COMMENTARY: No security team has the full picture by itself. Attackers are moving faster, AI is being used, and new tools are being developed to make phishing, malware, and targeting easier to scale. Defenders, meanwhile, are often stuck working across disconnected tools and teams. That is where MSPs, MSSPs, and technology partners can help, and that is why partnerships matter. Customers do not need more noise or another tool to manage. They need partners who can connect the dots, bring the right data together, and help them understand what actually needs attention - end-to-end. For partners, the job is simple: help customers see more clearly, waste less time on dead-end investigations, and respond faster when something real is happening.
The cyber threat landscape has evolved dramatically in the last 18 months. Only a few years ago, much of our industry was focused on how ransomware-as-a-service was reshaping cybercrime by reducing costs and increasing attacker efficiency. Today, those dynamics have accelerated with the rapid adoption of artificial intelligence (AI).
If you look at this year’s annual reports from our partners at Verizon, Palo Alto Networks, and Google, they each are measuring interesting transformations in AI-enabled attacks. In a recent example, cybersecurity researcher Marcus Hutchins outlined step-by-step how a DPRK-linked operation used AI at almost every stage, including building malware, fake corporate identities and websites, and phishing infrastructure.
However, while attackers are sharing infrastructure and adopting new tooling, many security teams are unable to keep up, constrained by legacy policies, siloed teams, and stagnant budgets. Because of that gap, partnerships are becoming one of the most important strategic advantages for defenders today.
Why channel programs are critical in this threat landscape
In the midst of this changing landscape, security teams are tasked with monitoring an expanding attack surface: cloud environments, endpoints, and network telemetry, dark web activity, external exposure data, physical signals, unmanaged AI agent infrastructure, and more.
This challenge becomes even more pronounced with the record numbers of new CVEs and threat actors targeting edge devices, placing real strain on security teams. Shortly after a new cPanel vulnerability was disclosed, I was on a call with a partner who shared a new alert: a threat actor claimed to have compromised one of their customers using the vulnerability. At the same time, I was watching an unusual x2 spike in cPanel-related malicious infrastructure from our Censys ARC team. Within hours, it was clear this wasn't an isolated incident but part of a broader campaign and a global botnet infrastructure. Individually, each partner had part of the story. Together, we could see a developing campaign before its full scope had been reported.
This moment illustrates something bigger: when budgets are tight and teams are stretched, partnerships help security teams truly see what’s happening - and prioritize where to focus. In many ways, partnerships are now the connective tissue of modern cybersecurity operations.
How channel programs help customers keep costs low
Meanwhile, CISOs are managing flat or shrinking budgets, and one of the most frequently discussed approaches to reducing costs is to combat AI-enabled threats with AI-enabled tooling. However, Gartner more recently noted that only 18% of cybersecurity leaders have adopted AI SOC solutions so far, meaning most security teams are still evaluating how to evolve their playbooks and budget toward AI-driven capabilities.
Earlier this year, I worked with a security team piloting an AI SOC platform. In early testing, the AI automated some of the triage steps, but since the underlying telemetry was incomplete, the investigations concluded as inconclusive. Once additional context was provided by other partners, the AI agents and
human analysts were able to reach conclusive results. What I have seen is that partnerships truly help reduce the cost of inconclusive investigations, AI token consumption and time spent deconflicting signals.
This highlights an important dynamic: AI effectiveness is highly dependent on the quality and completeness of underlying data. As a result, new AI vendors and categories will reshape the partnership ecosystem that supports them. We’ve already seen this trend emerge with partnerships like Anthropic’s Mythos Glasswing, which is continuing to evolve over the last few months.
How partners can work together
The most effective partner programs help organizations address today's cybersecurity challenges by delivering value in several key areas:
Firstly, technology partners can reduce workflow taxes resulting from various tools, user interfaces, and conflicting intelligence. One of our channel partners recently demonstrated the power of a well-thought-out integration by combining capabilities across multiple platforms to give their customers a unified view of their exploitable exposures targeted by threat actors.
Secondly, service-oriented partnerships improve investigation outcomes and mean-time-to-remediate (MTTR). A few weeks ago, one of our partners approached us about a persistent phishing campaign plaguing their team. For months, they had used a “whack-a-mole” approach, blocking individual phishing domains as they appeared. When we looked at the identified infrastructure together, we could see within a few minutes nearly 300 related assets tied to the same campaign. What had looked like unrelated incidents was a coordinated operation. Armed with this knowledge, they could now shift their response from reactive to proactive.
Lastly, industry-level partnerships amongst peers improve collective visibility in real time. Information Sharing and Analysis Centers (ISACs) are excellent examples of this model, as they allow private, public, and industry teams to collaborate on IOCs and observations. We have found it enormously productive to support our community through partnerships with Financial Services ISAC, Health-ISAC, Electricity-ISAC, Multi-State ISAC, and others.
Ultimately, threat actors are not waiting for defenders to adapt. They are already sharing infrastructure, bartering access, and leveraging AI to automate tasks that once required meaningful time and expertise. As a result, the gap between attackers and defenders is widening. The organizations best positioned to succeed will be those that embrace partnerships as part of their core security strategy.
ChannelE2E Perspectives columns are written by trusted members of the managed services, value-added reseller, and solution provider channels or ChannelE2E staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected]. 
