Bonus Post: Security News from Pax8 Beyond Exhibitors
Not every vendor on the crowded show floor at Pax8’s Beyond conference last week works in security, but it sure felt like they did sometimes. Here’s news from seven of those companies that I couldn’t fit into the rest of my Beyond coverage last Friday.
Acronis joins the XDR club
Acronis has completed the detection and response trifecta.
13 months after tacking EDR onto its Cyber Protect Cloud solution, two months after adding MDR, and one month after Channelholic told you this was coming, the company has rolled out an XDR solution too. Unlike many of the systems it now competes against, Acronis XDR is designed specifically for MSP workflows, according to Pat Hurley, the vendor’s vice president and general manager for the Americas.
“We’ve really designed it so that it’s built to operate the way that MSPs run the business, not the way a large enterprise would manage it,” he says. Per Acronis, for example, the system is multi-tenant, SaaS-based, and integrated with widely used PSA, RMM, and SIEM solutions.
Acronis XDR is also tightly integrated with the rest of Cyber Protect Cloud, which includes modules for BDR, email security, data loss prevention, and other functions.
“It cuts down on your cost to train technicians,” observes Hurley (pictured) about the implications for MSPs. “It cuts down the amount of time you’re making a move from platform to platform. It cuts down the amount of tickets that you have to run through, which obviously reduces the amount of alert fatigue that you have for your technicians when they actually do get a potential threat.”
Thanks to a prior commitment to integrations we’ve written about here before, Hurley adds, Acronis XDR draws on a deep well of existing connections with third-party solutions.
“I think we’re close to 300 integrations at this point,” he says.
Barracuda, Cisco, CrowdStrike, Sophos, WatchGuard, and (kinda, sorta for the moment) ConnectWise are among many vendors with XDR solutions for SMBs.
According to Hurley, rising demand for the unique capabilities of such products explains their steady accumulation of in recent years.
“Just based on the threat landscape and the different ways you can get into a network and get into people’s machines to get bad stuff in there, more and more MSPs and their customers are asking for these types of solutions,” he says.
Acronis has further Cyber Protect Cloud modules in development, including one for email archiving. That solution is currently in early access testing and slated to reach general availability in October.
“Email archiving has been something on the roadmap that our partners have been asking about for a while,” Hurley says. “It’s sort of a core offering, kind of table stakes, for having a backup solution in the market today.”
Bitdefender bundles with Pax8
Another security vendor with an integrated suite that includes XDR—Bitdefender—is now offering three solution bundles through Pax8.
Actually, depending on when you read this, that may still be future-tense news. Word of the expanded alliance officially goes out Thursday, but you heard it here first.
Bitdefender’s Secure bundle includes the company’s EDR solution plus a range of endpoint hardening technologies and automated security controls. The Secure Plus bundle adds MDR while the Secure Extra bundle supplements MDR with XDR.
Pax8 will offer all three bundles as single SKUs at single month-to-month prices with no minimum purchases. Optional add-ons for patch management, full-disk encryption, mobile security, and more will be available too on an a-la-carte basis.
Some 57% of organizations worldwide experienced a data breach or leak in the prior 12 months, according to research from Bitdefender published last week. Phishing/social engineering tied with zero-days as the number one threat cited by respondents, over 74% of whom reported an increase in the sophistication of phishing attacks over the last year. That uptick, Bitdefender says, is probably the result of attackers using genAI platforms to craft more effective lures.
Bitdefender, which was recently among the named launch partners for ConnectWise’s forthcoming Security360 solution, announced an integration pact with NinjaOne last month. According to Michael Reeves, the vendor’s technical director for cloud and MSP, the flurry of integration announcements reflects rising demand among MSPs for cross-vendor connections.
“They’ve been asking for integrations for a long time actually, and what’s happening now is the voices of MSPs are getting louder and louder and louder,” he says.
Blackpoint Cyber prefers SOAR to SIEM
MSPs are right to clamor for integrations—both within a vendor’s platform and across vendors—given the changing threat landscape, according to Jon Murchison (pictured), CEO of Blackpoint Cyber.
“The defenses an MSP has to put in place are a little different than they were just two years ago,” he says. “You really need an integrated platform where you can see your cloud breaches and your on-prem.”
