Bonus Episode: Integration is Everything
Listen to the Podcast
Read the Transcript
In this special bonus episode of MSP Chat, sponsored by Sxipher, Erick and Rich discuss how integrated MSP tool stacks appear to produce higher sale valuations and how and why to get serious about IoT management. Then they’re joined by Christophe Reglat, CEO of Sxipher, and Lisa Bryant, Sxipher’s CRO, to explore the pen test challenge and opportunity for MSPs and the value of integration in cybersecurity. And finally, one last thing: The critical hole, as it were, in a criminal mastermind’s escape plan.
Discussed in this episode:
Genesis Autonomous Deep Learning AI Penetration Testing by Sxipher
After months on the run, a murder suspect falls through the ceiling and into custody
Transcript:
Rich: [00:00:00] This episode of the MSP Chat Podcast is brought to you by Sxipher, Defender on a mission to redefine the cybersecurity landscape through pioneering innovation. Sxipher’s flagship Genesys deep learning AI penetration testing software revolutionizes cybersecurity assessments and ethical hacking.
Empowering IT professionals to meet rising pen test demand at prices end users can afford with unprecedented efficiency and accuracy. Unlike scripted solutions, Genesys Deep Learning AI offers advanced identification of both known vulnerabilities and unknown exploits. And its brand new integration with Acronis CyberProtect Cloud takes cybersecurity management to a whole new level.
Enabling users to run pen tests, view alerts, and manage machines directly from the Acronis platform. Plus, Sxipher offers a cost effective, no contract subscription model and sells exclusively through managed service providers and managed security service providers. Visit Sxipher. ai to learn more. That’s S X I P H E R dot A I, and tell them MSP Chat sent you.
And three, two, one, blast off, ladies and gentlemen, and welcome to the sponsored bonus episode of the MSP Chat podcast, your weekly visit with two talking heads talking with you about the services, strategies, and success tips you need To make it big and manage services. I said weekly, but as I also said, this is a bonus episode brought to you by our friends at Sxipher.
And we will be talking with some of the senior executives there a little bit later in the show until then my name is Rich Freeman. I am the chief content officer and channel analyst at Channel Mastered. The organization responsible for this podcast. I am joined as I am on every episode of the show by your other co host, Erick Simpson, our chief strategist at Channel Mastered.
Erick, how you doing? Doing well, Rich. How are you doing? I’m doing great. Something just occurred to me right now, Erick, which is that we work at channel master. We run that fine organization. Red is our color at channel mastered. And very often when we do this show, as folks who watch on YouTube know you are wearing a red shirt and I am always wearing black I’m just, I’m not getting into the right spirit of the show here, maybe I need to do something about this.
Erick: I like you as the man in black. I do. And yes for the days that we record this show, I do wear a red shirt, I just think, and I’ve always been impressed by seeing you on podcasts and, rich, we’ve done podcasts for years before the MSP chat podcast together, and you always had this, the man in black persona, and I really liked it.
And I thought, Hey, you know what? Red is the theme color, one of our theme colors at Channel Mastered, so maybe I’ll adopt the the persona in red. We’ll offset each other that way. I like it.
Rich: I like it. Okay, yeah. Yeah I had not realized there was that much strategy behind it, but it’s a very wise strategy, so I like it.
As I said this bonus episode of the show is sponsored by Sxipher. We’re going to have an interview with Christophe Reglott, CEO and Lisa Bryant, the CRO of that company coming up until then let’s dive right into our story of the show, I will call it Erick. And as we were recording this, it’s just been a few days since I got back home to Seattle from an event I attended in Dallas last week and interesting show was sponsored by an organization called the 20.
I won’t get too deep into who they are, what they do, although it is an interesting company for people to to research on their own. But what we’re going to talk about here was inspired by a particular session at that event. And it was a presentation given by a guy named. Barrett Kingwriter.
He is the senior managing director at a company called Pinecrest Capital Partners. Pinecrest works with MSPs who are looking to sell and private equity companies cheaply that are looking to buy. And he plays that middle person advisory kind of role, but he’s very much gotten his finger on the pulse of the M& A landscape and managed services right now.
He got an interesting question. From an MSP in the audience because as you well know, Erick, there are two schools of thought among MSPs out there about the merits of going with a I’ll call it best of breed tool set, particular tools you like in different categories for various reasons.
And then you have to figure out how to integrate those to the best ability can. Versus going with more of a pre integrated kind of tool set, whether it’s from one vendor or from multiple vendors. And it’s an apt topic for us to be talking about, Erick, because one of the things we’re going to get into with the folks from Sxipher a little bit later in the [00:05:00] show is an integration.
That Sxipher and it’s pen test platform is announcing with Acronis. So it got me thinking about integrations and the question from this MSP in the audience last week was what is the exit price, the sale price impact for an MSP of having that more tightly integrated tool set as opposed to one that’s reasonably integrated, but only as best as you can do in a best of breed kind of environment.
And according to Barrett Kingsrider, one expert’s opinion, I haven’t had a chance to test this out with other people I know having that integrated tool set is going to get you a, on average, 20 percent higher price. And and he was thinking about this specifically in terms of if you are selling to one of these roll ups or one of these private equity kind of firms, they’re very interested in efficiency.
They are mindful of the fact that if you are juggling multiple, Pricing models and multiple tool sets and you’ve got to train your technicians on all of these different tools that there’s just a lot of overhead and inefficiency associated with that. And the MSPs who are the most integrated, not just in terms of the tools, but really in terms of everything that they do.
Are easier to onboard more efficient, faster to profitability than the others. And because it takes some more time to work with those less integrated acquisitions, they’re essentially the acquirers. Are taking that cost out of their acquisition price. So I’m not going to say, I’ll be very curious to get your point of view on this, Erick, I’m not going to go ahead and advise MSPs that no matter how much you love best of breed, you really need to be going with a tightly integrated set of tools from one or from several vendors.
But it is a food for thought discovery to the extent that Barrett Kingsrider Pinecrest Capital Partners is right. And there’s. A 20 percent premium out there for the companies that are more closely integrated. It’s just something that you have to factor into some of the decisions you’re making about how you run the business.
Erick: Well, Rich, my initial kind of thought as I was listening to you begin the topic was, wow, that’s a pretty big differentiator. And then as I started pondering it, listening to how you Continued to share your perspective on sitting in this session and listening to this expert. I thought that makes perfect sense.
It makes perfect sense. And then I thought it’s so my mind is racing today, right? So then I thought you know what? People, it’s the experience. That you deliver to your clients as well as the efficiency and ability to perform at a much higher level internally that are the benefits of this in profitability for the MSP.
But the experience that you deliver to clients and their end users should be consistent and at a high level. And I thought we’ve all been to dentists in our lives, right? Rich. And you’ve been to some dentists where you’re like, never going back to that dentist again, because the experience was not, the best.
