Category Archives for "Managed Services News"

Dec 21

Rethink Endpoint Protection in 2021

By | Managed Services News

Attackers exploit endpoints for maximum damage, making comprehensive and purposeful endpoint protection critical.

With cyber criminals continually adapting their attack techniques, protecting endpoint devices becomes more crucial every day. Endpoints represent a popular entry point for attacks, and legacy security solutions like anti-virus struggle with advanced attack techniques because they are overly reliant on signature -based detection.

As we look out into 2021, MSPs need to future-proof for the ongoing “new normal” to deliver resilient endpoint protection so customers can avoid breaches. The new year will bring new security challenges. Here are some practical steps that IT service providers can take to proactively protect end user customer infrastructure and assets, as well as their own.

Consider the Importance of Improved Endpoint Protection

With the rise in digital transformation and remote work, endpoints such as laptops, mobile devices, servers and kiosks make soft targets for attackers. Today’s hackers capitalize on gaps in endpoint security, performing network reconnaissance to infiltrate poorly protected devices and pivot to valuable targets like servers or even third-party partners. This trend hasn’t gone unnoticed, as reports highlight that more than 70% of threats now occur on endpoint devices.

Gauge the Cost of Endpoint Gaps

Endpoint gaps can attract cyber criminals looking for data to monetize or intellectual property to hold for ransom. In addition to data breach costs and compliance fines, bloated tools that are too complex waste money due to inefficiencies like chasing false positives. Equally important, exposed endpoints and out-of-date devices divert finite IT resources that could be better applied to other company initiatives.

Assess Endpoint Risks

Every endpoint is a potential point of infiltration for organizations. In turn, this represents an opportunity for MSPs to offer much needed, advanced endpoint security solutions and outcomes. Here’s how you can enhance customer likelihood of withstanding a targeted attack:

Understand the new threat landscape. Most cyber criminals are financially motivated, willing to devote considerable time and energy for a million-dollar payout. As today’s advanced threats mutate to evade detection by traditional signature-based products, additional layers of protection are required beyond legacy security tools. Increased visibility is needed to detect suspicious activities in real time to block and even proactively prevent malicious threats. Most notably, advanced tools and a defense-in-depth approach can safeguard against new and never seen threats.

Continued work-from-anywhere raises the threat level. The rapid shift of employees offsite due to the pandemic increased the use of work devices for home use as well as personal devices being repurposed for corporate use. All outside the corporate network, this patchwork of devices creates a fragmented approach to security and visibility. As enterprise employees move back onsite, hybrid models can create new and unintended security gaps.

Patching remains a key priority. With organizations averaging 97 days to patch exposed flaws per the Ponemon Institute’s Study on the State of Endpoint Risk, it’s no wonder that hackers actively look for these vulnerabilities to exploit. Operating systems, applications and embedded systems all utilize patch management to reduce data breach risk.

MSPs must protect their infrastructure and devices. Cyber criminals target end user customers, but MSPs with extended supply chains and aversion to bad publicity are also targeted. Make sure that you have optimized your own security defenses to serve as a role model to your customers.

Cybersecurity expertise augments endpoint tools. Every endpoint is a potential point of failure for organizations–and an opportunity for MSPs to help businesses withstand a targeted attack. A security operations center (SOC) provides peace of mind that infrastructure is monitored and protected 24/7 by a fully staffed team of cybersecurity experts. MSPs can augment customer capabilities quickly and at scale for organizations without their own cybersecurity skills or sufficient staff.

Provide Defense-in-Depth for Endpoint Threats

Keeping customers safe and operational is your top priority. As customers continue to enhance their cybersecurity posture, position your MSP capabilities to move beyond legacy point products that only partially address endpoint security. Rather than merely offering anti-virus tools, Netsurion can help you use a prevention-first approach to maximize endpoint security. Netsurion’s managed endpoint protection platform is powered by deep learning that offers zero-time prevention and operational simplicity. Learn more about how we predict, prevent, detect and help you respond to customer threats.

This guest blog is part of a Channel Futures sponsorship.

Dec 21

Top 4 Benefits of an RMM System

By | Managed Services News

An RMM system is a crucial part of any MSP’s growth to support smooth business operations, efficient technicians, and client satisfaction.

In this highly remote, highly mobile day and age, many business functions, tasks and jobs are performed in a distributed way. Both managed service providers (MSPs) and their clients are trying to do more with less, from locations all over the country and the world. An RMM system is a crucial part of any MSP’s growth to support smooth business operations, efficient technicians, and client satisfaction.

If you’re considering whether an RMM (remote monitoring management) system can solve your challenges as an MSP, you’re not alone. In this post, we highlight the top four benefits of an RMM system.

