This week’s blog features an article from CNN by O’Ryan Johnson about our Managed Cyber Security partners at Huntress Labs: “Huntress Labs Launches Security Tools ‘At No Extra Cost’ To Partners”.
Huntress Labs debuted powerful tools for MSPs to use to detect and combat ransomware, along with the promise to constantly adjust the platform to meet any threats that its NSA-trained cybersecurity experts find in the wild.
“If you’ve been buying the Huntress platform, this platform is going to adapt to you. Wherever hackers go, our product is going to morph and change to go after them at no extra cost,” CEO Kyle Hanslovan told CRN. “Our partners are going to log into their portal and they’re going to see four new services, and we’re going to crank out more depending on where hackers go. If they’re going to go to the cloud, we’re going to add new services for that.”
Over the last several months, Hanslovan and the team at Ellicott City, Maryland-based Huntress have spent hundreds of hours talking to scores of MSPs who have been hit by ransomware in order to find a way to strike back and secure systems for solution providers and their customers, he said.
“We spent over 500 hours helping those clients restore and figure out how did it get in, trying to figure out what hackers are doing and how to stop it,” he said.
What emerged from those conversations were two tools: Ransomware Canaries – an early warning and detection system — and External Recon, an automated tool which monitors the network and is on a constant search for exploits that hackers have used in the past to penetrate security. Hanslovan said Huntress is giving them away for free to Huntress partners.
“MSPs need to build a predictable finance model that has predictable security, that doesn’t involve spending, two dollars here, two dollars there,” he said. “You end up with a product where, number one, you have to constantly change your point products out, and number two, you can’t actually build a business around it, because you’re constantly adjusting your finances and the cost of goods sold are always changing.”
Huntress partners said since the company came onto the MSP scene five years ago they have been good corporate neighbors, around one of the greatest, business-killing challenges that solution providers have faced: ransomware.
The Huntress team pops up frequently on social media to alert MSPs about just-emerging threats, providing a reliable source of information to solution providers as threats are still unfolding in the wild. Recently the company duped a hacker on the dark web into spilling enough details about his target to warn the intended MSP victim. That case later resulted in an arrest.
These actions have generated good will towards Huntress among solution providers.
“As opposed to the traditional MSP vendors where the price has just been going up and up, this is just a total breath of fresh air,” Huntress partner Dustin Bolander, chief information officer for Clear Guidance Partners, an MSP based in Austin, Texas. “I can’t remember the last time a vendor added this much stuff and didn’t increase the price or change the model. I love it. But that’s not traditional for our industry.”
Hanslovan said the first new offering, Ransomware Canary, sounds the alarm that the network has been hit, and triggers protocols to restore their system from backups, as soon as a part of their network gets “ransomed.”
“They might get a note on Monday morning,” Hanslovan said. “Last night at 9:30 p.m. on a Sunday you were encrypted, but I restored all your data from back ups, we did the forensics, and as a result your business is up and running … Right now, our MSP partners they would find out about this at 7 a.m. on a Monday, and it wasn’t the MSP looking like a rock star, it was a customer calling angry as hell at them, because ‘My business is down and you’re supposed to protect me.’ “
“Now whenever ransomware is happening, it’s not hitting the fileserver and the whole company is going down,” Bolander said. “It’s someone’s laptop and they’re working at their house. Ransomware hits on a much smaller scale sometimes. It never even occurred to me that we could or should monitor for that. So that ransomware canary is a blind spot that this is going to address.”
Huntress’ External Reconnaissance offering sprang from the idea that MSPs were having a hard time identifying the “attack surface,” Hanslovan said, such as when a tech performs work on a system, and leaves a shared drive open, or after moving someone to work from home, and opening remote services failing to have passwords locked, he said.
“Essentially we automated what hackers do to find your vulnerable ports and we have our software doing that for you, identifying ‘What could the potential vulnerabilities be? What could the potential attack surfaces be?’” he said. “Our goal is to make you aware of it before hackers do it. So in case you do misconfigure something, its kind of like that independent verification or validation for you.”
Hanslovan said there are enterprise products that can perform similar actions, but those come with a steep price tag, that most SMB customers cannot front, even for something as critical as security. Bolander said this might be the best of the tools Huntress is unveiling this week and could help “cover up a lot of mistakes” that MSPs sometimes miss.
“We’re generally very good about keeping things locked down, but our industry, and IT as a whole is not,” he said. “This is going to be very beneficial, for those 90-percent of people who don’t have good security practices. Maybe they had a junior level tech go through and do a firewall change, didn’t realize that they exposed text and stuff. Things like that. That feature is going to be, for the market as a whole, more substantial because generally, it’s going to cover up a lot of mistakes.”
Additionally, Hanslovan said the company has created a new threat mitigation report that is automatically generated for customers to show the dangers that security software has intercepted and display the persistent nature of cyber attacks. The idea, he said, is to look at the hard work that a solution provider’s security stack does and put it in terms that an end user can understand.
“How do we take all the technical things that our multiple services are doing and articulate them in some pretty graphic, pretty report that you can slide in, add in or explain. Even when you have no incidents … it took a heck of a lot of work to get there,” Hanslovan said. “Unfortunately the way the anti-virus story is told, no body ever says ‘This anti-virus is working its butt off, working around the clock stopping things, preventing things from getting into your network.”