And then you find someone that you really. Enjoy, right? And you’d say, okay, this is it for me. Or maybe, use gyms and things like that. I’ve been to this gym. I didn’t like it that much, but I like this gym. I like the experience. It’s very consistent. I know what to expect. So a couple of things happen here when we are integrating these systems and solutions at a very high level, it is much more efficient and easy for technicians to do their job, driving profit to the bottom line.
It also helps eliminate churn. And keeps employees on longer, it helps eliminate if we’re delivering consistent experiences to our clients because we’re not having to, put it together on the fly, right? And swag it when we’re solving issues like they have a consistent experience. It helps eliminate or reduce churn with clients and helps grow that lifetime value.
And so I’ve got to think that there are all these other things that someone that is considering buying an MSP or rolling up an MSP already know about that probably, the expert on, on stage didn’t have time to get into, but I can just think of probably three or four more things that are definite benefits that are measurable.
Because of tighter integrations. And I guess if I were in the audience, rich, a follow on question might have been how important the edit is it from a valuation perspective or from an attractiveness perspective that the selling MSP is [00:10:00] actually using the similar tool sets of all the other MSPs that are being rolled up, right?
That’s gotta be very important as well. I would imagine. Yeah
I’m absolutely certain that gets factored into the sale price as well. Cause again, the acquirer is going to go out and complete a transaction, they’re going to spend money and then they are going to integrate onboard this acquired company with the other MSPs they already own.
And if it so happens that the company they’re acquiring already uses it. The tools everybody else is using. That’s a lot easier and less expensive. If you’ve got a complete, and I, my guess is a lot of the time, you’ve got to completely replatform that acquired company and it takes a while that some of that cost is going to come out of the sale price.
Yeah, so I don’t know. And I certainly wouldn’t say. That standardizing on a name brand platform is necessarily going to get you a a better exit price. But I’m sure that kind of an issue does factor into that a little bit. I got to say, it’s super interesting. Sometimes you’re, your days at just fall together like this.
You were talking about. The user experience, the end user experience benefits of having integrated tool set and just a few hours ago, I had a chance to interview Chris Day formerly the CEO of IT glue. He was just, as we’re recording this named the CEO of a scale pad and they have a big integration initiative coming up as as we’re recording this right now.
And that was the thing that he went straight to is, he said a lot of Vendors in our industry are focused on the MSP experience because it’s the MSPs who are buying tools from the vendor. But their big focus at ScalePad is going to be the end user and the end user experience and the improvements in that end user experience made possible by Integrated tools and this sort of integration initiative that they have going over there.
It gets just interesting to, to hear you come up with that and echo what they were saying. There are end user benefits to integration in terms of the speed with which tickets get closed and the degree of painfulness or painlessness of that process and so on. And it’s easy to overlook.
Erick: Yeah. And I think just to tag in on a pivot point there MSPs make their decisions on who they partner with from a vendor relationship. In my experience, Rich, based on these first three checkboxes and then the next three checkboxes, but the first three checkboxes are led by, is it good for my clients?
That is the first sniff test. It’s Hey, Is this platform, is this integration, are these bundles of solutions, whatever it is that I’m evaluating, are they good for my end? Clients and customers and users. If that box gets checked, the next box Rich is it good for my team, my technical staff?
I’m trying to reduce some of this sprawl and some of this inefficiency and things like that. Is it better? Is it good for my team? Is it easy to deploy? Is it easy to manage? Is it, does it integrate? With all the platforms we’ve talked about this kind of stuff on the podcast before rich and then the third check box typically as well.
I’ll get, how much money can I make? How easy is it to make money? How much gross profit can I drop? Can I drop to the bottom line? And how can I scale it and grow? And if we can get past those three, then there’s several other ones, that we’ve talked about on the show before that I won’t get into here, but absolutely that end user experience.
Just like I said, we make decisions as individuals on, the kinds of cars we drive, the dealerships we buy them from, our dentists, some medical professionals that we visit, who’s our primary care physician. Do we like them? Do we not like them? The gyms we go to all of this is based on that end user experience.
And surprise, we will pay more for a better experience. People will pay more. For a luxury version of fill in the blank, a luxury vehicle, a luxury vacation, because the experience is so much better. So again, it’s not always about cutting costs and being more efficient and driving profits this way, but it also allows the MSPs to charge more for that better end user experience.
Absolutely. Absolutely. Be the MSP who provides the Mercedes Benz experience and serves nothing but businesses. Who knows the value of that experiences and is willing to pay for it. We’re talking a lot about tools, Erick. Let’s just stay in that zone here as we transition to your tip of the week, which has to do with a a tools issue around a market opportunity that we actually spoke about a little bit on a recent, fairly recent episode of the podcast.
We
Erick: certainly did, Rich, and all too often, and those of you that are subscribers and listeners and viewers of the podcast. Probably guess [00:15:00] what is it that they’ve talked a lot about recently, so I’ll just let it out of the bag. It’s not AI, it’s not a security. It is security and security adjacent.
I will say that, but it’s not, we’ve been talking a lot about AI and cybersecurity in general, but I want to talk about a segment of devices that do impact security and oversight and compliance for MSPs rich, and that is. IOT devices, the internet of things. Remember when the IOT was like the big news?
Remember when everybody was, scrambling around identifying these IOT devices are basically dumb devices. They can be controlled and used to attack and infiltrate networks and things like that. I remember that years ago being like this topic of conversation then. Then we started moving into just, cyber security and threats and things like that, assuming that IOT was part of it.
But I really want to focus on MSP’s responsibility in terms of including identifying these IOT devices. These are network connected devices that, in some folks opinion, As MSPs, we do not monitor or measure, or maybe that’s outside of the box. That’s not my responsibility. Guess what?
Anything that has the potential to negatively impact the operation or the uptime or the security of infrastructure or business applications. Or services that’s definitely should be on an MSPs radar. So I’m going to talk about IOT devices and IOT management today, rich. And as we know, there is no end in sight to the growth of these devices.
I wish we could pull the audience and say how many, in the comments, let us know how many IOT connected devices do you have in your home? I’m not going to hear the number of IOT devices we have here at. At the simpson household rich, but it is not insignificant It is not insignificant when you count cameras and phones and ipads and Streaming devices and tvs and the refrigerator that connects the internet for who knows what?
It’s a lot. So how do we add value and charge for managing and maintaining these IOT devices because they are directly connected to the infrastructure in our client’s location. So three quick tips use specialized IOT management Platforms that we’ve spoken about some on the show before rich.
We see some of the top three kind of PSA, RMM, all in tool vendors moving in this direction, adding functionality. We know other folks that specialize in just monitoring and managing these IOT devices, but you need a tool that is. That has capabilities beyond what we typically consider our RMM tools role.
I’m going to identify things that have an IP address when I scan the network and then tell me what that thing is. We’re, infrastructures are mature enough now that the typical types of hardware that’s connected to an infrastructure, are, Typical monitoring and management tools can identify.
