Managed Service Providers

For many MSPs, integrating their security solution with their remote monitoring and management (RMM) and professional service automation (PSA) platforms is essential for doing business. Together, these platforms help lower the cost of keeping up with each client, ensuring profitable margins for a healthy, growing business.

For true providers of IT services—MSPs that sell services rather than licenses and take a holistic approach to client IT health—RMM and PSA integrations are critical for keeping track of hundreds or even thousands of unique endpoints and automating recurring operations for numerous clients.

Like many of the other features of our security solutions, our RMM and PSA integrations are custom-built with the needs of MSPs in mind. They’re designed to help MSPs create the most efficient, well-oiled versions of their businesses possible so that service is prompt, solutions are effective, and profit is preserved.   

Here’s what you should expect from your RMM and PSA security integrations:

1. Faster rollouts- One of the core benefits of RMM-assisted deployments, expect rollouts to new endpoints to be fast and hassle-free with well-designed integrations. New endpoints should be easy to set up with protection turned on in just a few clicks.
2. Simplified management- Efficiency is key to profitability. So a centralized dashboard displaying what’s running, what’s broken and how, infection statuses, endpoints requiring attention, and more helps increase the number of endpoints a single technician can manage, boosting efficiency and, ultimately, profitability. 
3. The data you need- The best RMM and PSA integrations make it possible to get the data you need to run a successful business. Whether it’s per-client data for calculating a client’s cost to you, information on policy settings for sites and endpoints, or additional reporting delivered to clients to promote peace-of-mind, having access to allof your data empowers decision-making. 

Integrations don’t have to end there

Integrating disparate products can be a laborious, time-intensive process. For that reason, many security vendors are reluctant to coordinate too closely with customers to automate functions unique to their businesses. But it doesn’t have to be that way. 

Advanced plugins and tools allow for complete customization of dashboards, reporting, and data tracking. Each can be customized to track the metrics most useful to the organization. Critical processes, like issuing periodic reports, can be fully automated. This can be extremely beneficial when it comes to communicating with customers. Weekly or monthly reports demonstrate that, despite a lack of any major security incidents, it wasn’t for lack of trying on the part of cybercriminals. 

More than simply allowing different business platforms to talk to one another, integration plugins can be used for running commands and performing actions. This includes creating, modifying, or deleting licenses, removing duplicate endpoints, or quickly creating new console sites. 

Insist on better integrations

So when considering which cybersecurity vendor offers the most for your MSP, consider not only whether the solution allows you to communicate with your RMM and PSA platforms, but also how deeply. Does the vendor have a dedicated integrations team? Do they offer tools for the customization of business-specific reporting? Can essential, recurring business processes be automated?

The answers to the questions above will help you determine how much value RMM and PSA integrations add for your business. In a market where margins can be razor thin and built-in efficiencies can make or break the bottom line, the answers may make all the difference.

There’s a reason major industry players have been discussing cybersecurity more and more: the stakes are at an all-time high for virtually every business today. Cybersecurity is not a matter businesses can afford to push off or misunderstand—especially small and medium-sized businesses (SMBs), which have emerged as prime targets for cyberattacks. The risk level for this group in particular has increased exponentially, with 57% of SMBs reporting an increase in attack volume over the past 12 months, and the current reality—while serious—is actually quite straightforward for managed service providers (MSPs):

• Your SMB clients will be attacked.
• Basic security will not stop an attack.
• The MSP will be held accountable.

While MSPs may have historically set up clients with “effective” security measures, the threat landscape is changing and the evolution of risk needs to be properly, and immediately, addressed. This means redefining how your clients think about risk and encouraging them to respond to the significant increase in attack volume with security measures that will actually prove effective in today’s threat environment.

Even if the security tools you’ve been leveraging are 99.99% effective, risk has evolved from minimal to material due simply to the fact that there are far more security events per year than ever before.

