Anup Ghosh of ThreatMate

[00:00:02] Hello ladies and gentlemen, this is a

[00:00:06] September 5th edition of the MSP Initiative at MSP Talk. We're gonna get some housekeeping out of the way

[00:00:12] It is that time of the year. We'd like to call it here at MSP Initiative the Gauntlet

[00:00:18] As all these conferences and events all slam together in about 90 days

[00:00:23] And then you'll be bald like me because like you know

[00:00:25] You would have pulled it all out after you went to all these so it's all good

[00:00:29] We'll talk about those and a couple other things now, but you'll find everything we do here at MSP Initiative at

[00:00:36] mspinitiative.com

[00:00:38] This session for example is being recorded and you'll find this and every other session we've ever done

[00:00:42] I think we're over a thousand

[00:00:45] Going back to 2020 you'll find it in video audio YouTube podcast format

[00:00:52] Whatever works for you. It's all there like share subscribe download all that good stuff

[00:00:57] We have an in-person event coming up here of our own. I know right in the middle of the gauntlet shame on us

[00:01:02] In Denver, so it's over 2526 is a completely educational event for MSPs

[00:01:08] We have our agenda posted for two days. So not just afternoon, right?

[00:01:14] We're giving you two absolutely full days jam packed with real content no sales pitches

[00:01:20] so we have MSP business owners and

[00:01:23] You know specialists, you know that are on panels and you can see the panels for panels here

[00:01:28] And then we have eight workshops right two hour, you know actual in the room whiteboard

[00:01:35] Let's actually learn something. That's not

[00:01:38] You know something that you're gonna write down on your notepad go home and never do

[00:01:42] It's not a 45 minute death by PowerPoint that I can promise you

[00:01:47] So check out MSP community minds again in Denver

[00:01:51] 22526 we do not charge you as an MSP to register for this event. You come for free

[00:01:57] You know, there's no 399 999 1299 registration fee. Yes, you do have to put a little bit of time in and yes

[00:02:04] You do have to actually travel to get there. That is where you'll spend a little bit of time and money

[00:02:08] but

[00:02:10] Look at all the people are putting in the room and we're not charging you one penny

[00:02:13] This is our way to give back to the community and we want you to learn from the people who have figured it out

[00:02:18] That's the best way in our opinion

[00:02:20] Then probably what we're better known for is the MSP community block parties. There is four more

[00:02:28] Four three now and then to the year in the middle of the gauntlet here

[00:02:31] We go so you happen to join the US version of the PAX AP on the event

[00:02:37] And you know, we already did one there earlier this year in Denver in June

[00:02:40] Well, we're packing up. We're letting October fest which actually ends in September if you didn't know wrap up in Germany

[00:02:46] We're headed to Berlin and we're doing a block party at a brewery

[00:02:50] So we couldn't help but keep the you know the idea of the you know, October fest going

[00:02:55] so we're doing a block party with our friends over at PAX 8 beyond in Berlin if then

[00:03:01] You're not headed to Germany, but you're headed to Miami

[00:03:04] Well, we're working with the Kaseya team for Datto con in Miami at the fountain blue

[00:03:10] We'll be doing a rock party on site at the fountain blue. No buses

[00:03:14] You don't need to leave the facility. It is on site

[00:03:18] So we are doing that on the second night of Datto con in Miami then

[00:03:23] The big one every year if you're going to IT nation connect in Orlando first week in November

[00:03:30] You know, we we do that big one where we bring an outside

[00:03:34] Musical artists that you probably would have heard on the radio at some point two years ago as all American rejects last year better than as your sugar rain tonic

[00:03:42] This year

[00:03:44] Just signed our artists

[00:03:46] So we're gonna drop a couple hints stay tuned on our social media for the teasers

[00:03:51] but

[00:03:52] Trust me this one this one might top the ones that I just mentioned so join us at IT nation connect in

[00:03:59] Orlando

[00:04:01] For that block party and then we wrap up the year in Sydney

[00:04:05] We were there earlier this year literally earlier like three weeks ago

[00:04:08] And we're going back to close out the air for the Datto con

[00:04:13] APAC or Datto con Sydney event, which is the week after in November. So

[00:04:19] Those are the four just to recap packs it beyond Germany Datto con Miami IT nation Orlando and Datto con

[00:04:27] Sydney those are your four by the way just like MSP community minds. It is a community event

[00:04:33] You know if you're an MSP we encourage you to come and enjoy no cost

[00:04:38] You know little little beverage a little food little community

[00:04:42] Some good con some good conversation

[00:04:44] So join us there got some community offers here on MSP initiative comm and our industry calendar which

[00:04:49] Goes to the end of the year December and then we'll re up for 2025 once we get past the gauntlet

[00:04:55] And that is the housekeeping at MSP initiative comm and

[00:05:00] Yes, it is a lot of things going on in the next 90 days

[00:05:03] We we got you a lot of air miles a lot of TSA security a lot of beverages

[00:05:09] And hopefully something that you actually help yourself with like better yourself your company something like that

[00:05:16] I think that's why we try and go to these things

[00:05:19] All right that out of the way we bring a new guest onto the show for the first time

[00:05:25] And up from a threat mate. How are you doing today?

[00:05:29] Doing good George. Thanks for having me. Yeah, welcome welcome welcome

[00:05:33] So so usually every time I invite somebody to this

[00:05:37] Podcast that hasn't been on before it you know like to give everybody some airtime unlike a little bit of your background

[00:05:42] You know, how did you get you know into the tech industry?

