For MSPs, so much has changed, yet so much has stayed the same, says Mike Mittel, CEO of Atlanta-based RapidFire Tools Inc., maker of the Network Detective IT assessment tools. SMBs still need help from their trusted IT providers, he says, noting that there are growth opportunities for MSPs in the areas of security and compliance in particular.
“Back when we started out everything was about performance and availability. Now it’s about cloud management; it’s about devices that are in the workplace like mobile devices and tablets,” Mittel says. “And, of course, now it’s evolved even further with this Internet of Things and people bringing wearables, watches, and connected cameras and other types of devices into the network that need to be accounted for and also offer vulnerabilities into the network.”
What hasn’t changed, he says, is the need to manage infrastructure. “So even though people have evolved into the cloud and virtual environments, people still have PCs, and we don’t see that changing; and the network is still there and will be for the foreseeable future.”
As such, RapidFire has rolled out tools to help MSPs capitalize on opportunities to add new offerings to their businesses. “The immediate opportunities that we’re seeing are in the areas of compliance. So about a year ago we introduced our first compliance module [for] HIPAA,” Mittel says. “A lot of our IT service providers have clients [that] are doctors’ [and dentists’] offices, nursing homes, and folks who need to be compliant under HIPAA.”
Introduced in April of last year, the Network Detective HIPAA Compliance Module is optimized for performing a comprehensive HIPAA risk analysis. The tool automatically generates all of the primary documents that the covered entities and their business associates are required, by law, to create and maintain to comply with the security aspects of the provision, including: the HIPAA policy and procedures document, the evidence of HIPAA policy compliance document, the HIPAA risk analysis and management plan, and the IT security exception worksheet.
And RapidFire is expanding in the compliance arena with its newest Network Detective PCI Compliance Module, an automated tool that helps businesses that accept credit and debit cards stay in compliance with the PCI Data Security Standards (DSS). “Retailers who accept credit cards need to be compliant under PCI. So those are immediate opportunities [for MSPs] that we see,” says Mittel.
RapidFire’s Win Pham, vice president of software development, says the PCI module follows the PCI DSS specification. “It goes requirement by requirement, and collects data and automates as much as possible the collection of data, and then walks the MSP through the identification of different elements. For instance, one of the very simple things is looking at what external ports are open on a customer’s network, and then documenting that there is a real business justification for each port. [It will] also automatically scan and look for log-in information.”
Pham says the tool, for instance, can identify if a former employee has tried to log into the network. “Additionally, we have primary account number scanners, hand scanners that will actually search the file system looking for credit card numbers. Very often, the determination of how much PCI you have to comply with is determined by whether or not you’re storing credit card numbers. And very often, [MSPs] are very surprised that customers [they] think are not storing credit card numbers, are.”
Pham adds, “The PCI module is extremely comprehensive for the security aspects. It looks at the network in a unique way, where we’re looking at both the network that is the cardholder data environment, and then the external perimeter environment. We’re combining that with best practices that have come in through the PCI Security Council, and we find a way to make it digestible by the MSP. PCI is an overwhelming specification and it has many different parts.”
Assessing Internal Vulnerabilities
To support the opportunity for MSPs in the security area, last September RapidFire released Network Detective Inspector, an IT assessment tool that can perform internal IT vulnerability assessments, and also produce detailed Layer 2/3 network diagrams. The subscription-based tool is the first Network Detective module that also comes with a fully configured, ready to use, hardware appliance that plugs into the target network. Once activated, the device performs a non-invasive scan of the entire network—and everything connected to it—seeking out vulnerabilities that might be open to a hacker who manages to get by the network edge protection, or from a malicious internal source, according to the company.
With the ability to do Layer 2/3 mapping, an MSP going into a new environment “could run our tool [and] find how the wiring is done, without having to trace wires through floor boards or ceilings, to see how the different offices and computers and devices are connected together,” says Pham. “So it gives them better awareness when they go into an unknown environment than they had before.”
Pham adds that MSPs are using the Inspector for prospecting clients and contract assurance as well. “Typically there’ll be a meeting between the salesperson and the customer. They’ll work through an agreement, what their pain points are. And then there’s an onboarding team that has to spin up this project. One of the things they’ve been using Network Detector for and the Inspector is doing that initial verification” of the network environment.
He adds, “We’ve had several MSPs thank [us] for producing the tool, saying that it’s helped cover them and save them thousands of dollars in misquoting.”
The Inspector, “used in conjunction with our other modules, can also automate the report generation and collection of all of the other existing modules,” he adds.
Sums up Mittel: “Our [security] offerings are getting more robust. The traditional ways of locking down the environment have to do with firewalls or intrusion detection and other devices that are out there, but a lot of the threat comes from behind the firewall from employees who [are] very hard to detect.”
Mittel says RapidFire is working on a tool to help identify patterns of abuse and misuse across the network. “It’s something we’re working on and we should have an offering out in the next 90 days to start addressing that aspect of security.”