Category Archives for "Managed Services News"

Dec 21

How FortiSOAR Can Help MSSPs Provide Differentiated Service Portfolios

By | Managed Services News

As the market for threat detection and response grows, FortiSOAR ensures that MSSPs are able to provide differentiated service portfolios to their customers.

As more businesses digitize their offerings, the market for security service providers has grown substantially. With this growth has come increased competition between MSSPs and third-party service providers, as they both target the same market and provide the same services. This means that in order to stay competitive, MSSPs must be able to offer differentiated service portfolios that meet the specific needs of their customers.

This is where Fortinet’s FortiSOAR platform can be of use. FortiSOAR is a vendor agnostic security orchestration, automation and response (SOAR) platform designed to help SOC teams streamline threat identification and response by eliminating manual processes. By integrating this into a customer’s existing security infrastructure, FortiSOAR allows MSSPs to offer a customized security framework that unifies operations. With a customized SOAR solution, customer SOC teams are better equipped to manage the evolving threat landscape, allowing them to take a proactive approach to security.

Key Features of the FortiSOAR Platform

To keep pace with today’s threats, organizations are increasingly implementing point solutions across their networks. While these can help bolster security, they also fragment security infrastructures, limiting the SOC team’s ability to accurately identify threats. This creates a number of challenges for security teams, including alert fatigue, non-compliance with regulations and slower response times. FortiSOAR addresses these challenges by centralizing key security features in one platform, thereby eliminating the need for point solutions. Let’s take a look at some of the key features of the FortiSOAR platform:

Role-Based Incident Management

FortiSOAR’s Enterprise Role-Based Incident Management solution provides SOC teams and other cybersecurity teams within the organization (forensics, data loss and prevention teams, etc.)  with role-based access control capabilities. This allows them to segment and manage sensitive data in accordance with administrative policies and guidelines. With a customized view of network assets, analysts are able to prioritize threats in real time, improving incident response. In addition, FortiSOAR’s Recommendations Engine is able to link and predict the severity of incidents based on past reports, aiding SOC analysts in identifying duplicates or false positives.

  • Role-Based Dashboards and Reporting

Role-based dashboards and reporting empower customers to measure, track and analyze threat investigations, as well as SOC performance. FortiSOAR’s library of 10-plus OOB industry-standard dashboards and customizable templates ensures that SOC teams can access the tools they need to optimize their available time and resources.

FortiSOAR also provides comprehensive reports for incident closure, incident summary and incident progress. Using insights from these reports allows SOC teams to easily track key performance metrics and identify where optimizations can be made.

FortiSOAR provides distributed multi-tenant product offerings with scalable, secure and distributed architectures, allowing MSSPs to offer MDR-like services. This led one of FortiSOAR’s MSSP customers to develop a seven-figure revenue stream. With the ability to automate tenant workflows remotely, managing individual customer ecosystems becomes streamlined, enabling security efficacy. FortiSOAR also involves customers in approval requirements by providing them with personalized alerts, incident views, and dashboards.

FortiSOAR’s Visual Playbook Designer allows SOC teams to design, develop and use playbooks in the most efficient manner. The designer facilitates playbook creation by providing an intuitive drag and drop interface that strings together multiple steps, including playbook simulation, workflow code execution, looping and error handling. This requires no advanced programing skills and comes with over 150 OOB playbooks, half which are dedicated for threat hunting efforts. The platform also gives customer SOC teams the ability to automate workflows, enhancing their vulnerability management and regulatory compliance capabilities.

FortiSOAR enables comprehensive case management by providing OOB modules for incident response, vulnerability management and fraud. MSSPs can also build custom modules to meet individual customers’ security requirements so that they can continue to support their business objectives as they grow and their networks become more complex.

FortiSOAR Use Cases for MSSPs

As part of Fortinet’s integrated Security Fabric architecture, FortiSOAR unifies security tools in a single centralized platform. This allows SOC teams to automate alert triage and investigation processes, freeing up time to

Dec 21

New LogicMonitor Partners to Fuel Southern EMEA Growth

By | Managed Services News

This year, LogicMonitor has seen an over 500% increase in partner-originated revenue.