  1. Make integrated ticketing pain-free.

Your customer’s email goes down—what do you do? All too often, a technician spends time gathering details via the phone and patching together the next steps based on an incomplete set of information.

With an RMM system, MSPs can:

  • Empower their customers to create tickets instantly, with all the information a technician needs to start fixing the problem.
  • Automatically dispatch tickets to specific technicians, ensuring the right reps work on the client’s problem.
  • Create a record of attempted automation tasks by automatically documenting them, giving technicians a head start.
  • Link tickets to the client’s full history and background, so that technicians can understand the bigger picture. This integrated approach makes tickets pain-free.

Take, for example, our PSA solution, ConnectWise Manage. It integrates with ConnectWise Automate. to solve issues quickly and monitor for future problems. It also integrates with ConnectWise Control so technicians can start a remote session. Check out our eBook on ConnectWise Manage and ConnectWise Automate for more information.

  1. Automate routine actions.

Finding qualified IT workers is difficult. MSPs need to focus their employees’ time on the biggest client challenges and needs. But if the staff is tied up with routine tasks—like patching, network scans, agent deployment and more—then bigger issues can fall by the wayside or take too long to resolve.

Since customers expect speed when it comes to solving IT challenges, any delay can decrease their satisfaction. An RMM can automate many daily, routine tasks, freeing up your team’s time for more pressing, high-skill work.

  1. Support security.

Automation has an additional benefit: security. As more and more work becomes digitized, virtual and remote, security threats only grow. With routine but essential security tasks like software patching handled automatically, MSPs have peace of mind that clients’ endpoints are safe and up to date.

RMMs allow MSPs to identify and address a number of IT issues that pose security risks, including:

  • Configuring policies and automatic patching for Windows, Microsoft and other third-party software providers
  • Identifying out-of-warranty devices
  • Monitoring and managing passwords and mailboxes
  • Managing general memory, CPU and other health metrics for endpoints
  • Flagging any “strange” behavior, such as server outages, that may indicate a cybersecurity threat

It’s also worth noting that MSPs handle sensitive client information and have access to crucial systems. So, it’s vital that MSPs not only offer secure solutions to their clients, but that the MSP itself is also secure. As we like to say: You need to protect your own house before you can protect others.

  1. Scale efficiently.

RMMs enable process-oriented operations by:

  • Keeping issues from ever happening with proactive monitoring
  • Automatically fixing issues after they occur with scripting
  • Saving technicians time by scripting basic tasks and documenting the results

With more efficient processes, automated tasks and integrated operations, the right RMM is a powerful tool in helping MSPs scale up and reduce costs.

Beyond cost savings, however, an RMM leads to faster, better resolutions, which provides customers with a better experience, leading to happier customers who value the MSP’s support. This, in turn, leads to a better pricing model for an MSP’s services. In short, happy customers are good for growth, and an RMM is an integral part of any MSP’s success and good reputation.

An RMM can also be a powerful selling point. By demonstrating the ability to put a few agents on devices and pick up issues, MSPs can show potential clients where they have IT gaps and where the MSP can help.

RMMs: A Crucial Tool for Any MSP

Organizations today face an increasingly complex IT landscape. Everyone from the smallest dentist’s office to a large hospital needs to ensure secure and efficient operations. Any technical glitch or problem can significantly slow their business and hurt their customers.

MSPs supporting these organizations are now expected to prevent issues from ever happening, and, if/when they do occur, they must respond instantly and solve the problem efficiently. RMM tools support MSPs by putting in place process-oriented operations. And, ultimately, what’s good for you as an MSP is good for your clients.

This guest blog is part of a Channel Futures sponsorship.

 

 

Dec 21

MSP 501 Profile: The Fulcrum Group on the Entrepreneurial Spirit and Being Service-Oriented

By | Managed Services News

Founder and CEO Steve Meek on changing technology and evolving operations, and being the Spock, not the Kirk.

Company Name: The Fulcrum Group
Company Hot 101 Rank: 11
Founder and CEO: Steve Meek, CISSP
Headquartered: Fort Worth, Texas

Primary Services:

  • Network infrastructure
  • Servers 
  • Storage & virtualization
  • Voice over IP
  • On-premises & cloud
  • SPOT managed IT services
  • IT outsourcing
  • Cloud services

Twitter: @TheFulcrumGroup

SMB Hot 101 honoree The Fulcrum Group is doing big things. Founder and CEO Steve Meek operates by several principles that drives the business and has put them on the path to success — ultimately landing them on the new SMB Hot 101 list this year.

The Fulcrum Group's Steve Meek

The Fulcrum Group’s Steve Meek

Meek stresses the importance of caring for and helping the people you work with, and the ability to exchange ideas. These may sound simple enough, but the ripples from these principles touch a whole host of things. 

