RapidFire Tools Podcast: An MSP Q&A on Security

Listen to the latest episode of the RapidFire Tools podcast, featuring use cases and best-practice advice for MSPs on using network assessment solutions to increase revenue, capture new business and strengthen client relationships.

In this edition, we talk with RapidFire Tools customer Jeff Sumner of Tech Guides. He explains how the Network Detective solutions helped increase his business while showing his business customers the value of a strong security solution.

Listen below.

RapidFire Tools Podcast- MSP Q&A on Security with Jeff Sumner (Tech Guides) from RapidFire Tools on Vimeo.

Network Assessments vs. Remote Monitoring & Management: Getting the Most Out of Both

By Mark Winter, Vice President, Sales, RapidFire Tools

Our team occasionally encounters questions about the difference between network assessment tools and remote monitoring and management (RMM) software. Why would should we add an IT assessment solution? clients ask. We have an RMM to keep an eye on our clients’ networks.

This is a common misconception that could deprive your business customers of the unique benefits of network assessments, which offer a completely different set of capabilities than what remote monitoring solutions can deliver. MSPs need to understand and communicate how each of these very distinct product categories complement each other, and in turn, help to differentiate and broaden your services as a trusted provider.

RMMs typically use agents to constantly monitor customer networks, looking for predefined conditions and generating alerts when those conditions are met. In comparison, a network assessment takes a “snapshot” of the network, capturing a much more comprehensive view of the network infrastructure. When conducted on a regular basis, these scans allow the MSP to identify patterns and alert the user to potential issues that RMM agents aren’t built to detect.

These assessments will help you with a number of functions beyond network monitoring. You can leverage network assessments to:

  • Evaluate the condition of a prospect’s network ahead of time, to help you properly quote your services.
  • Discover new projects and generate revenue opportunities with existing clients.
  • Establish a roadmap that prioritizes network issues from highest to lowest risk, to give your technicians an effective and actionable strategy.

RMMs are wonderful tools for monitoring network activity in their own right. They also allow MSPs to easily deploy new software and new patches across an entire system. However, they are post-sales tools by nature, whereas network assessments can be used to capture sales as well as service existing customers.

For example, it is a terrible idea to enter a prospect’s location and install monitoring agents onto their system before a contract is signed, for a number of reasons. First, it takes significant time to deploy agents. Second, you are making changes to the network, and if something goes wrong, you might get the blame. Third, the incumbent IT company will know someone was on the network, and your prospect will want to avoid that. Finally, if you don’t win the managed service agreement, you’ll be required to send an engineer out to remove the agents. This once again is a  change to the network, and will cost you time and money.

A non-intrusive, agentless network assessment scan can be used as a free offering to help get you in a prospect’s door. Since it is agentless, it avoids all the pitfalls of installing monitoring agents.  And the resulting reports almost always identify issues that need to be addressed, highlighting your expertise and providing an opportunity to offer remediation.

Network assessments provide a holistic view of overall network risk, taking into account the totality of issues impacting the network. They’re the perfect tools for pre-sales and onboarding, delivering a full asset report that determines how many RMM agents and anti-virus licenses are necessary, and creating a list of discovered issues.

While a wide range of network assessment tools are available, the RapidFire Tools’ Network Detective solutions create extensive, well-organized reports — some for your internal use and some that can be offered to clients as a branded service.

Network assessments can also be used as a verification tool, to ensure that RMM systems are working effectively. For instance, if your client adds a new computer to the network without installing an RMM agent, your RMM software has no way of knowing. A network assessment scan will flag the new addition. And what if your RMM solution falsely reports a successful patch, which happened to several of last year’s Wannacry victims? Regular monthly or quarterly network scans will verify that your patches are current — a crucial factor to maintaining the long-term viability of your clients’ networks.

Regardless of their focus areas, each Network Detective Assessment Module can discover vulnerabilities and identify issues that could indicate existing problems or risks. However, assessment tools aren’t a replacement for RMM solutions, or vice versa. A savvy MSP will apply these two complementary disciplines in tandem, to deliver a more comprehensive and effective offering.

Wanted: Managed Service Providers as “DPOs”

By Tara Newman, Director, International Sales and MarketingRapidFire Tools

shutterstock_428360407As the volume of data breaches and malicious network attacks continue to rise, SMB business owners have set their sights on recruiting skilled and knowledgeable “Data Protection Officers” to protect their network from these threats. Since “DPO” is a newly-emerging position in the HR lexicon, many qualified candidates are still in the dark regarding its qualifications. What’s worse, the (as-of-yet) ill-defined nature of the position may lead a slew of unqualified candidates to rush to the job, convinced they can handle the demands of disciplines such as risk remediation, cyber security, and network assessment. Yet now that regulations such as the EU General Data Protection Regulation (GDPR) is in force, many organizations are opting – or even required— to designate a DPO.