Oh, that’s a firewall. That’s a PC. That’s a laptop. That’s this. That’s, a wireless access point because we’re transmitting that information back. These tools can see that, but not with all IOT devices, cameras, box. You name it, anything that’s in there, specifically in like verticals dental practices or health care, what are all the devices that are connected to those systems that, you may not be thinking about.
So find a tool that can help identify what all those devices are. So that you know what they are. And I just simply it’s an IP address. You’ve got to go hunt and find, using the the data that’s available because I’ve tried that rich. There are some devices in my house that took me a while to figure out.
Is that this thing or that thing? Because I can’t really tell, right? It takes a lot of work to do that. So find a platform that can help you do that segment these devices in the network, right? So make sure that you are separating them into their own VLANs and segments so that you can manage them better from a network segmentation perspective.
And then, third tip Rich, conduct regular audits and monitoring and make sure that you’re identifying those, I’m going to call them, dumb IoT devices. Which is dumb, [00:20:00] not because they’re not intelligent, but from the perspective of There’s no easy way to manage the security and update them and password man is like the first series of cameras that everybody went nuts over.
They were definite targets for bad actors because they were very dumb and so make sure that you’re. Identifying these things and you’re replacing these IOT devices with things you recommend that you can manage and of course, make sure that you’re letting your client know that this is a vulnerability for them and you’re going to manage it for them and you’re going to charge them for it.
And when you present it that way, in this day and age, Rich, there’s going to be a very small percentage of clients saying, no, we don’t want you to manage and secure. Those IOT devices. Thank you very much, but we’ll just sign a waiver letting you off the hook. We know that’s not
Yeah, whatever you think about IOT and IOT solutions, and that’s what we talked about on that recent episode of the show, that there are more and more solution providers out there who are building IOT solutions for their clients. Even if that’s of no interest to you I’ve long referred to IOT as both a a defensive and an offensive opportunity or challenge for MSPs.
The defensive piece of that is that every IOT device is a potential security vulnerability whether you are interested in those devices or not, you are going to be on the hook to, to a great extent if that device is the the avenue through which an attacker gets into a client environment that you support.
So you have to be paying attention to these devices that are on the network like it or not, and to the degree that you’re doing that, and especially if you’re using. Tools fit for that purpose. It is very much within your rights to charge for that. And that’s the offensive opportunity is you can be making more money doing this thing that you really need to do for your clients totally on board with you that you really need to be looking for a tool that is designed for this purpose.
More or less, any decent network management and monitoring platform will, as you said, show you got a bunch of stuff on the network here. Most of the time, most of those products will force you to figure out what is all of this stuff? And back in the day, you’ll remember there was this phenomenon called cable tracing, where you would just literally follow the cable until it ends, and then you can get it And answer to the question.
It’s like in the age of wifi, you can’t even do that anymore. So you need something that will not only discover these devices, but classify them. And then the other thing, the only thing I would add to the the kind of functionality requirements that you put on the list there, you were talking about how the MSP needs to audit the environment now and again, and see.
What is new on the network since the last time you look there are tools out there that will proactively tell you something just connected. Something new is on the network now. And if it’s a tool that’s built for that IOT use case, it will actually tell you what it is.
There are. 10 new smart bulbs just connected to this network. And so you don’t actually have to wait until the next audit to discover that I, for me, that’s a very appealing feature to get that alert when something I have related connects to the network like that.
Erick: Yeah. Richie just reminded me of all the smart bulbs and lighting we’ve got in the house as well.
I’ve got some stereo receivers that connect to the internet too. It’s just like everything. As the wireless. Chip in it now. It’s It’s hard to keep up with.
If you need to check out how good your current tool set is at at handling IOT devices like that.
Like you were saying, Erick, some of the big names Kaseya in particular at their event in the spring said that we need to rethink the meaning of the word endpoint in the managed services world. Now it’s not just a PC or a server. It could be a mobile device. It could be a cloud app, or it could be an IT, an IOT device.
And. You need one tool that can manage all this. So see if you’re using something that is set up to handle IOT. And if you’re not you need to start investigating tools that can help you with that. So you don’t get surprised and your customers don’t get surprised. And so with that we are going to take a quick break, Erick, when we come back from the other side, you and I will be joined by Christoph Reglock, CEO of Sxipher.
The company that is sponsoring this episode of the show as well as Lisa Bryant, Chief Revenue Officer of Sxipher. We’re gonna have an interesting question or a conversation with them about penetration testing, which is something that they do, about integrations, because they are announcing an integration with Acronis as I mentioned before.
So lots of interesting stuff to talk about with the top brass at Sxipher. Stick around for that. We. Are going to be right back And Welcome back part two of this episode of the msp chat podcast sponsored by Sxipher and in fact, [00:25:00] here in our spotlight interview segment We are joined from two senior executives at Sxipher lisa bryant.
She is the chief revenue officer And christoph reglott. He is the ceo lisa christoph. Welcome to the show You Thank you, Rich for having us. So before we dive into the conversation here I would love to introduce both of you to our audience. I’ll start with you, Lisa. Talk a little bit about yourself and also a little bit about Sxipher.
So Lisa Bryant, Chief Revenue Officer, very excited to be bringing deep learning pen testing AI driven for all of the MSPs out there so that you all are able to find ways to increase your client’s security, increase MRR, increase support hours. So looking forward to talking about that. Awesome. And Christoph, tell folks a little bit about yourself.
I’m , the CEO, And. This is it. Yeah, I’m the CEO of Sxipher. We’re very excited. We really have a good solution for MSPs. Finally, they’ve been waiting for it, for something that they can afford, something that they need to use. And we’re glad to talk to you today. And, we’re going to present that to them.
Okay. Let’s let’s get to it. I see statistics. I see validation all the time that demand for penetration testing is growing in the marketplace. What do you think is behind that? What’s driving that increased demand? It’s very simple. It’s security. The pen test. So we’ve been going from an era and it’s still going and it will never stop.
Where we put, EDR and, basically defense mechanism into network. So every MSP in the world do that. They have to do that. They put in a virus, they put in EDR, they put all kind of mechanism. But at one point of time, you have to test. Those defense mechanism to see if it works right to see they actually react, To see if they forgot something on any workstation.
This is where the pentesting comes through, right? It is not automated testing. So it just doesn’t knock on the door, right? It’s just actually try to open the door and see in every workstation and everything that you have in your network or outside the network if there is any exploitable things That resides in there that needs to be closed and you’re being treated so the pentest is a very necessary step Into a network, I mean It’s never you basically you cannot have the entire network if you don’t do the pentest you have some of it without all of it So this is basically what a pentest is for not a lot of testing completely different
Erick: So Lisa and Christophe I work with a lot of MSPs as you guys do as well, and I’m struck by.
Just how many MSPs may not be taking advantage of pen testing today. So how big of an opportunity is it for MSPs? And how many of them do you think are really taking advantage of that opportunity right now? Not enough. I can
Christophe: tell you that. They are not enough because I think, They might be scared about it, because pen test is a big thing, right?
