Bonus Post: Exhibitor News from DattoCon 2023

Fear not, Channelholic readers. If the two stories I’ve already written about this week’s Kaseya DattoCon event for my buddies at ChannelPro aren’t enough for you, I’ve got lots more thoughts inspired by my interviews with top Kaseya execs coming tomorrow. Until then, here’s a collection of updates on some of the conference’s many sponsors to hold you over.

Thanks for reading Channelholic! Subscribe for free to receive new posts and support my work.

Blackpoint Cyber secures Azure AD and allies with Pax8

Monday was a busy day for security vendor Blackpoint Cyber. The MDR specialist both added a new defense for Azure AD environments to its Cloud Response for Microsoft 365 solution and officially announced the first-ever distribution agreement with Pax8 that faithful Channelholic readers have known was coming since June.

Yet somehow, CEO Jon Murchison (pictured) found a little time to speak with me about that and other matters from his DattoCon hotel suite.

The new Cloud Response feature, called Identity Response for Azure AD, gives Blackpoint Cyber’s SOC additional, more granular context on malicious logins and applications designed to take advantage of vulnerabilities in Microsoft’s widely used online directory service, which is rapidly become a favorite target of threat actors.

“Your most critical IT assets are now sitting behind single sign-on services,” Murchison notes. “Naturally attackers are going to go there.”

As for the distribution deal, it will help Blackpoint Cyber accelerate growth while helping Pax8 add a managed component to some of its existing security line card listings.

“We integrate with every major EDR. They sell a lot of SentinelOne. They also sell a lot of Microsoft, and we support that,” Murchison explains. “It was just a real natural go-to-market alignment and product alignment for what they’re doing.”

Murchison added some nuance to my earlier reporting on Blackpoint’s distribution strategy going forward. There are indeed more alliances coming, but not with anyone selling to SMBs through MSPs.

“We have others in play, but I’ll tell you any other distributor really that we bring on, they’re going to be targeting different segments of the market,” he says.

This week’s dual announcements come close on the heels of last week’s news that a new edition of Cloud Response designed for Google Workspace is set to arrive this month. Murchison expects about 80% of the demand for that solution to come from partners supporting K-12 schools.

“A lot of schools are Windows domains running their infrastructure on Chromebooks and Google Workspace for the students,” he says. “That’s a huge attack surface that has basically just been left unprotected, so that’s why we came out with this.”

Protection for additional cloud solutions is on the way, says Murchison, who declined to name names. And not a moment too soon, either. Blackpoint’s SOC is currently seeing nine cloud attacks for every physical endpoint attack.

“The attack surface in 365 and these other platforms is actually quite large, larger than I think a lot of the security community knows and larger than a lot of the bad guys know. But the knowledge is now converging,” Murchison says. “In the past week, we did 99 Microsoft 365 saves in seven days, and 12 mass ransom saves.”

In addition to Cloud Response and Identity Response, Blackpoint’s growing portfolio includes MDR offerings for physical and virtual machines running Windows and macOS, as well as an external vulnerability scanning service and “cloud hygiene” tool that maps Microsoft 365 configurations against CIS guidelines.

There’s more coming, according to Murchison, who points to privileged access management, awareness training, and dark web monitoring as possibilities under consideration. Any such platform extensions will be offered at no extra charge through the same subscription fees partners are already paying.

“At the end of the day, we believe where this market is going is an ecosystem play,” Murchison says. “We want to give an MSP close to a one-stop shop, pretty much hands-off security play.” Acronis, OpenText, Sophos, and others have similar aspirations, and SonicWall seems increasingly headed in that direction too, as we’ve reported here recently.

Blackpoint shouldn’t have trouble paying for any new solutions it rolls out. The company, which raised $190 million through Bain Capital Tech Opportunities and others in June, has already tripled its engineering team this year. New community enablement resources, delivered via the vendor’s Blackpoint University, are in development too.

Bitdefender has pen testing and red teaming arriving imminently

Add another name to that list of security vendors that are all in on end to end: Bitdefender.

“Just like in the RMM space, I think there’s going to be some standardization in the security space as well,” says Michael Reeves, CISSP, the vendor’s technical director for cloud and MSP. “It’s been demanded in the large enterprise for more than a decade, and I think we’re starting to see the same standardization trickle down into the SMB space.”

