The Gately Report: Cybersecurity Shines at Channel Futures Leadership Summit
Plus, the expo hall offered a lot from cybersecurity providers.
![Channel Futures Leadership Summit keynote room 2023 Channel Futures Leadership Summit keynote room 2023](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt77a1b8f55e8ae256/654ac1dabb234c040a96c4f2/CFLS_2023_Wide_Shot_GR_Cover.jpg?width=700&auto=webp&quality=80&disable=upscale)
When addressing common challenges MSPs face when integrating new cybersecurity tools, CyFlare's Joe Morin at Channel Futures Leadership Summit said the key is starting with a strategy.
"What I see a lot of, especially with MSPs, is really focusing on the tech stack and 'what do we do with the endpoint, what do we do for this and that, how much does it cost,' and then you go and deliver that holistic stack to a customer," he said. "I think the key thing is to start with a plan, start with a strategy, and get the customer to understand things a little more holistically and strategically, because now you can sit down and say, 'Look, here's what we have, here's what we think we have and might happen, and here are the things that we really care about. And here's what we're going to protect.'
"So the main thing is not about this tool, this service, this next thing. It is about a holistic strategy that the board of that entity, regardless of a super small client or big, that's how it needs to fall into place because now you're making decisions together. It's not just this MSP versus the customer, situation to situation, tool to tool. Now it's more of a cohesive strategy. And the tools kind of don't matter at that point, which is good for you because you don't want the client to get rid of their MSP because they don't like the endpoint solution that you guys have chosen. You could swap that out for the right reasons."
Where a lot of MSPs get stuck is endpoint detection and response (EDR). It is "the new requirement, it's the flatline, the insurance companies say you need EDR, this is our requirement," said Malwarebytes for Business' Brian Kane.
"I've literally seen lawsuits happen where they filled out the form, said they did it, didn't do it and they didn't get paid," he said. "So it's a real thing. The problem with EDR is what it actually means. It means extra logs. So out of those people that you have on staff, if those people are not essentially SOC-trained or trained in how to manage large logs, do threat hunting, heuristics and all of those things, then you need someone to help you, or you need a service to stack on top of that to help you."
MSPs need more than EDR, Kane said.
"You either need an MDR service or you need a SOC service," he said. "You need someone to help you with that unless you're going to build out your own SOC. And if you want to build out your own SOC, I've been there twice, it's awful. The big gap there is, here's the requirement, here's what we're trying to get everyone. It's a difficult road to get there. Make sure that you're enlisting the help of the right people to get there, or at least hiring the right staff. Even with 20 people on staff, do you have a full team of people running 24/7 eyes-on-glass managing every element? That's the big question."
When it comes to essential tools for MSPs, Morin said forget about security information and event management (SIEM).
"SIEM is a database where you're saying go look for this and this, and this, and when you see it, come tell me," he said. "Now you have polymorphic threats, things that are changing constantly, too many threats, and so now you have to go tell it all of that stuff. Who's going to sit there and reverse-engineer malware and do all of that? Not even the big companies can do that. That's why we have these threat intelligence platforms, that's why we're trying to do communities because it's unrealistic. That's where extended detection and response (XDR) has come into play. It's leveraging different detection engines in layers, machine learning (ML), sandboxing, yes, still some SEMI type stuff and other telemetry. But when you think about XDR, extended matters."
However, there's nobody that's "crushing" XDR, Morin said.
"The reason is you have these integrations, and some of these vendors have 12, 15, 20 different integrations, maybe they have a bunch of log parsers and there's no response action possible from log parsers," he said. "The job of XDR is to normalize all of that data into a story, and to normalize that down to an asset and their risk against that asset. So extended means that you should really be extending into everything. So look for vendors that have very comprehensive integration ecosystems."
Syxsense, a unified security and endpoint management (USEM) solutions provider, was on hand in the expo hall. Ashley Leonard, founder and CEO, said working with MSPs is the fastest-growing area of his business.
