The Gately Report: PAM Provider CyberQP Helping MSPs Navigate Cybersecurity Challenges
Also, a reported state-sponsored threat actor hacks Cloudflare using stolen credentials.
![PAM provider CyberQP helps MSPs PAM provider CyberQP helps MSPs](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt009065fbdb047eb0/65245325d2ee24d540541a80/1-Security-Compass.jpg?width=700&auto=webp&quality=80&disable=upscale)
Olivier Le Moal/Shutterstock
Channel Futures: What did the rebrand from Quickpass mean for the company and its partners?
Nadia Karatsoreos: I can't believe it's almost been a year since we rebranded from Quickpass. What that really means is it allows us to showcase that we are a cybersecurity company first. It's everything we're obsessed with. We're helping MSPs grow their business with cybersecurity, understanding those compliances and those requirements. By changing our name to CyberQP, we're putting it right out there for you. No longer are we associated with password management companies or accounting software that happens sometimes. We are now first and foremost the company that’s going to get you where you need to go when it comes to cybersecurity as quickly as possible.
CF: What does CyberQP have to offer MSPs?
NK: Our main focus is MSPs. So everything we do, everything we create, whether it's the product itself, or the program and the education around it, is aimed at the MSP. So that is who our customer is.
We have two products. We have QGuard, which is PAM for MSPs. That allows the protection of privileged accounts and customer identities, and we run that efficiently and help you with saving money. So the control comes to the MSP so that everybody who's accessing those potential accounts is monitored and managed, and we don't have any issues with hackers getting in, and we're constantly rotating. So that's QGuard. QDesk is help-desk security automation for MSPs. So basically you're eliminating 95% of your help-desk tickets because we know a lot of people call in for password resets, so we will help pretty much eliminate that with end-to-end help desk automation with zero standing privilege. And that's the really important part of it. It empowers the users to solve tickets quickly, easily and securely, while ensuring your technicians can focus on the more complicated stuff so they're not taking those password reset tickets all the time.
CF: How are MSPs’ needs evolving when it comes to cybersecurity? How is CyberQP helping to meet those needs?
NK: There are a lot of changes. We're seeing over the last few years higher and stricter requirements and controls around compliances and government regulations, specifically around cybersecurity. Those weren't there in the past. We've also seen an increase in security breaches that actually target MSPs and customers. Now everybody needs to worry about that. There’s also the conversation around cybersecurity insurance requirements. It's become a lot more strict, and we can only assume it's going to keep getting more and more strict. That's for the MSPs as well as their customers who have those concerns.
And then there's also increased insider threats relating to technician turnover. We've also seen a substantial increase in social engineering attacks on MSPs and their customers, which we weren't seeing in the past. So by providing MSPs with PAM both for those internal and external threats, we're basically offering a moving target of defense for MSPs with their privileged accounts. In addition, we will be releasing a passwordless multifactor authentication (MFA) solution soon. That will not only make what we do even better for PAM, but it will also help MSPs with those stricter insurance policies that are coming out, and compliances and regulations.
CF: What sort of growth is CyberQP experiencing and what role are MSPs playing in that growth?
NK: We've essentially been doubling our partner base year over year. We are at just over 1,200 partners now and a year ago we were at 600. So we're seeing that year over year since our founders founded the company, and MSPs are playing that role. They're the ones that are helping us grow our business. Everything we've done so far is because of the MSP and I say that every time I meet a partner. I shake their hands and thank them for their business, and thank them for what they're doing in the industry to make everybody better.
So how we did that is we understand the landscape. We realize what the MSPs need in order to keep themselves, as well as their customers, safe. We made it easy for them to implement the solution so they're up and running as quickly as possible. And all of that turned into that tremendous growth that we've seen.
CF: Is the evolving threat landscape shaping CyberQP’s overall business, product and channel strategies?
NK: Absolutely. The landscape turned into people calling in for a help desk reset ticket. That was something that helped MSPs maybe eliminate having to do those calls and focus on more complicated things. But now it's turned into not just that, but also verifying, making sure that the person who's asking for that password reset ticket is actually that person. So that's something that we've seen change.
There are other things that we've seen as far as the security platform with regulations. We've seen some people talk about, "How do I become compliant? How do I follow the Center for Internet Safety (CIS) framework?" There are so many questions that people have, and we're doing what we can to make it easy for them to fit the products that we offer and the programs we offer into those buckets. We also have a lot of really smart people on our team who have been doing a lot of really great things. So we're not just providing a product for the MSPs, but a whole program that includes that thought leadership, and helping them build their business and understand what needs to be done so that they can keep growing their business day after day.
CF: AI in cybersecurity is a hot topic. Is CyberQP making use of AI? If so, how?
NK: We know AI is a hot topic in the MSP space. In the short term, we are not releasing anything AI-related. However, we are actively looking at how AI can help the PAM landscape. On the other hand, we are currently looking at ways to leverage it internally, finding legitimate use cases to help improve product development.
CF: What do you find most surprising and dangerous about the current threat landscape?
