LAS VEGAS - The line between managed IT service providers and managed IT security providers will soon disappear.
That’s the wager Continuum Managed Services is making with its announcement today that the toolset vendor is going all in on security, providing partners with everything they need to stand up a comprehensive cybersecurity practice.
During a keynote on Day 2 of Continuum’s annual Navigate user conference, CEO Michael George unveiled the ambitious plan to roll out new security solutions, an around-the-clock security operations center (SOC), and aggressive marketing and end-user training support.
“Your customers believe you are responsible for securing them today,” George told the audience. “If you don’t get in this business, someone is going to take your customers.”
Delivering a presentation entitled “The Art of (Cyber) War,” a play on the book by legendary Chinese military strategist Sun Tzu, George explained how the current competition between cyber criminals and the security industry is guided by some of the same principles of war espoused by the ancient general.
The technology industry has spent the past 20 years getting hyper-connected, George said, while paying scant attention to the burgeoning security risks.
“What we’ve done is built a huge, wildly vulnerable attack surface,” he said. “And we’ve spent a lot of money doing it… Now there’s resistance to spending money to safeguard that.”
The CEO noted that, unlike just two years ago, a dearth of sophisticated security resources has made small business the new favorite target of hackers, comprising more than 70 percent of all attacks.
On average, the attacks dwell in networks for 41 days, he said, and cost small businesses an average of $32,000 per incident.
About 62 percent of those companies go out of business within six months of a breach, George said.
“So if people think you’re charging too much for security, remind them of what it costs to not have it,” he said.
Profile & Protect
He cited Sun Tzu’s principle that all war is based on deception, and compared it to the use today of phishing and social engineering by hackers.
“The first thing you need is a comprehensive software solution,” George explained. “It is not a simple problem and therefore it requires a complex solution.”
A good software solution is defined by a combination of software tools and point solutions that include real-time alerting, effective threat and event detection, advanced reporting and BDR.
“BDR is the last line of defense,” George said. “You’ll only need it if you fail. But you will need it. There is no software solution that is 100 percent effective.”
Toward that end, Continuum is rolling out “Profile & Protect,” a software solution that enables service providers to target specific threat vectors like phishing and ransomware, insider threats or external threats and top exploits.
“By using the profiling tool, IT service providers can determine exactly what types of threats they are protecting each client against and identify opportunities to tailor security services based on the risk faced by each client,” Continuum said in a statement that accompanied the announcement. “In doing so, IT service providers can transform broad cybersecurity services into specific offerings, establish proper expectations and SLAs with clients, and maximize their margins in the security sector.”
Another important function of the security offering involves hardening the weakest aspect of cyber defenses: employees and customers.
George showed an example of a phishing scam in which attackers sent an email seeking payroll data, which appeared to have come from the CEO.
In another instance, George displayed a slick-looking communication, purportedly from Chase bank, which tries to entice a user to log in.
“This is the deception that is going on today,” he said. “You have to make the employees and customers a part of the defense.”
Thus, Continuum plans to roll out support to help solution providers conduct a robust regimen of staff training, education and documentation.
“Security is a shared responsibility, unlike RMM and BDR,” George said during his keynote. “It’s critical for you to make your customers understand that security is a shared responsibility.”
Detect & Respond
Another key principle involves helping solution providers to stay on top of the challenging and rapidly evolving threat landscape.
“Every time you solve for the last problem, they are developing a new one,” George said.
He cited the recent and massive Equifax breach, which compromised the most sensitive data of 143 million Americans, including Social Security numbers and pretty much all credit account details.
No one should take comfort in the fact that the hackers have yet to make wide use of the data in the month since the breach, George said.
“As we stand here today, your records are being brokered on the black market,” he said.
“There is a barter and it’s just a matter of time before that all settles out – the auctions – and then the whole U.S. working population will be under attack,” George went on. “And that will remain until someone recreates all of those records.”
Next, he cited Sun Tzu’s principle that victorious warriors win first and then go to war while defeated warriors go to war first and then seek to win.
To that point, Continuum plans to roll out robust support to help solution providers devise appropriate and effective go-to-market strategies.
“We’re going to help you get ready and market yourself as a managed security advisor,” George told the crowd.
Finally, the CEO introduced Continuum’s new 24/7/365 SOC service, called “Detect & Respond,” by referencing Sun Tzu’s assertion that to know your enemy, you must become your enemy.
The SOC is intended to enable users to leverage the expertise of Continuum’s security staff and mitigate the widening IT skills gap in security talent at a cost that IT solution providers can afford.
As part of Detect & Respond, Continuum is deepening its partnership with Webroot by incorporating that company’s cloud-based Secureanywhere DNS protection and end-user security training.
“Detect & Respond monitors for indicators of compromise, separates false positives from actual malicious events and drives remediation actions to prevent harm and reduce ‘dwell time’ from months to minutes,” the Continuum statement said.
The new services will run on the existing Continuum platform.
Attendees were encouraged to sign up to be among the select partners participating in an early access period that will open during Q4 of this year.
General availability for the security solutions is scheduled for the first quarter of 2018.
Also today, Continuum announced a new backup solution for small businesses called Continuity 247 Backup, and enhancements to the company’s Total Desktop Care Plus package, which will be available sometime in Q4.
Send tips and news to [email protected].