As a managed services provider, this represents an opportunity to establish yourself as a contracted DPO for your clients—if you’re savvy enough to seize the moment. Review the skill list below to see if your experience in networking, security, and managed services makes you a competitive candidate for this expanding opportunity.

Clear Communication

Communication skills will make or break candidates for a Data Protection position. DPOs must collaborative effectively across various departments to build and enhance a proficient compliance infrastructure. The ability to translate complex concepts across teams will be a highly sought-after skill.

Compliance Expertise

MSPs with experience in compliance regulations such as PCI and HIPAA will likely be able to transition into other compliance disciplines such as GDPR, providing an edge compared to in-house applicants. If compliance isn’t already a major offering of your MSP practice, the market offers robust tools to help MSPs quickly build compliance programs across all their clientele. These include Network Detective’s sophisticated line of network assessment tools, including the PCI and HIPAA modules, and RapidFire Tools’ new Audit Guru™ for GDPR tool.

Product, Engineering And Training Acumen

To maintain GDPR compliance, for instance, a company must deploy a specific technical program to meet its requirements. Considerable technical acumen is necessary to develop and execute a technical framework that will satisfy these regulations. Experience in leading employee training and maintaining accurate records for demonstrating compliance will be a considerable differentiator for DPO candidates. An ideal DPO will also have experience managing and mitigating privacy, data protection, and compliance risks—typically the responsibility of the MSP.

Knowledge of Effective Tools

Directing an organization of any size through the complete and accurate compliance process is a daunting endeavor even for a seasoned technology professional. And no MSP becomes an expert overnight. However, the typical MSP can quickly launch a customized and automated Compliance-as-a-Service program for its clientele with the help of effective, affordable tools. Such tools deliver the automation necessary to perform a comprehensive scan of your client’s networks, allowing the you to supplement that data with set of structured worksheets, which are dynamically generated as the tool guides the user through the compliance processes.

An effective compliance assessment solution identifies potential risks and violations, creating all the required reports and supporting documentation to help the end-client maintain compliance. What’s more, when used on an ongoing basis, these tools can be leveraged to create recurring revenue opportunities. As a value-added offering, assessment tools provide a brandable portal built for your business, which stores a record of all the scans and remediation efforts that your clients will need to maintain compliance.

As the unfortunate need for increased data protection continues to escalate, so will opportunities for managed services providers to address those needs. That said, you are quite likely the best qualified candidate to serve as “DPO” for your clientele.

For more information on RapidFire Tools’ line of network assessment solutions, visit https://www.rapidfiretools.com/nd_na.php

The MSP Q&A Podcast

Document Your Value Through Network Assessments

Join RapidFire Tools as we talk with Steve Telford, co-owner and CFO of Equinox IT in Orem, Utah, about leveraging assessment tools to document his clients’ networks. Steve originally purchased the Network Detective modules to create a record of his customers’ networks in order to conduct migrations for existing clients. He has gone on to leverage Network Detective reports to ascertain the scope of projects for new clientele, or even just to evaluate networks for prospects. The Network Detective Tools have consistently delivered valuable insights into those customers’ environments — including one incident where Equinox was able to identify a mislabeled server that the end customer didn’t even realize was still on their system.

Listen to his story here.

SMB & Security: Finally, They Believe! (Part Two)

How One MSP Uses Network Assessments to Win the Trust of Once-Skeptical Small Business Owners

Part II

We recently spoke with Jeff Sumner, president of Tech Guides. Tech Guides is a 19-year-old MSP and IT consulting company located in Media, PA, and a proponent of the RapidFire Tools network assessment tools. The company offers managed services, security consulting, and digital media services such as digital signage and web sites. Sumner and his team swear by network assessment reporting and the Network Detective solutions—especially the Security and HIPAA Compliance modules, and the Detector insider threat detection appliance.

Here’s Part II of his comments on how he leverages network assessments to help increase business in the area of security offerings, and how such documentation helps him justify implementing the type of security solutions he knows his clients need and deserve.

How have network assessments changed your clients’ attitudes toward security?