Again, the state of cybersecurity today is pretty straightforward: with advanced threats like rapidly evolving and hyper-targeted malware, ransomware, and user-enabled breaches, foundational security tools aren’t enough to keep SMB clients secure. Their data is valuable, and there is real risk of a breach if they remain vulnerable.Additional layers of security need to be added to the equation to provide holistic protection. Otherwise, your opportunity to fulfill the role as your clients’ managed security services providerwill be missed, and your SMB clients could be exposed to existential risk.

Steps for Responding to Heightened Risk as an MSP

Step 1: Understand Risk

Start by discussing “acceptable risk.” Your client should understand that there will always be some level of risk in today’s cyber landscape. Working together to define a businesses’ acceptable risk, and to determine what it will take to maintain an acceptable risk level, will solidify your partnership. Keep in mind that security needs to be both proactive and reactive in its capabilities for risk levels to remain in check.

Step 2: Establish Your Security Strategy

Once you’ve identified where the gaps in your client’s protection lie, map them to the type of security services that will keep those risks constantly managed. Providing regular visibility into security gaps, offering cybersecurity training,and leveraging more advanced and comprehensive security tools will ultimately get the client to their desired state of protection—and that should be clearly communicated upfront.

Step 3: Prepare for the Worst

At this point, it’s not a question of ifSMBs will experience a cyberattack, but when. That’s why it’s important to establish ongoing, communicative relationships with all clients. Assure clients that your security services will improve their risk level over time, and that you will maintain acceptable risk levels by consistently identifying, prioritizing, and mitigating gaps in coverage. This essentially justifies additional costs and opens you to upsell opportunities over the course of your relationship.

Step 4: Live up to Your Promises Through People, Processes, and Technology

Keeping your security solutions well-defined and client communication clear will help validate your offering. Through a combination of advanced software and services, you can build a framework that maps to your clients’ specific security needs so you’re providing the technologies that are now essential for securing their business from modern attacks.

Once you understand how to effectively respond to new and shifting risks, you’ll be in the best possible position to keep your clients secure and avoid potentially debilitating breaches.

According to the Identity Theft Research Center, 2017 saw 1,579 data breaches—a record high, and an almost 45 percent increase from the previous year. Like many IT service providers, you’re probably getting desensitized to statistics like this. But you still have to face facts: organizations will experience a security incident sooner or later. What’s important is that you are prepared so that the impact doesn’t harm your customers or disrupt their business.

Although, there’s a new element that organizations—both large and small—have to worry about: the “what.” What will happen when I get hacked? What information will be stolen or exposed? What will the consequences look like?

Evaluating cybersecurity for your home or business? See how 1,600+ IT pros rank all the top competitors against key performance metrics.

While definitive answers to these questions are tough to pin down, the best way to survive a data breach is to preemptively build and implement an incident response plan. An incident response plan is a detailed document that helps organizations respond to and recover from potential—and, in some cases, inevitable—security incidents. As small- and medium-sized businesses turn to managed services providers (MSPs) like you for protection and guidance, use these six steps to build a solid incident response plan to ensure your clients can handle a breach quickly, efficiently, and with minimal damage.

Step 1: Prepare

The first phase of building an incident response plan is to define, analyze, identify, and prepare. How will your client define a security incident? For example, is an attempted attack an incident, or does the attacker need to be successful to warrant response? Next, analyze the company’s IT environment and determine which system components, services, and applications are the most critical to maintaining operations in the event of the incident you’ve defined. Similarly, identify what essential data will need to be protected in the event of an incident. What data exists and where is it stored? What’s its value, both to the business and to a potential intruder? When you understand the various layers and nuances of importance to your client’s IT systems, you will be better suited to prepare a templatized response plan so that data can be quickly recovered.