Cloud visibility is especially important in light of what Murchison calls a huge spike in Microsoft 365 attacks spurred partly by how few businesses use a cloud security solution at present. “The effort’s much lower to get a similar payout without all the complexity,” he observes.
Rising cloud threat activity has MSPs embracing single sign-on in bigger numbers too, according to Murchison. That’s commendable to the degree SSO centralizes control over SaaS applications, he says, but worrying to the extent it also entails putting “all your eggs in one basket” for authentication.
“As you leverage single sign-on, you need to seriously think about how are you going to protect that and how are you going to monitor that, because if an admin single sign-on account is breached, now they have access to a lot more stuff,” Murchison notes.
Another trend on Blackpoint’s radar has threat actors shifting away from broad-based ransomware campaigns toward more targeted attacks. “If I can do a business email compromise, I can still steal a bunch of data to extort the company and instead of having to steal data, put it on a site, encrypt the network, beat all the tools, negotiate with the ransomware negotiators, teach them how to pay in Bitcoin, and finally get to a payment, I can steal the data and extort right away,” Murchison says.
Targeted or not, he continues, threats continue to grow in complexity and variety, leaving conventional SIEM solutions less and less capable of keeping up.
“It’s easy to say gobble all the data and review it, but it just doesn’t work well in practice and never has,” Murchison says. “It’s too slow.” Blackpoint Cyber’s LogIC solution, by contrast, is a SOAR system equipped with “SIEM-light” functionality.
“That to me is what works the best,” Murchison says.
LogIC currently monitors compliance with PCI-DSS, HIPAA, CMMC, NIST 800-171, and CIS v8 requirements. According to Murchison, who declined to cite specifics, Blackpoint Cyber has more such functionality in the works.
“Compliance plays a huge part in our roadmap, and there’ll be major upgrades and additions coming out this year,” he says.
Malwarebytes eyes XDR
Unlike Acronis and Bitdefender, Malwarebytes doesn’t have an XDR solution—yet. The company’s thinking hard about introducing one, though, according to CEO Marcin Kleczynski (pictured).
“Nobody’s really done a great job of solving that for, a) the SMB and, b) the MSPs that solve for the SMB,” he says.
Specifically, Kleczynski sees an opening (as does Acronis) for an XDR solution that doesn’t overwhelm MSPs with alerts. The key to building such a product, he believes, is limiting the number of solutions feeding the system telemetry.
“The inputs we want are the ones that are actually going to be meaningful for our customer,” Kleczynski says. “We’re looking at partnering with just a handful of key companies that our customers are using and creating an XDR platform off of that.”
XDR aside, he continues, ThreatDown, the Malwarebytes unit for business buyers officially launched last November, is committed to integrations more broadly. “We want you on our platform, we want you to see everything that’s good there, but if you’re using TeamViewer, if you’re using ConnectWise, we should also be able to pump everything in,” Kleczynski says.
An XDR solution, should it arrive, would supplement a string of additions to the Malwarebytes portfolio that includes an MDR service and MDR/EDR hybrid offering, plus solutions for DNS filtering, vulnerability management, patch management, and mobile security. Ease of deployment and intuitive operation have been core design principles for all of those offerings, according to Kleczynski, in keeping with ThreatDown’s focus on “bread and butter” MSPs with two to three employees.
“There’s various levels of cyber experience, so we try to make it as simple and easy to use as possible and easy to deploy,” he observes.
Per a story I wrote for my friends at ChannelPro once upon a time, Malwarebytes has been courting MSPs for two years now.
“It’s been a pretty hard push from our perspective,” Kleczynski says. The company has roughly 4,500 partners supporting about 60,000 end customers at present.
In addition to XDR, ThreatDown is eyeing the addition of an email security solution to its platform as well.
“It’s still a massive attack factor,” Kleczynski says, noting that even Malwarebytes employees, who work for a cybersecurity vendor, regularly flunk phishing awareness tests. “I would love to create or partner with some email product to help solve that.”
