642 Raffael Marty on MSP Cybersecurity: Insights from IT Nation Secure

[Uncle Marv]
Welcome to the IT Business Podcast, powered by NetAlly. The episode that you are about to hear was filmed live in Orlando, Florida at IT Nation Secure, and is presented by Thread, last year's winner of the ConnectWise Pitch It Accelerator program. Thread's mission is to help IT service providers deliver service magic.

They do this by providing seamless and conversational service experiences for their clients. Their platform is transforming IT support with real-time collaboration and AI-driven efficiency. Experience the magic of seamless service with Thread.

Visit them at www.getthread.com. ♪♪♪ Hello, friends. Uncle Marv here, and we are here live at IT Nation Secure in Orlando, Florida, and it's the pre-day, but that doesn't mean that it's not a fully functioning conference.

We're just here, hanging out. I am outside the Solution Pavilion on what will be Media Row at some point in time, and my first guest here, the first stop, is Raffael Marti from ConnectWise. They call him Rafi.

Rafi, how are you? I'm good, how are you? Nice to be here.

I am good. So, your position, I believe, is Vice President of Cybersecurity something.

[Raffael Marty]
On my badge, I actually say ConnectWise Hacker.

[Uncle Marv]
Hacker, okay.

[Raffael Marty]
I guess I have been in the field for too long. They let me change my title.

[Uncle Marv]
Nice.

[Raffael Marty]
Yeah, I'm responsible for cybersecurity products here.

[Uncle Marv]
Okay. How long have you been with ConnectWise? I tried to look up your bio, and it didn't say how long.

I think you're a veteran, right?

[Raffael Marty]
I don't know. It's been three years. Three years.

Almost exactly at this point, because I started three years ago, right before IT Nation Secure. So, the IT Nation Secure three years ago was my first one. It was awesome.

Like, two weeks on the job, I was able to go out and interact with all these people called MSPs. I was like, that's interesting.

[Uncle Marv]
Those rugrats of the IT industry, right?

[Raffael Marty]
Yeah, it was interesting, because I come from an enterprise security world, right? I've been doing this for 25 years, and I keep saying, now, having gotten emerged into the MSP world, MSPs are different than the enterprise, right? Surprise, surprise.

But they're not that different. I keep saying, it's probably like 15 degrees different, right? We're going the same direction, but there's some things that are just special, right?

Different. Makes sense.

[Uncle Marv]
Yeah, and a different perspective, because you're dealing with not just one company, if you're dealing with a single enterprise, or one, I guess, enterprise vertical, MSPs are all over the place, and we're all over the place with our own clients. So trying to get that structured standardization is a joy.

[Raffael Marty]
And two, for me, a big shift in thinking was as well, it's like, well, I'm not just creating product for that company to protect themselves. In the MSP space, well, I want to help you protect yourself and then your customers, but I'm also trying to help you build and grow a business, right? And that's super important to not forget.

[Uncle Marv]
Well, let's dive into that a little bit. That sounds like a good place to go. What is the real difference between what you did in the enterprise world and now how you deal with us as MSPs?

Is there really any difference in cybersecurity?

[Raffael Marty]
You know, from a product perspective, I would say yes, right? It's in the enterprise, you have dedicated teams that are sitting there looking at if you have consoles at these consoles or managing these products, right? In the MSP world, a lot of times, I guess the optimal setup would be that you don't have additional consoles.

Everything integrates into your PSA ticketing, into your RMM to manage these things. And security is just kind of like a thing that sits on the fringe, right? And just does its job.

So how do you create that ecosystem from a product perspective? And then beyond that, it's, as I mentioned, is like, well, all right, look, we have this MDR offering. You should really use that for your customers to help them protect themselves.

Well, how do you sell that? Well, we're here and we have something called the Partner Program at ConnectWise, where we work with the MSPs and look here, here's how we help you sell that stuff, right? We work on marketing plans with them.

We have MDF like market development funds where we help like building websites and we have collateral, we have webinars. We co-sell, we set someone, literally on the meeting, we set a security salesperson from us with an MSP on the call and they're selling their customer. So we help them grow and expand the business, right?

So it's more than just product. It's that whole experience that you get.

[Uncle Marv]
Right. Now, when it comes to more product stuff, when you're talking about things like remediation, MSPs want things to be as automated as possible. We kind of want it to be in the dashboard.

We want to see it, but we don't want to deal with it, if that makes sense.

[Raffael Marty]
And it's a little bit of a double-edged sword, right? Because in security, I forget when, but I want to say like maybe seven, eight years ago, we had this whole movement of SOAR, but it's like Security Orchestration Automation Response. And people were like, whoa, whoa, whoa, what do you mean?

I have an alert and I automatically remediate? That doesn't work. We have so many false positives, right?