New LogicMonitor partners will expand the company’s reach across southern EMEA.

The company has added nine new channel partners from across southern EMEA to its LogicMonitor Partner Network.

The new partners are:

  • C.H. Ostfeld and Devoteam in Italy.
  • Cloudvisor in Eastern Europe.
  • Everis in Spain.
  • Layer8 in Portugal.
  • Syntax IT Group in Greece, Syntax IT Consulting in Kuwait, and Syntax Doha IT & Services in Qatar.
  • Yael Software Group in Israel.

Accelerating International Expansion

LogicMonitor has accelerated its international expansion through partnerships in a variety of markets since it launched the partner network in 2019. This year, LogicMonitor has seen an over 500% increase in partner-originated revenue.

Sanjay Gupta is LogicMonitor’s global vice president of channels and alliances.

LogicMonitor's Sanjay Gupta

LogicMonitor’s Sanjay Gupta

“We are continually expanding our global partner network to support LogicMonitor’s rapid growth and customer demand,” he said. “And we’re proud to welcome these market-leading channel partners in the diverse and important southern EMEA region. Our valuable partner relationships in regions such as southern EMEA extend our ability to connect with businesses far and wide looking to gain control of their complex IT infrastructures.”

Sign up for Channel Futures’ EMEA newsletter. That’s where we feature news and analysis involving companies based in Europe, the Middle East and Africa, as well as those doing business in that region.

In 2021, LogicMonitor will continue expanding its partner network to establish mutual go-to-market success and revenue growth across all high-growth markets, Gupta said.

Growing Demand in EMEA

The vast majority of businesses in southern EMEA still primarily rely on on-premises technology. However, the combination of COVID-19 and the need for SaaS has accelerated the region’s transition to a hybrid infrastructure with on-premises and cloud.

The latest LogicMonitor partners join a select group of systems and technology integrators, MSPs and resellers within the partner network.

“Syntax is committed to ensuring our clients are successful in their digital transformation journeys,” said Nicholas Afxentiadis, Syntax IT Group‘s president. “With LogicMonitor, we are better positioned to grow alongside our clients in Greece, Cyprus and the Gulf Cooperation countries, and are able to effectively replace their legacy systems to be successful in this digital transformation journey.”

LogicMonitor partners can expand their company’s offerings and profit margins by offering a monitoring and observability platform.

Dec 21

High Stress, Demand for Security Services Among MSP Pain Points

By | Managed Services News

Rising demand for security services comes as no surprise with remote workers under attack.

A new Pulseway MSP pain points survey reveals a high level of stress among MSPs and concerns about growing their businesses.

Pulseway polled its MSP partners to identify main pain points and common struggles they’ve encountered through 2020.

Pulseway surveyed MSPs in four categories:

  • Working arrangements and how they have changed because of COVID-19.
  • How MSPs and their staff have been personally impacted by COVID-19.
  • How the service provided has been impacted by the pandemic.
  • What impact COVID-19 has had on the business.

Fifty-six percent of MSPs reported demand for security services, but only 38% said they had introduced such services.

Fifteen percent reported that IT security was “much worse” as a result of COVID-19 restrictions and 32% said it was “slightly worse.”

Gap Between MSPs, Customers with Security

Andy Ellwood is Pulseway‘s product marketing manager.

Pulseway's Andy Ellwood

Pulseway’s Andy Ellwood

“MSPs recognize security is an issue,” he said. “Customers also understand the need for more services. Looks like there is a gap.”

Rising demand for security services comes as no surprise after the rise of phishing attacks targeting remote workers since the beginning of the year.

There is a clear demand for additional services, Ellwood said. In addition to security, two in five (40%) report a demand for help desk services, 36% for backup and 27% for patching. All are relatively easy to support with the appropriate technology.

