ConnectWise has introduced an incident response service designed to help MSPs without security experts of their own on staff overcome breaches faster and more effectively.
“We can help augment the MSPs to deliver that service to their customers, or even if the MSP itself has an incident, we can help respond,” says Raffael Marty, the vendor’s general manager of cybersecurity.
Users of the service have access to immediate assistance on a 24/7/365 basis from over 160 analysts armed with both a “control tool” and an analysis tool. The control tool, which is essentially an EDR solution developed in consultation with SentinelOne and Bitdefender, isolates compromised devices to prevent lateral movement.
The analysis tool helps ConnectWise spot indicators of compromise, inspect log files, run suspicious files through a sandbox, and more. Once the company has a clear understanding of what went wrong, it remediates the incident on the MSP’s behalf, restores the victim to normal business operations, and monitors the environment for a month to ensure attackers didn’t successfully hide additional malware or back doors. Finally, the vendor delivers a post-incident report containing recommendations on preventing similar attacks in the future.
ConnectWise analysts participate alongside MSPs in meetings with the end user’s attorney and cyber insurance company as well.
Partners can buy incident response help on an ad hoc, incident-specific basis or subscribe to a retainer service purchased in 20-hour blocks for $300 per analyst hour. The key difference between the two options is that users with a retainer go through an “incident readiness” onboarding process that shortens response times by familiarizing ConnectWise with the environment they’re protecting.
“If something happens and you call us at two in the morning, we don’t have to go figure out who else we have to call,” Marty notes.
Partners can sign up for retainer-based services immediately. Ad hoc services will become available in about two weeks.
Unlike providers of incident response services who primarily serve corporate IT departments, according to Marty, ConnectWise understands the unique requirements of managed service providers. “We are focused completely on MSPs,” he says. “That’s all we do.”
Incident response is the latest addition to a ConnectWise services portfolio that includes risk assessment, managed detection and response, and managed SIEM offerings as well. Along with software, services are a critical component of ConnectWise’s strategy for serving MSPs without the skills and capital to maintain their own security operations center, Marty emphasizes.
“We understand that there’s a talent shortage and these products are not always easy to use,” he says.
Post-breach services in particular, Marty adds, are a necessity in an age of rampant and increasingly sophisticated exploits. Ransomware incidents rose by an average of 10 to 15% every quarter in 2021, according to the 2022 ConnectWise MSP Threat Report, with 56% of those incidents occurring in the second half of the year.
“No target is too hard to penetrate,” Marty says. “The only thing you need is enough time and enough money, and you can get in anywhere.”
Marty, formerly ConnectWise’s senior vice president of product management for cybersecurity, stepped into his current role in February when ConnectWise reorganized its product groups into four “Innovation Business Units,” each led by a general manger reporting directly to CEO Jason Magee.