Category Archives for "Managed Services News"

The cost of downtime from ransomware attacks has skyrocketed this year, now 50 times the ransom amount demanded by cybercriminals.

That’s according to Datto’s fifth annual Global State of the Channel Ransomware Report. More than 1,000 MSPs weighed in on the impact COVID-19 has had on the security of SMBs. It also covers other notable trends driving ransomware breaches.

The survey found that ransomware remains the most common cyber threat to SMBs. Sixty percent of MSPs said SMB clients have been hit as of the end of the third quarter.

The impact of such attacks keeps growing. The average cost of downtime is now 94% greater than in 2019. And it’s nearly six times higher than it was in 2018. The number has jumped from $46,800 to $274,200 over the past two years.

Phishing, poor user practices, and lack of end-user training continue to be the main reasons ransomware attacks are successful.

Ransomware Epidemic

Ryan Weeks is Datto’s CISO. He said the rate at which the cost of downtime is increasing “really puts the ransomware epidemic in perspective.”

Datto’s Ryan Weeks

“These numbers point to the importance of having a business continuity plan as well as the security tools in place to safeguard against such devastating and costly attacks,” he said.

The survey also revealed:

• Ninety-five percent of MSPs said their own businesses are more at risk. This is likely due to increasing sophistication and complexity of ransomware attacks. Nearly half of MSPs now partner with MSSPs for IT assistance to protect their clients and their own businesses.
• SMBs are spending more on security. One-half of MSPs said their clients increased their budgets for IT security in 2020. This likely indicates growing awareness of the ransomware threat.
• Business continuity and disaster recovery (BCDR) remains the No. 1 solution for combating ransomware. Ninety-one percent of MSPs said clients with BCDR in place are less likely to experience significant downtime during an attack. Employee training, and endpoint detection and response platforms ranked second and third in tackling ransomware.

“We are seeing more risk for health care organizations,” Weeks said. “While this is likely in part due to the current pandemic, we’re also finding that attackers are after more than just ransom payouts. They want intellectual property, too. This is a newer challenge for health care institutions to navigate as they manage sensitive information around vaccine trials and patient data.”

In addition, election security remained in the spotlight for much of 2020, he said.

“Ransomware had its fair share of election-related news this year, prompting many agencies and institutions to pay close attention to their systems,” Weeks said. “While these organizations are typically on high alert, this year’s election created additional hurdles. Perhaps most notably, security experts were able to take down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware. Officials believed that this attack could have indirectly affected election infrastructure if allowed to continue.”

COVID-19 Brings More Attacks

Many MSPs reported the number of ransomware attacks and security vulnerabilities increased during COVID-19, Weeks said. That’s due to the increase in remote work and cloud computing.

“However, it is worth pointing out that it wasn’t an overwhelming increase, but more of an even split between those who saw an increase and those who did not,” he said. “This implies that ransomware has been and will continue to be a problem for organizations. And the pandemic simply accelerated the rate at which we are seeing attacks.”

Increased risk is due to user carelessness and security vulnerabilities associated with bring-your-own-device policies, Weeks said.

“With the many changes that arose in 2020 (i.e remote work, health risks, etc.), organizations lowered their guard in order to address new challenges resulting in increased risk,” he said. “Additionally, personal devices have been introduced to corporate/business environments despite objections. And finally, there are significant additional remote work security threats, from device theft to family members using corporate machines for personal work/study.”

Top Ransomware Attacks

The top three ways ransomware is attacking entities are phishing emails, SaaS applications and Windows endpoint systems applications.

The report does show progress in the fight against ransomware, Weeks said.

“Organizations are putting spend behind the right tools to defend against ransomware threats,” he said.

“Now more than ever, organizations need to be vigilant in their approach to cybersecurity, especially in the health care industry, as it’s managing and handling the most sensitive (and for criminals the most valuable) private data,” said Travis Lass, president of Xlcon, a Phoenix-based MSP. “The majority of our clients are small health care clinics with no in-house IT. As ransomware attacks continue to increase, it’s critical we do everything we can to support them by arming them with best-in-class technology that will fend off malicious attackers looking to take advantage of the already fragile state of the health care industry.”

