One of the major cybersecurity challenges faced by any managed service provider (MSP) is that the number of potential attack vectors that cybercriminals can exploit steadily increases with each new client. MSPs these days need to think long and hard about the potential security risk any new client might represent, not only to themselves but every other customer they have.
Epiphany Systems is using the managed services experience of its founders to launch an Epiphany Intelligence Platform that makes use of an agentless approach to capture both data and metadata to surface all the potential attack vectors into an IT environment, said Epiphany Systems CEO Dan Singer. “You can see the attack path they might use to get in,” he said.
That approach makes it possible to rank those attack vectors by how easily they can be exploited as well as the potential impact they might have, added Singer. As new vulnerabilities are discovered, it also becomes possible to assess how they might impact a specific IT environment, said Singer, who is also CEO of Digitalware, a provider of cybersecurity services. Prior to those positions, Singer spent more than a decade at Dyntek, an IT reseller and services provider.
Epiphany Systems also plans to use the data it collects to create an Exploitability Index that provides a quick context of the complex risk conditions that an IT environment represents based on both how vulnerable each target platform is to an organization and its value to the business.
Some Potential Customers Aren’t Worth the Risk
MSPs are at the nexus of many cybersecurity attacks because cybercriminals know that a single compromise creates a raft of downstream opportunities to wreak havoc. Those end customers often lay the blame for such attacks at the door of the MSPs that failed to protect them (see Kaseya Breach Shakes Faith in ITSM Platforms).
Many MSPs in response are often now reluctant to take on a new customer without first thoroughly assessing their cybersecurity posture. The simple fact is that there are now many potential clients that are not worth having as customers simply because the number of cybersecurity incidents that are likely to occur is simply too high to profitably service that client.
An agentless approach enables MSPs to assess those clients. A tool that Singer said can be installed in less than 30 minutes provides MSPs with a lot more insight into which clients might represent too high a risk.
Goodwill and Lower Risk
In the name of the greater good, MSPs could provide those assessments for free, which might be worth it for the goodwill it could establish with clients. It could also be a selling point for additional security services, something in great demand in the perilous cybersecurity environment of the last year.
MSPs are always going to be somewhat reluctant to walk away from any potential new business if they deem the risk too great. However, when the amount of revenue that might not be gained is weighed against the value of contracts that might be terminated should there be a major security breach, it quickly becomes apparent just how much there really is to lose. In many of those cases, the better part of valor for all concerned is to wish them luck, say a prayer, and then politely but firmly decline.