It’s pen testing, right? No vulnerability. And but it is the, they have to do that. The clients, the many compliance, demanded, and they’re not taking advantage of it. The reason is, I believe Erick is because he’s been too cumbersome in the past to do a pen test. It has been too expensive to do a pen test.
And basically the MSP, not to default, they say you To cumbersome, I got to make an appointment. I got to have a red team come in. It’s got to be, schedule and stuff like that just to cumbersome. And the price behind it, they can resell it because they don’t make any money.
And basically they, there is no value to them. There is a security value, but no value to them. So I think that’s what, the struggle was that’s why when Sxipher. Then we made it to a twist, very easy to implement. It is. Seriously, I don’t want to tell you that but it’s very easy to implement right and they actually don’t have to schedule anything They can implement it whenever they want.
They can run it whenever they want. Okay, and the price tag on it Okay, we’re going for like a hundred dollars per pen test per billion It’s extremely, inexpensive. So now they have the way, to actually Increase the security to the client. Deploy it, whenever they want, run it, whenever they want, can be completely continuous or less more, or, on schedule.
Why would they want to do it? And actually can make money on the four sides. So they can divide, 400 for us. They can resell it for 150, 200, or where they really make the money. And I think they starting to understand that is the remediation because the And that’s going to show part of it in the network.
They’re going to have to go fix that, not just once, it’s just because if they run it, continuously every single month, they’re going to have to go fix it. So on the same client they have, now they’re increasing, the revenue per client and what’s [00:30:00] important is that the positioning themselves as to an MSSP, someone that is, competent is, doing cybersecurity for their clients and the client get also an added value because now the MSP is actually testing, the network to make sure everything is in place.
That’s really the essence of it. Yeah, and I think also there’s the benefit of the actionable insights, right? So vulnerability testing I ask msp mssps. Are you guys doing vulnerability testing? I said, yes Great. Are you guys doing anything with the results that you’re finding? No, you know why because there’s so much that they’re overwhelmed They don’t know where to begin with it.
They get so much back. Whereas now, we’re giving them prioritized actionable insights into the items that need to be remediated immediately. These are the exploitable vulnerabilities. So now they’ve gone from being overwhelmed to a solution now that has streamlined that entire process. So when you take that, and that’s why I started out and I said, number one, client security, right?
That’s the first and foremost. They have the opportunity to run this continuous on the client network. To not do that at this price point with what we’re able to provide is doing a client a complete disservice. Quite honestly. Second of all, I talked about the MRR, they can increase that MRR by putting this in continuous on their client network, backing up that security.
And then the third being the hours of remediation. We saw tremendous remediation hours for clients and I’ll give you so to tell you, let’s take, I just happened to put this together for you. CPA firm, which by the way, has to have a pen test because the FTC’s most recent rules say they need to be continuously monitoring the network.
So 27 person CPA firm, let’s put in, the 350 for the pen test. And that’s high. I wouldn’t even put it in a 350. Go ahead. Okay. Figure out your hours. You’re going to run it basically on this hour. I’m going to go ahead and tell you over a 12 month period on a pay as you go. It’s almost 5, 000 a month, right?
So take that almost 10, 000 for that client. Multiply it out by 10 clients. You’re running continuous. You’ve almost got 85, 000 and new business directly to your bottom line on organic growth. Everybody should be pen testing. Thanks. That’s really pretty simple, they’re making it way too complicated, so curiously, what about guys, I said, it’s actually pretty simple. You’re making it way too complicated, yeah, I, to that point because we’re talking both about continuous execution in a way that isn’t excessively complex. And and isn’t excessively expensive, but we’re also talking about the opportunity.
As I understand it from a regulatory compliance standpoint, more and more often regulations are requiring pen tests, either continuous vulnerability management or regular pen tests. This is something that you’re going to need to be doing for a lot of your clients anyway, correct? Oh, that’s correct.
Yeah. Multiple country already made it mandatory to have a pen test and the U. S. is starting to get there also because, people are like they make, it’s like guys, again, you’re making it too complicated. Okay. Pen test is the only way for you to test, your defense mechanism.
It’s so simple. So test it, right? And make money on what you’re testing. It’s no, it’s no big deal, right? It’s and it really helps the client, and it helps also the insurance company, because, when they know that you’re running a pen test, they know that you’re aware of all the exploits, within the network, and they are better prepared to accept, a hacker that will come in.
So they’re taking less risk. Why do you think they’re going to mandatory, pen testing? For that reason, it’s the money. It’s a money thing. It’s not because, they want to be more secure. They do because if they’re more secure, they’re going to pay less money, when they get hacked or because they’re going to be the hack, less than an orphan, so that’s what it is.
It’s pretty simple, really. Simple.
Erick: First off, you’re using the word simple quite a bit, which I’m sure is going to get the MSPs excited to hear this because traditionally and penetration testing has been very complicated. It’s been expensive. We talked about this. It’s typically not been something that can be integrated into an existing MSPs, other platforms and things like that.
And that’s really what I want to focus on is that last bit, what makes integration between a pen test solution and the rest of an MSPs security and management platforms. So important. This is probably like table stakes anymore for MSPs. They want the integration, but can you share from your perspective, why it’s so important from this perspective?
It’s important because first of all, I close, the MSP, they also have some responsibility, not contractually, when they in charge of [00:35:00] someone, they’re working on, they get hacked, guess where the funger points, it’s wow, you told me, I was going to be secure.
So they have to be able to show the client that says I’ve done everything in my power, okay, to secure you. I’ve done the defense part of it. I’ve done the attacks out of it. We’ve checked everything. It is nice, right? I’ve done everything I can after that, there is so much thing that you can do The we have msp actually as a matter of fact right now.
They’re actually integrating, Sxipher into the cybersecurity stack. It’s completely integrated So when they go see, one of the clients like okay, you see what I’m saying, you know the workstation blah blah blah and that includes, our cyber security stack, Nvr cdr and pen testing and that’s how they do it because it is simple for them because they Control the pen test.
So like we’re saying They don’t have to call anybody. They don’t have to schedule it. They don’t have to say, it’s not a big deal. They install it. I want to install right now for a pen test on the VBox in about 10 minutes. Imagine that 10 minutes, you got your you got your it was like 20 minutes.
We lose it to 10 minutes right now. So you got your VBox in already. You got your pen test. You are you attack with the other client. You configure, what IP address you want on the portal, it’s over, it’s done, you have to do now, it’s just sit and then look at it, doing this stuff, right?
When it’s done, he stopped, you can actually go ahead and do your report. You take your report, you go to your client says, this is all wrong. I need to remediate because insurance company or whatever, right? I need to fix what’s wrong. And then you make your money and then you go on the next month and then do the same.
So the MSP. The entire, understand that. And a lot of them are starting to understand that. They just include that into their cybersecurity stack. That’s it. And for them, they also want to know because, I’ve been an MSP for a long time too. It’s not fair to the MSP, that you’re trying to secure your client.