Microsoft is pressing companies to move away from sending one-time passwords over PSTN and SMS networks for multi-factor authentication (MFA).

Texting or sending voice-based one-time passwords carries some risk, Microsoft’s director of security, Alex Weinert, warned. Hackers can intercept the one-time passwords and penetrate a network or take over an account, he said. Likewise, SMS and voice sent over PSTNs increase the risk of customers falling victim to phishing and social engineering attacks.

“I believe they’re the least secure of the MFA methods available today,” Weinert noted in a blog. “That gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators extend their security and usability advantages.”

Weinert said organizations that are using SMS and voice should transition to cryptographically protected credentials tools support Fast Identity Online (FIDO) Alliance standards. Nevertheless, Weinert emphasized that if you use SMS or PSTN-based one-time passwords, that’s still better than not using MFA. Likewise, he noted the risk is relatively low and that organizations that have not implemented MFA shouldn’t delay doing so.

“MFA is essential — we are discussing which MFA method to use, not whether to use MFA,” he noted.

Brian Sherman, a solutions engineer at Valeo Networks, a provider of managed security services, agreed.

Valeo Networks’ Brian Sherman

“Weaker MFA is always better than no MFA,” Sherman said. “Unfortunately, SMS was never intended to be used as a means of authentication.”

App-Based Authentication with Encryption

Rather than SMS or voice, organizations should use app-based authentication, according to Weinert. In Microsoft’s case, the tool of choice is  Microsoft Authenticator. The app uses encrypted communication and allows bidirectional communication on authentication status, Weinert noted. Over the past year, Microsoft has added app lock, the ability to hide notifications from the lock screen, and sign-in history.

The problem with SMS and voice protocols sent over PSTNs is they weren’t designed to support encryption, according to Weinert.

“Signals can be intercepted by anyone who can get access to the switching network or within the radio range of a device,” he noted.

Weiner raised that point last year, when he noted that “an attacker can deploy a software-defined-radio to intercept messages, or a nearby FEMTO, or use an SS7 intercept service to eavesdrop on the phone traffic.”

NIST Warnings

Microsoft isn’t the first company that has campaigned against using SMS or voice for MFA. Security experts have warned of the risks for several years. In 2016, the National Institute of Standards (NIST) initially proposed restricting the use of the networks for OTPs. While the agency softened its language, it still is not a recommended practice.

“We recommend our clients use app-based MFA whenever possible,” Valero Networks’ Sherman said. “Under some specific scenarios we recommend physical keys; for example, if employees are not allowed to carry cellphones.”

In July, Google announced it was shifting from SMS and voice-based codes to phone prompts as its primary form of MFA. According to research conducted by Google last year, on-device prompts were a more secure than SMS. Cybercrooks were only successful with 1% of bulk phishing attempts with the phone prompts, which compares to 4% with SMS. Targeted attacks with phone prompts had a 10% success rate, compared with 26% with SMS. When used with security keys, no one successfully implemented a targeted or phishing attack.

For its part, 99% of Valero Networks’ clients use MFA in some capacity, according to Sherman.

“I don’t think there are any that use strictly SMS,” he said. “It’s more of a mixed bag among the user base. I would say it’s roughly an even split between app based and SMS.”

The winners of the 2020 MSP 501 Special Awards are certainly a cut above. These MSPs demonstrated a willingness to take risks and a deep familiarity with the MSP market, two characteristics that are critical to channel companies looking to stay ahead of the curve.

The awards are part of the 2020 MSP 501, the first, largest and most comprehensive ranking of MSPs worldwide. 

The award for MSP of the Year works a little differently from the other special 501 awards. We narrowed the field of contenders down to finalists that we feel represent the modern channel and display excellence in business efficiency and business model innovation.

What does that mean? For starters, the nimbleness to pivot to meet industry trends, the guts to make risky moves today to position the business for tomorrow and the discipline to structure operations to achieve maximum efficiency in service delivery. MSP of the Year finalist Colden Company exemplifies this ideal. 

Growth and Evolution

Colden Company’s business model over the last three to five years has grown and evolved amid some pretty unique industry dynamics, customer needs and emerging tech trends. President James Lapointe will be the first to tout staying ahead of the game.