Let’s face it, as MSPs, we’ve been beating the drum for years on the crucial nature of security. In the past, many businesses didn’t take that to heart and were willing gamble a bit on the side of danger. We’re finally coming to a place where companies are more mindful of the threats they’re facing, due in part to highly publicized breaches. Having an assessment done of their own network hammers home that point. Finally, small businesses are starting to believe us.

This strategy is most effective if assessments are delivered on a quarterly basis, detecting patterns that manifest over time. At that point, the customers say, Okay, I see the proof. I should have believed you before, but I believe you now.

What kind of financial impact does this have on your MSP practice?

A security consulting project can bring in anywhere from $10,000, $15,000, even $20,000 in revenues, depending on the scope. Typically, we’ll start off with a CEO or CIO who’s looking to discuss best practices. We’ll provide a security assessment, which almost always reveals significant shortfalls in the customer’s security, and that leads to work.

For example, we went into a company in the insurance industry. They had two locations and about 100 seats. An assessment showed the that client had rogue wireless activity on their network. They had no idea what was going on in the back corners of their offices. That generated a conversation on how to secure their access points and firewalls. We recommended remote tools that could be managed via the desktop to keep a better handle on network activities. This evolved into a comprehensive upgrade, which they sorely needed, in addition to a HIPAA assessment.

That was a $15,000 project, which we finished in about a month. We’re now set to conduct quarterly reviews for a smaller fee, building on what we’ve established. The ultimate goal with this and every client is to implement regular quarterly assessments. We advise clients from the outset that assessments, and long-term initiatives such as HIPAA compliance, are not a “once-and-done” activity. They’re an ongoing procedure.

What advice do you have for MSPs?

Don’t be afraid to introduce new services to your clients, and to ask for compensation. A valuable MSP must always bring new tools to the table. No client should expect their network, and your services, to remain static. The cost to maintain a network has been rising as security gets more complicated and external threats become more nefarious. So it’s reasonable to ask clients to pay for those costs.

SMB & Security: Finally, They Believe! (Part One)

How One MSP Uses Network Assessments to Win the Trust of Once-Skeptical Small Business Owners

Part I

We recently spoke with Jeff Sumner, president of Tech Guides. Tech Guides is a 19-year-old MSP and IT consulting company located in Media, PA, and a proponent of the RapidFire Tools network assessment tools. The company offers managed services, security consulting, and digital media services such as digital signage and web sites.

Security comprises a considerable portion of Sumner’s business, and due to the frightening acceleration of breaches and viral threats we’ve seen in the business community in the last few years, this momentum isn’t expected to slow. If anything, Sumner sees an unintended upside to the scenario for the MSP community. Small business owners are finally starting to believe what their IT advisors have been telling them for years:  That no one is beyond vulnerability, and that a single solution simply isn’t adequate.

Sumner and his team swear by network assessment reporting and the Network Detective solutions — especially the Security and HIPAA Compliance modules, and the Detector insider threat detection appliance. He uses them to identify the specific vulnerabilities and malicious activities that need to be addressed on his end-customers’ networks, legitimizing his recommendations, and better clearing the way for Tech Guides to implement major security upgrades.

Here’s Part I of what he had to say about the issue of security and IT assessments.

Why do you use network assessment tools?

As an MSP, we’re always looking for ways to differentiate ourselves, to create a competitive edge. The way to do that is to give our customers more tools and more ways to benefit from our services. RapidFire Tools enables us to conduct a broad range of services without having to be on-site nearly as much. We service customers across New York, New Jersey, Pennsylvania, Maryland, Delaware, and Virginia. It’s tools like the Network Detective that allow us to service such a broad range of areas, since I can do more with less personnel. This is especially true of the Detector appliance, which when installed at a site, serves as a watchful eye for that client.

How are you using the module to benefit your customers?

When you’re in the IT security business, you want to do what we like to call “Defense in Depth.” You want to assemble multiple layers of security. Network Detective is terrific for this, because it gives us insights into what’s going on in the network and highlights the different areas to be addressed — and there are always vulnerabilities to assess. The Security module adds a lot of insights to the standard network assessment reports. But our goal is to have Detector appliances on-site for our clientele, so even when we’re not around the Detector appliance is watching the client’s network for us, 24 x7, creating an ongoing picture of network activity and sending alerts regarding questionable activity.

How do the assessment tools enhance your relationship with your customers?

We’ve always advocated security as a top priority. Network Detective legitimizes that effort in the business owner’s eyes. The tools create documentation for what we’ve been trying to impress on them all this time. It brings concrete evidence to the table of risks that need to be mitigated and tasks that need to be accomplished to lock down the network. The more of this we present, the more our clients want to give us projects.