And the clients, don’t want any part of it. That’s your problem. No, it’s not just the MSP problem, it’s also the client problem, right? And so you have to see a lot of MSP right now saying, no, when I, when you become a client, you have to do this because you have to do your part. I have to be able to pen test you.
You have to be able to see, what’s going on in your network. And that’s the only way I can see it. So that’s how they’re pushing it. And when you do, when I did it, when I did it, I’ll tell you how simple it is. When I did it and go see, clients like CPA kind of stuff like that, the only thing I told them, Erick and Rich, the only thing I told them, I said, Hey guys, I put all the defense mechanism.
I need to see what’s going on right now in the network. I’m blind. I have to be able to see the exploit that I can’t see right now. It’s how are you going to do that? I’m like, I’m going to put a pin test and that’s going to show me the exploit and I’m going to be able to fix that. Not once said no.
Not once said no because who’d be stupid enough to say ah, I got zero vulnerability on my stuff don’t fix it. Don’t look at it, let’s put you know in the hole No, they’re like sure. I mean go ahead and then when I went with my report you were to tell me I started going after number one.
Number two, they’re like, Christophe, stop. All I wanted to know is that you’re going to fix it. Then you come back and you’re going to get my network being secure without I will do that. This is, I’m going to say it again, Erick. That’s how simple it is. It is really simple. There is no objections from their clients.
They love it because first of all, it’s inexpensive. It is thick. It’s not even a sense of security. It’s an added security, major one that they have in the network. Helps them with the insurance, with cybersecurity insurance, helps them with the compliancy, helps the MSP, helps everybody. And the MSP completely controls it.
They don’t have to talk to us, they don’t have to call us whenever they want to do a pen test. They have a stack of 10 licenses, they can go and flip flop the license anywhere they want. And be done with it. That’s all I have to say my friend So it’s additional it is and it does this is like what i’m telling you guys is real life things It’s not things that i’m making up.
It is real life clients real life things Yeah, that’s how it happens and it’s funny because when I talk to when I go to I went to count here, stuff like that talk to clients and I yeah But I got guys you’re making me way too complicated when it’s not that complicated. It’s actually pretty I’m not going to say it again.
You know what I want to say. So on the topic of integrations the announcement you folks are making more or less now as this episode of the show is airing is a new integration with Acronis. So tell folks a little bit about what that integration is, what it enables, how it benefits MSPs.
Lisa, you take over, I’m terrible at talking. Oh my goodness, so we are so excited about this partnership with Acronis. It is going to bring the pen testing directly to their platform. You’re able to see all your actionable insights directly there within the system. All the devices by, are, it’s going to actually ticket by device.
[00:40:00] That’s insane. Beyond excited about this integration. I gotta tell you, yeah, Acronis just His articulation here is phenomenal. Phenomenal. And it’s a good integration. Yeah. We are also announcing it’ll be internal and external at the time that this recording is released. To the dev team and to everybody we are going to be at MSP global with Acronis.
They’re doing a sales village. We’re going to be rolling this out. So it’s coming to, an Acronis system, for you right there. I’m super excited about that. Yeah, from Acronis, they can launch the pen test, manage the pen test, anything they want, directly from Acronis. That’s it.
Erick: So congratulations on that.
I did not realize, we’ve been talking for a bit about the external component, and now I’m really excited to hear that you are announcing that as well. How important is it to have both of those capabilities? When we’re trying to elevate the security posture of our clients, both internal and external, can, for those of the MSPs that are listening that may not understand the nuances there, can you take a minute and just define what that is and why it’s so important?
Sure. So internal pen test is what the MSP just talk techy a little bit. They understand. This is the inside of your firewall. So this is where all your, client reside and everything, right? Workstation, printers, phone system, whatever you have, okay? That’s the internal pentest. This is where things happen, right?
Because when hacker acts, they hack you internally and then they Okay. That already moved, that’s what happens, right? Really important. You have to test internal. External is the other side of your firewall. That’s going to be on the wind side of your firewall. So now we’ve got a pen test, the outside of your firewall and see there is an important firewall.
Okay. But we’re not going to stop there. That’s why it took us a little time because we didn’t want to come, it’s just, pen testing the firewall because I do see value in there, but it’s limited. So we’re going to pen test, web apps. We’re going to test your web apps.
We’re going to pen test anything on Amazon. We’re going to pen test your website and we’re going to pen test your firewall. So all that’s going to be pen testing. So basically with Sxipher, you’re going to pen test your entire ecosystem of your client, outside, inside, everywhere, even inside. We’ve got, if you have web apps inside, you can actually, right now, pen test your web apps that are hosted inside.
So if you want the software that runs on, an intranet, you’ll be able to pen test that. You can actually pen test that today. So that’s why we’re bringing with the outside, pen testing is, both sides of the firewall, the LAN side and the WAN side. Complete solution, basically.
Complete solution. Sorry about that. But this is this is what’s happening. It’s a complete solution. So when you ask about the scope of opportunity for that, massive. I won’t even tell you, the dev team is so tired of hearing from me they would like to lock me up and throw me in a lake somewhere.
And I’ve been relentless. And I have, they do. They do they would love to throw me in a lake chains with chains on my hands. I’ve been relentless in pursuit of this because I’m the one, and again, I’m going to take you back to the very beginning. We did our research and it always sounds cliche to say, Oh, it was built for us, by us.
This was. 1600 conversations later and taking that information back to the dev team and pushing and then put in just us doing what we needed to do the external piece. And when people talk about external pen tests, they mean many different things. So in bringing that back. Krisoff said, okay we’re going to solve that and we’re going to give them all of it.
So it’s the entire ecosystem. So I’m not in the lake, thankfully. And the external and internal pen test is going to be released in time for MSI. The global and Barcelona with Acronis, we’re live in the system. We have beyond behind that even more to come because we are trying to bring Sxipher to all of the places where we live and work, we all work in different ways and we’re trying to, sure.
You can always find us on our website, but. We want to make sure that we’re bringing the solution to all of the distribution channels where everybody works. Very excited about it. So internal pen test, meaning the whole ecosystem. I did it. Yeah. Yeah. So much of what an SMB does is external by that definition right now.
And it really doesn’t feel like a complete pen test solution or like you have that component in there. So it is awesome that you’ve got that out there from the get go. One of the things that you folks will talk about at Sxipher about pen testing is that it really should be a collaborative process.
So what is important about making pen tests a collaborative process and what have you folks done to, to enable that? [00:45:00] And when you’re talking about collaborative process, you’re speaking of working directly with the client and the MSP, correct? Correct. Yeah, exactly. Yes. Because that, and this is where the rubber meets the road and you’re missing so much opportunity if you are not doing pen testing, the closeness that this brings to you and the stickiness that this gives you with your client is unheard of.
I’m out having conversations and all I hear from MSPs is, Oh, should I use it as a prospecting tool? And I’m like, you are missing the boat. Even if you want to boil this down to your top 20 accounts, your top 20. You need to protect, lock down and have every single one of them running a cipher pen test because you can’t tell me, and I’m going to whisper this, everybody’s QBRs are not really good.
