SafeGuard Cyber Courts MSSPs To Deploy Tool That Monitors Workforce Messaging

The solution can be used to detect cyberthreats such as phishing in workers’ online communications — not only in workplace apps such as Slack and Teams, but also in personal apps such as LinkedIn and WhatsApp.

SafeGuard Cyber, which offers a tool for monitoring worker communications across both workplace and personal apps to detect cyberthreats and compliance issues, said Wednesday it’s aiming to expand its work with managed security services providers (MSSPs) around bringing the platform to their customers.

Executives from the company told CRN that its technology can detect threats against employees, such as phishing and social engineering, even when the potential attacks are coming on personal apps and devices that aren’t managed by their employer. On Wednesday, the Charlottesville, Va.-based company announced the expansion of its Illuminate Partner Program to include MSSPs.

[Related: 10 Cybersecurity Companies Making Moves: January 2023]

MSSPs should be prepared for questions about the potential privacy implications of using the tool, however: An industry analyst told CRN that the technology raises questions about whether messages on employees’ personal apps could be incorrectly flagged by the system, and viewed by their employer as a result.

SafeGuard Cyber says it combines natural language understanding capabilities with its own patented technologies for detecting social engineering with its tool that can spot malicious messages in workplace apps like Microsoft 365, Slack and Microsoft Teams, as well as in personal apps such as LinkedIn, Facebook Messenger and WhatsApp.

“We’re providing the tools. [It’s up to] the corporation to decide what’s the right balance” between security and privacy, said Steven Spadaccini, vice president of worldwide sales engineering at SafeGuard Cyber.

The company’s solutions have seen the strongest adoption by companies in highly regulated industries, such as pharmaceuticals and financial services, and “I can honestly say that those balances are different for all of them,” Spadaccini said.

Data from security vendors such as Proofpoint has shown that phishing and social engineering attacks have moved beyond the email inbox. Proofpoint disclosed that three out of four organizations were hit with cyberattacks via social media apps in 2021, up from 61 percent the year before.

John McCabe, vice president of worldwide channel sales at SafeGuard Cyber, told CRN that SafeGuard has been working with a number of reseller partners in recent years, but it hadn’t been focused on pursuing MSSP partnerships until now.

Deploying the solution is ideal for MSSPs who are “looking for new revenue streams, and looking for ways to enhance their customer experience and protect them,” McCabe said. “With the conversations I’m having, partners are saying, ‘What you’re doing is very interesting. I didn’t even know there was a solution for a problem like that.’”

One of the initial MSSPs working with SafeGuard Cyber is Cary, N.C.-based BlueAlly, which began its partnership with the vendor last fall. Some amount of “education” does need to be provided when presenting the SafeGuard Cyber solution to customers, said Blake Langston, director of managed services at BlueAlly.

But once customers come to understand that they can get “unified visibility of all those communication channels, I think it’s definitely something customers are are starting to sit up and listen to,” Langston said.

SafeGuard Cyber says that its monitoring technology can be used with 30 different communication apps. Other workplace apps that it can work with besides Slack, Microsoft 365 and Teams include Zoom and Salesforce. Additional personal apps that it covers include Facebook, Twitter, Instagram and Telegram.

Workers must agree to allow monitoring of personal apps through an opt-in process, according to SafeGuard Cyber. For workers who opt-in, their employer’s IT department and their MSSP will be able to monitor messages for signs of cyberattacks or compliance violations wherever they are using the apps — whether that’s on corporate-owned or personal devices, Spadaccini said. SafeGuard pulls down data through an API connection rather than through installing an agent on user devices, he said.

Organizations can choose to monitor messages based on their own criteria, Spadaccini said. For instance, some customers might choose to only flag messages in personal apps that include the name of a customer who is in their CRM system, indicating that a worker is inappropriately conducting work-related messaging outside of approved channels.

But the technology also provides an ability to use other criteria to “pick and choose the conversations that we’re going to monitor,” Spadaccini said. For instance, that could include monitoring for indicators that a worker is being targeted by a phishing attack on LinkedIn.

If indicators of this type of attack are detected, an investigator from the worker’s employer or security services provider can then view the contents of the message as part of their investigation into the attack, Spadaccini said. “They’re going to be able to read the messages that were flagged, based upon the policy that’s applied,” he said.

Typically, there will only be “one person, or maybe two people if they’re with a managed service provider” that will have access to the platform to read the contents of messages, McCabe said. And they’ll only do that when an issue has been flagged, he said.

The security analyst “won’t be sitting there reading every single message. They’re going to react to the detections,” McCabe said.

Nader Henein, a vice president and analyst at Gartner, told CRN that potential employee privacy concerns could arise from this type of approach, given that detection technologies are not perfect.

“What if one of those conversations triggers a false positive, and suddenly somebody in the company is reading it? And then it gets logged somewhere?” Henein said. “It just opens up a whole can of worms.”

Spadaccini acknowledged that “what if scenarios” certainly exist with this approach, but he suggested that users have more than a few “what ifs” to contend with when using personal messaging apps today.

For instance, “what if your data that is in these platforms was observed by someone who worked at Meta?” he said. “There’s thousands of breaches that we’ve seen over the last 20 years [involving] people that weren’t supposed to have access to the data, [but] looked at it and used it for nefarious means.”