, and remediating the threats. Cyclops provided a very important piece of the puzzle that we were missing, and we’ll integrate them very quickly into our value proposition and offer a full cycle of CTEM.

Robert Dutt: How quickly do these acquisitions – you mentioned the plan for Cyclops there – but how quickly do these become native Check Point experiences rather than adjacent tools that are also on the Check Point line card?

Roi Karo: Very quickly in those three cases, because they’re part of a wider value proposition. It’s not a standalone – all of them started as a startup with a standalone capability, but the real magic and the real value will come when we integrate them. That will happen very quickly because all of those solutions are very modern in design, which makes it easier. And part of the due diligence we did around all of them is how quickly we can integrate. So this will be integrated very quickly. And of course, now – as I say, everything is happening faster – we are using AI to build products and integrate products. So that will happen very fast, and this will be offered to our customers immediately.

Robert Dutt: Zooming back out to the strategy level, if I’m a Canadian MSP with managed seats numbered in the hundreds – typical SMB-focused MSP – today I’m running Check Point email security, maybe firewalls. When I look at this strategy, what is this going to change about what I sell and how I operate over the next 12 months?

Roi Karo: I think CTEM and exposure management becomes even more important than before. Maybe we need to take one step back with your permission. I think that the threat landscape is changing, and that’s something that we all need to acknowledge. Just imagining how the attackers are using AI in order to accelerate their attacks – things that before took attackers months or years to build, to find new vulnerabilities, we’re seeing right now happening much faster. The scale, the sophistication of attacks is changing. And we all need to prepare. Vendors, MSPs, and other types of organizations need to make sure that they are prepared for a new wave of attacks.

And for that, you need to have everything that can help you understand. We talked about my background – intelligence is super important to understand what is going on. And exposure management is exactly that: understanding what is going on. Are you attacked? Where are you exposed? Who is attacking you? You can’t fly blind.

So the first thing I would add to my portfolio if I’m an MSP is offering threat intelligence, offering exposure management, scanning all of my customers and making sure that they’re not exposed, finding servers they have that are exposed, finding PII that is related to them on the dark web, and making sure that I’m warning them. Many kinds of solutions we have as part of our exposure management value proposition I think will be very interesting for MSPs. So that’s one thing I would explore with Check Point.

The second thing is AI, of course. We talked about agents, but even the basic LLM use of end users, that’s something that needs to be governed. Angelo mentioned compliance, it will become part of it. Even if you’re a small law firm and you want to make sure that your lawyers are obeying the rules that you decided – can they use ChatGPT in order to write a legal document? If it’s a small medical company, can they consult ChatGPT on medical issues? What is the PII guidance you give them? Can they put PII in ChatGPT or not? All of this needs to be governed, and our products enable that. They run on the endpoints, they make sure that you’re aware of what all of your employees, all of the people in the company are doing with AI, and they can enforce governance on what you want to allow and what you want to block. Do you allow DeepSeek in your organization? Do you allow other types of LLMs or GPTs?

All of this, as part of AI security, is something that MSPs will need to adopt and educate themselves on, and educate their end users very quickly. And what we’re building is a full suite of AI security. We’ll have offerings for small companies, offerings for large enterprises, and everything in between.

Angelo Valentini: You touch on AI governance, we talked about exposure management. These are ideas that sound consultative and complex, which is great because channel 101: where there’s mystery, there’s margin, and there is ample mystery here. But again, through the lens of that SMB-focused MSP, how do I get to it? So I guess what I’m getting at is, how are you helping partners productize those conversations they need to have without requiring them to go super deep themselves as AI specialists?

I think that’s the bread and butter of partners today, is the service offering. When they see acquisitions like this, we play in all their wheelhouse in terms of all the areas: visibility, governance, and also operational efficiency. So that’s the number one thing. It’s our job to enable our partners as well as part of it. Me in the partner community, we go and enable our partners to understand the technology and understand the opportunity. And there are consulting opportunities here, there’s increased revenue opportunity here. That’s one of the things that we focus on, is really to get awareness to the partners so they understand: hey, there’s an opportunity here for incremental revenue, for increased opportunity in consulting and implementation. And then from there, there’s ancillary AI solution revenue that follows. So it’s up to the partner to decide, but it’s really something that they should consider.