[00:05:45] And you know then we'll go on to maybe a little bit about you know the company that you're you're working with

[00:05:51] And then we'll go from there. Oh sure appreciate that I'll make it brief. So I've been in the tech industry for a long time

[00:05:58] I

[00:06:00] my roots traced back to

[00:06:03] DoD

[00:06:04] Spent four years at DARPA post 9-11 building

[00:06:08] Yeah, yeah, so we were on a war fitting at that time. We're building out

[00:06:14] offensive cyber capabilities for the nation

[00:06:17] After a four-year stint I left there started a company called in Vincia

[00:06:24] Next-gen endpoint detection and response company

[00:06:28] We sold that company to Sophos

[00:06:32] Then I spent a little bit of time in the managed security

[00:06:35] services space with Accenture. I know it's a big company

[00:06:40] Left there to run another cybersecurity company and then started threat mate

[00:06:44] so here we are we've launched our product in

[00:06:47] just last year and

[00:06:49] You know, we think that this is a great market for

[00:06:54] a product takes advantage of new technologies like generative AI and machine learning to deal with the problem of

[00:07:02] Security exposures on client networks. Everything left the boom as we like to say

[00:07:07] Okay, fair enough. I know there's a popular event in the sandbox called right of boom

[00:07:16] If you don't understand that concept go Google it it's pretty well pretty at least the concept as well documented out there

[00:07:22] Yeah, so you

[00:07:25] You know came from a pretty cool part of the world right the government which probably has unlimited amounts of money

[00:07:31] And who knows right they just build much. Yeah

[00:07:34] Like they print it so I guess

[00:07:37] Um

[00:07:38] But you know, yeah, you the one company sold the Sophos Sophos is MSP land and so you've been in the sandbox right in some shape or form

[00:07:47] Just curious like

[00:07:49] You know cybersecurity is not a small topic and an AI seems to be the like the buzzword right in 2024 until somebody else comes up

[00:07:57] With the next one. Yeah

[00:07:59] Why concentrate an IT MSP land and not just go corporate

[00:08:04] Yeah, so

[00:08:06] my last few companies have also the corporate also to the enterprise and

[00:08:12] You know what you get there is obviously big contracts because you know, they're really large companies and that's great

[00:08:21] What you also get is a lot of some very

[00:08:24] sophisticated cybersecurity people that you're selling to and

[00:08:28] Where we saw in a lot of competitors frankly right where we saw the real market opportunity

[00:08:35] was downmarket from the enterprise and the reason is a lot of the

[00:08:41] high-end sophisticated products don't serve the

[00:08:46] SME market and we thought it was time to

[00:08:49] Launch a product capability that the enterprise would use from a capability standpoint

[00:08:55] But one that was designed specifically for the MSP and

[00:09:00] Specifically for the non cybersecurity expert. We thought it's time now to build products for IT

[00:09:08] Guys and gals not just cyber security experts that they in turn can use to

[00:09:13] Deliver high-margin cybersecurity services to their clients the SMB and that that's why we founded ThreatMate

[00:09:21] And that's a promise we've delivered on in our platform

[00:09:25] Interesting so totally get it understand what you're saying. You're right

[00:09:31] Generally speaking, you know most MSPs are 10 employees or below there are some very very big ones out there

[00:09:37] Don't get me wrong and now but but generally speaking of the think somebody told me the other day

[00:09:42] They think worldwide. I love everybody's guesstimate on this number that there's 400,000

[00:09:48] IT MSP ISV

[00:09:50] You know or you know depending on what part of the world you're not like, you know integrators whatever sure let's say in North America. There's

[00:09:59] 95,000 it was just an interesting, you know argument on the numbers, but okay, there's a lot out there

[00:10:07] The majority of the people in the average MSP aren't security people they've never done threat hunting or

[00:10:13] They don't enough to install the products that are required. I mean, I even know how to configure them properly

[00:10:20] Hopefully a third-party vendor can assist them in getting to functional

[00:10:24] But yeah, that's just the beginning part right like then the ongoing part is does all of this stuff

[00:10:31] Do what you know catch what we're trying to catch or prevent what we're trying to prevent exactly

[00:10:37] I know some people will flip the conversation around. They'll say well

[00:10:42] There's no hundred percent. I agree with that. There's no hundred percent

[00:10:46] Reduce your risk enough that the cost is worth, you know, the worth effort. I don't ask a question

[00:10:52] Yeah, it kind of building on your point

[00:10:55] So what we have found of the 95,000 whatever it is in North America, right a lot of them have really focused on the right of boom

[00:11:05] Which we should explain what we mean there, right?

[00:11:09] So for those of you who aren't familiar with the terminology. It's a timeline. We're talking about

[00:11:15] In boom is one and event or an incident happens, right?

[00:11:20] Usually it's going to be a malware detonation or it could be an intruder that breaks onto a network via vulnerability

[00:11:27] And everything right of boom if all the actions that are required to detect to

[00:11:36] Contain respond recover, right and that's what's called right of boom

[00:11:40] And you're there's there's a good conference call right of boom, right?