Colden Company’s James Lapointe

“We have a saying here at Colden Company,” said Lapointe. “If you are running your business the same way you were two or three years ago, you are not staying the same; you are falling behind.” That is because your competition is evolving and taking advantage of new technology and emerging markets. We knew we had to evolve too.”

Colden Company had to become more focused on cloud solutions and also delivering value from Microsoft 365 solutions. According to Lapointe, any IT vendor can set up a customer on Microsoft 365 for email. Colden Company developed best practices for Teams implementations, and started digging into some of the other value-adds like Power BI, Power Automate and Planner. 

“We wanted to be able to provide solutions to their customer’s business problems,” said Lapointe. “To do this, we needed to focus on educating ourselves, but also be in tune with what our customers’ issues were.”

Business Model Innovation

The need to evolve one’s business model can also be brought about by certain industry trends. These tend to fluctuate and shift so quickly, a company must keep their finger on the pulse of things. 

“We do business planning every year, so we try to evolve year to year,” said Lapointe. “We look at our service offerings and determine where we want to be as a company. At that point, we build that into our business plan and review it quarterly to make sure we are staying on track. Ten or 12 years ago, we were trying to beat the curve into the managed services space from break-fix. Five years ago we were looking to be ahead of the curve of data security offerings. Now it is cloud and IT consulting.”

What does this all boil down to? According to Lapointe, it’s really about the people leading an organization. If a company has forward-thinking leaders, regardless of their vertical, they can be early adopters.

Operational Shifts

To support this new, evolved business model, Colden Company had to make a few …

Cisco on Monday said it plans to buy Hungary-based startup Banzai Cloud. The company’s mission is to simplify the development, deployment and scaling of complex applications based on Kubernetes.

Cisco didn’t reveal the purchase price.

The Banzai Cloud acquisition follows the purchase of Portshift, on Oct. 1, another Kubernetes-focused target. Portshift builds application security solutions that span a large portion of the cloud-native application life cycle. That span is from development and policy enforcement to vulnerability management and runtime protection. The Portshift acquisition gives Cisco cloud-native application security capabilities and expertise for containers and service meshes for Kubernetes.

Cisco’s Liz Centoni

“These two cross-border acquisitions are a testament to the globalization of the cloud-native ecosystem and underscore our commitment to hybrid, multicloud, application-first infrastructure as the de facto mode of operating IT. The Emerging Technologies and Incubation team’s mission is to incubate impactful technologies and to attract, foster and grow the global talent needed to drive innovation and support our customers’ digital transformation initiatives,” Liz Centoni, senior vice president, emerging technologies and incubation at Cisco, wrote in a blog.

Modern Cloud-Native Applications

Modern native cloud applications are poised to displace monolithic applications in the dust. Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure and declarative APIs exemplify this approach, as per the Cloud Native Computing Foundation.

Cisco expects the deal to close sometime before the end of January. The Banzai Cloud team will join Centoni’s emerging technologies and incubation group at Cisco. To date, for 2020, Cisco has targets and/or racked up six acquisitions, including Banzai Cloud and Portshift. Other acquisitions made this year include BabbleLabs, Modcam, ThousandEyes and Fluidmesh Networks.

This holiday season will be like no other with the continued use of remote work, greater online sales, third-party sourcing from across the globe and employees taking much-needed time off. With their support networks and trusted relationships, IT service providers continue to be targeted by attackers. Cyber criminals will take advantage of these distractions to steal sensitive data, hold it for ransom or use MSPs as a stepping-stone to more lucrative victims.

Hackers often strike when businesses let their guard down, gaining access to networks but laying low to strike later. Once centered on key shopping days like Black Friday and Cyber Monday, cyber attacks are now extending across all of November and December and into the new year, making comprehensive vigilance and 24/7 visibility even more challenging. It’s time to fight back against cyber criminals with defense-in-depth resiliency to proactively protect your end customers at this crucial time of year.