NK: A lot of things truthfully. The ever increasing threat from state-sponsored attacks from government infrastructure are really threatening the MSPs because, No. 1, they're heavily funded, they have the resources and the skills that they can pretty much get into anything, especially if the systems are left unprotected, and they are looking at privileged accounts. That is what we are protecting. We read articles and we have a channel internally that we share constantly where this threat attack happened and that threat attack happened. And it's no longer those images that we see with someone in their basement with a hoodie in the dark. Now it’s these large government functions that are doing these things. So it's really scary and it's a bit surprising that it's come to this, and it's something that maybe some people thought as a small business I wouldn't have to worry about. But because we're seeing these things happening all the time, everyone does feel the need to be concerned and to get the right programs in place to keep yourself protected.
CF: What’s the latest in terms of feedback from MSPs? What are their latest concerns and needs?
NK: A lot of the conversations have been around, how do I keep my own house safe? A lot of people are saying, "I've been so obsessed and so focused on what to offer my customers that how do I know my own business is safe? How do I know what I'm doing is also protected because that in turn is going to make sure that my customers are protected and it's also my reputation." So we've heard a lot of MSPs with concerns around that.
And then the other big topic, and this has been a topic for the last couple of years, is how do I make sure I have the appropriate cybersecurity insurance and that my customers do as well, and that I have the right products in place and I'm doing the right things in order to be compliant and to be covered under that insurance. That constantly seems to be this moving target where an MSP will say, "I thought I had it right and then things changed. Identity verification was one topic that has come up recently. So we're doing everything we can on our side to make sure our product is optimized to cover everything, and then also providing that education and working with the folks at CIS. We brought them in to do some training with us for MSPs. We're working with other industry experts to make sure that we're providing the MSPs with everything they need to know so that they feel confident to go out there, protect their own house and get that insurance when they need it.
CF: What can MSPs expect from CyberQP in 2024?
NK: The main theme of everything for 2024 is we're going to continue to make the product better, stay on top of everything that MSPs need and actually be a partner and not just somebody you do business with. We have a passwordless MFA coming out, and that is just to further help MSPs protect their privileged accounts. We're going to continue to educate MSPs. I truly believe that we call each other partners because we are an extension of your business.
So we heard loud and clear that MSPs need more help when it comes to understanding frameworks. We're going to continue to work with CIS to provide MSPs with that assistance and understanding of what they need to make themselves protected, to make their customers protected. We want them to make informed decisions on what products they use, what programs they offer, how to be compliant and how to follow those regulations. So we're going to continue to educate the MSP as well, and then constantly take feedback. MSPs are our customers; they are who we do business with. So we want to make sure that we're always evolving to make sure that we are in touch with what the MSP needs so that we can continue to make sure the product works well, the product is in line with what they need, and the programs available actually help the MSPs as well.
In other cybersecurity news …
A suspected nation-state threat actor used stolen credentials to get access to Cloudflare’s Atlassian server, and accessed some documentation and a limited amount of source code.
Cloudflare detected the threat actor on Atlassian on Thanksgiving Day, Nov. 23. Its security team immediately began an investigation, cut off the threat actor’s access, and on Nov. 26, brought in CrowdStrike’s forensic team to perform its own independent analysis.
CrowdStrike completed its investigation on Feb. 1, and Cloudflare then published a blog to talk about the details of this security incident.
“We want to emphasize to our customers that no Cloudflare customer data or systems were impacted by this event,” it said. “Because of our access controls, firewall rules, and use of hard security keys enforced using our own zero trust tools, the threat actor’s ability to move laterally was limited. No services were implicated, and no changes were made to our global network systems or configuration. This is the promise of a zero trust architecture: it’s like bulkheads in a ship where a compromise in one system is limited from compromising the whole organization.”
Last October, Cloudflare was one of the victims of a compromise of Okta’s systems, which resulted in the threat actor gaining access to a set of credentials.
“Unfortunately, we failed to rotate one service token and three service accounts (out of thousands) of credentials that were leaked during the Okta compromise,” Cloudflare said. ”The one service token and three accounts were not rotated because mistakenly it was believed they were unused. This was incorrect and was how the threat actor first got into our systems and gained persistence to our Atlassian products.”
This was a security incident involving a “sophisticated actor, likely a nation-state, who operated in a thoughtful and methodical manner,” the company said.
“The efforts we have taken ensure that the ongoing impact of the incident was limited and that we are well-prepared to fend off any sophisticated attacks in the future,” it said.
Adam Gavish, DoControl’s co-founder and CEO, said the key takeaway from this attack is the impact of dormant service accounts, API tokens and access keys.
“Today’s offboarding processes don’t handle employees’ generated tokens that remain active forever,” he said. “Attackers exploit such tokens to gain programmatic access to sensitive data, source code, etc. It’s critical to put together a catalog of such keys and auto-delete them when relevant identities are suspended.”
John Bambenek, president of Bambenek Consulting, said Cloudflare provides a great deal of transparency in its report that shows a lot of “strong” elements of its response and does take responsibility for the one failure that led to the compromise.
