The company announced that change and discussed ongoing measures to shield its products from intensifying threat activity at its IT Nation Explore event, which commenced online this morning.
SentinelOne solutions were already deeply integrated components of Fortify Endpoint, one of the offerings in the ConnectWise Fortify security suite, alongside outsourced security operations center services. ConnectWise partners now have the option of using the SentinelOne systems without SOC support.
The new policy applies to SentinelOne Control, currently the core of Fortify Endpoint, and SentinelOne Complete, which includes everything in SentinelOne Control plus threat hunting functionality.
MSPs who purchase either product via Fortify will receive specialized onboarding assistance and support from ConnectWise. Exclusive integrations between SentinelOne solutions and ConnectWise products are in development for future release as well.
“SentinelOne has been a backbone of what we’ve done with our SOC services, our SOC endpoint services, for years and now we’re starting to make that available to all partners,” said ConnectWise Chief Product Officer Jeff Bishop at IT Nation today. “Whether you want to consume that through our SOC or you want to try to do it yourself, you can purchase SentinelOne through us here at ConnectWise and bring that great solution into your environment.”
Bishop spoke at length as well this morning about forthcoming measures aimed at safeguarding ConnectWise solutions from cyberattacks, a topic of great concern for MSPs in recent years made even more urgent by the recent high-profile breach of Kaseya’s RMM solution. ConnectWise itself played a role in ransomware attacks made possible by flaws in its Automate RMM offering last year, as well as earlier incidents.
According to Bishop, multifactor authentication will be mandatory on all of its software by the end of the year. “It was required on some of the products, but now we’re going to extend that across the entire portfolio,” he said this morning.
ConnectWise CISO Tom Greco told ChannelPro that such a policy was under consideration during last month’s IT Nation Secure event.
The company also plans to extend the IP whitelisting functionality currently provided with its remote access system into other solutions. “We’re going to take that out to RMMs and other products, and you can control who from an admin perspective can authenticate into your applications,” Bishop said.
The company will also, he added, “try to remove” guidelines that require users to exclude some ConnectWise products from anti-virus scanning to avoid false positive alerts, and begin monitoring its solutions via the SOC operated by its Perch Security unit.
“We’re going to start off with Automate, we’re going to move that across the entire cloud architecture, and then we’re going to make that available out to our on-prem customers as well as something they can opt into,” Bishop said.
Steps like those are the latest additions to the “shift left” product security initiative ConnectWise began rolling out early last year. Others include the introduction of a bug bounty program last September and quarterly vulnerability assessments and penetration tests via multiple third-party providers.
MSPs have been squarely in the crosshairs of hackers eager to use RMM software as a jumping off point for assaults on multiple end user environments for at least the last five years, according to an alert published by the federal government in 2018. Some 73% of MSPs surveyed by Perch in its 2021 MSP Threat Report say they’ve suffered at least one security incident in the last 12 months.
IT Nation Evolve will continue on a periodic basis through August 12th. ConnectWise announced new reporting and cloud billing reconciliation tools at the show today.