Now you come here, you're like, well, but we need to automate. Yeah, but we have false positives, right? So how do you handle that?

And yes, you can dial back to false positives, but then are you still going to see everything that's relevant? So it's a very, it's a tight rope to walk. You can, but, and we are, right?

Like we have capabilities and more and more, we have built out product capabilities where you can actually, if you get an alert, you can set up workflows. That will automatically do certain things. And there's things where it's not always just, oh, you have a, you see an attack or something and you want to go block it.

But a great workflow automation that we have is between RMM and vulnerability management. So if a new device pops up, it automatically scans it. And when the scan finds something, it then kicks off a workflow that remediates through patching.

Those are time savers, like enormous time savers, right?

[Uncle Marv]
Right. So let me do a quick disclosure here. So I am not in the ConnectWise family per se.

Yeah. I do use one of the remote access programs as a one-off for my other RMM, but in terms of the EDR, MDR component, let me first ask this question in terms of simplicity. Are there multiple packages or do you have one solution?

And is it a combination of AV, EDR, MDR, XDR? What's the flavor?

[Raffael Marty]
Let's throw some more acronyms in there for the listeners, right? I just, security is horrible with all these acronyms. Not because you have to figure out how to decipher them.

That's easy, right? What does XDR stand for? Extended detection response.

But what does it actually mean? That's where it gets hard. Because everybody has a different definition of this stuff, especially XDR. So we have almost all these flavors in some way, shape, or form. You can, we want to give you choice when you come to us, because you might already have Sentinel-1 as an EDR, for example. Well, we can actually manage that for you. And we see that a lot where the MSP is just not, they don't have the staff, or they don't want to put the resources in place to build a 24-7 SOC to monitor that, right?

So they can come to us and we can continue with their tool of choice. Now, we don't support everything out there. We have sort of the top products that really lend themselves well for the MSP space.

So we work with Sentinel-1, Bitdefender, and now Microsoft very, very closely. And you will hear us talk this afternoon, actually. Actually, no, tomorrow morning in the innovation keynote, a little more about some of the announcements we have around Microsoft.

We're doing a lot of things with them and expand the support for that ecosystem, right? We're realizing that a lot of the MSPs are, they have Microsoft licenses and they could use certain things like Defender for Business, but we can actually manage that for you, right? So we have MDR service that we manage the EDRs.

We have a SIM service that's akin to like an XDR, really, where we monitor multiple different data sources and have our SOC, or you can get it standalone too if you want to manage it. But we have a pretty broad spectrum of tools that can help you manage and monitor your security environment.

[Uncle Marv]
All right. So you mentioned the 365. I did see that when I was doing a little bit of research here.

Now, the research says that you guys have actual built-in dashboards that will work with these things, or are they kind of like an integration where you can just get to them from within your ConnectWise stack?

[Raffael Marty]
So we have four in the MDR case, for example. Okay. We manage, say, your Microsoft Defender installation.

Our SOC will interact with your instance, monitor that, we'll pull the alerts out. We have our own system to manage and triage and things like that and automate a lot of the different things and add threat hunting to that and so on. But we'll actually go in and close and work your incidents in your console as well.

So you have record in there, which is kind of nice, right? We then have, if you've heard of our ASIO platform, which is basically, think of it as the one portal for all of our security, all the products at ConnectWise to come together. It's only one login, and then based on your entitlements, you see things showing up in there.

So most of our products are in there. There's some that are still moving into this platform. A number of the security pieces are in there.

So you can go to security and you have a dashboard that will now show you certain overviews of some of these different components, right? So we're pulling things together in a, in a, call it federated way, right? Because you have your Microsoft stuff.

We still keep track over here of that, but now you have this dashboard or this portal that you can look at some of these things. We create extra reports on showing you the efficiency of the SOC, what it has done for you so that you can see, oh, this is why I'm paying for this service, right? And you can justify that back out to your customers as well.

I mean, you have QBRs, for example. Look, here's what we're doing for you for, in return for the money that you're paying us, right?

[Uncle Marv]
Okay, well, that sounds about how I was understanding it. The ability to see everything in your dashboard and not have to go from window to window to window. It's really nice.

Now, you mentioned that there'll be talking about some of these things tomorrow during the sessions. Do you guys have any other announcements that you can let loose maybe? Or do I got to wait until after?

[Raffael Marty]
Am I allowed to speak freely?

[Uncle Marv]
Yeah, because this won't air until after the show.

[Raffael Marty]
Okay, then we can announce it all. So we have started on a path of a capability called Security 360. Okay.

And it's basically what you started talking about, which is this unified dashboard view, but it goes beyond that. So it's getting data from our products, but also from other third-party products. Because this is, look, I said earlier, we support Sentinel, Bitdefender, Microsoft, right?