[00:11:44] And I think in MSP land because that does require

[00:11:49] Cyber security subject matter expertise

[00:11:53] Often requires 24 by 7 a lot of that work is outsourced to third parties, right? Oh

[00:12:01] I'm gonna guesstimate a number right and like you know, I'm doing this. Okay. I've not done like serious homework

[00:12:07] More than 90% of it is outsourced

[00:12:09] I would I think you're right and certainly

[00:12:13] It would be great if it was less than that

[00:12:15] But and by the way, they're great companies that operate in that space, right?

[00:12:21] And there are mdr's their managed EDRs 24 by 7 saw, you know manage them

[00:12:26] Whatever you want to call it recovery incident response

[00:12:30] Just level set it for everyone

[00:12:31] Those are all those companies that do right of boom and we understand why you would outsource that right because it does require some forensics knowledge

[00:12:40] Detail understanding of the threats understanding threat intelligence. It is subject matter expertise

[00:12:45] Where we come in and where we think the real opportunity and to take a stronger where the remit for

[00:12:51] Managed service providers is left of boom, right? So what are those activities that are left of boom?

[00:12:58] It is the

[00:13:00] setup

[00:13:01] management

[00:13:02] securing and monitoring of those networks to

[00:13:07] Cover identifying cover the security exposures that the bad guys see and take advantage of right?

[00:13:14] so another way thinking about it is the better job you do as an IT professional to

[00:13:22] identify security exposures and

[00:13:24] Remediate them before the adversary gets to them if your booms happen

[00:13:30] And there are fewer incidents that you need a right of boom to cover and here's where it really gets better

[00:13:37] I think you know, I'll stop me. Let me pause you

[00:13:40] Yeah, I generally speaking

[00:13:44] That is what the marketing is for almost every I don't know like let's say the average MSP who has gone down security lane

[00:13:53] When I say security lane haven't built their own departments. They're just outsourcing

[00:13:56] But like they've heard this layered approach. Maybe they're eight nine ten products in

[00:14:02] Across multiple different companies in order to you know provide a holistic approach

[00:14:08] whatever

[00:14:10] But at the end of the day like I think the concern is and what at least the

[00:14:16] Messaging to the end customer from the MSP is well, we need to spend all this money in order to

[00:14:22] Make it less possible that an event or a boom can happen

[00:14:25] But then when the inevitable event does happen they come back and like wait a minute

[00:14:31] You sold me on pying for all this extra stuff and what did it do for me?

[00:14:37] Yeah, I could say well, you know, I'm gonna put a wrinkle in here

[00:14:40] I know everybody that follows this get a laugh about what I'm gonna say

[00:14:42] but then there's also the

[00:14:45] The side, you know the parallel incident of like hey

[00:14:47] You you sold me really expensive security software and a crash all our systems ie crowdstrike and it's like

[00:14:53] That wasn't intended but yeah, yeah, yeah, no I I think it's a fair

[00:15:00] rebuttal right and

[00:15:02] But I do think I think everyone would agree the better job you do in securing those networks

[00:15:09] They're less likely, you know, I'll make an analogy, right? So when we build houses

[00:15:15] At the end of the day

[00:15:17] We are concerned about all hazards including fire, right and the better job and that's why there's code, right?

[00:15:24] The better job we do in

[00:15:27] Fireproofing, you know literally putting up firewalls between townhouses, right?

[00:15:32] Making sure we've got smoke detectors

[00:15:36] In in commercial buildings and even some residential water sprinklers, right the better job

[00:15:42] We do in preparing for that unfortunate event the less likely we will need

[00:15:48] fire trucks

[00:15:50] Firefighters putting out fires, right? So it's not about you'll never have a fire

[00:15:56] We know that that there is a chance to have a fire. It's about how do I build a structure?

[00:16:03] That is less likely to have a fire because you've built in all these other mechanisms

[00:16:09] Same is true for networks, right?

[00:16:12] The better job we do in securing that network the fewer

[00:16:15] Incidents will have down the line each incident is very expensive, right? Wow. I okay

[00:16:21] I love but by the way, that was a great. I think that was the best

[00:16:24] I've heard of somebody just trying to make it simple right even to a non-technology person

[00:16:28] It's like hey, do you change your smoke alarm batteries every year?

[00:16:32] Like do you yeah?

[00:16:33] Do you make sure you got the fire extinguisher somewhere near your kitchen where you're cooking in the oven and whatever like, you know

[00:16:38] Yeah, you shut off your gas when you're going on vacation just in case you know like something bad happens

[00:16:43] Actually and water for that matter. You know, I've seen people come back in their houses flooded

[00:16:49] Like yeah, I think goes for sensors has like a little pin thing in it and right and now you

[00:16:55] You use the use the burglar alarm analogy, right? So lock your doors

[00:16:59] Close your windows do everything you can you can't do enough

[00:17:04] Obviously for a determined attacker to breach your house, but if they do breach your house, what do you have you had of?

[00:17:11] Burglar detection, but you got the window sensors

[00:17:14] Mm-hmm the motion sensors by the way, who does it call calls the police?

[00:17:20] It calls emergency response same analogy, right?

[00:17:23] So you want to you're not gonna leave your doors open and your windows open your doors a lot

[00:17:27] That's what secure the network is you want to prevent that scenario from happening

[00:17:32] So you don't have to call the police or put your that's fair

[00:17:34] I like I like that analogy and quite frankly nobody's simplified it to that but it actually makes very

[00:17:40] Crack it's like do the things that we know make sense, right?