And the MSP space too, adds Randi Fleming, Bitdefender’s senior manager for MSP North American sales. Providers competing for managed security business need a comprehensive bundle.

“I think it’s about offering a complete stack, a complete solution,” she says. “From a managed security provider’s perspective, the best way to do that is find the vendors that you’re most comfortable with from a technology perspective, roll them into a package for your customer base, and then push that out.”

Like Blackpoint, Bitdefender continues to add new services to its stack. Those include a threat intelligence service for MSSPs and SOC operators, announced last week, and a series of new attack surface monitoring features made possible through the vendor’s recently completed acquisition of Horangi Cyber Security.

“One of the things that they do is penetration testing,” Fleming observes. “That’s currently a functionality that we didn’t have the capability to offer.”

Bitdefender plans to build both penetration testing and “red teaming” services into its MDR subscription towards the end of the month in conjunction with a longer-term effort to construct an integrated portfolio capable of doing all three of the things businesses need done to stay secure, according to Reeves: harden the environment, automate security controls, and detect and respond to the threats that inevitably slip through.

“You can find pieces of that from various vendors, but there are very few vendors globally that do all three of those things well, and I think that’s where you’ll find us continuing to move,” Reeves says.

Seceon offers a third option to in-house and managed XDR

Seceon’s making moves these days too. This week, the security vendor launched a new edition of its core platform, called aiXDR-Pmax, that adds an endpoint protection platform offering file integrity monitoring, data control, and data security, including PII and PHI monitoring and continuous security posture monitoring.

Other important moves in recent months include hiring former Acronis colleagues and long-time managed services veterans William Toll and Amy Luby (pictured) as VP of marketing and VP of ecosystem and channel chief, respectively. (Luby in particular, it’s worth noting, is about as OG as OG gets in MSP-land.)

I’ll confess to knowing little more about Seceon than its name before Toll and Luby came onboard, but having spoken with both of them about the vendor I’m increasingly coming to see it as an intriguing third-way alternative to doing XDR yourself or paying an MDR vendor to do it for you.

“The options have been outsource—outsource control, outsource the profits, outsource insight into what’s going on because that’s all being handled by a third party—or bring on the scary platforms and the very complicated things, which are also expensive,” Luby says.

Seceon’s solution is designed to let MSPs do XDR themselves without ceding control, profit, or anything else by entrusting work normally done by highly paid security analysts to heavily automated software powered by artificial intelligence. At a user’s discretion, that work can include remediating threats in addition to identifying them.

“We’re also not only responding when the bad thing starts,” Luby observes. “We’re seeing ahead of time what things are happening, so we’re enabling you to be proactive rather than reactive.”

I assume plenty of those highly paid security analysts are skeptical that even thoroughly intelligent software can outperform them on its own. Toll, on the other hand, is skeptical that even thoroughly experienced experts can effectively sift through 495 billion events from hundreds of thousands of endpoints per second as Seceon’s platform does.

“There’s no possible way to do that other than machine learning,” he says, and no way to get a complete view of the threat landscape without that much input.

“The analysts at many of these MDRs are looking at a Swiss cheese view,” Toll says. “There are holes and gaps, and the attackers know about these gaps, and they hide in those gaps and wait for the next move, and they can go undetected for far longer periods of time because maybe the MDR vendor’s not ingesting everything.”

Since July, Seceon has been helping MSPs add automated remediation to Liongard’s configuration change detection and response (CCDR) solution.

“Change detection and management is super important, and we’re extending the tool beyond that so that they can implement a complete security stack,” Luby says, adding that similar alliances with other vendors are likely to come in the future.

Liongard helps Cork get cyber warranties to more MSPs more easily

True connoisseurs of the security scene may have noticed how casually I referred to Liongard as a configuration change detection and response vendor just now, as if that’s been its mission forever. In reality, the company officially adopted that label in July. According to CEO Michelle Accardi, Liongard’s software helps MSPs up their IT governance and risk management game.

“It’s all about what’s changing in the environment and giving you visibility to that,” she says, in the cloud, across the network, and on endpoints.