Here’s a list of holiday season threats and best practices to defend against them:

• Step up vigilance during the holiday season: Knowing that businesses will be short-staffed or even preoccupied at the end of the year, cyber criminals intentionally target businesses in Q4. As a first step, keep systems patched and remind employees about cybersecurity risks like phishing and preventative measures. Look for suspicious behavior such as access from countries where you don’t have any operations or customers.
• Protect data in POS environments: Point-of-Sale (POS) devices enable consumers to complete purchases and transactions safely. These devices access critical infrastructure and assets as well as communicate with payment processors and banks. POS threats can include file-less attacks, ransomware, zero-day attacks and skimmers placed physically on devices. Use PCI DSS compliance standards as the starting point to identify POS risks and best practices. However, it is critical to realize compliance alone is not enough for adequate security.
• Don’t overlook work-from-home security: Your customers will continue to encounter more cybersecurity vulnerabilities as laptops remain outside the IT perimeter of headquarters. Employees may use work devices for online shopping or charity donations during the holidays, or, conversely, use less-protected personal laptops for work tasks. Layered defenses can help you stay current on remote work threats to rapidly mitigate persistent and well-funded adversaries.
• Boost endpoint security: With over 70% of threats starting on network endpoints like laptops and mobile devices, it’s clear that traditional endpoint security tools like anti-virus are insufficient. Endpoint protection platform (EPP) capabilities can block and even prevent threats in real time before damage occurs.
• Use multi-factor authentication (MFA): Increased authentication protection with multi-factor authentication (MFA) is an easy way to strengthen your security posture. MFA provides an additional layer of security that can compensate for

Mobile devices have become an indispensable part of our lives. By the time we’re teenagers, we’re already tethered to technology that lives in our pockets and connects us to a network far larger than we ever imagined possible. Because of the way we interact with our phones, the devices know our likes, curiosities and vulnerabilities–in addition to our passwords, financial data and most closely held secrets. This seemingly infinite amount of data also makes our mobile devices highly attractive targets for malicious actors. That’s why it’s critical to protect phones from threats with effective mobile security.

A successful attack on your phone could compromise your personally identifiable information (PII), banking accounts, and even your professional life or the success of your business. Just like you lock the doors of your house when you go away, or your storefront after business hours, you should take care to secure the entry points that cybercriminals use to gain access to the data on your phone.

WiFi and Mobile App Threats

The convenience and ubiquity of public WiFi and mobile apps are also their greatest weaknesses. With unsecured public WiFi, you can never be sure if you’re connecting directly to a secure hotspot or to a hacker who is stealing your information and relaying it to another malicious actor. Before you connect to an unfamiliar public WiFi network, follow these mobile security best practices to reduce the chances of compromising yourself:

• Use a virtual private network (VPN) instead: VPNs are highly recommended for all business communications. A VPN keeps your network and Wi-Fi communications encrypted, which makes it much harder for hackers to access.
• Disable sharing on all apps: While you may be comfortable sharing your location with apps when you’re on a secure connection, consider disabling it in system preferences or settings when you’re connecting to public WiFi.
• Verify all public WiFi networks: Hackers can easily set up a public WiFi that looks like it’s owned by the proprietor. Before you connect to “Java House Guest WiFi,” ask someone behind the counter the exact name of the business’s WiFi network.
• Plug Bluetooth vulnerabilities: Hackers often use Bluetooth connections to infect or steal files. This puts personal data at risk when using Bluetooth. These attacks involve using the device for phone calls or text messages, or using Bluetooth functionality to find deeper vulnerabilities in the phone system or to steal data stored on the phone. Similar exploits exist for Apple users through the AirDrop feature. The best way to plug theses vulnerabilities is to turn off Bluetooth or AirDrop when not in use, keep your software up to date, pair only with trusted devices, and use a VPN to encrypt your data and hide your identity.
• Disable auto-join for open networks: Public WiFi networks are ideal environments for a range of cybersecurity attacks, including rogue networks, man-in-the-middle attacks, viruses, and snooping or sniffing. To prevent the likelihood of these attacks, remote users should turn off Wi-Fi auto-connect settings for public WiFi networks.

