ConnectWise has introduced new tools for procuring cyber insurance and an updated risk assessment solution.
The managed services software and services titan made both announcements at its IT Nation Secure event, which is taking place this week in Orlando.
The new insurance resources include a tool from compliance-as-a-service vendor ControlCase designed to help users of the ConnectWise Manage PSA solution more easily complete the sprawling questionnaires insurers increasingly use to assess end user adherence to security best practices. Those who wish to can then forward the data they collect directly to broker Fifthwall Solutions and get quotes from over 35 cyber insurance providers. MSPs can draw on the ControlCase system and Fifthwall integration to streamline the application process for their own errors and omissions coverage too.
“It’s a very, very easy process,” said Raffael Marty, general manager of cybersecurity at ConnectWise, in a conversation with ChannelPro. Going forward, he continued, ConnectWise plans to help MSPs get better pricing on cyber insurance policies for their customers by using data in their RMM and PSA solutions to verify that end users are utilizing the safeguards and controls identified on their questionnaire.
“We’re trying to get at this from different angles to just make sure that it’s an easy process for everybody to get insurance, and that you get the lowest rates possible,” Marty says.
Fueled by mounting threat activity and claims volumes, cyber insurance prices in the U.S. rose 110% in the first quarter of 2022, according to insurance broker and risk advisor Marsh. Those same trends also have insurers raising qualifications for cyber coverage.
ConnectWise is the latest of many IT management and security vendors working to ease the resulting impact on MSPs. Augmentt, for example, announced a relationship with security broker SeedPod Capital yesterday that qualifies businesses managed by Augmentt partners for discounts of up to 40% on cyber insurance. Earlier this year, Trend Micro and IGI CyberLabs both unveiled similar agreements with cyber insurer Cowbell Cyber.
ConnectWise is open to striking cyber insurance deals with additional brokers in the future. “We’re not tied into just Fifthwall,” Marty says. “It’s the first partnership. We’ll see how that goes.”
The updated product ConnectWise showcased today, now named ConnectWise Risk Assessment and previously named Fortify Assessment, features a newly simplified user interface and pre-sales functionality that lets users execute assessments via links sent to customers or prospects remotely.
ConnectWise has also ported the system onto Asio, the next-generation application platform, first unveiled last November, that will eventually host all of the vendor’s software. The ConnectWise RMM system, which also debuted last year, runs on Asio too.
By the time of the company’s IT Nation Connect conference this November, according to Marty, ConnectWise Risk Assessment will have evolved from a sales-oriented risk measurement and reporting tool into a comprehensive vulnerability management application.
“Instead of just having this one-time assessment of an endpoint, we’ll just leave it on there and start doing continuous assessments based on a schedule,” he says.
Eventually, the system will import patch status information from ConnectWise’s RMM software as well. Marty hopes to have that functionality in place in time for the next IT Nation Connect too.
“We’re trying to move really fast here,” he says. “We understand that there’s other vulnerability management solutions out there and we’ve got to catch up.”
Also at IT Nation Secure today, ConnectWise announced a new integration between its BrightGauge reporting solution and software from security vendor SentinelOne that allows MSPs to build EDR data into security-related dashboards.
In addition, the ITBoost documentation system now comes with a new suite of standard operating procedures for incident response and information security policies. The ConnectWise Manage PSA platform now features new project templates designed to accelerate security onboarding, incident response, and security alert handling.
ConnectWise rolled out a retainer-based incident response service designed to help MSPs without security experts on staff overcome breaches faster and more effectively in April, and added an on-demand, incident-specific version of that offering last week.
“We come in remotely, contain the problem very quickly, get you back operational, and then make sure we figure out what happened and how can we help you solve that problem in the future,” Marty says. The company leaves monitoring tools behind for 30 days following resolution to guard against hidden malware or back doors, and then delivers a post-incident report containing recommendations on preventing similar attacks in the future.
With damaging breaches involving IT management solutions from SolarWinds and Kaseya leaving MSPs nervous about the integrity of their RMM, PSA, and other line-of-business solutions, the security of its own products remains a top priority for ConnectWise as well, according to Patrick Beggs, who became ConnectWise’s CISO in February. The company has been focused on product security since early 2020, following media reports about vulnerabilities in the ConnectWise Control remote access solution.
“Application security is number one for my organization right now, ensuring that we’re building things securely and we’re resolving any either vulnerabilities or defects or issues before they go into production,” Beggs says.
Since stepping into his current job, Beggs has put additional tools for tracking assets and vulnerabilities into place. “I’m all about automation,” he says. “Speed to response is the name of the game for sure.”
Like Kaseya, ConnectWise is also investing in penetration testing from third-party experts. “Our hope is to be able to identify things that we didn’t already know about and remediate them,” Beggs says.
ConnectWise plans to get more directly involved in the bug bounty program it launched two years ago, which is currently run entirely on an outsourced basis by white hat security services provider HackerOne.
“We’ll be taking a lot more ownership of it,” Beggs says.
IT Nation Secure concludes tomorrow.
