Ryerse’s counterpart for protecting MSPs from attacks on their RMM and other solutions is Patrick Beggs, who was named ConnectWise’s chief information security officer in February and has spent the months since then expanding an already substantial “infosec” initiative launched some three years ago.
“As long as I’m CEO, that will always be my number one priority,” said ConnectWise CEO Jason Magee in a conversation with ChannelPro last week. “We make tremendous amounts of investments every year and it continues to grow and grow and grow.”
Examples introduced by Beggs this year include a new set of product security response teams embedded within ConnectWise product groups to point out current and potential vulnerabilities. “They’re going to be graded for that,” says Beggs, who is also building a security “red team” to hunt down weaknesses those other resources miss.
Both of those units are part of a larger “cyberfusion framework” Beggs is pursuing in which threat intelligence experts, security operations center staff, incident response specialists, and others cooperatively block as many attacks as possible and limit the impact of those that inevitably get through.
“I want to be able to work with external researchers as well,” says Beggs, pointing to the warning ConnectWise got from security vendor Huntress last month about a potentially serious vulnerability in its R1Soft backup management solution as a “great example” of the collaboration he hopes to promote. In fact, the only thing that went wrong in that episode from his point of view is that the independent researcher who first discovered the flaw told Huntress about it only because he couldn’t get ConnectWise’s attention.
“The researcher brought it to [Huntress] and they came to us,” Beggs says.
ConnectWise will launch a new email-based hotline to make reporting security gaps easier for outside experts this week. “The doors are open to talk,” Beggs says.