ConnectWise’s New Cyber Research Unit Aims To Help MSPs Stay On Top Of Threats

‘Over the years, MSPs have been learning cybersecurity by trial. MSPs are under attack more than ever before, and things aren’t getting better. MSPs need more tools. They need help understanding what is trending and how to stay ahead. That’s what CRU is doing,’ says Wes Spencer, ConnectWise vice president and external chief security officer.


ConnectWise Tuesday opened its ConnectWise IT Nation Secure conference with the introduction of its Cyber Research Unit, a new group built on the acquisition of a threat protection-focused platform and services developer aimed at providing threat streams to help mitigate SMB security issues.

The new ConnectWise Cyber Research Unit, or “CRU,” brings together a wide range of the company’s people and technologies to do threat research and make MSPs more efficient in terms of how they approach cybersecurity, said Wes Spencer, ConnectWise vice president and external chief security officer.

“Partners are suffering from tool sprawl, with tools from companies like Cisco and Webroot,” Spencer told CRN. “They need a way to unify their approach to cybersecurity. And they need help to watch how their clients are doing.”

Sponsored post

[Related: Partners Urge ConnectWise To Not Lose Sight Of What Makes Perch Security, StratoZen Unique]

The ConnectWise Cyber Research Unit was built in part on recent acquisitions of three companies.

ConnectWise in November 2020 unveiled plans to acquire Perch Security, a threat protection-focused platform and services developer with an in-house Security Operations Center in which ConnectWise had previously invested, for $80 million. Prior to that acquisition, Spencer was chief information security officer and co-founder of Perch.

That acquisition came a week after ConnectWise acquired StratoZen, a SOC-as-a-Service and SIEM-as-a-Service company based in Salt Lake City.

ConnectWise in late 2018 also acquired Sienna Group, a managed security service provider.

The Cyber Research Unit, which is nestled in ConnectWise’s Fortify security brand, is really a culmination of what ConnectWise has been doing with and bringing to partners, Spencer said.

“Over the years, MSPs have been learning cybersecurity by trial,” he said. “MSPs are under attack more than ever before, and things aren’t getting better. MSPs need more tools. They need help understanding what is trending and how to stay ahead. That’s what CRU is doing.”

For example, Spencer said, there was a lot of confusion among MSPs regarding this year’s Microsoft Exchange zero-day attacks, with questions about who was attacked and what MSPs could do.

“Perch security watched the attack, researched it and sent information out about it,” he said. “We want to now do more to develop threat reports and share with our partners, non-partners, and even the federal government.”

For instance, ConnectWise is a supporting member of the CompTIA Information Sharing and Analysis Organization, a broad threat-sharing group that also includes MSPs, where Perch shares what it sees, Spencer said.

Perch is also reaching out to dark net forums to find malware, detonate it, study it, show what is happening, what to look for and what partners can do, he said.

MSPs, whether ConnectWise partners or not, have access to the information, he said.

Drew Sanford, senior director of ConnectWise’s global SOC operations, told CRN that what sets the ConnectWise Cyber Research Unit apart is that it is focused on the channel and the SMB space.

“What’s unique about us is we’re focused specifically on the channel, including MSPs, ISPs and TSPs [technology service providers],” Sanford said. “And we’re focused on the SMB space. Others are focused on the enterprise. The problem is, SMBs have different requirements from enterprises. We provide information to help partners in SMB. And Perch brought relationships with other organizations and the government, and combined it with what ConnectWise does to create a single team.”

Spencer said to think of the Cyber Research unit as pulling access and data not just from ConnectWise, but also from Cisco Meraki, Bitdefender and Microsoft 365 customers and matching it with data from other sources like the FBI.

“We are not competitive with other services like Huntress, but instead are complementary,” he said. “We’re all in this boat together with security.”

The data on which the Cyber Research Unit builds its threat feed sets it apart, Sanford said.

“It really is the breadth of the data from multiple sources and the toolsets we have to get visibility across the industry,” he said.

The ConnectWise Cyber Research Unit is an awesome idea, said Mike Clemmons, president of Bytecafe Consulting, an Indianapolis, Ind.-based MSP that has been working with ConnectWise since 2014.

“They’re adding another layer to help MSPs protect clients,” Clemmons told CRN. “The more MSPs know about security, and a lot don’t know much, the better able they are to protect their clients.”

No vendors previously offered this kind of service, forcing MSPs to pull information from various vendors and other service providers, Clemmons said.

“Clients need layered defense,” he said. “They need firewalls and ransomware technology so even if one strand is broken the other can catch issues.”

Matt Lee, director of technology and security at Iconic IT, a Bedford, Texas-based MSP working with ConnectWise since 2011 and a member of the ConnectWise corporate advisory board, called the new Cyber Research Unit a brilliant move.

“This is what ConnectWise has to do—and it’s been working on it for four to five years—to pivot between what traditional MSPs have been doing and what they need to do,” Lee told CRN. “ConnectWise in the past lacked a unified way to deliver all the data they have. They have millions of endpoints. Driving data into Perch can mean accurate delivery of security information to customers.”

As an adviser to ConnectWise, Lee said he is seeing the company start to connect all the little things that individually may not seem so important.

“Now they’re ready to deliver a solid security offering,” he said. “ConnectWise is making a real statement.”

ConnectWise is actually making its ConnectWise Cyber Research Unit Threat Feed available at this week’s IT Nation Secure conference, Spencer said.

“We didn’t want to come to the ConnectWise stage and say we have a threat feed,” he said. “On stage, we will share the release and make it available free, even to non-ConnectWise partners. This is seeded and curated for MSPs, and tailored for the channel so its’s very, very powerful.”

Going forward, ConnectWise will continue to build on its experience and conduct research to improve its algorithms and make its SOC teams more efficient, Sanford said.

“We will also be looking for more information to release,” he said. “We’re already releasing the threat feed monthly or more frequently. We will add more information over time and make it easier to take action faster while offering the channel more training to work better with clients.”