[00:17:45] Oh, I don't know. Yeah, I know common sense isn't common anymore for some reason

[00:17:49] But I'm gonna go back to that old-school methodology like hey tie your shoes. You might trip

[00:17:53] Okay common sense says you should make sure you tie your shoes got it

[00:17:57] Yep

[00:17:58] So so where was that is okay?

[00:18:01] So, okay, so so left of boom right?

[00:18:05] Boom is and to your point most MSPs have dealt with

[00:18:10] Something right? Yeah, some sort of compromise some virus some malware. They got a reform out of computer

[00:18:17] They got a you know restore from backup

[00:18:20] They got a call the insurance company if they need to get involved whatever something ransomware here, right?

[00:18:26] ransomware 100%

[00:18:28] Yeah left to boom right which is supposed to be the hey you triggered

[00:18:32] The smoke detector or the fire alarm or the security alarm so that we know something's happening before it becomes a bigger something

[00:18:40] Yeah

[00:18:41] well, the left of boom activities are

[00:18:45] identifying the

[00:18:48] Open windows and the unlocked doors. Okay, that was left of boom

[00:18:51] So in the network terminology if you're running an RDP or a telnet on your external

[00:18:59] Attack surface, which is your internet side. You now have left an open door

[00:19:04] To an adversary and so what what ThreatMate does is we evaluate every attack surface

[00:19:11] External to internal we look for those gaps

[00:19:14] So another example would be on your Microsoft 365

[00:19:19] You've got a global admin account that does not have two factor authentication set up

[00:19:24] Hold on don't you remember it wasn't that long ago Microsoft was like, oh

[00:19:30] When our MFA goes down, I guess you're stuck

[00:19:33] So I guess you should create a break glass account with a really really complex password because that's the only workaround

[00:19:39] You have when our own system goes down. Did you remember this? It wasn't that like they did definitely

[00:19:44] Yes, I think yeah, they're very focused on MFA. You guys probably saw this but you saw that they're going to now mandate

[00:19:53] MFA for global admins and and you know, they had their own their own breach from Microsoft

[00:20:02] 366 or office 365

[00:20:05] And it was an authentication problem

[00:20:08] They didn't have two factor authentication enabled on that internal legacy exchange server. So I think lessons learned from all that was

[00:20:18] We're going to mandate it as well. So yeah, people are very focused on the issue that is a left to boom control that is an attack surface that's really rich

[00:20:29] We also look at the third party sass apps have been given privileges to that Microsoft tenant. That's another

[00:20:37] Risk area. So those are good examples. Another one is vulnerability management

[00:20:41] What vulnerabilities do you have on both your external internal attack surface?

[00:20:46] And all of this of course is the remit of managed service providers is their job

[00:20:52] To do this, right? And if they're outsourcing that they're missing out on that revenue potential, which is project work and from a cybersecurity point of view, it's great to be able to charge

[00:21:04] Cybersecurity monitoring rates for capability you're delivering rather than outsourcing

[00:21:10] Sure. No. Okay. I follow what you're saying here. Here's what again the end user of them SP right

[00:21:21] I know different industries will have different answers, right?

[00:21:24] Like if you're in a government thing and you got to deal with CMMC because they basically won't deal do business with you

[00:21:30] Let's say unless you comply that's different little bit different, right?

[00:21:34] Yeah, right stick you have no choice, right sell to somebody else, right? I can

[00:21:41] But for everyone else, right like I always like to use the example of like the donut shop down the street like

[00:21:47] You don't care right? He's like hey my credit card machine runs your seat comes out. Yeah settles at the end of the day

[00:21:55] I'm good. No, I don't need any of this like unfortunately

[00:22:00] you know like

[00:22:02] There is the mindset of the look, you know least the low the guy at the bottom of the totem pole

[00:22:07] Which is the majority, right? Right?

[00:22:09] But how do we go and maybe this conversation is a bit more upstream?

[00:22:13] Maybe it's a professional services company could be an accountant or a lawyer or

[00:22:17] Something like that

[00:22:18] At what level are we talking here? Right because there's a lot, you know a lot 50% of the economy

[00:22:24] It's supposed to be small medium business. Yeah, it's not higher to be honest. Yeah, right?

[00:22:29] So like what but what where does where does what's the lowest point here that we're talking about?

[00:22:35] Yeah, and I think I think we're really driving towards what are what's the standard?

[00:22:40] Right. Yeah, what point do we draw on line the sand and it's such a relevant question for the MSPs that are out there

[00:22:47] And here's what we've observed

[00:22:48] And be care is for anyone else online to kind of chime in here, which is the more mature

[00:22:56] MSPs are saying we have a standard right?

[00:23:01] And our standard includes this tech stack and in our tech stack

[00:23:06] We've got obviously a firewall. We've got an email security solution. We've got cybersecurity

[00:23:13] Awareness, we've got vulnerability management, right?

[00:23:17] And maybe even while certainly an EDR solution and so what what what's happened is for those clients that they're talking to you say a prospect

[00:23:26] That says oh well, I don't need this EDR or I don't need this email security

[00:23:32] The more mature MSPs are saying hold on

[00:23:36] What I was talking about was an optional it's required if you want us to manage your network

[00:23:43] You're on our stack and it isn't a pick three kind of thing, right?

