Blackpoint Cyber CEO: MSPs Must Automate for Cybersecurity

Former NSA computer operations expert Jon Murchison started Blackpoint Cyber in 2014 and has built it into a leading MDR vendor for managed service providers.

Blackpoint’s goal is to detect breaches faster than any other tool on the market by harnessing metadata around suspicious events, hacker tradecraft and remote privileged activity.

Blackpoint Cyber's Jon Murchison

Channel Futures spoke with the Blackpoint Cyber CEO about how cloud threats can cripple an organization, what MSPs need to do to stop threats, how AI is used by good guys and bad guys, and other trends around identity theft protection. Murchison also let slip news about a new advance to the Blackpoint AI platform that has not yet been formally announced.

Channel Futures: What are the big trends you’re seeing with cyber threats, particularly as they apply to MSPs?

Jon Murchison: If you look at hacking over the past 10 years, there's been an incredible amount of focus on on-prem ransomware. What's really interesting is that cloud attacks are exponentially larger than on-prem attacks right now. There's been a significant shift in about the past three years for threat actor groups that are using IT tools that MSPs use – ScreenConnect, Atera, Splashtop, SoftPerfect Network Scanner, things like that – and they steal credentials. We invented lateral movement detection. That’s a privileged identity, seeing it live and then putting in context everything it executes on each side. Because the reality is, a threat actor almost never has enough exploits or back doors to get the job done. They need identity. I think this is why Blackpoint has the highest efficacy for on-prem saves, because we focus so heavily on identity, and then integrated anti-malware alerts and feeds from integrations.

Related:Top Down Ventures Investing in Future of MSP Space

CF: How can MSPs best guard against cloud attacks?

JM: At the end of the day, hackers are going to follow where authentication authorization happens. That’s moved heavily to the cloud. I think the big message I would have to MSPs is, you have to get that cloud security in order, because you're going to put all your eggs into the automation basket – the Copilot basket. You're going to use single sign-on. You know what happens when single sign-on’s breached? Hackers have access to everything. So it becomes a house of cards pretty quickly. It’s pretty common sense, but that's how the game is played by the bad guys.

I think this is a really important thing, if you think about the advent of single sign-on. Now most MSP tools are cloud-managed. Then you want to deploy Copilot. You want to deploy AI, or any automation tools on top of that. Most MSPs do not have 365 covered. It's a huge attack vector, and they have to get on top of that and posture management, which means hardening 365.

Related:Blackpoint Cyber Hires Cisco, Extreme Networks Vet as CRO

CF: What role is AI playing in cyber security – both for good and bad?

JM: I'll address how I think bad guys are using it and how good guys are using it. There’s a lot of hype around how the bad guys are going to use AI to make self-morphing malware that's going to defeat everything. I'm not seeing that. What I am seeing is non-English speakers are using AI to have very believable phishing content that you can't see through. So I think AI has gotten really good at helping folks do better social engineering for the purpose of phishing.

Now AI on the detection side can be extremely effective. There's your unsupervised learning, which can knock out low-fidelity, high-volume alerts. And maybe I’ll get in trouble with my product team for saying this, but I’ll tell you something new. We’ve been running an AI effort for over a year. Our first steps have gone in production, and we ran it for months. We have zero false negatives. And this is just the start. It's absolutely groundbreaking. We think in a year our AI platform is going to be continually trained by our human SOC analysts, but it is already bringing massive efficiencies. We’re pouring millions of dollars into this. If you don't have an elite AI story, and you haven’t invested seriously, you’re quickly going to be legacy technology.

Related:Strengthening Customer Relationships with AI: A Guide for MSPs

CF: What are the greatest cyber security challenges for MSPs today?

JM: The fastest growing MSPs in the game are the most resilient. First, I think they're focusing on a vertical like we focus on MSP as a vertical. You have to dominate that and know that from the business side. Second, you have to absolutely embrace automation. There's lots of private equity roll ups going on right now. The market is getting more and more competitive, and it's starting to move upmarket, too. Now there’s a lot of co-managed IT services. So I think you have to dominate a vertical. You have to dominate automation. You have to heavily focus on post-sales customer success. You have to focus on employee retention, specifically your techs. And if you're not working on the pointy tip of the Microsoft ecosystem and automation tied to that, you don't keep the best techs. And lastly, from the funnel, lead generation should be more than word of mouth. Those are the hallmarks of the fastest growing, most successful MSPs.

To do all that, Copilot automation and AI are prerequisites for being an elite MSP. But you have to protect it, because once it works and you're getting all the efficiencies off and your Azure gets compromised with an admin account, your operations can come down like a house of cards. The technical outcome is you have to invest in these technologies, and you have to invest in hardening and posture management.