With more than 120 million Android users, Android malware continues to be a real and increasingly common threat. Google has already pulled a large number of malicious apps from the Play store. But the open nature of the Android operating system makes it an easy play for hackers. The year 2020 has been a particularly risky one for mobile app users. A few of the more dangerous mobile security threats in circulation include:

• Joker: Since 2019, Joker has been stealing credit card information and banking credentials by simulating other legitimate apps.
• CryCryptor: Based off the open-source ransomware CryDroid, this mobile variant has been spotted masquerading as a COVID-19 tracing app.
• EventBot: This malicious app abuses accessibility features to steal user data, and reads and steals SMS messages to bypass two-factor authentication.
• Dingwe: This modified remote access tool is capable of controlling a device remotely. Samples have been found impersonating as COVID-19 tracing apps.

Many of these malicious operators use various tricks to evade detection. Since Android devices can come with hundreds of apps pre-installed, there’s a high potential for security gaps that a malicious app maker could exploit.

No. 1 Defense Measure: Update the OS

One of the major vulnerabilities with Android devices is outdated software. More than 40% of Android devices are using an OS version older than Version 9. This makes them more vulnerable to malicious applications.

Webroot Mobile Security can help improve your mobile defenses without impacting your browser speed. It allows you to browse, shop, search, bank or use social networks, all while blocking malicious websites that try to steal your personal information. Webroot Mobile Security includes proactive identity protection features that block malicious sites that try to steal your personal info or harm your device. With Webroot Mobile Security, you can hide your digital footprint and your browsing history through private browsing mode.

Steven Jurczak is a Product Copywriter at Carbonite and Webroot. He blogs about backup and recovery technology, information security and IT industry trends.

This guest blog is part of a Channel Futures sponsorship.

Ransomware attacks, like the one in late October targeting the U.S. health care system, continue to rise. Cybersecurity Ventures predicted a year ago that ransomware damages will reach $20 billion by next year. That’s more than 57 times the rate of attacks in 2015. And the shots are coming even from malicious hackers who aren’t all that tech savvy, thanks to malware as a service. The increase in threats against managed security service providers’ customers calls for greater protections. Backup as a service stands out as a prime candidate now more than ever.

When it comes to backing up files, MSSPs already know about non-rewritable, non-erasable options. Typical and legacy setups, however, require physical media of some kind — optical, tape or servers. This consumes space, time and still exposes the end user to risk. But with the cloud era in full swing, backup as a service, with an emphasis on security, has grown more capable – and imperative – than ever.

IDC’s Archana Venkatraman

“There is a real pressure to leverage the cloud to reduce capital spend, improve resilience, recovery and data security as the risk of ransomware and cyberattack is sharply increasing,” said Archana Venkatraman, associate research director of cloud data management at IDC Europe. “IDC research shows that 93% of organizations have been the targets of malware attacks in 2019, with a majority suffering successful attacks or multiple attacks. With the right cloud data protection strategy, companies can significantly reduce the time to value, which is critical to quickly become ransomware resilient in the wake of rising attacks.”

Yet, not only are businesses worldwide facing onslaughts of malware, ransomware criminals have figured out how to encrypt the data for which they want to be paid. According to a May 2020 report from Sophos, more than half (51%) of organizations were hit by ransomware throughout the previous year. Hackers had encrypted the data in 73% of those attacks.

Who’s Doing What?

Vendors are responding with secure backup as a service that subverts such attempts. And, to be clear, many, including NetApp, Druva, Commvault, IBM and others, have offered such capabilities for years. But many keep evolving their technology, making it more airtight, as cyberattackers get bolder and sneakier. They also are taking more active roles in educating partners.

On the product side, Commvault, for example, just released its Metallic platform throughout the EMEA region, and sold through the channel. (Commvault already had made the solution available in the United States, Canada, Australia and New Zealand.) Commvault built Metallic on Microsoft, so it integrates with users’ Azure capabilities.

Meantime, Green Cloud Technologies, which only sells through partners, just jumped into backup as a service. Its focus, though, lies not just on backup — it aims at data security.

Green Cloud’s Charles Houser

“Traditional malware defenses often prove ineffective as ransomware works by encrypting the users’ data, rendering the source data and backup data useless,” Charles Houser, co-founder and executive vice president of sales and marketing of Green Cloud Technologies, told Channel Futures. “We need to act now to protect our partners as threats are increasing.”