We don't have a formal relationship with CrowdStrike or with Viper, ESET, like Model Viper. We have relationships with these guys, but in a different way, right? We don't have a SOC built around that, a SOC service.

But you might still have an estate where you want to get visibility across everything and say, well, what's my coverage, say, if I have ESET? Do I have the EDR deployed on all the machines that should have it? What's the coverage report?

So we can pull that data in and give you this consolidated view across ours and third-party products, right? I think that's really, you see it as a theme in the security market in general, like you have the big enterprise company, Palo Alto, CrowdStrike, all these guys are building these platforms. Yes, they're trying to build all the components themselves, more or less, but more and more they're forced to keep those platforms open.

And most of them will say, we have an open platform, you can integrate, right? And that's really important for the end user or the customer to have that freedom in the end, right? Because if they don't like the security awareness training from one company, well, plug in your whatever favorite one and support that.

And so that's really the goal for us, to support that ecosystem and then tie in. Of course, we always have the best individual solution on our line card. We have a lot of the capabilities available that also have some special properties, like really great tie-in with our RMM or the PSA capabilities and so on.

So if you're in our ecosystem, you probably get a one-on-one equals four instead of a one-on-one equals three.

[Uncle Marv]
Right. Now, you talked about the fact that you don't have relationships with everyone. So are these things that you're going to be doing through API integration, or are these things that you're looking to get them more into your marketplace, so you do have a relationship?

How's that going to work?

[Raffael Marty]
A little bit of all of it. Our approach for the ASIO platform in general is that it's a platform as a service, a PaaS. And open, everybody come and build your apps even on top of this platform.

And for the rest, where you don't want to come in, use it as a PaaS and build your own things in there, it's API driven, so you can plug in all kinds of different capabilities into the platform. So we'll be opening up the APIs at some point for third parties to just do it. We have a whole lot of integrations built ourselves already, but that's definitely a go forward.

We want to be an open platform.

[Uncle Marv]
All right. Now, another question to go a little bit beyond that in terms of how enterprise viewed cybersecurity as to how MSPs view cybersecurity. Have you noticed a difference, and it may have changed post-COVID now, with how much we have to address cybersecurity even if our customers don't want to?

What do you think is going to be the thing that really forces or challenges us to take it more seriously than we do?

[Raffael Marty]
Look, we actually just ran a survey, which we didn't do last year, but we did it for the last five years, I think, before that, where we survey end customers on SMBs and their relationship to MSPs and what they see. And now I don't have the exact stats in my mind, but it was over 80% said they have been breached. That's just an obvious, like, okay, what do you do to protect yourself going forward?

And generally, these companies are like, please help us, right? So they will raise their hand. And interestingly enough, across that whole base of customers we surveyed, I think over 90% said that they're scared that they will be breached this year.

So the awareness is there. Now the question is, how much are they willing to pay? And that's where the rubber hits the road, where they're trying to stay cheap generally.

Some of them are like, look, well, a decent amount of money is okay, be allocated things. Others are like, yeah, we want the bare minimum. And I keep saying, like, if you don't do anything else, protect the endpoints, right?

Just make sure. And there's some simple things you can do as well, right? It's like the security hygiene of keep your apps updated, use different passwords for every system, right?

Use a password manager to handle that generally. Don't click on links. All these kinds of things that are obvious, right?

And then tools can support that. But for the MSP, I think, I don't know if the life has gotten easier, but the stats are there to support that the customers need to do something.

[Uncle Marv]
Yeah, I think a lot of customers, it depends on the severity of their breach, I guess. You know, if it's just somebody that clicked on an email and it was self-contained, okay. I get it.

Give us a little bit of protection. But if we accidentally sent, you know, $300,000 by wire, it better be a little bit more robust.

[Raffael Marty]
That's right. Yeah, and in the first case, they're like, see, it wasn't that bad. We could handle it.

We don't need anything, right?

[Uncle Marv]
Yeah. And of course they're like, well, we don't really have anything. Why would hackers attack us?

One of the biggest things is letting people know is, listen, they're not specifically targeting anybody in, you know, at a specific time. They're just spraying for anybody. That's right.

And you've got something. You know, you've got data that if you, and I always explain to them, what if you can't work for a day, a week, two weeks? That's when it really hits home is to, you know, yeah, you think that closing down your email and resetting a password is no big deal, but if your office can't work.

That's exactly right, right?

[Raffael Marty]
And I can only underscore what you just said. It's these criminal organizations, they're going after anything, right? They don't care whether you have a million dollars and I have $2.

They're like, it doesn't cost us anything to try.

[Uncle Marv]
Right.

[Raffael Marty]
And they have their repositories, their tax. They just run, breach, get in, ransomware on it. And that's their monetization, right?

