maxkabakov - Fotolia
Kaseya is focusing its internal R&D resources and acquisition strategy on technology geared to MSP cybersecurity challenges.
Service providers continue to struggle to protect their customers and, increasingly, themselves from cyberattacks. Kaseya's Connect IT virtual conference, which runs through Aug. 27, highlighted cybersecurity as a key theme. Conference sessions focused on the changing threat landscape during the pandemic and how IT security vendors and MSPs are responding.
Kaseya CEO Fred Voccola noted MSPs' two-pronged involvement with cybersecurity. "Customers are spending more and more on security," he said. "It is not that difficult for MSPs to grow their business by providing more and more security." Yet, on the other hand, MSPs are concerned for their own protection and the potential for business disruption.
"They are feeling targeted," Voccola said.
Accordingly, Kaseya will continue investing in MSP cybersecurity offerings. Voccola estimated that perhaps a third of the company's R&D group, under CTO Dan Timpson, is working on the company' security suite. In addition, the company is pursuing an acquisition in the security arena, Voccola said, noting that he is hopeful the company will have a deal to unveil in two or three months.
Kaseya earlier this week took the wraps off a security acquisition: The company acquired Graphus, an email security and anti-phishing technology specialist. Voccola said more than 250 MSPs have signed up for Graphus over a 48-hour period.
Kaseya hadn't considered purchasing Graphus when it first started working with the company several months ago. Kaseya began using Graphus internally as part of its own protection program, bringing on the technology to supplement Microsoft 365 Advanced Threat Protection, Voccola said. After using the technology for five or six months, Kaseya COO Joe Smolarski suggested the product might be good for Kaseya's customer base. The product was then built into Kaseya's IT management platform and the company decided to look into acquiring Graphus, according to Voccola.
Graphus' technology focus addresses a major concern for MSPs' small business customers.
"Graphus is designed to protect against phishing attacks," said Anurag Agrawal, CEO at Techaisle, a San Jose, Calif., market research firm that focuses on the SMB market and the channel. "Forty-two percent of U.S. small businesses and 34% of U.S. midmarket firms feel that phishing is a security risk to their organizations. In fact, for small businesses, it is the top concern. If we consider these stats, then [Graphus] is a significant announcement for Kaseya to beef up their security offering to the MSPs."
COVID-19 complicates MSP cybersecurity challenges
The onset of the COVID-19 pandemic made an already difficult cybersecurity environment even more demanding.
Alex Stamos, director of the Stanford Internet Observatory and former chief security officer at Facebook and Yahoo, cited a number of changes to IT environments as a result of the pandemic. Those including an influx of new devices to equip remote workers, a transition in how services are provisioned to support remote work and the growth of distributed security teams.
Speaking at Kaseya Connect IT, Stamos suggested several steps for helping customers build secure networks. That task, he said, should start with an assessment of an organization's existing control matrix. He said some controls may no longer make sense in the "new pandemic world."
Next, organizations should prioritize high-risk threats, since IT resources are currently limited. Stamos said now is not the time for technology wish lists. Instead, a business needs to focus on its threat model and triage resources against that.
Creating controls that compensate for the pandemic is another key step. For example, a customer may be able to replace a patch management approach that relies on an on-premises server to one that is hosted in the cloud, Stamos said.
Kyle HanslovanFounder and CEO, Huntress Labs
He also advised creativity when it comes to equipping employees with IT. He recommended moving away from fully loaded laptops and opting for iPads, Chromebooks or virtual desktops.
"Not everyone needs a full-featured device," Stamos said
MSPs that offer cybersecurity during the pandemic may be in somewhat limited supply, however. Kyle Hanslovan, founder and CEO at Huntress Labs, which offers a breach detection service for MSPs, estimated that only 20% of MSP cybersecurity services have reached go-to-market maturity, while 80% "aren't rising to the bar."
Hanslovan, who spoke during a cybersecurity panel discussion at Connect IT, suggested the pandemic helped reveal the mature MSPs, since those were the ones most capable to navigate the changing market. He said the leading MSPs focused on making their customers productive during the first three months of COVID-19 and then shifted to making them secure.
"The top MSPs had a plan, and, within 90 days, pivoted from productivity to security," he said.