Visibility and business context are core requirements for a successful #incidentresponse plan. Know the key resources needed for your business’s success, and in the event of an incident, you’ll be prepared to protect your organization’s critical assets. #cybersecurity

— Gary Hayslip (@ghayslip) July 24, 2018

Treat the preparation phase as a risk assessment. Be realistic about the potential weak points within the client’s systems; any component that has the potential for failure needs to be addressed. By performing this assessment early on, you’ll ensure these systems are maintained and protected, and be able to allocate the necessary resources for response, both staff and equipment—which brings us to our next step.

Step 2: Build a Response Team

Now it’s time to assemble a response team—a group of specialists within your and/or your clients’ business. This team comprises the key people who will work to mitigate the immediate issues concerning a data breach, protecting the elements you’ve identified in step one, and responding to any consequences that spiral out of such an incident.

As an MSP, one of your key functions will sit between the technical aspects of incident resolution and communication between other partners. In an effort to be the virtual CISO (vCISO) for your clients’ businesses, you’ll likely play the role of Incident Response Manager who will oversee and coordinate the response from a technical and procedural perspective.

Pro Tip: For a list of internal and external members needed on a client’s incident response team, check out this in-depth guide.

Step 3: Outline Response Requirements and Resolution Times

From the team you assembled in step two, each member will play a role in detecting, responding, mitigating damage, and resolving the incident within a set time frame. These response and resolution times may vary depending on the type of incident and its level of severity. Regardless, you’ll want to establish these time frames up front to ensure everyone is on the same page.

Ask your clients: “What will we need to contain a breach in the short term and long term? How long can you afford to be out of commission?” The answers to these questions will help you outline the specific requirements and time frame required to respond to and resolve a security incident.

If you want to take this a step further, you can create quick response guides that outline the team’s required actions and associated response times. Document what steps need to be taken to correct the damage and to restore your clients’ systems to full operation in a timely manner. If you choose to provide these guides, we suggest printing them out for your clients in case of a complete network or systems failure.

Step 4: Establish a Disaster Recovery Strategy

When all else fails, you need a plan for disaster recovery. This is the process of restoring and returning affected systems, devices, and data back onto your client’s business environment.

A reliable backup and disaster recovery (BDR) solution can help maximize your clients’ chances of surviving a breach by enabling frequent backups and recovery processes to mitigate data loss and future damage. Planning for disaster recovery in an incident response plan can ensure a quick and optimal recovery point, while allowing you to troubleshoot issues and prevent them from occurring again. Not every security incident will lead to a disaster recovery scenario, but it’s certainly a good idea to have a BDR solution in place if it’s needed.

Step 5: Run a Fire Drill

Once you’ve completed these first four steps of building an incident response plan, it’s vital that you test it. Put your team through a practice “fire drill.” When your drill (or incident) kicks off, your communications tree should go into effect, starting with notifying the PR, legal, executive leadership, and other teams that there is an incident in play. As it progresses, the incident response manager will make periodic reports to the entire group of stakeholders to establish how you will notify your customers, regulators, partners, and law enforcement, if necessary. Remember that, depending on the client’s industry, notifying the authorities and/or forensics activities may be a legal requirement. It’s important that the response team takes this seriously, because it will help you identify what works and which areas need improvement to optimize your plan for a real scenario.

Step 6: Plan for Debriefing

Lastly, you should come full circle with a debriefing. During a real security incident, this step should focus on dealing with the aftermath and identifying areas for continuous improvement. Take is this opportunity for your team to tackle items such as filling out an incident report, completing a gap analysis with the full team,  and keeping tabs on post-incident activity.

No company wants to go through a data breach, but it’s essential to plan for one. With these six steps, you and your clients will be well-equipped to face disaster, handle it when it happens, and learn all that you can to adapt for the future.

I had the privilege of giving a keynote on one of my favorite topics, busting myths around artificial intelligence (AI) and machine learning (ML), during DattoCon 2018 this week.

Webroot has been doing machine learning for more than a decade and consider this aspect one of our key differentiators for our solutions. However, for many small and medium-sized businesses (SMBs), that might not matter. They may have heard the terms AI or ML but aren’t sure how these advancements can help keep their company safe. Additionally, the managed service providers (MSPs) who provide millions of SMBs with security protection, might not know how this technology can help their customers either.