We sat down with Meek to get a sense of how The Fulcrum Group is evolving and growing their MSP business.

Channel Futures: What do you love about the IT channel? What do you dislike about it?

Steve Meek: There are two key things I love about the IT channel.

1. The people. As a population, I believe vendors, business owners and team members are progressive and always looking forward. Many of the basic human beliefs in a service provider represent how I see myself and things I want to see in others. A general care for people we work with and the desire to help others, even if we do not directly benefit, are essential. Something about the combination of entrepreneurial spirit and service-oriented function means I have met many like-minded people, many of whom I now consider friends. Some of these people I have known for over 20 years through multiple organizations, and we stay in touch and see each other (though not as much as before COVID-19).

2. The ability to exchange ideas. It is easy for business owners like me in smaller organizations to fall victim to cognitive biases. Thank goodness the various communities allow us to engage with others on similar quests for learning, growing, understanding and research. Most channel people are willing to exchange ideas, and I’ve found three common areas:

  • Technology is always changing. Disruptive technologies frequently sneak out and other firms can act as early warning systems. Sometimes it is for tools that help us work better, smarter or faster. Other times it is new technology to help end users. Either way, clients get more value.
  • Our operations. Corporate and MSP IT are constantly challenged to provide a great experience, project manage and document every day. They are also charged with looking to the future and to staff reasonably, and respond quickly. Oh, and to secure everybody. Comparing thoughts on how other firms operate can help tweak something, or light up a completely new idea. Whether they are larger or smaller than we are, there is something to learn.
  • Client business ideas. When we talk, we may not share a specific client’s name, but we do discuss solutions and industries. This is a great way to uncover new innovations and trends that might apply to our own client base, as well as compliance experiences. It extends one’s management team to anybody who will take a minute to chat. How cool is that?

CF: What is one thing you wish vendors would do that they don’t?

SM: I think an opportunity for improvement with vendors is ramping up new partners and getting their solution deployed properly. For MSP engineers, we support a variety of technologies, and sometimes challenges get in the way of best practices. Their solutions would benefit from a simple list of settings (so partners could create their preferred settings). Or, a good-better-best or common setting for 10-50, 50-100 or 100+ employees (targeting solutions in the SMB space).

Vendors invest lots of money in facilitating video training or webinars on their solutions, but rarely offer …

Dec 21

MSP 2021: Year of the Major Strategic Partner

By | Managed Services News

Every MSP should rethink how it can be a strategic partner to their customers in 2021.

HMC Write Now's Howard Cohen

Howard M. Cohen

At the beginning of a new year it’s critical for MSPs to ask themselves if they’re satisfied with being the managed services provider to their customers. Not that it’s a bad or inferior role to play, but ask yourself, is it enough? And ask if it’s enough on a few important levels.

Customer Need

The first and foremost concern for any service provider must always be fulfillment of the needs of the customer. As we approach 2021, after everything that has happened in 2020, we must closely examine and discuss how those needs have changed. If you entered 2020 committed to keeping everything IT running for your customers because that’s what they most needed, entering 2021 will be different.

Customers need to continue to adapt operations to a new normal, one that may never revert back to the previous. Many companies are discovering tremendous advantages in having everyone work from home (WFH) and have followed the leadership that companies like Twitter showed at the very beginning of the pandemic. They don’t intend on having everyone return to offices.

You’ll want to help your customers explore how they can extract even more value from the WFH revolution. What technologies have they not yet considered deploying that would even further improve their operating efficiency? Have they maximized what workflow automation can do for them? Unified communications as a service? Collaboration technologies?

While these are all technology discussions and decisions, they’re all very focused on how your customer runs their business. Your role shifts from trusted technology adviser to major strategic business partner and advisor. They’re depending upon you to best help them improve business operations as they face one of the most dramatic pragmatic changes ever.

Relationship Resilience

Can you afford not to make this kind of shift? Can you afford to remain simply an operational contractor?

Best to suspect that the answer is no. More and more customers are expecting more and more from their suppliers and contractors. Just as break-fix gave way to managed services, managed services is now giving way to business technology partner.

Recognize the important advantages this new relationship offers to you and your practice.

As a maintainer of their computer network, you are pretty easily replaced. More of your knowledge is about technology than about their strategic planning. Your competitors have similar knowledge of technology. They can readily step in should situations change.

On the other hand, as a major component of their strategic planning and execution, you become more and more irreplaceable. It’s also important to recognize why this is the case! Put most simply, you are delivering far more value to your customer and the more value you provide the harder it will be for them to even want to part with you. Many talk about “stickiness,” but in the final analysis that’s a tactic. You’re increasing your relationship resilience by increasing your value. In the truest sense of the phrase, there’s nothing like the real thing. Customer value!

