ConnectWise at its IT Nation Explore online event today launched a cybersecurity framework, dubbed MSP+ Cybersecurity Framework, that provides MSPs with a set of playbooks and best practices for securing their environments.
In addition, ConnectWise has added IT Nation Secure, a suite of educational training and assets based primarily on that framework.
ConnectWise has also changed the naming conventions of the portfolio of offerings it previously gained for managing IT Connectwise processes using a software-as-a-service (SaaS) acquiring Continuum to reflect the ConnectWise brand. That rebranding effort signals a more ambitious effort to unify the underlying architecture on which ConnectWise makes applications available.
ConnectWise Fortify for SaaS Security, formerly part of the Continuum portfolio, has also been updated to provide additional Microsoft 365 monitoring capabilities as well as support for custom alerts, policies, visualizations and simpler integration with security operations centers (SOC).
Finally, ConnectWise has also made available a beta release of an advanced version of ConnectWise Fortify for Assessment that streamlines the pre-sales process by automatically generating reports from an embedded vulnerability scanner will be released.
The MSP+ Cybersecurity Framework combines elements of better-known cybersecurity frameworks to create a set of best practices for MSPs that ConnectWise will continue to update as best cybersecurity practices continue to evolve, says Jay Ryerse, vice president of cybersecurity initiatives for ConnectWise.
For example, future updates to the framework would address how to implement best DevSecOps practices, notes Ryerse.
The goal is to enable MSPs that have been the focal point of a wave of cybersecurity attacks to better defend themselves, adds Ryerse.
Cybercriminals have been targeting MSPs of late because a single vulnerability can provide a way to distribute malware across hundreds of their end customers. In some cases, cybercriminals have taken advantage of flaws in platforms from ConnectWise and other tools that MSPs rely on to distribute malware.
Unfortunately, cybersecurity expertise among MSPs is uneven at best. In theory, MSPs should be generating additional cybersecurity revenue at a time when many cybersecurity jobs within internal IT organizations are going unfulfilled. In practice, however, many MSPs are struggling to secure their own applications and systems.
“A lot of them don’t know what good cybersecurity looks like,” says Ryerse.
Most MSPs are already providing some level of basic cybersecurity as part of the cost of delivering a managed service. The challenge many MSPs face is convincing customers to pay extra for dedicated cybersecurity services that many customers assume is already being provided.
Obviously, a framework and associated playbooks is only a small step in the right direction for MSPs that are increasingly under assault. However, as cybersecurity capabilities of the management platforms MSPs depend on improves there should be a corresponding decrease in the amount of pressure currently being felt
Be First to Comment