And if they tell you they’re good, they’re lying. They’re not good. So now you actually have something where you’re not going in and trying to sell something because they know they don’t want to meet with you every quarter because you’re going to come sell them something. Now you have clients that you can have actionable insights of things Not just things, exploitable vulnerabilities that you’ve protected from getting inside their network and you can now sit down on a monthly meeting.
This is information that is roll up information that any board that has any sense would want to look at. This is that information and speaking of the sense to look at it, we made the reporting. You don’t have to be technical. We have an executive summary report that gives you the score. So you’ve got the roll up directly for that board member to look at.
Your host findings report goes ahead and feeds the information to your engineering team so that they know and by the way Spoon feeding the recommendations on how to fix and remediate Sxipher is doing that so you can go directly in the software hit the remediations button And see exactly the steps to remediate so no more hunting and pecking and looking all around That’s a big deal And then our detailed findings report is going to give you all the credentialing and the cracking and all of the attacks and what Genesis was successful in doing.
Genesis as the AI. And it’s a hemp. Yeah, you, you make a good point, the, when you have a QBR with your client, you’re trying to have an interesting conversation to promote, what is it that you’re doing for them? And if you have a, if all the MSP have a QBR about, Microsoft licensing and, the antivirus and stuff like that, What kind of a QBR is that?
So how different does it make talking about the same thing that your competitor is gonna talk about? Okay. And what makes you really different? Nothing. Because you’re talking about the same, office 365 and I saw you a printer, and it’s the same thing. There is no value into that. Because you competitor can do the same thing when you start talking about, how you remediate, the exploiting of vulnerability that you find and stuff like that makes you a cybersecurity person.
That makes you someone who takes care of your client network that makes the discussion On your qbr, I said, hey, listen, we find you those exploit with our engineering work on it We fix that now if we look at because we also give you a snapshot of past report, right? So you actually compare the network what it was, three days ago or 15 days ago two months ago They say, we see a change on the network and things like that.
Now you’re having An interesting and rich, conversation You That’s why it’s important to have an open communication with your clients that your competitors can have because it doesn’t do that. And he has not done, the pen testing with them because you’ve done it and you can talk about that because you’re the only one who’s doing that.
So you eliminating your competitor right away, right? But if you guys keep fighting and I’m talking to those guys who trying to make it so complicated, I close my mind. It’s like guys If you make it so that you are the mssp you are the expert in cyber security because you have those two br Because you have those items we talk about, you know with Sxipherpaint testing Now that makes you sticking with your client’s going to look at you and be like man This man got my back and now you stop talking about the I don’t know the you know the and a virus, you know that you can get for two dollars and 55 cents and your computer is two dollars And 59 cents who cares?
And you’re talking about the same thing anyway. So now you have something that is really important for your client and you to talk about your BQBR. That’s what makes you different competitor. Otherwise, we’re going to talk about Amazon, Azure, and then what in a virus and what printer and what else we’re going to talk about.
You’re saying the same thing. So that’s why the clients don’t want to, that makes you different. Yeah. That’s why you’re pulling teeth for those QBRs. And you want to talk about somebody who wants to be front and center with those results and be able to report that up, the flagpole to leadership, this is that type of information.
So the priority of the information becomes. Number one. The other thing that I did not share that if this doesn’t do it, I don’t know what would we know the power of this because we’ve seen it in Christoph’s MSP. We’ve seen it with our partners. We know that we don’t need a contract. That’s how confident we are with this solution.[00:50:00]
There’s no need for a contract because when you’re pulling in revenue, like the numbers that I just shared with you, by the way, that’s 10 accounts. And that was also taking out the tiny little bit that it costs to run Genesis every month. So I got no contract. Get it. Everybody should be running to get it.
So they’re starting, they’re good. That’s good. They getting the point, they need to, if I have to give them with one message is that guys, the market is not going to wait for you. Be aware of that. And the market is moving at a very fast pace right now.
And it’s not going to wait for you. So by the time, you’re thinking about, how the hell are you going to get your first time doing that? I’m like, how am I going to do that? How are you going to get that? I don’t know. You go talk to him in time. Hey, I’m going to test, your, network.
I’m going to see if your defense mechanism works. And then if it doesn’t work, or if I see something wrong, I’m going to fix it. It’ll be like, okay, that’s what it’s going to cost you. Okay. That, period. And the market’s moving fast right now. And the MSP that get it, they’re moving very fast.
And if those new MSP don’t move that fast, you don’t use a program. They’re going to be, like I said before, it’s Now they’re going to talk to the companion who’s going to come and say we can test your network. We can do this. We can do that. And they’re going to be left with what? Selling HP printer, so they have to move analysis, paralysis analysis.
It’s what it did. It’s analysis. . Yeah, they’re the same ones. still break fix. That should have switched over to MSSP. So now we’re gonna have folks that are either gonna make the jump to SSP or they’re not.
Erick: So you have a feature. That lets users choose specific exploits to test. Can you share a good use case example for that feature?
And how rare is that functionality among in the pen test market?
So it, so it depends. We have the, we have a lot of exploit and the exploit that we let them choose are the most dangerous one, right? So they can see, if they want to run it or not. They may have I’ll give you an example of my video here.
They may have like a station that is critical to where it would be dangerous to run a reverse shell. Maybe. And they say I’m going to pass a reversion on this computer, right? And so they don’t have to choose this one, this exploit, right? So those are the things, they can manipulate, and see how they want to run the pen test.
If they want to run a true pen test for compliancy, then my advice would be to be, just run everything, and see where the cheat fall, right? Genesis is very safe, right? So you’re breaking something is extremely very extremely rare, right? It’s not gonna probably happen But you know if you feel that you have, you know Something that is extremely important and you won’t even try it Then you can choose your exploit and disable, you know an exploit or two or whatever and we give you a list of exploit, right?
The most dangerous one the rest, we just run it and then you can choose you know, whatever exploit you want to run you can choose if you want to run a brute force if you want to brute force takes longer because we go after, you GPU, but you can choose if you want to run it or not. And you can choose to run it maybe once a month and then the rest of the time don’t run it, or it’s completely modular.
You can run your pentest from eight to five, Monday through Thursday, you can run it continuously or anything you want to me. With my experience, I’d like to run it continuously because I see the pen test as a camera, and I want to know, when I have my client that says, I want to know what’s going on at every point of time, because if I run it, from, let’s say September 1st to September 5th, I’ll have a snapshot, but what do I know about September 15th?
I don’t know. Something may happen to network, which usually does, and I have no idea, what’s going on. So if I run it all the time, then I could get my hours and be like, oops. Something pop up. For example, I had one of my tech, while storing on your laptop and your desktop, forgot to configure it properly.