“This highlights the general needs of organizations to be concerned with third-party risk, and how difficult it can be to truly implement a firewall from compromises in those third parties from spreading into other organizations,” he said. “It isn’t great that the compromise took nine days to discover, however, the methodical and low-and-slow approach of the threat actor certainly didn’t help. What is encouraging in this report is how Cloudflare owns the oversights and lays out changes of how to further secure their environment in the future.”
Last week, FBI Director Christopher Wray, the head of the National Security Agency (NSA) and other senior officials addressed the House Select Committee on the Chinese Communist Party with an urgent public warning that Chinese hackers are preparing to “wreak havoc and cause real-world harm” to the United States.
Wray said Chinese government-backed hackers are targeting water treatment plants, electrical infrastructure, and oil and natural gas pipelines, working “to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous."
“The truth is the Chinese cyber actors have taken advantage of very basic flaws in our technology,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA). “We have made it easy on them.”
Mark Cooper, president and founder of PKI Solutions, a provider of cybersecurity products and consulting, said the warning emphasizes the sense of urgency needed to improve the security of core systems to critical infrastructure.
“It’s no longer safe to assume these core systems like identity and encryption are resilient,” he said. “Organizations need to manage the security posture of each of their critical systems. These measures are essential in ensuring vulnerabilities are identified and mitigated properly, reducing the risk of exploitation by malicious actors.”
David Ratner, CEO of HYAS, said critical infrastructure is “unfortunately too vulnerable to a variety of attacks, and we need to focus on cyber resiliency across the board or risk not just the interruption of basic services, but potentially loss of human life.”
“Bad actors will continue to find new vectors to try and wreak havoc; the only path forward is proactive intelligence and overall operational resiliency to ensure that each new attack is handled quickly and efficiently, before damage ensues,” he said. “The time to act is now."
Last week, FBI Director Christopher Wray, the head of the National Security Agency (NSA) and other senior officials addressed the House Select Committee on the Chinese Communist Party with an urgent public warning that Chinese hackers are preparing to “wreak havoc and cause real-world harm” to the United States.
Wray said Chinese government-backed hackers are targeting water treatment plants, electrical infrastructure, and oil and natural gas pipelines, working “to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous."
“The truth is the Chinese cyber actors have taken advantage of very basic flaws in our technology,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA). “We have made it easy on them.”
Mark Cooper, president and founder of PKI Solutions, a provider of cybersecurity products and consulting, said the warning emphasizes the sense of urgency needed to improve the security of core systems to critical infrastructure.
“It’s no longer safe to assume these core systems like identity and encryption are resilient,” he said. “Organizations need to manage the security posture of each of their critical systems. These measures are essential in ensuring vulnerabilities are identified and mitigated properly, reducing the risk of exploitation by malicious actors.”
David Ratner, CEO of HYAS, said critical infrastructure is “unfortunately too vulnerable to a variety of attacks, and we need to focus on cyber resiliency across the board or risk not just the interruption of basic services, but potentially loss of human life.”
“Bad actors will continue to find new vectors to try and wreak havoc; the only path forward is proactive intelligence and overall operational resiliency to ensure that each new attack is handled quickly and efficiently, before damage ensues,” he said. “The time to act is now."
Privileged access management (PAM) provider CyberQP is focused on helping MSPs tackle the increasing challenges of cybersecurity.
That’s according to Nadia Karatsoreos, CyberQP’s vice president of marketing and channel. The PAM provider rebranded from Quickpass last April.
When it comes to cybersecurity, it’s a difficult time for MSPs, but there’s a “huge” opportunity, she said.
![CyberQP's Nadia Karatsoreos CyberQP's Nadia Karatsoreos](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt4e90480878d80789/65bd735c1b0eaa040abe3a1d/Karatsoreos_Nadia_CyberQP_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
CyberQP's Nadia Karatsoreos
“It's difficult because whether you're a small business or a large business, everybody's vulnerable,” Karatsoreos said. “With MSPs, everybody knew their customers, they trusted their customers, and their customers trusted them so there weren't some of these compliances or these practices in place to keep everybody safe. But now we need to have these things in place in order to get cyber insurance for your company. So it's definitely a difficult time.
"But if you do have the right processes in place and you are working with the right partners, I do think there's a tremendous opportunity for them," she added. "They’ve become the 911, the essential business that every business needs. So that opportunity right there tells you that although it is complicated and it is a hard time, it is a tremendous opportunity to keep growing your business and helping those customers.”
PAM Provider Engaging, Helping MSPs Grow
The goal of Karatsoreos’ team is engaging with MSPs and helping them grow.
“Our partner program is meant to make it easy for MSPs to implement our solution into their managed service offering, but also educate them on things outside of that,” she said. “So whether that's regulation, whether requirements and compliances, all of that is built into the partner program to help them continue to grow their business and specifically their cybersecurity offering.”
Scroll through our slideshow above for more from CyberQP and more cybersecurity news.
About the Author(s)
You May Also Like