For example, sometimes convincing a client of the need for a new firewall can be a struggle. The client will counter us, saying, “The firewall is functional, we can get on the network, it seems fine to us.” They don’t understand enough about what goes on across their network to justify a replacement in their minds. The more documentation they see, the more they come to believe our recommendations, and let us proceed with the level of security that we know they require.

MORE NEXT WEEK on the revenue potential of the typical security compliance project, how compliance assessments can change the MSP customers’ attitude about security, and Sumner’s advice for MSPs offering security services.

Case in Point: Roxville Technologies

Turning Compliance Scans into Remediation Work – and Thousands of Dollars

Meet Drew Simons, president of Roxville Technology, a RapidFire Tools MSP located in Ontario, Canada. He’s found that cyber security and PCI compliance are without a doubt a “hot topic” with his customers. In fact, one of his clients in the hospitality field went as far as to apply for cyber security insurance—requiring them to become PCI compliant as a condition of the policy.

Simons and his team used the RapidFire Tools PCI Compliance Module to bring the client in question up to compliance quickly, generating thousands of dollars and keeping that long-time customer satisfied. Roxville Technology is now looking to roll-out the assessment scans with other clients. Listen to the story in our three-minute podcast below.

MSP Success Story: “Jumpstarting” Assessments with Effective Tools

shutterstock_428360407

As a developer of technologies designed to help Managed Services Providers (MSPs) become more profitable, we’re always thrilled to learn about the success our customers are having with our tools. Not only do these success stories validate the work we’re doing, they also serve as a roadmap for other MSPs to follow.

One of our MSP customers recent told his story in MSP Insights magazine, describing how he used the Network Detective PCI Module to address an urgent challenge for a long-time client in need. The end-user in question had to satisfy a cybersecurity insurance policy that required them to become PCI compliant.

Roxville Technology came to the rescue using our Network Detective PCI Compliance module. Find out how by reading President Drew Simon’s guest blog on the MSP Insights site.

MSP insights

If you’ve got a RapidFire Tools success story you can tell us about, please get in touch via our PR team. The more we share profitable use cases involving our network assessment tools, the more MSPs will benefit from this unique set of solutions, enhancing their business proposition—and mitigating risks for the end-user.

Internal IT Security: You CAN Deliver Benefits to All Your Clients

RapidFire Tools has implemented a new tier of cyber security services affordable enough for MSPs to offer for free – yet still generate a profit.

Earlier this year we expanded the delivery model for our Detector insider threat detection tool to include a new base-level “Bronze” service. This additional tier is appropriate to deploy across an MSP’s entire client base – even those who may not currently take advantage of one of your managed services offerings.

The idea behind this internal cybersecurity service is to make your clients aware of the potential “insider” threats to their system. And once a business sees the internal threat alerts revealed by the Detector appliance, a savvy MSP can either charge those end-customers to remediate the issues on a “break-fix” basis, or upsell them to a higher-level managed service plan that includes this internal cybersecurity component.

The key to our success in developing this product has been in containing the cost to the MSP at an affordable level, so the investment is low enough to purchase, install, and service across all your clients. To that end, we’re offering:

  • One low subscription fee to the MSP, which includes a license to deploy an unlimited number of Detector software appliances across all clients. Moreover, since the appliances are based on Linux, there are no additional OS software licenses to contend with.
  • Quick and easy deployment. The recommended Bronze level service is already pre-configured inside Detector. You can quickly deploy it with little-to-no configurations, and all your clients will be standardized with the same offering.
  • Automated service delivery. Once you set it up, Detector does all the work. Each day, the system scans your clients’ internal IT environments and sends the alerts directly to those customers for “triage.”

The beauty of this service is that an MSP can literally offer it for free – and still make a profit. Because your clients receive the daily insider alert, it’s up to them to perform a first-level investigation to determine if it’s something they are aware of (and okay with), or whether they need you to further investigate and remediate the situation … at whatever fee that you agreed upon when the appliance was installed.

Once clients realize it makes more sense for you to handle this task through your overall managed service offering, you can customize the way alerts are handled. For example, you can reconfigure certain alerts to be routed directly to you, while others (such as permissions and access violations) will still go to the client first.

“Detector has become one of our top-selling tools because it was created directly as a result of requests from our customers,” said RapidFire Tools CEO Mike Mittel. “We’ve learned that providing the right solution in the marketplace is an evolutionary process, and our development team is committed to addressing that for the long haul.”

MSPs can download our free whitepaper on offering internal recurring IT security services through the Detector SDS system here.

1 2 3 4