It shows it’s got, three or four exploits in there. I’m going to see it right away and be like, Hey, you forgot this. You really need to go and fix it. So that’s the value of it to, running continuous, is the value. When continuously, I don’t mean like everybody else saying that, the rods continuously, like every second of every day, they never stop.
And he goes into loops and he keeps searching and keep looking for things. And that’s really a true measure of your network, stature, basically, it’s really nice. Very nice tool. Very interesting. So that’s actually a good example. One of the things I wanted to ask about actually is, you Features in a pen test solution that you should be looking for when you’re evaluating your options out there and maybe you know things that An msp in our audience wouldn’t necessarily know to look at like that ability to target a specific exploit is a great example continuous Pen testing is another great example.
What are [00:55:00] maybe? One or two or three other things that you would encourage folks in the audience to look for When they’re evaluating pen test solutions I’m going to tell you one thing. I’ve seen that in around, people saying the self pen test, because, if you go to the internet and it says pen test, everybody does pen test, right?
They don’t. Okay. Pen test has a definition of a pen test. Okay. You have to run a pen test from a single point of start, right? So when you start, people that, say I’m going to run a pen test, And we’re going to explore, things, you know on your workstation as well on a pen test not a pen test That’s a workstation discovery, or something like that I don’t know what they call it But probably it’s a workstation discovery, which does a good job of discovering what’s on the workstation, the map drive, and stuff like that the user and there’s a good job for that But it’s not a pen test.
Okay, the pen test has to mimic a hacker You And the hacker doesn’t install himself, when they start searching the workstation, it comes from a single point, right? And then it’s not removed to everywhere. Okay. That’s the definition of a pen test. So that’s what they have to look for also. Okay. They have to make sure because if they go out and sell a pen test to the client for cyber security insurance or compliancy, and what they run is not a pen test as well as a pen test.
Now that’s a problem for them. It’s going to be a big problem for them because they’re the one who’s supposed to check and make sure it is a pen test. So once again, I’ll tell you, I see people, I say, I’ll send you an email when I run a pen test. Don’t run a pen test with an email. I can tell you that. I know what it takes to run a pen test.
I know what it takes to have exploit. I know what it takes to go to this. It’s very heavy. Pentest is a very shallow thing. It’s very serious. It’s a serious tool, we have to really, gauge everything. So the MSP don’t make any mistakes. We have to really frame it so that it’s mistake free, right?
So they can run it themselves, but it’s a serious tool. That’s what, before it was run by ethical hackers and it’s still run right now by, people that have hackers and can run a Pentest. Sxipher made it with the AI so that the MSP can install it. Sxipher gonna still run the Pentest right? They can run their own pen test.
So Sxipher’s gonna run it, but it’s a serious tool. So when I see your people prancing around and be like, I’ll send you an email. When they run a pen, I’m like, no, it’s not a pen test. No. And then so that’s what they have to look for. Okay. What they have to look for also is that, exploit, and they have a good sense of exploit.
How is it run? And the safeguarding will behind it. That’s what they have to look for, including repentance. The AI, what differentiates us is that we’re not scripted. The AI will not depend on us. So for example if I find, an enumeration of port to port 21, I’m going to, find, it’s an FTP server, I’m going to find a vulnerability for it, the AI might decide that.
The exploit here Is good, but you may also see there is code on exploit number two over there That may you know affect, you know that vulnerability and that’s why the ai is so powerful is because when you run a script You’re going to be like port f to the port 21 ftp This is a vulnerability, this is the exploit, we attach them, that’s scripted, and that’s it, right?
The AI might be like, yeah, I’ll attach this one, but, that one over there, there is code that can actually affect this one, so let’s look at both of them, right? That’s where Sxipher, really shines, because it, it allows, to have a true pen test, and something that keeps evolving.
Not something that is scripted, that in 10 years is going to do the same, vulnerability and stuff like that. It is evolving, if we put in a more exploited stuff like that, the AI might be like, Hey, the new exploit you find, I can see for that runability deal, so that it might work and with that exploit and it does it so fast that the human can’t follow that that’s what making it inexpensive because AI, runs the thing, that’s what I want to mention about what to look for be careful, again, you go on the internet, you talk to people and say, we’re on a pen test no, you have to educate yourself, what is a pen test?
It’s from a single source that you install on a white bridge, and then the pen test that is itself. It’s covered by itself, and it does the same thing that a hacker would do. Anything else? Not a pen test. And be careful, when the insurance, say, Show me the pen test you ran, and you show them this.
It’s no, that’s not qualified for the pen tester. What they told me it was I don’t care what they told you, you’re supposed to know what a Pentest is. So in Sxipher’s Genesis, we’re built on the NIST 800 115. So we built out of the NIST. So basically it’s what a NIST says, what a Pentest look like.
That’s what Genesis does.
Erick: So you spoke a little bit ago about the tremendous confidence that you have in Sxipher and Genesis to the point where you’re not requiring long term contracts and commitments from your partners. What other attributes beyond that should MSPs look for? In a pen test partner.
I’ll do this. I’ll do that. [01:00:00] I’ll just put two on it. If, if you have a good product, if you have a good pen test, okay, the results on the show. And to me, I want to show that out to, make them sign the contract, to drop them for the next 36 months, because I’m not, I’m afraid that, to like my pen test.
Sxipher pen test is really good. And they’re going to love it, and I know that and he’s going to show every month, you know What’s happening to the client and what’s going on and it’s going to help you the client It’s going to help the msp and they’re going to both, Both the client’s going to make money because they’re going to avoid, you know Some formatting with hackers msp going to make money because it’s going to have to remediate all that So it’s really, I, it’s a win, situation for all three parties, and also we do not talk to the clients.
We completely removed. I don’t want to know the clients. I don’t want to talk to the clients. And that’s their clients and that’s why you know, we give them the key It says, you know go in the attack bridge do your client everything is private and have at it So they don’t have to worry about oh, i’m gonna have a red team come in and see My client stuff like that.
Nope. Don’t want to know Channel, channel only. I think that’s very important. There’s no need when you’re sitting in front of a client to need to know the IP count, right? You can give ballpark numbers. It’s a very simple solution. They can decide how they want to monetize it. We are able to share with them vehicles that we use for the monetization of it.
And like I gave you one just off the cuff. There, there’s quite a few and the revenue on the remediation side, And that’s really where it’s at. And again, it just brings you so much closer to your client. Christophe had made mentioned the licensing one license per VLAN. We don’t police VLANs and we all know that, if you need to get out of Alcatraz, get a good engineer to row the boat, so if they want to, run the ceiling up a little bit more on that, we’re not policing it.
We’re just not going to have anybody, come back and say, Hey, I tried to put. X amount on but we will, we’ll guarantee up to that one VLAN. So if they want to get a little crazy, they can. Great stuff, Lisa, Christophe, very interesting conversation about a very important topic.