Opportunity for the Future as a Strategic Partner

When you expand what we’ve been discussing here, you become more aware of how much competition is growing up all around you. The rush of refugee resellers to join the ranks of the MSP continues, and many are still not preparing properly for that change. The result is competition that damages the name “MSP,” making it harder for you to gain customer trust.

If the IT channel has learned anything over the years, its that you must always be innovating, changing, growing and increasing your value proposition for customers. Thankfully, technology is the gift that keeps on giving new ways to achieve that.

It’s pretty unreasonable to expect that to continue forever. Fifty-five years ago, in 1965, when Intel co-founder Gordon Moore first predicted that the number of components on an integrated circuit would double each year, he set a limit of 65,000 components by 1975. At that point, he doubled his estimate to doubling every two years. Today, major institutions like MIT, IEEE and others are asking if we’re ready for Moore’s Law to “die.”

The meteoric growth of our industry is directly correlated to Moore’s Law, so we need to take this question very seriously. While the growth and development of technology must inevitably slow, the ingenuity and innovativeness you bring to it doesn’t.

While everyone else busies themselves forecasting what new widgets we’ll be working with, invest more of your time and premonition on what creative new strategic advantages you will be bringing to your customers. Become their Major Strategic Partner.

Happy New Year!

Howard M. Cohen is senior resultant for HMC Write Now and manager of the MSP 501er Communities on Facebook and LinkedIn.

Dec 18

Microsoft Joins List of Victims of Massive SolarWinds Hack

By | Managed Services News

Microsoft president Brad Smith said the attack provides a moment of reckoning.

The list of targets in the massive SolarWinds hack now includes Microsoft. Expect more vendors to join the dubious registry.

Microsoft issued the following statement:

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data.”

The attackers didn’t use Microsoft’s systems to attack others, it said.

FireEye, which has investigated numerous high-profile data breaches, also fell victim to the SolarWinds hack.

The hackers inserted malicious code into SolarWinds‘ Orion software updates sent to nearly 18,000 customers. It existed in updates released between March and June of this year.

This led to security breaches at numerous U.S. government agencies. Those include the Treasury Department, the National Telecommunications and Information Administration (NTIA) and the Department of Homeland Security (DHS). The attacker also breached SolarWinds’ corporate clients.

The Cozy Bear hacking group, which U.S. authorities suggest gets backing from Russian state intelligence, likely performed the SolarWinds hack.

Moment of Reckoning

Brad Smith is Microsoft’s president. He said the attack “illuminates the ways the cybersecurity landscape continues to evolve and becomes even more dangerous.”

Microsoft's Brad Smith

Microsoft’s Brad Smith

“As much as anything, this attack provides a moment of reckoning,” he said. “It requires that we look with clear eyes at the growing threats we face, and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response.”

The U.S. Department of Energy is the latest agency confirming it has been breached. However, it hasn’t impacted the department’s national security functions. That includes the National Nuclear Security Administration (NNSA).

The agency took immediate action to mitigate the risk, said Saylyn Hynes, agency spokesperson. All vulnerable software was disconnected from the DOE network.

Kaspersky Findings

On Friday, Kaspersky released its findings on the Sunburst backdoor, the malware planted in SolarWinds Orion.

Costin Raiu is head of Kaspersky’s global research and analysis team.

Kaspersky's Costin Raiu

Kaspersky’s Costin Raiu

“In this case, it would appear the main goal was espionage,” he said. “The attackers showed a deep understanding and knowledge of Office 365, Azure, Exchange, Powershell — and leveraged it in many creative ways to constantly monitor and extract emails from their true victims’ systems.”

One of the things that sets this attack apart is the peculiar victim profiling and validation scheme, Raiu said. The attackers flagged only a handful of the 18,000 Orion IT customers as interesting.

“Finding which of the 18,000 networks were further exploited, receiving more malware, installing persistence mechanisms and exfiltrating data is likely going to cast some light into the attacker’s motives and priorities,” he said.

High-Value Targets

High-value targets include a government organization and a telecommunications company in the United States, according to Kaspersky. It didn’t disclose the identities of the organizations. Furthermore, it notified the two organizations, offering its support to discover further malicious activities, if needed.

“For those that use Orion IT, we recommend scanning your system with an updated security suite capable of detecting the compromised packages from SolarWinds,” Raiu said. “Check your network traffic for all the publicly known indicators of compromise (IOCs).”

Kaspersky has spent the past few days checking its own telemetry for signs of this attack, writing …

Dec 18

MSP 501 ‘MSP of the Year’ Finalist Pioneer-360 on Necessary Pivots and Evolving One’s Business Model

By | Managed Services News

CEO and founder Joe McCartney talks about anticipating client needs and making difficult, but necessary, shifts.