Robert Dutt: Just to wrap things up before we go, do you have time to do two quick lightning round questions, quick answers? First of all, what’s one assumption about cybersecurity that you think partners need to stop making right now, or at least over the course of this year?

Roi Karo: I think that the basic assumption is that we have time, that sophisticated attacks are not here yet, and we have time to learn, we have time to adjust, and everything will be okay. I think that’s terribly wrong. I think that the attackers, they don’t have the governance and legal obligations that we have as companies. So they’re running very fast. It’s happening now.

So I think a wrong assumption that many people have, MSPs included, is: okay, it’s still early, we can learn, we can take our time. I think we need to move fast and we need to move faster than we’re moving.

Robert Dutt: And taking that similar lens but turning it inside this time, what’s the hardest internal debate that you’re having at Check Point right now about AI and security, and why isn’t it settled yet?

Roi Karo: We understand that we need to offer AI as a part of – we talked about many angles of AI, one that we did not mention, and I will use your question to address it – is using AI for security. We talked about AI for the attackers, we talked about AI that everybody’s using and we need to secure. Part of what we’re building in a very innovative way is autonomous security – AI agents that are running security. And this of course is the biggest promise. And many people feel that we need to move much faster on this front.

It’s not easy. And we’re building it in many parallel lanes, because it’s hard to predict what will win. But we understand that the future of security – you need to fight AI with AI, you need to adopt AI. And this is maybe the biggest promise of our industry, when the industry will be able to adopt AI and leverage the power of AI in order to provide better security. And in many ways, in bigger organizations, the department that needs to adopt AI the fastest is the security department. Because for all the other departments, this is a force multiplier, it changes everything, but in a way it’s a nice to have. For security, because the attackers are using AI, if security people won’t adopt AI for themselves and use AI to secure their organization, they will lose.

So we’re trying to do our best in offering our customers AI-based security. We have today in all of our pillars co-pilots and MCP servers and agentic capabilities. But we aspire much higher. We want to build real autonomous security, real AI employees – AI security employees that will be part of the team. We have very exciting, innovative teams that are building those kinds of things. And answering your question, the debate is: can we, or how can we, move faster on this front, offering our customers fully autonomous, fully AI-based security.

Robert Dutt: That’s a pretty good overview and view of the strategy and of where you think things are at. Good luck with the acquisitions and rolling them in and continuing to broaden out the strategy. And thank you very much for taking the time for this conversation.

Roi Karo: Thank you for hosting us. It was a pleasure. We’ll be in touch.

Angelo Valentini: Great to be here.

Robert Dutt: There you have it, a look at Check Point’s push to reshape its platform around AI security, exposure management, and the MSP workspace, with Roi Karo and Angelo Valentini.

The takeaway I keep coming back to: Check Point isn’t just buying technology here. They’re making a deliberate bet on the MSP market, and hiring a team from Datto and Kaseya to build it out is the strongest signal of that intent. Whether you’re already in the Check Point ecosystem or not, the open garden approach they’re describing is worth paying attention to. And Roi’s point about urgency is one that I’d take seriously. The window to learn and prepare is shorter than a lot of people think.

Thanks to Roi and Angelo for a great conversation. And thank you as always for listening.

Also this week on ChannelBuzz.ca: on Wednesday, ESET’s Tony Anscombe joins me to walk through the security trends and threats solution providers should be watching this year. On Thursday, I sit down with Nutanix SVP Lee Caswell to dig into their latest Enterprise Cloud Index research, including what the data says about shadow AI, data sovereignty, and where infrastructure decisions are heading. And on Friday, a bonus episode – AWS Canada’s Eric Gales joins me for a look back at 20 years of AWS and what it means for partners going forward.

If you’re enjoying the show, please take a moment to subscribe or follow in your podcast app of choice. And if you’re feeling generous, a rating or review goes a long way to helping other solution providers find us.

Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.