To achieve this, Green Cloud teamed with Veeam and Cloudian, and made sure the resulting product used object lock.

While again, this approach is not new, it does protect against serious current threats. These are the threats MSSPs and their customers face every day.

Green Cloud’s Keith Coker

“Our channel partners will now be able to offer a secure backup storage solution that address their clients’ urgent need to protect data from ransomware attacks, which have increased in frequency by 97% in just the last two years,” said Keith Coker, CEO and co-founder of Green Cloud. “Cloudian object storage integrates … with Veeam Availability Suite, which allows our partners to provide immutable offsite storage for a clean restore in case a cyberattack occurs.”

The combination of Veeam, Cloudian and object lock “prohibits the deletion of data by making that data temporarily immutable,” added Houser. “It is done for increased security; immutability protects your data from loss as a result of ransomware attacks, malware activity or any other injurious actions.”

MSSPs using Green Cloud and Veeam can easily take advantage of the offering, Houser said. They “would simply point their backups to Green Cloud, making backups so easy and … next-level secure.”

Finally, HYCU represents another multivendor-focused channel provider making backups easier for partners. Last month, the company launched beefier protections against ransomware in its HYCU Backup for Google Cloud platform. The enhancements consist of support for backup targets using Cloud Storage Bucket Lock and air-gapped backup targets.

On the education side, Druva, for its part, on Tuesday will present its first-ever virtual event homing in on cloud data protection. Meanwhile, NetApp ran a series over the summer on ways to fight ransomware.

No Time to Wait

Overall, given the unrelenting avalanche of cybercrime, it only makes sense that MSSPs reexamine their backup strategies for clients now.

Consider what McAfee’s chief scientist, Raj Samani, had to say at September’s Channel Partners Conference & Expo Virtual:

“You’ve got some very capable threat actors that are actively innovating,” he said. “They are actively developing new ways to be able to demand more money. There are other criminal groups out there that are just simply copying. Not only are they copying it, they’re replicating it with such success that they’re making millions and millions of dollars.”

The attacks will just keep getting worse, Samani said. MSSPs must do their part to stay ahead of the problems.

“It’s absolutely imperative that we learn and understand the way this particular market is adapting and evolving,” Samani said.

For additional insight into ways to fight back against ransomware, check out this new podcast from CompTIA and this recent Channel Futures webinar.

VMware on Monday announced enhancements to its Virtual Cloud Network (NSX portfolio), the embodiment of its Modern Network framework.

The VMware Modern Network brings public cloud principles to the private cloud. It is based on three pillars: modern apps connectivity services, multicloud network virtualization and physical network infrastructure.

VMware’s Rajiv Ramaswami

“We’re seeing a historic increase in our reliance on apps, clouds and devices. Applications have become the face and digital lifeblood of businesses,” said Rajiv Ramaswami, chief operating office, products and cloud services VMware. “The apps are modern, they’re often born in the cloud, they’re adapting to user and market demands. And these applications need to be available across any location and any device. Rapid innovation along with frictionless consumption is really what we’re all about.”

3 Core Pillars

The portfolio enhancements touch on each of the three Modern Network pillars.

There are a few enhancements related to the first pillar of the framework — modern apps connectivity services. First, the VMware Tanzu Service Mesh is now generally available. Tanzu Service Mesh is a technology that controls the communication among the thousands of components (or containers). It enforces security policy, measures performance, understands data and more.

VMware’s Tom Gillis

“It addresses the fundamental needs of security and gives developers the ability to create very modular, very rapidly changing applications,” said Tom Gillis, senior vice president and general manager, networking and security business unit at VMware.

Additionally, VMware announced a preview of a distributed attribute-based policy model, new NSX Advanced Load Balancer integration with Tanzu Service Mesh, and Project Antrea.

The new policy model aims to simplify the job of building and administering policy and drive toward higher-level automation capability.

The NSX Advanced Load Balancer enables application developers using Kubernetes to launch an application with all required load balancing capabilities — without ever having to touch the infrastructure. API-driven, this combined solution will deliver high availability and security for modern applications via load balancing and web application firewall capabilities. Expect this integration to be available sometime after Jan. 30, 2021, when the company’s new fiscal year begins.

