“We’re trying to move really fast here,” he says. “We understand that there’s other vulnerability management solutions out there and we’ve got to catch up.”
Also at IT Nation Secure today, ConnectWise announced a new integration between its BrightGauge reporting solution and software from security vendor SentinelOne that allows MSPs to build EDR data into security-related dashboards.
In addition, the ITBoost documentation system now comes with a new suite of standard operating procedures for incident response and information security policies. The ConnectWise Manage PSA platform now features new project templates designed to accelerate security onboarding, incident response, and security alert handling.
ConnectWise rolled out a retainer-based incident response service designed to help MSPs without security experts on staff overcome breaches faster and more effectively in April, and added an on-demand, incident-specific version of that offering last week.
“We come in remotely, contain the problem very quickly, get you back operational, and then make sure we figure out what happened and how can we help you solve that problem in the future,” Marty says. The company leaves monitoring tools behind for 30 days following resolution to guard against hidden malware or back doors, and then delivers a post-incident report containing recommendations on preventing similar attacks in the future.
With damaging breaches involving IT management solutions from SolarWinds and Kaseya leaving MSPs nervous about the integrity of their RMM, PSA, and other line-of-business solutions, the security of its own products remains a top priority for ConnectWise as well, according to Patrick Beggs, who became ConnectWise’s CISO in February. The company has been focused on product security since early 2020, following media reports about vulnerabilities in the ConnectWise Control remote access solution.
“Application security is number one for my organization right now, ensuring that we’re building things securely and we’re resolving any either vulnerabilities or defects or issues before they go into production,” Beggs says.
Since stepping into his current job, Beggs has put additional tools for tracking assets and vulnerabilities into place. “I’m all about automation,” he says. “Speed to response is the name of the game for sure.”
Like Kaseya, ConnectWise is also investing in penetration testing from third-party experts. “Our hope is to be able to identify things that we didn’t already know about and remediate them,” Beggs says.
ConnectWise plans to get more directly involved in the bug bounty program it launched two years ago, which is currently run entirely on an outsourced basis by white hat security services provider HackerOne.
“We’ll be taking a lot more ownership of it,” Beggs says.
IT Nation Secure concludes tomorrow.