Since Tuesday of this week, cyber warranty issuer Cork, a still young vendor that we’ve written about a couple of times here at Channelholic recently, has been tapping into that visibility. Access to Liongard’s data via backend APIs now allows Cork to underwrite applicants more easily, determine eligibility more quickly, and continuously confirm that warranty holders still have the safeguards that made them eligible in place.

“It really makes the perfect partnership, because we help the MSP to always be in compliance with their IT policies,” Accardi says.

Accardi, who took the top job at Liongard in April, was previously CEO of security-first MSP Logically. Her predecessor, Liongard co-founder Joe Alapat, is now the vendor’s CTO. Fellow co-founder Vincent Tran continues to serve as COO.  

INFIMA’s got a new channel chief

As long as we’re talking about newly named executives, it’s probably an apt moment to note that INFIMA Cybersecurity now has a channel chief, its first. He’s Larry Meador (pictured), a veteran of earlier positions with VoIP vendor GreenLink Networks and, most recently, MSP-friendly broker DataStream Cyber Insurance.

Founded in 2020, INFIMA makes security awareness training software. That’s a market crowded with competitors including KnowBe4, Barracuda Networks, Breach Secure Now, Sophos, and Kaseya unit ID Agent. INFIMA’s advantage, according to Meador, is its “set it and forget it” simplicity.

“There’s not a whole lot of platforms out there where you basically spend 10 minutes onboarding and then just leave it alone and just make money, but I’ve had many MSPs come to me telling me that’s exactly what they’re doing,” he says.

INFIMA sells the system, which is designed specifically for SMBs, exclusively through MSPs, who can white label the platform if they want and subscribe without long-term commitments. “We don’t have an annual agreement,” Meador says. “If you want to do an annual agreement, we can, but it’s month to month so the MSP’s not locked into anything.”

The system features a multi-tenant dashboard with automated reporting tools that users can employ, among other things, to document compliance with cyberinsurance requirements.

“End user security awareness training is one of those big five requirements by most of the carriers out there, but you’ve got to make sure you’re doing a really good job of documenting who has taken the test and who has passed the test,” Meador observes.

Meador learned a lot about cyberinsurance at DataStream, which he continues to serve as an advisor. “To be able to keep my toe in the waters at DataStream and stay in touch with those guys and find out what’s going on with the carriers in regards to security awareness training, it’s a real good synergy between the two companies that I don’t think any of our competition’s got,” he says.

Recruiting more partners and growing endpoints under management, not surprisingly, are Meador’s top priorities. “My goal is to gain another 100,000 endpoints over the next 12 months,” he says. Forging strategic alliances is also an objective.

“There’s so much to be gained through aligning with other cybersecurity platforms out there that have complementary tools, technologies, and services,” Meador says.

Quoter’s adding contract management to its “quote-to-cash” sales platform

Not sure if they’d put it quite this way, but from my perch Quoter’s “quote-to-cash” platform, which helps MSPs, VARs, and others manage sales all the way from start to payment processing, is now a “quote-to-cash-to-quote-to-more-cash” platform.

Or it will be very soon, anyway. The company this week unveiled its first major addition to the solution, a contract management tool due to enter general availability in Q4. The new system will help users create agreements, collect signatures, store completed documents, and manage renewals all in one place, according to Scott Bauer (pictured), Quoter’s director of marketing.

“It’ll be a centralized hub of all of your templates, drafts, and pending agreements,” he says, and a much better place than OneDrive or Google Drive to keep those files because it tracks signing status, ties contracts back to quotes, and flags approaching expiration dates.

“You can be a bit more proactive with agreements and get in front of them and get them renewed before they expire,” Bauer says.

The system comes with drag-and-drop tools for turning existing contracts into templates and adding customized signature fields. “You can customize where on the agreement they sign, what they need to initial, and what they need to check off,” Bauer says.

Like Quoter’s original solution, the new one integrates with ConnectWise PSA, Datto’s Autotask PSA, Kaseya BMS, and other PSA solutions, plus popular CRM systems.

Pricing for the new solution, which has been in the making for some 18 months, is still TBD, but a free 30-day trial version is available immediately in the meantime. A long list of unspecified upgrades are already on the product’s roadmap.

“We see this as just the beginning, and we plan on building this part of the product out a lot more over the next few years,” Bauer says.