"If you look at traditional MSPs, certainly they have been using management tools like PSA and they do a very decent job of providing RMM capabilities," he said. "But what they have not done is be able to see the evolving market of security. And that's where we've really stepped it up. So not only do we have the RMM capabilities, but we have that security vulnerability-scanning capability, which allows our MSP customers to offer additional services to their customers so they can get more dollars per endpoint as a result of that. They also are able to offer that remediation capability. That would have to be done manually if you didn't have a product like us, which is obviously very important when you're looking at staffing as an MSP."
And on top of that, Syxsense automation engine allows MSP customers to leverage a set of pre-built workflows within the product, or using a drag-and-drop interface, Leonard said.
"It's literally a no-code interface [to] build automations that they can then deploy across all their customers, which reduces the number of technicians that they need or allows each technician to handle more customers," he said. "And that's been one of the big challenges I've been hearing from many of the MSPs that we work with, finding the skill set that they're looking for. So if you can do more with the team that you have, you're going to improve the efficiency and profitability of the business. Add on to that you can now sell additional services that you're perhaps not selling today. You can get more dollars per endpoint. It increases the profitability of the business even further. And you do it all while being a cloud solution having real-time connectivity to the endpoints, which again allows us to provide better service and better security to the customers."
Exclusive Networks was among exhibitors in the expo hall. Jahvon Ferrarra, territory account manager, said cybersecurity is a core focus for the distributor. Among its cybersecurity vendors are Fortinet, CrowdStrike, Exabeam, Palo Alto Networks, Proofpoint and more.
"If you look at the vendors that we have in our line card, they each have a focus in it in a different play towards that same end goal," he said. "Depending on what the goals are for the MSP or the MSSP, or the VAR, there's usually something within our portfolio that at least they can offset a piece of their offering, too. It may not be the whole thing or it may be everything. You might sell all of the products we offer, but either way, even if it's just one, you're still going to rather buy that one through us than somewhere else."
There's more demand than ever for cybersecurity, Ferrarra said.
"And you continue to see these effects happen at scale with Colonial Pipeline a few years back, and MGM Resorts and Caesars," he said. "As bad as those events are, at the end of the day, it's the biggest marketing the industry could have. So these things will continue to show people that even in times of economic uncertainties, bad actors are still out there. They're not going anywhere. And maybe they're hungrier. So maybe you can cut budget from other places, but it's probably not going to be from your cybersecurity infrastructure."
CyFlare, a SOC as a service, was on hand in the expo hall. Mike Byrne, vice president of sales for CyFlare, said his company is looking for MSPs that are essentially looking to provide security, including MSPs that are becoming MSSPs.
"Everybody knows they need cybersecurity, but to what level," he said. "And a lot of companies have their head in the sand ... kind of like, 'I don't want to know what my real risk and exposure is, or I have no idea where to start or I have no idea how to start to address it.' And even though everyone knows cybersecurity and everyone knows it's a threat, I would say that it's still wide open. There are so many companies that just need help and awareness, and education, but there's a shortage of IT security professionals. The sky's the limit. It's a great opportunity. I think security is the hottest space."
Lookout, a cloud security provider, launched its MSP program about a year ago.
"Our new sales leadership felt that we should move down market from enterprise to SMB, and we thought that the MSP market was the way to enter it," said Michael Meadows, who runs Lookout's MSP and MSSP business in the Americas. "We're a mobile EDR company, which means we focus on security for mobile endpoint devices. We also have an SE suite of solutions that goes toward cloud security, but specific to the MSP market, we're focusing on our mobile EDR solutions. We thought that coming to an event like this was great because we know that Channel Futures is a leader in terms of bringing MSPs into the vendors that actually help them. We know that mobile security is a gap. A lot of times within the MSP space, a lot of companies will have mobile device management (MDM), which speaks toward management of their mobile device. But we add that additional layer of security, which is really relevant now because of phishing, because of malicious attacks and so many security breaches happening across your mobile device. So it's what we primarily focus on. We think the MSP market is the way to enter the SMB market, and we think the timing is perfect for us."
