The Cyber Research Unit (CRU) that ConnectWise officially introduced at its IT Nation Secure event in Orlando this week may not have inspired screaming headlines, but for the team at ConnectWise’s Perch Security unit, it was the realization of a long-deferred wish.
“This was always a dream for us to do,” says Wes Spencer, Perch’s chief information security officer. “There was no way we had the resources to do it.”
That changed last November, when ConnectWise acquired Perch, along with co-managed SIEM provider StratoZen. Thanks to its new corporate parent’s financial heft and larger ambitions to deepen the channel’s security expertise, Spencer and his colleagues have now assigned three full-time employees to a job that analysts previously did part time between investigating alerts.
“It’s what they’ve always wanted to do, and now they’re tasked to it completely,” says Spencer of that trio. Their mission, he continues, will be filling what Perch sees as a gap in the industry for a threat research organization dedicated 100% to MSPs.
“There’s a lot that are out there,” says Spencer of threat intelligence outfits. “Most of them, if not all of them, are focused on the Fortune 500. They’re focused on the largest of the large, and so the research that they produce, the tools that come out of them, don’t work for the channel.”
The ConnectWise CRU will be different, Spencer promises. Tapping into the mountains of telemetry Perch collects daily in its work providing SOC services to managed service providers, the CRU’s analysts will build upon and expand previously ad hoc activities, like publishing a weekly threat trends report and posting bulletins with actionable recommendations for addressing time-sensitive threats.
They’ll also distribute intrusion detection rules and some of the real-time intelligence that Perch’s own experts draw on daily while supporting clients. Examples currently available on the threat feeds site ConnectWise unveiled yesterday include a list of URLs used by the Mozi botnet in the last 14 days, and another list of IP addresses that malware samples attempted to contact when detonated in the CRU’s sandbox.
“None of those things are gated,” Spencer emphasizes. “You can just go and grab those as you need.”
According to Spencer, that’s exactly what the security information sharing and analysis organization (ISAO) operated by industry association CompTIA—which was created by ConnectWise in 2019, taken over by CompTIA last March, and officially put into operation last August—will do. “We’re very committed to working with the CompTIA ISAO as part of our partnership with them to give them intelligence as they need it,” he says, on both an automated and more consultative ad hoc basis.
Users of ConnectWise software, Spencer adds, will benefit from the CRU’s work in less visible but more tangible ways. Perch research has long influenced design and patching decisions at ConnectWise behind the scenes, he notes, and will do so even more now that there are full-time analysts producing that content.
“If you’re using ConnectWise, it’s operationalized right into the product stack,” Spencer says. “You don’t have to think about it. You get it with ConnectWise, which is the benefit of being a ConnectWise partner.”
Helping MSPs learn to take full advantage of the CRU’s research will be among the group’s top priorities in the months ahead, according to Drew Sanford, director of technical sales at ConnectWise. Most channel pros can apply intrusion detection rules to firewalls manually, he says, but only the more sophisticated ones have the know-how to base automated response and ticketing scripts on CRU intelligence. Helping more partners acquire such skills is one of the CRU’s leading objectives.
“There’s going to be a process of educating them on how they can use it, which I think will be very positive from a standpoint of maturing the community,” Sanford says.
That’s the kind of impact Spencer most looks forward to having through the CRU. Mature security vendors have a responsibility to share what they know for the greater good of the industry, he says. Launching a full-bore threat research group will finally enable Perch, which was founded just five years ago, to fulfill that obligation.
“It’s just part and parcel of cybersecurity,” he says. “We must give back.”