OpenText Cybersecurity says modularity is key to coping with change
As I’ve noted a few times in recent weeks, MSPs increasingly want to buy more security solutions from fewer suppliers. Looks like it’s not just MSPs thinking that way, either: 27% of end users prefer having one vendor for security solutions, according to OpenText Cybersecurity’s 2024 Cybersecurity Global Managed Security Survey, published last week. That’s up 10% over the report’s 2023 edition.
Like Acronis and Bitdefender, however, OpenText Cybersecurity knows just how badly MSPs want cross-vendor integrations too. Flexibility is the key to satisfying both demands at once, according to Andrew Murphy, OpenText Cybersecurity’s senior director of product marketing.
“It’s important to use a platform that’s modular so that as the market shifts under you or as the priorities change, you can consume as much of the products from one vendor as you want to and fit in some other technologies too,” he says.
OpenText’s acquisition last month of Pillr, an MDR platform for MSPs, reflects that philosophy. The deal allows MSPs already sourcing endpoint protection, IAM, DNS filtering, and more from OpenText to get MDR from the same partner.
“What we heard the loudest from our partners is that they wanted MDR and we didn’t have it,” Murphy notes. At the same time, Pillr integrates with close to 500 third-party solutions.
“One of the calling cards of Pillr is the ability to integrate with the MSP where they and their customers are today,” Murphy says.
Integrations will presumably be important in tackling growing demand for AI security among SMBs and others. Already, according to OpenText Cybersecurity’s research, over 80% of MSPs and MSSPs offer AI security services, and 62% of everyone else plans to add such offerings in the next 12 months.
A solid 83% of survey participants, moreover, say interest in AI security tools and expertise has driven increased business. Murphy is among many who expect the challenges of helping clients sort through AI-related data security issues to produce further increases.
“It almost gets to the point where you need what you have in larger organizations, which would be a digital governance officer,” he says. “MSPs can fill a little bit of that role by teaching partners, and by extension investing in themselves, to build those capabilities so that becomes a practice that they can deliver to their clients.”
Cork and DataStream pair cyber warranties with cyber insurance
According to recent research from Sophos, cyber insurance requirements have an astonishing 99% of MSPs seeing increased demand for security support and solutions. On a less welcome note, unfortunately, the same study says 45% of MSPs are spending even more time than before assisting clients with cyber insurance questionnaires.
A partnership announced last week by DataStream Cyber Insurance and cyber warranty provider Cork aims to free MSPs from that time-consuming task. The deal lets Cork partners get instant estimates from DataStream on cyber insurance coverage, and multiple quotes within one to two days.
“They’re not only able to add a cyber warranty for their client, but they can now on top of that also add a cyber insurance policy that’s the best fit for their needs,” says Cork CEO Carlson Choi (pictured right).
Per earlier coverage, Cork utilizes custom-developed continuous monitoring software to verify that end users are complying with warranty eligibility requirements. DataStream is now drawing on real-time telemetry from that system to help businesses price and procure insurance policies with one click and no questionnaires.
“A lot of the data that Cork is collecting is exactly the kind of data that would make it very simple to identify the risk profile of the company,” says Paul Guthrie (pictured left via Zoom), DataStream’s co-founder and managing director.
Cork’s software also helps DataStream distinguish high-risk applicants from low-risk ones, resulting in lower premiums for businesses that take security seriously. The typical model today, Choi notes, is for SMBs with the same revenue in the same industry to pay the same premium for the same policy regardless of which one is more mindful of security best practices.
Cork partners can apply for warranties alone, insurance alone, or both together via Cork’s website. Smart businesses buy both, according to Choi, for the same reason they need both a warranty and insurance when purchasing a new car.
“At the same time, the end client might not want to do that, so we want to give them choices,” he says.
Access to Cork’s monitoring data, according to Guthrie, is helping DataStream realize a core element of its founding vision. “Part of why we started DataStream was that there’s too much uncertainty around individual companies and what their security posture really is,” he says. Reducing that uncertainty in collaboration with Cork enables carriers, brokers, and MSPs to provide better coverage at lower rates.
A separate alliance with security vendor Cavelo, also announced last week, further contributes to DataStream’s mission, Guthrie adds, by enabling MSPs to insure themselves more easily and affordably.
“We look for alliances where we have a holistic view of an individual company,” he says.