Perception Point, a prevention-as-a-service provider, was in the expo hall speaking with MSPs. Rosko Goings, solutions engineer, said what makes his company different from competitors is its 24/7 incident response team.
"I could tell you about the technology that we use to scan to differentiate ourselves, but the biggest thing is our human component, because whenever you're using artificial intelligence (AI) or those types of engines, it's accuracy," he said. "What's the false-positive? What's the false-negative rate for us? So what we include in incident response or the human component is to basically verify again that we're still as accurate as we can possibly be. The other benefit is as an MSP, you may would have to have created those rules or fix that problem by yourself in the past. Why did this email go through? Why didn't this email go through or whatever the situation may have been. Now we have a 24/7 service to more quickly respond to that situation. So you don't actually have to do it yourself, or you know that it gets resolved in a more timely manner. That's probably the biggest thing. This allows us to look higher in the attack chain and more quickly verify that it's a malicious attack and ultimately keep it in one environment. That's all of our services."
OpenText came to Channel Futures Leadership Summit for the opportunity to meet other like-minded businesses that are trying to expand their MSP footprints, said Rick Perez, partner sales director for U.S. state and local.
"The way we approach cybersecurity is really from a data-centric perspective," he said. "If I'm talking to customers today, I'm saying protect your data and have your partners help you do that, but protect your data so that when bad actors get hold of your data, it's essentially useless to them. And then you can do the other portions that we do around our enterprise software solutions, which are the areas around identity and access management (IAM), the areas around application security, which is hardening your applications so that you're not writing bad code, and the typical kind of AI components that go along with our SIEM solutions to essentially let you know that you've got an insider threat, give you anomaly detection and those different things. So there's a lot that we do, and it's a great environment for us to share those ideas with other like-minded MSPs."
And OpenText can help MSPs that are wanting to become MSSPs, Perez said.
"We've got lots of different ways and models that we can utilize to try to enable them to do that and try to help them grow their business," he said.
Email security provider Hornetsecurity was in the expo hall to talk about some of its new solutions and connect with new MSPs in the area, said Derrel Bradley, account executive.
"There are different types of threats, obviously with the emergence of AI, and MSPs are definitely looking for a more sustainable, cost-effective way to secure their clients' inboxes and Office 365 environment as well," he said. "So AI is actually incorporated in a lot of our solutions. From our advanced threat protection all the way up into our newest solution, which is our permissions manager, we utilize it as a way to stay on top of new threats and modern threats, some threats that maybe a Microsoft Defender wouldn't necessarily catch. We're constantly keeping up with new threats through our synergy."
Danielle Harrison, MSSP channel development manager for Malwarebytes for Business, said her company offers endpoint protection and MDR.
"We're a completely channel-focused company and we work with our strategic partners and MSPs," she said. "And for MSPs, we have something called OneView. That's a multitenant window to where they can actually manage the endpoint security for their customers."
Malwarebytes for Business' MSP community is continually growing, Harrison said.
Kyle Mickaelian, MSP partner representative at Druva, which provides backup and recovery for MSPs to offer their customers, said the value it offers to MSPs is time to market and time to value.
"It's quicker than some of our competitors because there's no hardware involved and the turn up is instantaneous," he said. "It allows them to increase margin. They can increase their margins sort of at will. And we have great customer service."
And Druva's ransomware protection is "critical in this day and age for sure," Mickaelian said.
Paul Dobbins, Ostra Cybersecurity's chief growth officer, said for SMBs and the majority of MSPs, cybersecurity has become not as much of a tools or a technology problem, as a people problem. It provides managed cybersecurity.
"That's what we're solving for," he said. "We have the tools, we have the technology, but more importantly, we have the people. What sets us apart is that we actually do the remediation for the businesses. We found that these businesses don't have those resources and we are that resource. So that's really our mission, to help SMBs through the MSP channel. And this event helps us reach that market, especially those MSPs that are looking to approach cybersecurity in a different way. More than anything, it is clarifying, it is simplifying. It is ensuring that they have a clear path and understand that it doesn't have to be difficult to understand."