AI and ML are not the same thing. Marketing campaigns and news articles oftentimes confuse people into thinking that they are—and my insistence on clarifying their nuance might be overkill—but I think it’s important to know the difference so you can understand how each can help make cybersecurity stronger.

What is artificial intelligence?

Artificial intelligence interacts with people, whether emulating a human (think about chat bots) or pets. The AI component is that interactive component—the thing you can touch, feel, and see. AI technology is very nascent, and I expect great things to come in the near future.

What is machine learning?

Machine learning is artificial intelligence’s nerdy cousin. ML models are designed to analyze all of the data collected, behind the sciences, with no human interface. ML is the heavy science where all the data crunching takes place. This is the part of technology that a few companies, like Webroot, have been working in for a long time.

To dig in further, I decided to take to the streets (or aisles) of DattoCon 2018 in Austin, TX, and see what MSPs were hearing and thinking about in relation to AI and ML. I kicked things off by getting a grasp on what MSPs are being asked by their customers.

“Absolutely nothing,” said Steven Gomes, kloudfyre. “They don’t bring it up; it’s nothing I even talk about. I know AI is the future of processing speed and power — so it’s important to me because it means accuracy and intelligence. But my customers don’t ask.”

That’s the response I got across the board. MSPs know it is something key for the future of security, but their customers don’t ask about it at all. I’m heartened to learn MSPs understand the importance, but can they tell marketing hype from reality? I want to make sure they understand what’s important or key differentiators for AI and ML.

Identifying the problem, data and consumability are key.

First, you need to know what problem you’re trying to solve before you can engage ML models. Next is having substantial data to feed the models. Webroot analyzes 500 billion data elements a day that we link and push through our models to enhance our analysis. We have a lot of access to information that new players in the space simply do not. Data is key to training up a model. Finally, consumability is getting the ML models into the hands of the customer so that the solution can be actionable. It’s pretty easy to tune new models, but it’s not easy to get the models deployed and allow customers to get meaningful, actionable data from it.

What do MSPs hear from customers around what’s key with ML?

The general sentiment was that it’s a checkbox in that they know the words, and it’s a must, but there is no real data or understanding of the why. SMBs don’t know what it means or how it applies to their business other than making security generally better.Going one-step further, I get concerned people are enamored with the idea of the tech but not clear on the value it can provide.

AI and ML should help in three areas for customers.

First, it should help create new capabilities for the security stack while at the same time decreasing their costs and reducing their cycle time to detect and remediate threats. Second, it should help detect emergent, unexpected threat behaviors quickly enabling the security team or an orchestration solution to take action. Third, it should deliver value around people augmentation. It could be automation of remedial tasks or simply working around the clock while your human employees go home and sleep.

“MSPs are technologists. They have to take complex stuff for their clients and their clients have blind faith. So MSPs focus on effectiveness.” -Cameron Stone, sales, Webroot

When I dug in more about benefits, a recent MSP owner chimed in, “Almost all decisions are based on whether it reduces headaches and is an innovative tool for my customers; so if machine learning does that, I’m all for learning more. I’d be happy to read up on it, but my customers don’t have time to read or care about it.”

As a passionate fan of ML, I realized there is a lot more we in the industry need to do to help educate and make this technology easy to consume.

Machine learning’s super power is that the amount of data it can take it has no limits. Think about it the context of healthcare: what if the best doctors in the world could work on your issue, around the clock? ML can provide that value to cybersecurity.

I appreciate Datto letting me talk on my soapbox for a few minutes and hope to continue this conversation with more MSP partners.

Savvy MSPs know that automation improves efficiency and strengthens their bottom line. In a nutshell, automation enables an MSP to reduce the amount of time its technicians spend handling routine or repetitive tasks, thus cutting costs for service delivery and freeing those techs to devote more attention to activities that generate more revenue.