Project Antrea is an open source cluster-level networking solution. It allows a developer to deploy its own network solution to allow containers to talk to each other and connect. It connects to NSX for a two-tier approach, providing all of the security services and the connectivity that developers want.

Virtualized Network Virtualization and more

In regard to the second Modern Network pillar – Virtualized Network Virtualization – The company announced that vRealize Network Insight can not only identify problems but self-heal or fix problems.

“That end-to- end view is extremely powerful for troubleshooting, for creating efficiency, especially in a COVID-19-centric world where you can’t always touch the devices,” said Gillis.

As for the third pillar – physical network infrastructure – VMware said the NSX Services-Defined Firewall running on a Monterey SmartNIC will be able to run stateful layer 4 firewall services at line rate. Additionally, the SmartNIC will be able to run layer 7 stateful firewall as well as VMware’s curated IPS Signatures.

“Being able to put a layer 7 firewall in the NIC and have it operate effectively with air gap – it’s not running in the memory of the host, it’s running in the NIC – we think this is a transformative capability for advanced security. Putting the security where it matters, which is right next to sensitive applications and data,” said Gillis.

VMware discussed Project Monterey at VMworld 2020 (virtual) in September. Project Monterey addresses the modern application landscape, which includes support for SmartNICs and the redesign of VMware Cloud Foundation. It also includes with other technology vendors for SmartNIC technology.

Company Name: Platte River Networks
Company Hot 101 Rank: 19
Vice President of Sales and Marketing: David DeCamillis
Headquartered: Denver, CO
Primary Services:

• Network design, management and implementation
• Remote network monitoring
• Server maintenance
• VoIP phone systems
• Network cabling procurement of hardware and software

Twitter: @PRNtechnology

Platte River Networks’ decision to increase marketing during the COVID-19 pandemic has paid off with solid leads and revenue gains.

The MSP ramped up marketing when other businesses were cutting back. And it shifted its focus to helping clients make the transition to remote work.

As vice president of sales and marketing David DeCamillis points out, having the right strategy has helped his company prosper in challenging times.

Platte River Networks’ David DeCamillis

In a Q&A with Channel Futures, DeCamillis talks about challenges and opportunities during the pandemic. And he talks about his company’s biggest pivot.

Channel Futures: What is one thing you wish vendors would do that they don’t?

David DeCamillis: Quickly adapt to fit current partner needs. For example, with COVID-19, we lost the ability to put on face-to-face lead-generation events. Vendors should recognize this major shift in the industry, and offer funds and assistance to partners by creating virtual lead-generation events, and help fund and support other digital lead-generation activities for their partners in order to quickly fill the void created by the pandemic.

CF: What new opportunities and challenges came with the COVID-19 pandemic?

DD: Many companies made the mistake of reducing their marketing activities during the pandemic. We did not; in fact, we increased it and it has paid off huge. We shifted our messaging in mid-March to providing our audience with helpful information on how to manage their business and employees during the crisis. That included moving and securing their workforce out of the office and into their homes.

This was not the time to directly sell to your audience. We provided easy-to-read infographics on how to work at home safely and efficiently, and other helpful topics. We provided virtual educational sessions to local chambers, associations and groups. Throughout the pandemic, we have seen more and more IT departments and other MSPs failing at the shift to a remote/home workforce. In May, we shifted our messaging to the top five reasons to outsource your IT and how our IT department has performed during the crisis. Our marketing efforts have generated solid leads during the crisis. And in the last 60 days we have signed on more new monthly recurring revenue than any quarter in our company’s 18-year history.

In a crisis, companies that go quiet by cutting their marketing budgets and reducing their digital marketing efforts will definitely see reduced growth. Don’t get caught up in the same funk as your competitors. Now is the time to ramp up your marketing efforts. Your audience is listening.

CF: Tell us the story of the biggest pivot you’ve ever had to execute.

DD: Our biggest pivot was surviving the Hillary Clinton email scandal. We signed on the Clintons as a client, managing the famous home email …

This week’s ConnectWise IT Nation Connect 2020 went virtual this year due to the COVID-19 pandemic. The three-day conference touched many key industry trends and areas of focus. For MSPs looking to grow a stronger company in what has been a roller coaster of a year, the topics were aimed at gut-checks and growth.