[00:23:48] And so in a certain sense what's happened is the MSPs as they mature

[00:23:52] They're saying cybersecurity is a must-have is not an optional

[00:23:56] We're not going to say you optionally get this

[00:24:00] Because we know there's there's downstream liability if you suffer a breach

[00:24:06] And and we're managing that

[00:24:09] You can easily point the finger at us, especially if you don't have cyber insurance

[00:24:14] You're going to be looking for who do I blame and by the way the cyber insurance industry has drawn a line in the sand

[00:24:21] They have a standard right

[00:24:24] All these work together

[00:24:27] Is it dependent on the insurance company?

[00:24:31] Listen and just because you have insurances I mean that the insurance company won't go and try and get their money back somewhere else too, right?

[00:24:37] I mean that's sure. I

[00:24:40] Feel like every six eight nine twelve months

[00:24:43] This conversation kind of changes. I

[00:24:47] Just line now. Yeah, like it is a moving target. It is a moving target. Absolutely and remember the policy covers

[00:24:55] Then custom right like right construction company the lawyer the office the school like

[00:25:03] They're the ultimately the person with the car driving right so that's who's being insured

[00:25:08] The MFB

[00:25:09] You know, there's a lot of legal ease you can put into your agreement that says hey listen like

[00:25:15] Hold harmless not responsible like or shared responsibility

[00:25:18] Like you can't just all be on us like, you know your limit of our agreement only goes up until like there's a lot of this

[00:25:26] type of stuff that

[00:25:28] Quite frankly you almost have to do

[00:25:31] To protect yourself as an IT provider or consultant or an MSP whatever you want to call yourself

[00:25:36] Because if you don't then you leave your doors and windows open for a bad day too

[00:25:41] Right and and obviously you will have that boilerplate in your legal agreements

[00:25:47] But none of us want to be in that situation

[00:25:49] Where you're calling your lawyer because their lawyers have contacted you right because all that is this cost, right?

[00:25:57] Yep, the cyber insurance industry and I'm sure you've had some of those guys on as well

[00:26:03] But they've actually matured quite a lot. I've been tracking the space

[00:26:06] That's about 2018 when ransomware really started ramping up

[00:26:11] cyber insurance in 2024 is very different and

[00:26:15] Some cyber insurers use our platform for doing underwriting

[00:26:21] That's right

[00:26:22] We're partnered with one of our partners will throw a shout out to a seed pod cyber

[00:26:27] And they use the threat make platform to be able to write policies for their for their clients

[00:26:34] MSPs and in their clients and so they are looking they're quite good all of them are actually quite good

[00:26:41] They think if you ask them and you look at their surveys and what's required

[00:26:46] There's remarkable unanimity over what is required, right?

[00:26:51] At a fairly generic level now the specifics some will have different degrees of requirements, but some of those

[00:26:59] EDR firewall vulnerability management

[00:27:05] The cybersecurity awareness training all of them have those requirements today, right?

[00:27:11] And then they will look at the performance. Oh MFA. That's another big one, right?

[00:27:15] They will look at the actual performance

[00:27:17] So for example if you say yes at MFA enabled on your form be careful when you say that because to the insurance company

[00:27:26] That means a hundred percent if you're eighty percent deployed and account takeover happened. You lost a lot of data

[00:27:33] That if that account was not protected by MFA you will now have a claim that they may not actually, you know

[00:27:40] What you said earlier? They I feel I feel like the

[00:27:45] Maybe you should help them maybe they should get some consulting on these insurance companies, right?

[00:27:50] Like when you have you looked at one of those questionnaires, they don't say these are absolute questions, right?

[00:27:56] They don't really say that yeah

[00:27:57] You know because you're working with them and maybe somebody else knows because they came back and said oh by the way

[00:28:04] This was this meant to 100% well like why didn't you tell me that before I filled this out exactly?

[00:28:09] Yeah, I mean we advise our clients that we like be careful like you know the last sheet says go ahead and list

[00:28:15] Be careful because you want to you want to be give all of your disclosures, right?

[00:28:21] And by the way, that's where threat becomes as we say oh by the way

[00:28:25] Did you know you've got 95% coverage of MFA?

[00:28:30] But part of that 5% was his global admin account, right?

[00:28:33] And we see that every day, right that didn't have it. That's your real risk

[00:28:37] And so we prioritize those risk like cover that first. All right, so let's do back out for a second

[00:28:42] All right, I'm an M.P. Yep, you're telling me hey

[00:28:46] I know you got a lot of investment in security products or that's what you're being told you need to do

[00:28:51] I'm going to get exactly what from threat mate why threat mate and not piecemealing multiple other tools together to do

[00:28:59] Something yeah, something what is it that we're accomplishing?

[00:29:02] Yeah, so actually the number one use case for threat mate by MSPs is winning new clients

[00:29:11] Yeah, yeah, so

[00:29:13] If you're an MSP you're concerned about two things and tell me if I'm wrong

[00:29:18] Well, let's let's agree that everyone's gonna say customer satisfaction. So next step customer satisfaction retention super important

[00:29:26] But how do I win new business? How do I drive more profitable?

[00:29:31] Uh services right?