The award for MSP of the Year works a little differently from the other special 501 awards. These shops demonstrate a willingness to take risks and pivot when necessary. They exhibit a deep familiarity with the MSP market and willingness to consider a business model evolution. These two characteristics are critical to channel companies looking to stay ahead of the curve, and Pioneer-360 has them in spades.

These special awards are part of the 2020 MSP 501. We narrowed the field of contenders down to three finalists that we feel represent the modern channel and display excellence in business efficiency and business model innovation.

This essentially means these folks have the nimbleness to pivot to meet industry trends, the guts to make risky moves today to position the business for tomorrow and the discipline to structure operations to achieve maximum efficiency in service delivery. 

We sat down with CEO and founder Joe McCartney to chat about Pioneer-360’s business model evolution, and how the company has weathered the roller coaster that has been 2020.

Structural Organization

For starters, the pioneering provider has a pretty robust business model. It’s a model it has grown and evolved to reflect industry dynamics, customer needs and emerging tech trends.

Pioneer-360's Joe McCartney

Pioneer-360’s Joe McCartney

“In the last several years, we have seen a push for companies needing more security and more structural organization for IT compliances,” said McCartney. “Once we started to truly understand compliance, we realized that there was a gap of doing best practices versus security versus compliance. These are not always synonymous, but when orchestrated together and properly, efficiency and stability increase along with overall security.” 

Compliance, My Dear Watson

Many of Pioneer-360’s clients are heavily steeped in regulatory compliance. Previous MSPs had somewhat glossed over this aspect. It was here that Pioneer-360 saw a wedge in the door.

“Many of our clients are compliance/regulated to the highest degree, which of course creates a bit of a headache,” said McCartney. “Many of the organizations we entered into a contract with — their previous MSPs were doing the IT, but kept clear of the regulatory and compliance aspect. That puts the true IT burden on the back of the client, which is not what you want. We recognized this as an opportunity and jumped on it.” 

Pioneer-360 was able to anticipate its clients’ needs before the regulatory changes occurred, and was able to implement them before their audits. They did this by creating what Pioneer calls “The Calm.”   

“Anyone can do the IT portion, but if you’re not tackling the other headaches that IT creates, you’re not advancing your organization forward,” McCartney continued. “We are currently working toward our Soc2 Type 2 certification, understanding that we are an extension of our clients. Based on recent breaches by large scale MSPs, the auditors are only a click away from knocking on our doors, so our goal is to get ahead of that.”

Business Model Evolution

It’s not always easy to see the writing on the wall when it comes to evolving one’s business model. Pioneer-360 saw the need to evolve about five years ago with the advent of cryptocurrency. 

“About five years ago, our eyes were opened to the true evolution and growth of crypto and its devastating effects on business,” said McCartney.  “We basically took the stance of, “if this happens to us (our clients) we would not survive the fallout.” So we dug in, fortified our stack, re-engineered our internal infrastructure and took best practices to heart. Those practices led us to create an internal team called SAT, Pioneer-360’s situational awareness team. SAT’s sole mission is to organize, gather, create, distribute and train clients on how to be safe from cybercrimes — not only in the office, but personally.”   

Pioneer-360 even buys and …

Dec 18

2021 Cybersecurity Predictions

By | Managed Services News

Here are some of the drivers that will underpin organizations’ cybersecurity priorities in 2021.

As 2021 nears, enterprises have to orient themselves to the main focus areas and considerations. In response to the Covid-19 pandemic, organizations have had to rethink their operational and security processes–from business functions and cloud migrations to teleworking support. These, along with constant security risks, have not only challenged organizations in 2020 but also raised concerns regarding their readiness for disruption.

Now that working from home has become commonplace, houses have since been flipped into offices for the foreseeable future. More employees are using devices (some even personal) to access confidential data on home and corporate networks, which poses a considerable risk to any organization. Without secured access and robust security tools that protect the distributed attack surface, threat actors can easily hack into networks and jump from one machine to another until they find a suitable target.

Here are some of the other predictions that we believe security professionals and decision-makers should watch out for in the coming year:

Home Offices as Criminal Hubs

Similar to how security experts follow the trends and emerging technologies, cybercriminals will follow users and initiate attacks that take advantage of their situations and behaviors. In 2020, the use of devices and software repositioned when workforces shifted to distributed work. Threat actors are on the lookout for security gaps in organizations’ current security postures, ready to take advantage of weak points, the lack of preparedness or the inability to support a remote workforce securely.

Routers will be prime targets for remote attacks. Cybercriminals can offer hacked routers as a new service where they sell access to high-value networks. We believe that it’s possible for them to apply the same method to converged IT/OT networks.