Enabling Creativity Spurs Growth

It’s no secret that computers are more efficient than humans when it comes to performing repetitive work, while humans deliver superior results in situations that require creativity, critical thinking, and decision making. Part of the reason automation is so effective is because it enables MSPs to take advantage of these fundamental truths.

Freeing up your technicians for more appropriate endeavors presents benefits beyond simple cost savings. It also gives you the opportunity to differentiate yourself from other MSPs and position your business for future growth by finally enabling your technicians to see the forest for the trees.

When an MSP’s technicians are mired in routine administration and maintenance responsibilities—such as deploying security upgrades, performing regular disk cleanup, or managing tickets—there’s no time to step back and evaluate the overarching IT challenges that affect that particular client. And that means missed business opportunities.

More Time for Personalization

Proactively identifying a client’s IT challenges will help that client improve their business operations. This will not only differentiate you from other MSPs, it will also establish a foundation of trust upon which you can build long-term relationships with your customers; which, of course, is key to generating recurring, predictable revenue.

But an MSP can only design creative solutions to its clients’ business and IT challenges if its team has the time to identify those challenges. They need the bandwidth to consciously and continuously review each client’s business operations and craft powerful and personalized solutions.

Automation can solve that problem. Not only does it free up your IT team to focus on the specific issues each client faces, it also allows you to deliver a more comprehensive range of services individually tailored to those clients.

Today’s combination of automated and dynamic cloud services let you choose from an array of solutions for each of your clients, while still ensuring management is automated for maximum efficiency. The net result? You’ll boost your profitability by increasing customer satisfaction and long-term patronage, all while significantly reducing your management and operational costs.

Learn More… and Enter for a Chance to Win!

The Webroot #MSProfits Program is dedicated to helping MSPs boost their profitability by automating their business operations. Learn more about the benefits of automation or 5 steps you can take to help automate your MSP business, and enter for a chance to win a sophisticated home technology package.

It’s been an exciting week for our partner ConnectWise – they started offering customers Webroot® DNS Protection. To get insight into why this matters, I sat down with George Anderson, Webroot’s product marketing director for business solutions, and Gavin Gamber, vice president of Channel Sales and Alliances at ConnectWise.

Can we start with the basics? What is DNS?

George: DNS stands for Domain Name System. The basic job of DNS is to turn a human-friendly domain name like webroot.com into an Internet Protocol (IP) address like 66.35.53.194. Computers use IP addresses to identify each other. When a user accesses an external website or downloads files, their computer uses a DNS server to look up the domain name and then directs the user to that website.

Ok, kind of like a phone directory for the internet. That helps me understand the power DNS can hold.

George: That’s right. DNS is a powerful part of making the internet work. It also can be an equally powerful avenue for protecting a business. According to our data, many infections are generated through web browsing. Implementing web filtering security at the DNS layer can have a very significant impact on infection rates.

Wow. The internet is a big, beautiful, and scary place.

George: It can be. Using the internet is a high-risk activity for every business, regardless of size. Sometimes good sites can contain bad content. Users can fall victim to drive-by ransomware, employees can click on malvertising, and the list goes on.

Can you give us an example of what security at the DNS layer can stop?

Gavin: Let’s say, for example, you work with medical clients. Most of the end users are protected, but when guests come onto the network there is no way to monitor their web traffic. Since you don’t control the device, you don’t have any antivirus protecting the guest’s endpoint. With DNS filtering, you can protect the network and prevent guests from knowingly or unknowingly going to harmful or sensitive websites.

George: Using a web filtering solution at the DNS layer lets businesses do a few things. First, it creates policies for web usage that can be applied globally or by client. An MSP can decide, for example, whether to block certain content or social media sites. Second, it filters URLs for security risks, preventing infections by automatically sifting out known malicious websites. Finally, it allows a partner to monitor overall web usage and its security risk posture. What’s really different is that this all happens outside the network at the domain layer, so most infections are stopped at the earliest possible stage.