[00:29:32] It's a word. I mean hopefully everybody's in the in business to make money right like exactly just like everybody else out there

[00:29:38] We're not we're not nonprofit. We're for profit. We need to pay some bills and need to make some money

[00:29:43] Right. Well look at what you guys do on the community side

[00:29:46] Right, so you're actually building community right and I do think there's a fair element of people

[00:29:52] You know building community but all of us in order to build community. We also need to make money

[00:29:56] Right and and I think so where threat mate helps our partners is they use our platform

[00:30:03] Uh for their prospects and they base and by the way, this is free to MSPs for this use case

[00:30:10] Which is go ahead for your prospects

[00:30:13] We will deliver a cyber security risk assessment

[00:30:17] And we encourage our partners to charge for that

[00:30:20] And oftentimes they'll charge 1500

[00:30:25] Certainly a cyber risk assessment would cost more than that

[00:30:27] But basically

[00:30:29] It's getting the game for a prospect you're saying hey for 1500

[00:30:32] I'll give you a complete work up

[00:30:34] Which will show you how you're doing and you can compare to your peers because we score everything

[00:30:40] We'll give you a bottom line score and then we'll work up. These are the issues we found

[00:30:45] You've got this is not a joke. We've got we found this recently a telnet port on port 50 000

[00:30:51] Of an externally facing server now if you weren't scanning all 65 500 36 ports, you wouldn't have found that right

[00:30:59] Um

[00:30:59] And so that's an example from the external side but behind the firewall looking at, you know, their

[00:31:06] Microsoft 365 tenant. What are the exposures there behind the firewall?

[00:31:12] What devices there have old unpatched software which would make them ineligible from a cyber insurance point of view

[00:31:18] So all of these issues will work up into a cyber risk assessment that they then hand their prospect

[00:31:24] Uh, which essentially positions them as you know

[00:31:27] A comp a competent qualified person to say here are the issues that we found

[00:31:32] And here's some project work that we can go clean that up

[00:31:35] And then here's a lead behind product where where we will continuously monitor that because monthly return revenue

[00:31:41] So that's that george is the number one use case is winning new business and then delivering

[00:31:47] High margin cyber security services to go address those those exposures. That's interesting, you know in the early days

[00:31:53] At least you know, I started an IT and MSP line rob 2000 2001

[00:31:58] You know out of my garage like everybody else or the backseat of your car

[00:32:02] um

[00:32:03] And you know when I adopted rmm like 2010 ish

[00:32:07] One of their one of their kind of pitches was well, hey install our agent and let it just collect the information

[00:32:14] So that you can run the reports

[00:32:16] quickly

[00:32:17] Right now, of course, you know, we're in 2024 things have changed but

[00:32:22] It's kind of a similar approach, right? It's like hey

[00:32:25] If you use the platform to do the heavy lifting so you don't have to go check for one thing at a time at a time at a time at a time

[00:32:33] You can quickly figure out

[00:32:36] All of the things that are hey, like, you know, here's all the here's all the doors and windows should be locked up

[00:32:42] Right. Absolutely. Here like these are things that absolutely like I don't care who you're talking to is like

[00:32:49] Common practice is that these things should be addressed and not open like to your point rdp not being open three

[00:32:54] Yeah, I know like we all got cute, right? So go we change the port number, right? We'll make it

[00:33:00] 999 or something right no one will buy that

[00:33:03] You know what for a minute it maybe works and then all of a sudden like the tools that scan the internet got a little bit more

[00:33:09] Intensive and then all of a sudden, you know, they found you right? Yeah

[00:33:13] Like yeah, here you go ready. They found the key underneath the rock outside your house, right? Right exactly and where other

[00:33:22] Vulnerability management tools leave off we pick up

[00:33:26] Which is if I were to if the only thing I were to show you were all the problems

[00:33:30] That would then require you to figure out all the solutions and it does actually require a little bit of cyber security expertise

[00:33:36] to understand what CBE

[00:33:39] 2024 487 95 that's an actual one means

[00:33:43] right

[00:33:44] And where we pick that up

[00:33:46] This is where the AI and machine learning comes in is we look at

[00:33:50] The entire list of all the security exposures, which by the way, it's going to be in the thousands

[00:33:54] I kid you not if you're scanning a network

[00:33:57] instead of giving you those thousands of problems we actually

[00:34:01] Correlate the threat intelligence for each one of those exposures

[00:34:05] We filter out all the ones that are not being actively exploited in the wild

[00:34:10] By the way, 94 of all vulnerabilities do not have an active exploit

[00:34:16] Hmm. What that means is if you're looking at every vulnerability, you're wasting 94 of your time, which is cost

[00:34:24] Right. So you say you really need to focus on the six percent to have an active exploit

[00:34:29] Which is what we do we tell you

[00:34:31] Which of all those actually matter and we filter out the rest and then we build a solution for you, right and then we

[00:34:39] Collapse all these exposures into simple solutions. So as an example, you have a microsoft 2012 server

[00:34:46] It's got 430

[00:34:49] security exposures

[00:34:50] So rather than giving you that list of 430 security exposures

[00:34:54] What we tell you is the action in emission planting

[00:34:57] You've got these four devices with this microsoft 2012 server

[00:35:03] Just go update it and when you do that all of those that one action collapses all of those vulnerabilities

[00:35:10] We're not wasting your time on volubilis. We just tell you what to do

[00:35:14] We know you've got limited time

[00:35:15] It improves your gross margins because you just focus on the actions by the way everything is scored

[00:35:20] So when you execute that mission the score for that client goes up

[00:35:24] And when you have that client facing meeting you're saying I found you had a 35 I've now increased you to a 65

[00:35:30] Congratulations, you're far more secure today than you were a month ago. That's actually yeah

[00:35:34] We we we we laugh about this all the time

[00:35:37] It's like oh everybody knows what their credit score is because they probably need to go like