Handling valuable company assets will also be challenging in 2021, wherein organizations will have to withstand breach attempts and malware infections and secure any sensitive information. While virtual private networks (VPNs) allow secure connections with workplaces, they will prove inefficient and still be weak links for many organizations if they’re outdated (or have unpatched vulnerabilities that could drive remote attacks). Without detailed company security policies and incident response plans, attackers can target remote workers as the ideal entry points into corporate ecosystems.

Covid-19 as a Lure for Malicious Campaigns

Cybercriminals have been quick to seize the disruption the pandemic brought to launch a slew of attacks, including phishing and ransomware. Since the onset of the pandemic, threat actors have relied on social engineering tactics to deliver spam, business email compromise (BEC), malware and malicious domains.

Threats will continue to exploit the public health crisis in hopes of gaining a foothold in target systems. There’s no shortage of threats that cybercriminals can employ, banking on Covid-19-related unease. We expect this to continue in 2021 as countries around the world continue to combat the spread of Covid-19.

Malicious actors will also turn their attention to testing, treatment, and vaccine efforts, and will exploit surrounding coronavirus-related fears through misinformation. Healthcare organizations, including pharmaceutical companies developing vaccines, will be further pressured to keep up with the demands and brave security attacks, which can disrupt their ability to provide care to patients. Threat actors can pose risks to patient data, launch malware attacks, or facilitate medical espionage.

Digital Transformation Efforts as a Double-Edged sword (If Not Done Right)

The business disruption that the Covid-19 pandemic caused has spurred industries across different sectors to fast-track their digital transformation programs. Pandemic aside, organizations wouldn’t have made the same quick pivot in “normal” circumstances. From a technological point of view, this is favorable for addressing current demands that cloud-based software can undertake. Many have pushed for further connectivity among workers, AI-enabled apps for business productivity, and increased cloud adoption to empower organizations to respond faster and scale better.

Those who have hastily moved from the traditional on-premise setting and have no solutions in place will struggle. Accelerated transformation meant many organizations adopted new technologies to maintain business continuity; unfortunately, the rush to implement these technologies could also mean that some may have had to skip due diligence.

The renewed push for cloud environments and collaboration tools will be attractive to attackers. Researchers and threat actors alike will focus on vulnerabilities related to remote-work technologies. The cloud of logs that organizations gather and store will also be central to high-profile cybercrimes, whereby valuable data can be used to find initial access points into networks.

Emerging shifts to the landscape shouldn’t prevent organizations from implementing new technologies and embracing the current reality. Threat actors will be seeking to take advantage of the situation, regardless of the current landscape. With proper security strategies and solutions in place, organizations can be equipped to reap all the benefits of digital transformation efforts without exposing themselves to considerable risk.

To learn more about the key security considerations and challenges for users and enterprises, read our report “Turning the Tide: Trend Micro Security Predictions for 2021.”

This guest blog is part of a Channel Futures sponsorship.

Dec 18

2020: The Year of the Triple

By | Managed Services News

This “Year of the Triple” has created a unifying sense of urgency to act now.

In many ways, 2020 has made us stop in our tracks and re-examine our lives. It has forced us to re-think where our world is headed and the actions we must take now to help shape a more equitable and sustainable future.

This hit home for me in September. My family was “sheltering in” here in California, and from our doorstep we could see the wildfire that was raging on the next ridge. The sky was filled with an eerie orange glow, and the air was thick with smoke and ash. The pandemic continued to spread its pain around the world. And the news was filled with reports of social injustice and systemic racism.

It was all deeply distressing. Yes, our world has faced devastating, simultaneous challenges before–World War I and the Spanish Flu come to mind. But never in modern history have we faced something on the scale of today’s global triple threat: climate change, a fast-spreading pandemic and the upheaval caused by systemic racism.

The Year of the Triple

Sometimes life gives us a collective slap in the face forcing us to pay attention. That’s one positive I take from 2020: This “Year of the Triple” has created a unifying sense of urgency to act now. These are the critical questions we must ask ourselves:

  • Can we meet the urgent challenge of climate change as we confront a sharp increase in wildfires, Category 5 hurricanes and extreme floods?
  • Can we bridge the digital divide and create a future that is more accessible and inclusive for all?
  • Can we build trust in our tech innovations by ensuring they are based on ethical stewardship? Can we rely upon them as we invent the future of healthcare, education and society?

For me, these are no longer just important issues to debate. It’s personal. It’s urgent. And it’s the right thing to do.

Which brings me back to that “slap in the face.” Recently, I was discussing technology’s impact over the past generation with my blessedly direct daughter-in-law when she said, “Yes, your generation has accomplished extraordinary things. But did you have to bankrupt the planet?”

