ConnectWise Tuesday opened its ConnectWise IT Nation Secure conference with the introduction of its Cyber Research Unit, a new group built on the acquisition of a cybersecurity-focused MSP aimed at providing threat streams to help mitigate SMB security issues.
The new ConnectWise Cyber Research Unit, or “CRU,” brings together a wide range of the company’s people and technologies to do threat research and make MSPs more efficient in terms of how they approach cybersecurity, said Wes Spencer, ConnectWise vice president and external chief security officer.
“Partners are suffering from tool sprawl, with tools from companies like Cisco and Webroot,” Spencer told CRN. “They need a way to unify their approach to cybersecurity. And they need help to watch how their clients are doing.”
The ConnectWise Cyber Research Unit was built in part on recent acquisitions of three companies.
ConnectWise in November 2020 unveiled plans to acquire Perch Security, a cybersecurity-focused MSP with an in-house Security Operations Center in which ConnectWise had previously invested, for $80 million. Prior to that acquisition, Spencer was chief information security officer and co-founder of Perch.
That acquisition came a week after ConnectWise acquired StratoZen, a SOC-as-a-Service and SIEM-as-a-Service company based in Salt Lake City.
ConnectWise in late 2018 also acquired Sienna Group, a managed security service provider, and made it the centre of a 10,000-square-foot training area in its headquarters called the Cybersecurity Center of Excellence.
The Cyber Research Unit, which is nestled in ConnectWise’s Fortify security brand, is really a culmination of what ConnectWise has been doing with and bringing to partners, Spencer said.
“Over the years, MSPs have been learning cybersecurity by trial,” he said. “MSPs are under attack more than ever before, and things aren’t getting better. MSPs need more tools. They need help understanding what is trending and how to stay ahead. That’s what CRU is doing.”
For example, Spencer said, there was a lot of confusion among MSPs regarding this year’s Microsoft Exchange zero-day attacks, with questions about who was attacked and what MSPs could do.
“Perch security watched the attack, researched it and sent information out about it,” he said. “We want to now do more to develop threat reports and share with our partners, non-partners, and even the federal government.”
For instance, ConnectWise is a supporting member of the CompTIA Information Sharing and Analysis Organisation, a broad threat-sharing group that also includes MSPs, where Perch shares what it sees, Spencer said.
Perch is also reaching out to dark net forums to find malware, detonate it, study it, show what is happening, what to look for and what partners can do, he said.
MSPs, whether ConnectWise partners or not, have access to the information, he said.
Drew Sanford, senior director of ConnectWise’s global SOC operations, told CRN that what sets the ConnectWise Cyber Research Unit apart is that it is focused on the channel and the SMB space.
“What’s unique about us is we’re focused specifically on the channel, including MSPs, ISPs and TSPs [technology service providers],” Sanford said.
“And we’re focused on the SMB space. Others are focused on the enterprise. The problem is, SMBs have different requirements from enterprises. We provide information to help partners in SMB. And Perch brought relationships with other organisations and the government, and combined it with what ConnectWise does to create a single team.”
Spencer said to think of the Cyber Research unit as pulling access and data not just from ConnectWise, but also from Cisco Meraki, Bitdefender and Microsoft 365 customers and matching it with data from other sources like the FBI.
“We are not competitive with other services like Huntress, but instead are complementary,” he said. “We’re all in this boat together with security.”
The data on which the Cyber Research Unit builds its threat feed sets it apart, Sanford said.
“It really is the breadth of the data from multiple sources and the toolsets we have to get visibility across the industry,” he said.
Going forward, ConnectWise will continue to build on its experience and conduct research to improve its algorithms and make its SOC teams more efficient, Sanford said.
“We will also be looking for more information to release,” he said. “We’re already releasing the threat feed monthly or more frequently. We will add more information over time and make it easier to take action faster while offering the channel more training to work better with clients.”