Personal, Business Findings

Among personal key findings:

  • Two-thirds (67%) of MSPs said their job was stressful and 64% said it has become more stressful in the past nine months.
  • Three in four (74%) had to work outside of normal hours and 53% said workload had increased.
  • More than half (52%) said their team’s stress levels increased. Eighty-two percent said customers were contacting support outside normal hours, either a little or a lot.
  • One in three (33%) said work/life balance had deteriorated, and 70% said life had become harder in the past nine months.
  • One in four (24%) said worries about their own health were keeping them awake at night.

Among business key findings:

  • Nearly half (47%) of MSPs had customers canceling, while 48% had customers postponing projects. This mostly impacts new hardware projects.
  • Fifty-five percent said growing the business was keeping them awake at night.
  • Almost half (48%) said customers were cautious about investing in new services and/or technologies.
  • Forty-six percent said customers were cautious about committing to new contracts.
  • More than one in four (28%) experienced customers canceling contracts.
Dec 21

2021 Trends: Set the Stage for a Successful 2021

By | Managed Services News

Here are the biggest 2021 trends to plan for—and how 2020 set the stage for them.

It goes without saying that 2020 has been quite a year, with each month feeling like it has tried to top the last. And while 2021 may not start off much different, it will hopefully end on a higher note than it began. For MSPs looking ahead to the year to come, there are many lessons to be learned from what just transpired. In the IT world, the pandemic didn’t necessarily start any major new trends as much as it accelerated those already in progress. When looking at 2021 trends, the expectation is a continuation of these transformations, and MSPs that have been adjusting on the fly should anticipate more of the same.

So, looking both in the rear view and the horizon, what are the biggest 2021 trends MSPs should be planning for? And how has 2020 set the stage for how to survive and thrive?

  1. Remote work is here to stay.

Remote work didn’t begin in 2020, but nearly every industry got a crash course in how to do it at scale for a sustained period of time. While many businesses are eager to get their workforce back into the building and lots of employees realized they prefer their workplace cubicle or corner office to the kitchen table, the consensus is mixed.

Workers who previously never had the option to work from home have now had a taste of it, and some will prefer to maintain the status quo at least some of the time long after vaccines have quieted the viral storm. Trading off water cooler chat and free breakroom coffee for no commute, sweatpants and flexibility is pretty appealing for a broad swath of professionals.

At the same time, some organizations are realizing that a fully or partially remote workforce isn’t just manageable but may be preferrable. Whether it’s giving their staff some additional work-life balance or the bottom-line savings that come from spending less on rent and furniture thanks to a smaller physical footprint, some forward-thinking companies are considering their alternatives when it comes to office space.

However, beyond adapting corporate culture, IT demands inevitably increase in this scenario. More remote workers mean managing additional endpoints connected to insecure WiFi connections, personal devices being used for business applications and a much less homogenous IT environment.

To properly support customers in this environment, MSPs must similarly shift to a “remote-first” mentality: Yes, there will be employees, devices and potentially servers in normal offices, but remote employees should be considered the norm rather than the exception. This means creating IT environments and system access that is completely agnostic to what location or network is in use.

It also means patching and upgrades are more important than ever. All those endpoints need the latest security updates installed pronto to avoid the rampant traps cybercriminals are laying these days for unsuspecting users.

Collaboration tools are another effective way to combat any loss of productivity for MSPs themselves as well as their clientele. Whether it’s Microsoft Teams, Slack, Trello or other asynchronous platforms, vital information can be shared regardless of where folks are sitting or what their particular work schedule looks like.

Increasing support volumes.

Remote work isn’t just about change in location, it’s also a shift in how individual employees approach IT to begin with. Instead of on-site IT support on company-provided devices, they’re now trying to keep a combo platter of personal and business-owned endpoints connected to the network and running essential software and services.