In a nutshell?

George: DNS Protection allows organizations to configure their router or firewall to point to Webroot’s secure DNS resolver servers for granular web filtering. Then, partners simply configure an acceptable internet usage policy. By doing so, they can block malicious URLs, restricted content, social media, or streaming sites they don’t want employees perusing at work.

ConnectWise, what are you hearing from partners about web filtering and its need?

Gavin: This is just one more layer of end user security that is typically time and labor intensive to set up. Our partners and their clients want to mitigate all attack vectors whether they manage all the devices on the network or not. As security risks persist, this is a must-have tool.

So what will all this mean for our ConnectWise partners?

George: First and foremost, it’s simple and easy for ConnectWise partners to deploy and manage. The new DNS Protection service has been fully integrated into the same Global Site Manager (GSM) console they use today for Webroot’s endpoint security. It also benefits from the same pillars of Webroot’s other security services.

• No hardware or software to install
• Includes robust reporting options for easy management
• Direct benefits from Webroot BrightCloud Web Classification Service

ConnectWise, why are you excited for this new product?

Gavin: When we first saw Webroot SecureAnywhere DNS we were blown away by the ease of use and straightforward deployment. Our initial reaction was that our partners would find this incredibly valuable. Additionally, this really leverages the threat intelligence that Webroot has collected over the years and gives that control to our partners in a very powerful and consumable product.

Thank you, both. Glad we could chat all things web filtering.

Interested in learning more? We have additional resources. You also can discover everything Webroot is doing with ConnectWise at Automation Nation, June 19-21 in Orlando, FL. Visit us at booth #201, where you can see a demo of DNS Protection.

Talks of integration are often met with audible sighs of displeasure. It’s a lot of work. You have to combine various platforms, software, and the list goes on. At Webroot, we decided to take some of the pain out of this process by partnering with Kaseya to deliver a fully integrated endpoint security solution for its customers.

Kaseya, a provider of complete IT management solutions for managed service providers (MSPs) and mid-sized businesses, was looking for ways to reduce complexity and steer its customers in the right security direction.

Charlie Tomeo, vice president of worldwide business sales at Webroot, sat down to answer a few questions about why we chose to integrate.

Webroot: Integration is practically a buzzword today. I think I just ‘integrated’ my winter and spring wardrobes. What does integration mean for Kaseya customers?

Charlie Tomeo: Integrating Webroot status and monitoring into VSA reduces management complexity by presenting this new information into the familiar tools they already use today. This gives technicians a single pane of glass and makes it easier to follow security best practice standards, which increases protection and security for their customers.

That makes sense. I’ve heard complexity is a “hackers best friend,” so any streamlining is good in my book. What can users expect in the module?

The Webroot SecureAnywhere® endpoint product is the easiest solution to deploy and maintain on the market, but our Kaseya module makes it even easier for VSA users through an intuitive, straightforward GUI-driven install/uninstall. Deployment hierarchy can mirror your Kaseya groups with Webroot groups or sites. Once deployed, the combined deployment and status dashboard gives you that single pane of glass view to manage Webroot protection within the VSA dashboard.

Day-to-day management suddenly gets easy with customized alerts that flow directly into Kaseya, creating tickets and executive dashboard reports quickly summarize infection history and endpoints under protection.

What if I’m reading this and thinking, I don’t need that, my customers are too small to have to worry about security threats. What advice would you provide?

Study after study shows that small customers are just as at-risk as any other organization. But providing enterprise level security protection to small customers is expensive without an MSP that uses a system of streamlined processes. These partners provide an affordable solution to their customers without compromising security or margins. Using the Webroot integration inside the Kaseya VSA allows the MSP to manage their Webroot agents and streamline numerous management tasks, like alerting, reporting, deployment, and updates.

That’s a wrap. To learn more or start a free trial of the Webroot Kaseya Module, visit http://wbrt.io/WebrootKaseya .