With ransomware, they found a way to make it lucrative. Before that, they had to kind of figure out, well, what do we do once we breach things, right? And, but now there's this whole economy that makes a lot of money.

And guess what? Where there's a lot of money, there's a lot of attention. And there's a lot of, like we've seen ransomware attracts in 23.

They skyrocket, right? They're still on the rise.

[Uncle Marv]
Because it's a lot of return for a little bit of work. And the best way I described it to them is they only have to send out that exploit one time. It may have taken them, let's say 15 minutes.

So if you get hit and you have a ransom for 10 grand and you've got to pay, think about the money that they got for 15 minutes of work and then multiply that. So yeah, they don't care because if they, you know, like, as you mentioned, if you got $2 and you got to pay that $2 to get your data back, well, that's still something that they didn't have to work for. And very interesting, very interesting.

All right, so your third, IT Nation Secure and how are you looking forward to this? Oh, this will be the fourth.

[Raffael Marty]
Yeah, because three years, one on each end, right?

[Uncle Marv]
Okay, all right. So number four, what are you looking forward to and expect out of this one?

[Raffael Marty]
I think security is so hot, right? Everywhere, everybody's talking about it. Our conference has been growing since I've been here a lot.

We're expecting lots of people to be here. I'm looking forward to the conversations where MSPs are at, right? Where they have challenges, where they're growing.

There's a big exhibit hall where lots and lots of vendors here. And it's always interesting to see how they position themselves, what's new, what they're doing. If anyone has been at RSA, I think it's the largest security conference on the planet in San Francisco.

I think the stats were 40,000 people had passes and they expect that there were another 40,000 people on the fringe without a pass, where people just set up shop and rent hotel rooms and have meetings and whatever. The theme there was definitely somewhat AI colored, if you want to put it like that, right? I'm curious what the theme is here.

We are doing a bunch of stuff in the space, right? We're trying to stay up to date with what's going on and use the latest technologies to help MSPs be more efficient, less cost, all that. Yeah, so definitely looking forward to conversations across the board.

[Uncle Marv]
So that was something that I did not ask and I was kind of wondering if I should, but AI, when it comes to cybersecurity, I know that we're just now understanding the concept of where AI generated videos, where somebody could take your face or my face, stick it on a video, throw it into a Zoom link or a video message and say, hey, I'm out here, I forgot this, can you send me five grand or whatever?

That's a new type of threat that it's going to be quite interesting to see how we handle it. Have you started to look at that at all?

[Raffael Marty]
Well, we have pretty high stake elections coming up, right? And I'm pretty sure we will see some of these deep fakes. Yeah.

There's no question. It's been lots of attention in that field, as you were saying, right? Like companies, or we have figured out how to make these deep fakes.

There's companies out there that actually can help detect these things. I don't know how exactly efficient they are, but there's definitely work being done to detect these deep fakes. We haven't done anything specific in specifically that area.

I think, yeah, it's a good question. I'm not sure where I would put that in the product portfolio. I think it's still a little early for having the mainstream application out there.

I'm trying to see what's happening with the election and how good we are going to be to detect the fake Bidens and whatever. And I think from there, we'll see where that trend is going to take us. We got to do something about it for sure, right?

But I think the other piece that I will say, and especially your scenario, which is a very real one, where someone asks, say, for money or a transfer, like these scams that we had for a while. Hey, CFO says transfer $30,000 to this account. You got to start with the awareness of the people and have people be security minded.

And I hate to say it, but be a little critical of some things, right? Like, and be the devil's advocate. And it can get annoying, right?

Like if your CEO tells you to do something, you're like, are you sure? But if it's really high stakes, try to use a second channel to verify something, right? Like just send a quick text message on the site.

Are you really online right now talking to me? And people have to start being okay with that too, right? It's not, I'm trying to be a pain, right?

But I'm just trying to do my job, right?

[Uncle Marv]
It's got to go both ways. Exactly. We have to understand that, you know, the employees that are really trying to do their part and protect the company, the C-level folks have to realize that, hey, we need to appreciate that.

And in some sense, find a way to, you know, not only approve of that behavior, but reward that behavior. So it'll be interesting. All right, well, Rafi, thank you very much for stopping by to see me and chatting a little bit.

It was nice to meet you and look forward to maybe when I get to my fourth IT Nation Secure and enjoy it. Now, I will say this. I did mention in my opening remarks, folks, we are here at the Gaylord and a big place, nice place.

[Raffael Marty]
It is. Did someone say there's, I think it spans multiple area codes or something?

[Uncle Marv]
Or zip codes or something. It's huge. It is huge, it is huge.

But Rafi, great to have you here and we'll see you. And folks, that's going to do it. We'll be back with some more episodes here from Radio Row at IT Nation Secure.

See you later.