CRN Exclusive: Security Vendor RapidFire Unveils Internal Threat-Detection Tool For MSPs

Taking aim at a persistent security risk, Atlanta-based security vendor RapidFire Tools has introduced a software appliance that can allow managed service providers to more easily identify internal threats to their clients' networks.

The appliance, Detector, uses machine learning to help automatically scan a company's network, searching for such activity as suspicious, anomalous user behavior and unexpected network changes, the company said in a statement. Detector also sends daily email alerts to the MSP detailing what it uncovers and suggesting how the MSP can respond.

RapidFire's CEO, Mike Mittel, said Detector will help MSPs ward off inside threats to their clients' networks, which the company believes accounts for more than half of all security breaches.

[Related: RapidFire Offers New Inspector Application]

Sponsored post

"Because of the nature of security-related issues, that information [from Detector] needs to be more timely provided to the folks that need it," Mittel told CRN in an interview. The new tool "plugs a huge hole in network security," he said in a company statement.

Richard Raue, president of HiTech Security, an MSP based in Ruston, La., and a RapidFire partner for about two years, has already placed two orders for Detector and will install it soon at two client sites. He says internal users are "basically the biggest threat to any organization," although many of those organizations will tend to pay more attention to external security threats, in part because of the media attention they draw.

"I really want [Detector] and my clients really need it," Raue said.

And for the price -- an annual subscription costs $69 per month, $690 for a year -- "it'd be silly not to have that," he added.

John Motazedi, CEO of SNC Squared, an MSP based in Joplin, Mo., called such a tool "huge." Citing challenges in finding skilled people who would handle such work, he said something like Detector "would simplify my life."

Detector uses a combination of machine learning and intelligent tagging to notify an MSP of anomalies, changes and threats, Mittel said.

Then, using that data and combining it with meta information -- gained through machine learning and a proprietary tagging system -- that the tool can gather over time about a specific company environment, Detector can "more intelligently create" security alerts and rank risks as either high, medium or low, based on the perceived severity, Mittel said. The tool can also suggest actions the MSP could take based on the severity of a risk.

In addition, Detector generates a weekly notice with a list of changes that have taken place on the network, providing the MSP with a quick reference source.

The machine learning also helps Detector try to minimize false positives, he indicated. He cited as an example a user accessing a seldom-used server. "We would flag that as abnormal behavior," Mittel said. "However, if we know that this person is actually the owner of the business, or maybe the server they’re logging into is the accounting server … and this happens to be the chief financial officer, we might say, 'OK, we're not going to elevate this.' "

"We want to give MSPs the convenience and comprehensive benefits of an automated internal security system, yet also give them the ability to fine-tune it to meet the unique set-up of each individual client," Mittel said in the statement.

In its annual report on data breaches, released in April, Verizon cited insider threats as a persistent problem, with 55 percent of incidents tied to employees' abusing their system access privileges, and with monetary gain a key motivator, sometimes through selling stolen data.

But other times, it's just user error, according to Motazedi of SNC Squared. For example, a worker may not be doing anything malicious by bringing in a thumb drive to download a document onto the corporate network. But if that thumb drive is also carrying malware, "they kind of let their guard down," he said.

Carl Mazzanti, CEO of eMazzanti Technologies, a solution provider based in Hoboken, N.J., says internal security threats take a back seat to the external threats, which tend to draw more money.

However, he added, "the reality is that the internal [threats] are the ones that do the most damage."