Paul Dobbins, Ostra Cybersecurity's chief growth officer, said for SMBs and the majority of MSPs, cybersecurity has become not as much of a tools or a technology problem, as a people problem. It provides managed cybersecurity.
"That's what we're solving for," he said. "We have the tools, we have the technology, but more importantly, we have the people. What sets us apart is that we actually do the remediation for the businesses. We found that these businesses don't have those resources and we are that resource. So that's really our mission, to help SMBs through the MSP channel. And this event helps us reach that market, especially those MSPs that are looking to approach cybersecurity in a different way. More than anything, it is clarifying, it is simplifying. It is ensuring that they have a clear path and understand that it doesn't have to be difficult to understand."
Last week's Channel Futures Leadership Summit shined a spotlight on all the latest cybersecurity trends, and how MSPs and MSSPs can protect themselves and their customers.
In addition, the expo hall included numerous cybersecurity providers showing their latest tools and solutions for MSPs and MSSPs.
"Cybersecurity continues to be at the forefront of all conversations we had at Channel Futures Leadership Summit," said Kelly Danziger, VP and general manager of Informa Tech Channels. "We all expect technology advancements that accelerate our productivity and efficiency in both our business and personal lives. The rate of speed at which these advancements are happening can at times expose us to security breaches. We read about these every day and many of us have experienced them in our personal lives as well. We must continue to educate ourselves and our employees on the areas where we’re at risk, and how and where we need the various security protocols in place to provide comfort and protection as we embrace the incredible technology advancements that are critical to running a successful business."
Cybersecurity Must-Haves for MSPs, MSSPs
During the Channel Futures Leadership Summit, a panel of heavy hitters in cybersecurity provided guidance for assessing gaps in coverage and finding the right tools to fill gaps in a cost-effective manner.
Panelists included:
Joe Morin CEO of CyFlare on behalf of Stellar Cyber.
Scott Barlow, Sophos' vice president of global MSP and cloud alliances.
Brian Kane, cybersecurity evangelist with Malwarebytes for Business.
Val King, CEO of Whitehat Virtual Technologies.
For MSPs and MSSPs to stay informed about the most recent and emerging cyber threats, "you've got to be part of the collective, industry-driven organizations and teams that are aggregating this level that also has government involvement," King said.
"There are tons of sources as we slowly evolve from a bunch of individual organizations with individual budgets, talking of us as well as our customers, trying to protect ourselves against nation-states and other events, into gathering data that is being aggregated or tapping into sources that are already aggregating the data from a government perspective and from an industry perspective ... and have that information available at your fingertips so you know what's going on," he added.
Channel Futures Leadership Summit: Leveraging Vendors Helpful
Leveraging vendors is also important, Barlow said.
"A lot of the vendors will syndicate their threat feeds to other vendors as well, but to you, you can actually take that and integrate that into your website," he said. "The other recommendation I would make is to join an ISAO or ISAC, I like the ISAO better, and that's just an information-sharing organization. There are a couple in this industry. CompTIA has a fantastic ISAO where I think a lot of the vendors actually will share the threat intelligence, so if you have a question about a piece of malware or a suspicious piece of file or attachment, you can actually upload it and test it on your own."
In addition, MSPs and MSSPs, as well as resellers, need to do tabletop exercises, Barlow said.
"That continues to keep you in tune with absolutely everything that's going on in the world that's out there," he said. "And stay with the fundamentals as well. There's so much complexity around malware that the majority of organizations cannot do it themselves, which is why I think we all have managed detection and response (MDR) solutions and security operations centers (SOCs). So just stay with the fundamentals. The stuff that we see getting through is crazy. And why does it get through? Compromised credentials or an exploited vulnerability. So keep up with the threats that are out there, but also get back to the fundamentals."
Scroll through our slideshow above for more on cybersecurity at the Channel Futures Leadership Summit.
About the Author(s)
You May Also Like