RocketCyber has added three security solutions for Microsoft Office 365 environments to its app-based threat monitoring platform for MSPs.
The newest members of the vendor’s “RocketApps” family are also its first foray beyond endpoint protection. The decision to build cloud security into the product as well reflects the reality that most ransomware attacks begin with a phishing email, according to RocketCyber President Billy Austin.
“In order to give MSPs complete visibility, we felt like we needed to tackle and address additional attack vectors beyond and above the traditional endpoint,” he says.
The company chose to focus specifically on Office 365 because it’s the most widely used online email and productivity suite among SMBs, and because Microsoft doesn’t offer centralized, multitenant administration tools for that system, according to Carl Banzhof, RocketCyber’s CEO.†
“It’s all pretty much a black hole for the MSPs today,” he says. “They don’t have any manageability across all their customers.”
All three new solutions unveiled today are designed to overcome that gap by collecting security threat information from all of an MSP’s Office 365 accounts. The Office 365 Login Analyzer app, for example, highlights potentially unauthorized authentication attempts by listing both successful logins and unsuccessful ones that could be connected to brute force attacks.
“The value-add that we’re providing there is we take that [Microsoft] login data and then we enhance it with IP threat reputation information, geolocation data, and WHOIS data,” Banzhof says.
Users can filter out logins originating in known-safe geographies or limit the list to a particular set of suspicious locations, he adds. “If they don’t have employees traveling through China, then they’re going to want to know about anytime somebody logs in from China,” Banzhof observes. The system can also train attention on specific known malicious IP addresses and adversaries.
A second new RocketApp, called Office 365 Log Monitor, shows event data for all of an MSP’s Office 365 users, groups, Azure Active Directory entries, and more. “That allows them to review and triage those event logs to detect when suspicious or unwanted activity is taking place,” Banzhof says.
The third app, Office 365 Secure Score, consolidates account-level information from Microsoft’s Secure Score tool, which is designed to assess an end user’s compliance with security best practices and point out opportunities for improvement. “We’re aggregating that information across the MSP’s customer base, and giving him a single dashboard that he can go to,” Banzhof says.
All three apps are available now to MSPs in two of RocketCyber’s three license models. Subscribers in the company’s Professional plan, who operate RocketCyber’s software themselves, pay $1 per Office 365 user per month for each of the new systems. The apps are included at no additional cost for channel pros using the vendor’s managed SOC service, in which RocketCyber security specialists handle threat monitoring on an outsourced, as-a-service basis.
Officially launched in November 2018, RocketCyber’s solution features a mix-and-match collection of apps for functions like threat hunting, malware analysis, and malicious file detection. There are 19 apps in all at present. With the release of the Office 365 apps announced today, those systems cover both endpoint and cloud security. A new firewall log monitoring app due to arrive shortly will extend the platform into network security as well.†
“A lot of these MSPs need to deliver log monitoring capabilities, but a SIEM is not practical,” Austin observes. “Leveraging our multitenant architecture, now you can get heterogeneous log monitoring [and] ticket automation with a PSA.”
According to Banzhof, the new system, which will integrate with firewalls from roughly 10 manufacturers, will also screen out unimportant events that can distract an MSP’s attention from truly significant ones. “It helps them concentrate on more of what’s really relevant, versus having to weed through all these useless bits of log data that nobody cares about,” he says.
Also set to arrive later this year is support for Linux endpoints. “Small business customers tend to have servers up in the cloud, but there are limited security tools and monitoring tools” for them, Austin says. The RocketCyber platform already covers Windows devices, and has been monitoring MacOS hardware as well since last month.
Though RocketCyber products have been available since 2018, Austin says, the company only began actively courting users through sales and marketing efforts last April. It currently has over 200 MSP partners.†
According to Austin, many of those partners signed up for the service after the introduction last August of RocketCyber’s command-and-control app for Windows Defender, the increasingly popular antivirus component of Microsoft’s Windows 10 operating system. Like the Office 365 apps launched today, the Windows Defender app provides multitenant management for a product that otherwise offers none.
“That definitely put us on the map in terms of customer acquisition,” Austin says.