It was painful to hear, but … she had a valid point.

I firmly believe in the power of technology to have a lasting positive impact on the world. But I also recognize that how it is used, for good or bad, rests in all of our hands. We must harness it as a force for good.

In 2015, we laid out a vision of VMware’s global impact across three pillars—our People, our Products and the Planet. We set out to build on our long-standing commitment to create a better future–by putting back more than we take.

We achieved nearly all the goals we established five years ago. This year, we moved to take our commitment to the next level, with an ambitious set of 2030 goals that are fully integrated into our operations.

Our 2030 Agenda

While VMware has long focused on sustainability, our 30 goals for 2030 are even more expansive, with a focus on three outcomes: Trust, Equity and Sustainability. This is part of a broader movement among forward-thinking companies, linked to the UN’s 2030 Agenda for Sustainable Development.

These are not just a bunch of happy proclamations that will be forgotten months down the road; these goals will be woven into each and every part of our business. That deep integration is critical.

We’re also integrating these goals into the solutions we deliver for our customers. For example, in order to achieve our Trust goals, we must continue to innovate and lead in developing intrinsic security solutions that anticipate threats. Similarly, our Equity goals depend on our ability to continue to innovate in work from anywhere solutions that secure and empower distributed teams.

Digital transformation lies at the heart of our collective ability to address the complex challenges that humanity faces today. That gives VMware a central role to play, as we are the backbone of digital transformation.

A fundamental part of this effort is our focus on what’s known as ESG: our Environmental, Social and Governance impact. ESG is a standardized framework companies are adopting to more effectively measure and report performance in these critical areas.

Why is this so important to VMware? In part, because it matters to everyone who owns a stake in the success of our business:

  • Our employees understand that we have a higher purpose in all that we do. We can and will create a lasting impact.
  • Our customers increasingly expect ESG commitments and data in our products and solutions.
  • Investors today consider ESG measurements and ratings when making investment decisions, and they prioritize companies that are resilient in the face of sudden change, like the rise of a global pandemic.

Seizing the Moment

Sometimes the challenges we face can seem overwhelming. But 2020 has given us a new sense of urgency to act now in order to build a better tomorrow. There’s no question that digital innovation has a vital role to play, but we need to manage it responsibly.

We must seize this moment. For our children, our grandchildren and every generation that follows.

This guest blog is part of a Channel Futures sponsorship.

Dec 18

MSP 501 Profile: ASK Aligns Customers with Technology

By | Managed Services News

What is a technology alignment process? We find out in this MSP 501 profile.

Company Name: ASK
Company MSP 501 Rank: 85 on Hot 101
CEO: Mike Maddox
Headquartered: Lansing, MI

Primary Services:

  • Managed IT services
  • Managed security
  • Disaster recovery and business continuity
  • IT professional services

Twitter: @justasknet

ASK, the Lansing, Michigan-based MSP that specializes in security, wants you to get back to basics with three business fundamentals.

To wit, the company invites customers to enlist their help with protecting cash flow, increasing staff productivity and growing their businesses. If offers a series of workshops on these topics to help clients get – or stay – on the right foot.

This year, ASK landed on our brand-new list – the Hot 101 – dedicated to companies evolving and growing their MSP businesses. It’s part of our MSP 501 program.

Supporting more than 100 companies’ and organizations’ technology needs in Michigan, ASK has been instrumental in helping clients through the COVID-19 crisis. Gov. Gretchen Whitmer designated ASK a critical infrastructure business.

We caught up with CEO Mike Maddox, who offers a deep dive into how ASK helps customers.

Channel Futures: What is one thing you wish vendors would do that they don’t?

Mike Maddox: We believe that technology’s value for business is only derived from its ability to deliver results in the form of increased profits, reduced inefficiency and enhanced collaboration. Based on this belief, we work with all of our clients on a Technology Alignment Process which maps their technology road map to their short- and long-term business strategy. It would be great if technology vendors took the same approach to their products and solutions. Technology should not be a transactional purchase. It needs to be bought based on a carefully planned and measured road map which builds efficiency over time.

ASK's Mike Maddox

ASK’s Mike Maddox

The Technology Alignment Process involves a deep understanding of the client’s pain points and business strategy. From there, a technology plan can be built with a road map for short, medium, and long term. This road map needs to be implemented and evaluated as conditions change and ultimately measured against expected and actual ROI.

Vendors would benefit from presenting their products and solutions in terms of how they fit into the larger ecosystem within the client environment and how they deliver ROI. Too often they are presented as point-in-time products and solutions that simply answer a specific need or needs. That forces a transactional approach which only serves to commoditize their offering.

CF: What was the single biggest technology or business decision that drove your company’s growth in 2019? How did it do so?