I, and I would say a more nuanced topic. Then I certainly realize going into the conversation, I’m sure that’s true for a lot of folks in the audience, for the folks in the audience who want to learn more about Genesis, about Sxipher, about either of you where would you point? Sxipher.
ai is our website. So best way to find us is on that website and click the form. You can go ahead and schedule the request for a demo right then and there. Also just to make sure that everybody is aware, we do a 14 day trial. We have a timeline of touch points through that trial process so that we’re able to, be supportive.
But there is a 14 day trial that’s available. So on the trial, we’re going to help you, set it up. We’re going to show you everything there is to know about the pain test. How it works, how you get your reports, how you interpret, this, data and stuff like that, right?
After that, you can try it for 14 days and then Lisa calls you and see what you want to do. We make it very easy, right? Simple. I’m not going to say simple. That is a recurring theme here. And I will quickly point out for folks who are new to the the name, the brand we’re talking Sxipher here that is S X I P H E R .
S X I P H E R dot A I is the website, Sxipher. Lisa Kristof, thank you so much for joining us. I really enjoyed the conversation. Now with that, Erick and I are going to take a quick break. When we come back on the other side, we’re going to share some thoughts about this conversation we just had.
Fantastic. Have a little fun, wrap up the show, stick around. Folks, we I’m going to be right back. All right. And welcome back to part three of this sponsored bonus episode of the MSP chat podcast brought to you by Sxipher. And thanks once again to Christoph and Lisa for joining us on this sponsored episode of the show for that very interesting conversation.
If you’ve been around as long as we have Erick it’s been interesting to watch the evolution of penetration testing in the channel generally and with MSPs in particular. It was not that long ago that was such an expensive job, a complicated expensive job that very few MSPs.
Certainly had the skills in the house to do it themselves, and they couldn’t even really afford to partner with somebody else on behalf of their clients, because it was going to be like a, a 40, 50, 000 engagement typically, and so it’s been interesting to watch tools come onto the market that have made that something that is much more easy, much more practical for MSPs to do which is good because there are many regulations [01:05:00] out there and the numbers keep growing that require the regulated companies to do one of two things.
They either need to have a continuous vulnerability management system in place that is continuously looking out for issues that need to be patched. Or they need to do a penetration test on a regular basis. A lot of the laws I’ve seen will typically require an annual pen test, but part of what’s really interesting about the Sxipher platform is you don’t have to wait a year.
They are continuously penetrating penetration testing for you, which is huge. Actually it just interesting to see how pen testing has become it has come within reach of pretty much any MSP in our audience as something that they can do and really should therefore be thinking about doing.
Erick: Yes, Rich. It’s almost like the last bastion of MSP friendly required services that we need to deliver to our clients, right? I remember the days when You know, I had my MSP and there were no MSP friendly travel programs. There were no MSP friendly pricing or, the tools that we needed. We needed to buy, large numbers of agents and cop, PSAs were much more costly and all this stuff.
And. We’ve done a really good job to get to the point where today vendors have understood the needs of MSPs. They’ve changed their programs to support the way that MSPs run their businesses, the way that they bill their clients. They like to be billed, as they bill their clients on a pay as you go basis.
We’ve seen a tremendous shift. It is night and day rich from when I had my MSP. We launched that we were, 2000, we launched the IT practice in 97. And then around 2003 is when we started really thinking about, switching our model to what we call flat rate IT services, right?
Of course, we were, I think a little bit from the future. There were others out there, but we really took this to heart and grew it even and overcoming these challenges of spending all this money and having to sell all these agents and licenses. So we’ve gotten to a point now today where Holy cow, it’s like telling your kids.
Oh boy, you think you got it tough. I had to walk to school, uphill both ways in the snow with no shoes on a thing, right? But the penetration testing solution, like you mentioned, Rich, Has always been very costly and reserved typically for, some of the most well healed clients and folks that had to meet regulatory compliance.
And that really took it out of the grasp of, the masses of MSPs out there. You had to be a real mature MSP or an MSSP. Serving those, regulated clients that needed to pay for this stuff and could afford to pay for it. Now with the solution that was introduced by Sxipher and Genesis, it is now an MSP friendly solution.
Priced, friendly to MSPs, easy to deploy easy to measure and easy to to conduct. On more of a continuous recurring basis, which, as rich, what MSPs love is we love the ability to deliver services and get paid for on a recurring basis because. It increases the value of our organization, the higher percentage of services that we deliver that are monthly recurring or annual recurring, have a positive impact to the multiple and the strike price when we get ready to sell our businesses.
And, you’re absolutely right. It, and it’s a nice development. It, there are fewer and fewer technologies end user needs workloads where there is not an MSP friendly solution of some kind out there. And Sxipher is a great example of that phenomenon reaching penetration testing as well.
So we thank the folks from Sxipher for joining us on the show and for sponsoring. This episode of the show we have time for just one last thing, folks. And this this story comes to us from Memphis, Tennessee. It’s another episode in the ongoing annals of Criminal Genius. And I’ll, yeah, I’ll say it right up front.
There’s actually nothing funny about the particular crime at issue here. There was a shooting in Memphis. The the victim died. The U. S. Marshals Service was on the hunt for a suspect believed to be responsible for that crime. They got a tip on where they could find this person. They entered that suspect’s home and the suspect was not there, which was of course disappointing, until he quite literally fell into their laps.
He had been hiding in the attic, Erick, and I guess I don’t know that the floor of the attic the ceiling above the kitchen, it wasn’t quite adequate to handle this guy’s weight. He literally [01:10:00] fell through the ceiling. Into the kitchen where the marshals were waiting for him and all’s well that That ends well, they got their suspect.
The suspect was not injured by the fall No one was was actually injured by the so we you know, everything wound up where I was supposed to but gosh darn it hiding in the attic from the marshals Did not pay off for this particular criminal.
Erick: As you say, Rich, the annals of criminal genius at work. In this particular scenario.
And it seems like there will always be another chapter. And we’ll track those for you right here on MSP chat. Thank you so much for joining us for this episode of the show.
We’re going to be back with our regular episode on Friday. As we are every week until then, I will just remind you, we are both a video and an audio channel. Deliverable out there. So if you are listening to the audio version of the show Curious to check us out, on video as well. You will find us on youtube if you’re watching the youtube edition of the show, but you’re into audio podcasts go to wherever it is Get your audio podcast because it’s nearly certain you’re gonna find us there too.
And however, it is you find us, please subscribe Great review. It’s going to help other people find and enjoy the show. Just like you, this show is produced by the great Russ Johns. It is edited by the great Riley Simpson. We thank them very both both very much. They are part of the team with us here at channel mastered.
They would be happy to help you with a podcast of your own. And podcasts are just one tiny part of what we do for our clients. Channel mastered. You can learn more about everything we do at www dot channel master. Dot com channel Mastered has a sister organization called MSP Master. That is Erick working directly with MSPs on growing and optimizing their business.
You can learn more about that enterprise at www.mspmastered.com. So once again. We thank the folks at Sxipher for sponsoring the show. We will see you on Friday as we do every week. Until then, folks, please do remember, you cannot spell channel without M S P.