This has led to a dramatic increase in support tickets for some organizations. Whether they can’t get on the VPN, can’t access a particular system, or need to transfer data from one place to another, the increased complexity of these arrangements has many workers clicking and calling for

Dec 21

How to Mitigate the Risk of Social Engineering and BEC Attacks

By | Managed Services News

Here are several tips for staying ahead of social engineering and BEC attacks.

Hackers, never at a loss for creative deception, have engineered new tactics for exploiting the weakest links in the cybersecurity chain: ourselves! Social engineering and business email compromise (BEC) are two related cyberattack vectors that rely on human error to bypass the technology defenses businesses deploy to deter malware.

Social Engineering

Social engineering is when hackers impersonate trusted associates or acquaintances to manipulate people into giving up their passwords, banking information, date of birth or anything else that could be used for identity theft. As it turns out, it’s easier to hack our trust than our computers. Social engineering covers a range of tactics:

  • Email from a friend or family member: Hackers get access to the email password of someone you know. From there, they can send you a malicious link in an email that you’re more likely to click on because it came from someone you trust.
  • Compelling story (pretexting): This includes urgently asking for help. This can read like, “Your friend is in danger and they need your help immediately – please send me money right away so they can get treatment!”
  • Standard phishing tactics:Phishing techniques include website spoofing emails appearing to come from an official source asking you to reset your password or confirm personal data. After clicking the link and entering the info, your security is compromised.
  • “You’re a winner” notifications: Whether a lottery prize or a free trip to Cancun, this tactic catches many off guard. It’s known as “greed phishing” and it takes advantage our fondness for pleasure or weakness for the word “free.”

Business Email Compromise

Business email compromise is a targeted attack against corporate personnel, usually someone with the authority to request or fulfill a financial transaction. Victims execute seemingly routine wire transfers to criminals impersonating legitimate business associates or vendors.

This form of fraud relies on a contrived pretext to request that a payment or purchase be made on the attacker’s behalf. According to the FBI, BEC attacks resulted in more than $26 billion (you read that right) between June 2016 and July 2019.

Here are a few tips for protecting users and businesses from BEC attacks:

  • Slow down: BEC attacks combine context and familiarity (an email from your boss) with a sense of urgency (I need this done now!). This causes victims to lose their critical thinking capabilities.
  • Don’t trust, verify: Never use the same channel–in this case, email–to verify the identity of the requester. Pick up the phone and call or use video chat.
  • Prepare for the inevitable: Use all the technology at your disposal to ensure a BEC attack doesn’t succeed. Machine learning-enabled endpoint security solutions can help identify malicious sites.
  • Address the weakest link: Train users to spot BEC attacks. Webroot testing shows that phishing simulations can improve users’ abilities to spot attacks.

Perfecting Your Posture

Webroot Security Intelligence Director Grayson Milbourne offers several suggestions that companies can put into place to improve their security posture. First, he says, “Whenever money is going to be sent somewhere, you should have a two-factor verification process to ensure you’re sending the money to the right person and the right accounts.”

Milbourne is also a big advocate of security awareness training. “You can really understand the security topology of your business with respect to your users’ risk factors,” he says. “So, the engineering team might score one way and the IT department might score another way. This gives you better visibility into which groups within your company are more susceptible to clicking on links in emails that they shouldn’t be clicking.”

With the increase in scams related to the global COVID-19 pandemic, timely and relevant user education is especially critical. “COVID obviously has been a hot topic so far this year, and in the last quarter we added close to 20 new templates from different COVID-related scams we see out in the wild,” Milbourne says.

“When we look at first-time deployment of security awareness training, north of 40% of people are clicking on links,” Milbourne says. “Then, after going through security awareness training a couple of times, we see that number dip below 10%.”

Where to learn more

Our newest research on phishing attacks and user (over)confidence, “COVID-19 Clicks: How Phishing Capitalized on a Global Crisis,” is out now.

Steven Jurczak is a Product Copywriter at Carbonite and Webroot. He blogs about backup and recovery technology, information security and IT industry trends.

Steven Jurczak

This guest blog is part of a Channel Futures sponsorship.