MM: In 2019, our leadership team decided to implement EOS (Entrepreneurial Operating System). This program is based on the work done by Gino Wickman and described in his book. “Traction.” Our move to EOS allowed us to foundationally change our organizational dynamics to achieve new levels of efficiency and lay the foundation for future explosive growth.

The decision to move to an EOS model was based on our rapid growth from a small IT company with a handful of employees to a sizeable entity with multiple “moving parts.” What worked when we were very small was no longer working as well. Our vision was to continue the rapid growth of the past. and we knew that we would …

Dec 17

Barracuda Researchers Say Hackers Know Their Targets, Getting Smarter

By | Managed Services News

If successful, BEC attacks can yield hundreds of thousands, if not millions, of dollars for hackers.

Hackers are designing their attacks for specific targets and striking at just the right time, according to Barracuda researchers.

In their latest report, Barracuda researchers identify 13 email threat types facing organizations today. They also outline ways cybercriminals are adapting quickly to current events and new tactics.

The 13 email threat types are: spam, malware, data exfiltration, scamming, URL phishing, spear phishing, domain impersonation, brand impersonation, extortion, business email compromise (BEC), conversation hijacking, lateral phishing and account takeover.

Among the report’s findings:

  • BEC makes up 12% of the spear-phishing attacks analyzed, an increase from just 7% in 2019.
  • Seventy-two percent of COVID-19-related attacks are scamming. In comparison, 36% of overall attacks are scamming. Attackers prefer to use COVID-19 in their less-targeted scamming attacks that focus on fake cures and donations.
  • Thirteen percent of all spear-phishing attacks come from internally compromised accounts. So organizations need to invest in protecting their internal email traffic as much as they do in protecting from external senders.
  • Seventy-one percent of spear-phishing attacks include malicious URLs. But only 30% of BEC attacks included a link. Hackers using BEC want to establish trust with their victim and expect a reply to their email. And the lack of a URL makes it harder to detect the attack.

BEC Attacks Succeeding

Don MacLennan is senior vice president of engineering and product at Barracuda. He said the increase in BEC attacks by itself might not be surprising, but it is telling.

Barracuda's Don MacLennan

Barracuda’s Don MacLennan

“These type of attacks are growing in popularity because they are successful,” he said. “Account takeover is a big issue for many organizations. When hackers get in, they use legitimate email accounts as a launch pad for their attacks — some sending a large volume of spam, others more sophistication targeted attacks.”

Hackers spend time researching organizations and their victims prior to BEC attacks, MacLennan said.

“Time and effort invested means that they often target very few individuals with a personalized message,” he said. “They use popular email services like Gmail to send out messages impersonating employees or vendors. These messages often have no malicious payload in a form of URL or attachment. There is nothing obviously malicious about the attacks that will trigger gateway filters and policies.”

The fact that many organizations have not set up domain-based message authentication, reporting and conformance (DMARC) enforcement allows hackers to spoof legitimate domains, MacLennan said. That makes it even harder for fraudulent email to be detected.

“If successful, these attacks can yield hundreds of thousands, if not millions, of dollars for hackers,” he said.

COVID-19 Related Attacks

Barracuda researchers still see COVID-19-related attacks, but the number has leveled off since the sharp increases last spring.

“Most of these attacks are scamming, which are spam-like messages, less targeted in their nature,” MacLennan said. “It does look like hackers’ interest has peaked when it comes to COVID-19, not surprising because they follow current events and the latest news. So businesses should be paying attention to any vaccine-related fraud right now.”

Every year, attacks become more targeted and sophisticated in nature, he said. And because of this, they are increasingly difficult to detect.

“Hackers go to great lengths by registering typo-squatted domains, compromising email accounts, carefully researching their victims’ business partners, etc.” MacLennan said. “Attacks are increasingly deceiving with one not like the other.”

MSSPs Can Help

User security training and phishing simulation campaigns are two ways in which MSSPs can provide a value-added service to their customers in terms of protecting against these attacks, MacLennan said.

“Some attacks do get through, especially BEC attacks,” he said. “When they do get through and are reported by users, businesses should act fast to remediate and remove malicious messages. MSSPs can use automated remediation tools to help business manage their inboxes, investigate and remediate any reported emails.”

Another example is using AI-based technology to protect against sophisticated attacks, McLennan said. Gateway defense is necessary, but not enough on its own.

“MSSPs can help their customers set up DMARC enforcement,” he said. “Many organizations are afraid of DMARC because it appears to be complex. However, it’s not if you have right tools, DMARC reporting and analysis. Providing managed services around DMARC enforcement and management could be a great additional revenue stream for MSSPs. Further, they should consider introducing customers to multifactor authentication (MFA), which is the first step in protecting accounts from compromise.”

>