[00:35:40] You know get a credit card or bank account or loan whatever her loan

[00:35:44] Yeah

[00:35:44] It was like who comes up with the credit score for the stuff we're doing well in a nutshell you already built something

[00:35:49] That's right. This is why the insurance company underwriters like this right because like you don't need to be a genius to say

[00:35:54] Well, if you're in between 750 and 850 you're at the top of the of the credit, you know chain

[00:36:00] So you should get the best rate. That's right. Exactly. You got it

[00:36:04] so

[00:36:05] Thank you for uh letting me talk about about our platform and what we do

[00:36:10] I think it's it's high time that msp's

[00:36:13] Start to actually take on this work in a platform that makes it easy for them

[00:36:18] Yeah, no, so so how does the you know, how does the program work? You said like

[00:36:24] You know, you could use it from an analysis like

[00:36:27] standpoint for free but like oh, yeah, how does the program actually function?

[00:36:32] Yeah, so so basically we get on a call with with a partner

[00:36:37] Um, we asked them to first analyze themselves. So we create the msp in a tenant

[00:36:44] Everything we do is uh multi tenant and multi level which really helps

[00:36:48] So if you've got a company with different geographies, you'll set up sub tenants if you want it that way

[00:36:53] But basically we will for 30 days give full free access to the platform, right?

[00:37:00] So it's a 30 day trial

[00:37:02] And during those 30 days we ask them to analyze themselves

[00:37:05] Obviously, you want to find the any weaknesses in your own

[00:37:09] Network and then analyze as many clients as they want to

[00:37:13] And they get free use of that platform. They will always have free use of the platform for any prospects

[00:37:19] Right. So if you as you go prospecting

[00:37:21] Um, and you scan those networks, you know, we want you to grow

[00:37:25] Because ultimately the way that we charge is based under based by the number of assets under management

[00:37:31] So as you continue to add new clients, you're getting more revenue more assets and we just tear it out just to give an example

[00:37:39] um

[00:37:40] Our typical price for an msp is is

[00:37:44] $299 per month

[00:37:47] That's how much they're spending on us and they get everything inside of our platform

[00:37:52] So we we've priced it so where it's essentially sent

[00:37:56] per device

[00:37:57] That that they're managing and if an msp charges one dollar

[00:38:02] Per endpoint or vulnerability management service. They're making about 90% gross margins on that

[00:38:08] So price it in a so that it's not an option. Remember, this is not an option. It's something you have to do

[00:38:15] But if you sell it as a service, you can make a 90 margin on it

[00:38:20] So we think that's pretty attractive. How does the scanning part work? Is there some sort of device that needs to be installed?

[00:38:27] Is it just the software like high software?

[00:38:29] Yeah, it's a single agent that you would download to a device

[00:38:34] Behind the firewall it scans

[00:38:36] It's an unauthenticated scan which means that you don't have to log in to any device. You don't need administrative privileges to run this

[00:38:44] But the good part is we'll find every device on the network

[00:38:49] Right, so not just laptops and servers but things like IP cameras

[00:38:55] IP cameras have telnet oftentimes running and they get they get

[00:38:59] Compromise and run into mirai botnets, right?

[00:39:02] So you want to identify those IP cameras the printers the routers switches will do

[00:39:08] Automated pen test behind the firewall as well as on the outside

[00:39:13] That'll attempt to log in to c panels if you see that we'll let you know if we're able to get that

[00:39:18] So you get the automated pen test the vulnerability scan the m365 analysis all of that at a pretty low price

[00:39:26] So how does it work from we're just an entirely remote workforce?

[00:39:31] You know use some great question or rmm to deploy something and then

[00:39:36] And that that's the use case for endpoint agent. So we do have an endpoint agent

[00:39:41] Um, it is pushed out via rmm

[00:39:44] It gives you visibility like you nailed it

[00:39:47] It gives you visibility for those devices that are work from home or remote that aren't on the network

[00:39:53] So if it's not in the network our discovery agent won't find it. That's where this endpoint agent comes in

[00:39:58] That's an authenticator scan. So it will see

[00:40:01] Exactly what operating system what patch level what vulnerabilities and even more importantly

[00:40:06] It pulls back all the security configuration

[00:40:09] Information for that device

[00:40:11] So we do recommend it for all the devices because now with that security configuration information

[00:40:16] You can use cis compliance. You can do nist cfc compliance

[00:40:20] You can do any one of 35 to 40 different compliance schemes with our partner control map

[00:40:27] That we that we integrate with

[00:40:29] Interesting. Okay. So you have a remote you have uh in office behind the firewall

[00:40:35] Okay, and then you create the score and then I assume as the how often, you know

[00:40:40] I don't is it

[00:40:41] It's doing a daily check an hourly check a permanent check like because at some point it's updating the score, right?

[00:40:47] That's right. So so we scan daily

[00:40:50] And we run our automated pentest weekly

[00:40:55] and

[00:40:56] The score stays the same unless two things one of two things changes

[00:41:00] You have a new exposure on the network, right? Then the score goes down

[00:41:05] Or you run a mission and you fix some things up and the score goes up

[00:41:10] So those are the or you have a machine that's doing a lot of exposure and it goes away, right?

[00:41:15] Hopefully you remediate that machine, but anytime there's a change in the exposure the attack surface or the threat

[00:41:22] Uh your score is going to change

[00:41:24] interesting and then

[00:41:26] You know, I would be you know, how many people then would take this information

[00:41:30] Is there enough information in what your system pumps out to attach it to a cyber insurance?