The event kicked off with a rather significant announcement, in true ConnectWise form. At last year’s IT Nation Connect, the provider announced the acquisitions of Continuum and ITBoost, as well as a strategic partnership with Webinfinity. This year, ConnectWise said that it has acquired Perch Security and StratoZen, two cybersecurity firms dedicated to the needs of SMBs. The acquisitions aim to change the way technology service providers (TSPs) and managed service providers (MSPs) think about security. The objective is to eliminate the many silos around point solutions that plague the MSP industry.

The rest of the conference sought to provide a road map for MSPs for the rest of 2020 and beyond. Content tracks focused on security, leadership and talent development, sales and marketing, growth and scalability and service delivery. Keynotes from business and industry thought leaders touched on cybersecurity frameworks, improving the customer experience, and key indicators on where the industry is heading. 

“This is the time to streamline your services,” said Craig Fulton, chief customer officer, ConnectWise, in a post back in October. “Take a look at the solutions you offer your customers and how you operationalize that in the platform. Look at your business and ask where you want it to be.”

At IT Nation Connect, the sessions gave goers direct lines to these actions. Here’s a quick recap.

Cybersecurity

Cybersecurity is obviously one of the biggest topics out there these days. IT Nation Connect certainly pounced on that conversation from several different angles. One breakout session, “Cybersecurity Frameworks and Why You Should Start Your Journey with Them,” dug into NIST, CIS, MSP+ and other frameworks. Speaker Jay Ryerse, vice president of cybersecurity initiatives, ConnectWise, provided information on how folks can leverage those frameworks to support the creation of a cybersecurity practice to address client’s business, technology and cybersecurity needs.

ConnectWise’s Jay Ryerse

“For service providers, there is an amazing opportunity to close the gap,” said Ryerse. Ryerse used the example of securing one’s own oxygen mask before assisting others if a plane loses cabin pressure.

“Cybersecurity is the same way,” he said. “You have got to lock down your house first. If you get hit by a cyberattack, how can you possibly help your customers? So make that one of your areas of focus. You also must align to the MSP+ and other cybersecurity frameworks. These will help drive those necessary conversations with your team. It will also drive culture as you teach these practices to your peers.”

Automation

Another session, “Automate for Success: How to Do More with Less,” touched on how many tasks can be automated, and how much more efficient this automation will make a company’s team. Last year, it was talent shortage; this year it’s growing receivables. In good times and bad, efficiency matters. Doing more with less means automating as much routine work as possible. Speaker Travis Brittain, sales engineer, IT Glue, talked about the state of the industry, and how MSPs can become more efficient. 

IT Glue’s Travis Brittain

“The market is becoming increasingly competitive,” said Brittain. “When your prospects are coming to you and saying that they want a lower price, it’s one of two things. It could be because of the economic times we’re in right now. Or, they know that they can get these types of services from others inside of their local reach. So it’s not hard to imagine why these other MSPs are starting to bubble up. It’s also why you see other companies that you don’t expect to get into managed services to grab hold of this market.”

Scaling

In the session, “Blueprint for an Efficient Remote Customer MSP Practice,” the discussion revolved around scaling. 2021 will bring about various market dynamics impacting the small and medium businesses. This will likely include increase in hybrid remote workers, advanced cybersecurity threats and digital collaboration initiatives, to name a few. In addition, all companies want these initiatives to be supported via cloud infrastructure. The session dove down into the latest developments between ConnectWise and Intel designed to help MSPs scale what they offer.

ConnectWise IT Nation Connect 2020 covered a wide swath of other topics, chalking up an overall success for the IT management and business automation software provider.

To top off the event and the week, Malwarebytes, the provider of advanced endpoint protection and remediation solutions, announced its integration with ConnectWise Automate. Automate is ConnectWise’s remote monitoring and management (RMM) software solution. The new integration aims to enable MSPs to more effectively detect, isolate and recover from cyberthreats. This can happen from within their existing ConnectWise work streams. 

It will be interesting to see what happens between now and next year’s ConnectWise IT Nation Connect. In the meantime, secure your oxygen masks and buckle up!