[00:41:36] You know, oh absolutely. Oh

[00:41:38] um

[00:41:39] Our cyber insurance partners are able to give lower premiums to msp clients

[00:41:44] Because they now begin to get information behind the firewall, right?

[00:41:49] So if but if they're not working with you already, could I take that and kind of like

[00:41:53] Staple it to the form that they asked me to fill out like would that work?

[00:41:57] Yeah, no, absolutely. Um, they would love to see

[00:42:01] So so one of the things to look at is how good your the patch management process is

[00:42:05] And so for example, if we do a scan behind the firewall, we find

[00:42:10] You know a machine that's not been updated since 2015, which they'll know based on the cv's we find

[00:42:16] They will say your patch management processes are not good enough to give you our best rate

[00:42:21] So please fix that and that's where the msp's come in right?

[00:42:25] so that's why the partnership is between the cyber insurance

[00:42:29] uh company the msp

[00:42:31] The client where we come in is we provide that platform for the msp to say here are the issues

[00:42:38] By the way, if you let us fix these issues

[00:42:42] Um your cyber insurance

[00:42:43] Previms are going to go down right so it's a win-win for

[00:42:47] The msp and the in the client. Okay. So how do people find out more about?

[00:42:53] This the program if you want to talk to somebody all that jazz. Yeah, uh, so go to threatmate.com slash demo

[00:43:01] um

[00:43:02] Just schedule time with us it takes about 35 minutes to just walk you through the demo

[00:43:09] I'll tell you I would say about 95 percent of the people who see the demo

[00:43:13] Then sign up for the free trial because they can now get that analysis that cyber security risk assessment for themselves

[00:43:20] And for any number of their clients or prospects that they want so

[00:43:23] uh, love for your for this audience to uh, you know schedule demos see the product in action

[00:43:30] We're also be an it nation connect drop by our booth there

[00:43:35] Um, you know, we're really happy to be there as well

[00:43:39] Awesome. Well, when you're joining the big one at the end of the year

[00:43:42] So that that'll definitely what we should catch up there grab a beer or two. Love to shop. Um

[00:43:49] Awesome, so you're gonna be at it nation connect

[00:43:52] threatmate.com slash demo

[00:43:55] And you give it you give it out like 30 days. It's plenty of time and

[00:43:59] I think it's a good point

[00:44:00] That your suggestion is the MSP to run that on themselves first and then you know see how it works, right?

[00:44:05] I love I love the idea. I mean

[00:44:08] I'm sure everybody's heard already long term contracts. I know everyone hates those. Yeah

[00:44:13] There it is

[00:44:15] So it's month to month

[00:44:17] Uh, we actually give you a one-year contract

[00:44:20] Which locks your price in which is good because you don't want your price to be changing month to month

[00:44:25] But we give you a 30 day exit clause. So if you say hey, I've tried this for a couple months

[00:44:31] Not for me

[00:44:32] Then you're you're out you get out of the contract with 30 days notice. I think it's fair. Yeah

[00:44:37] No, I

[00:44:39] It definitely sounds fair versus now if you said no, well, it's a one-year contract and you're in for one year

[00:44:44] And you got to pay no matter what

[00:44:46] That's different right or exactly or three years here five year. Yeah, but like, you know

[00:44:52] Yeah, how I'm gonna lock your price for 12 months

[00:44:55] But then if you need to leave you leave with 30 days notice. That's totally fair. Yeah, I like that and then

[00:45:01] Like does uh, does the pricing kind of scale once you get to certain bands of devices?

[00:45:09] Yeah, so basically, um our first tier goes up to 1500 devices

[00:45:14] That's 299 a month and we get to 399 a month up to 2500 devices

[00:45:19] So if you're listening

[00:45:21] And you say I've got more than 2500 devices under management. I say congratulations

[00:45:25] You built a nice business and we still have a price that will make you blush at how cheap it is, right?

[00:45:32] And below that you're gonna say hey, I can afford that and deliver

[00:45:37] cybersecurity services at a huge margin, which we think is a win-win for everyone

[00:45:42] Awesome. Well, thanks for jumping on this was very interesting. I like awesome a lot of aspects here

[00:45:48] But for 30 days for free, you know, what do you got to lose? Go check it out

[00:45:54] I mean the program is designed for sounds properly for the msp. It is multi-attended

[00:45:59] You can you can opt out you can run this and I think he covered probably a big important part

[00:46:06] prospects

[00:46:07] All right

[00:46:08] Something that generates a score that you can refer back to even if you sign them as a customer

[00:46:13] So you can see it on a regular, right? Exactly use this as part of your you know

[00:46:17] Cyber insurance effort because you're gonna get stuck in it one way or another whether you're filling it out or they are

[00:46:22] They're gonna come ask you questions

[00:46:24] I like it. I'm gonna check it out myself

[00:46:27] Thanks, George. Thanks for having me on

[00:46:29] We'll we'll find you at it nation connect and

[00:46:33] For the managed service

[00:46:36] Providers here, please please come find us at the conference

[00:46:39] Awesome. Thank you very much for joining us guys. This session was recorded

[00:46:42] You'll find it at msp initiative calm under sessions in podcast and video format and

[00:46:48] Join us at it nation because we'll both be there. We'll have a beer with you too. Take it easy guys. Have a good one