Padlocks SecurityMultiple combined security solutions can be expensive for partners and customers alike, and can cause security gaps. So do integrated suites make more sense?

Calling all security partners - here's a scenario you might recognise: you sell the customer an individual “point” solution to address a specific security need, then you widen the customer’s understanding of their needs and gradually sell them a range of other point solutions to suit. Right?

But is this really the most profitable sell? And isn’t its viability called into question by the fact that the point solutions are only as robust as the glue that’s holding them together?

Here’s what some of the security partners who are our customers told us.

"Individual security solutions inflate costs."

As the quote above suggests, partners must balance the relative ease of progressively selling point solutions with the upward price spiral (and competitive impact) that this process tends to introduce.

Integrated suites of solutions, however, typically tend to be priced much more favourably; entire suites of security products can often be bought by the partner for a fraction of the price of combining point solutions!

But it’s not just about licensing costs. As you’ll read below, industry analysts support the idea that an ecosystem of integrated solutions will be more resource-efficient, enabling repositories to be shared effortlessly between the component solutions within it, and minimising operational costs too.

“Managing complexity is an expensive problem with point solutions.”

Essentially, this boils down to two issues.

Firstly, effective security has to work seamlessly across multiple layers (endpoint, application, network) but it has to do so in a user-centric way.

But if you stitch myriad point solutions together there is typically no centralised console for easily managing security across all these layers. Solutions for every layer then have to be managed in isolation, seamlessness evaporates, and admin and management overheads are multiplied, biting deeply into operating margins.

Secondly, point solutions, by their nature, are not greatly flexible, so they put partners into a complex and therefore potentially costly technical position when it comes to scaling to meet growing user demand, or deploying across mixed on-premise, cloud and hybrid environments.

In short, layered security suites are essential to enable partners to protect their customers comprehensively – but if those layers can’t be controlled from a “single pane of glass” then those partners are heading for a huge profitability drain.

“Combining point solutions doesn’t work 100% - it leaves security gaps.”

This is perhaps the most fundamental observation of all, explained best by industry analyst firm Forrester in this paper.

They say that in systems “protected by separate point products with isolated intelligence analysis/policy engines and management consoles, complexity increases and gaps in security coverage are more likely to present opportunities for exploit by malicious parties.”

They also confirm that integrated suites incorporating layered security offer partners (and customers) significant reductions in “operational friction” and cost, as we have already mentioned above.

“Point solutions have limited threat coverage.”

Related to what we’ve said above, if point solutions struggle inherently to work together, it’s logical to assume that, as attack surfaces and threat vectors proliferate, this shortcoming degrades even further - and there comes a juncture when point solutions effectively become functionally unable to cover off the full spectrum of threat sources.

A cursory glance at the kind of threats that integrated security solutions must now protect against reinforces this view.

Endpoints, smartphones and tablets no longer cut the mustard. Instead, protection must extend to USB, removable drives, mail and file servers, messaging and web gateways, collaboration portals, instant messaging (IM) servers – and, as we noted in a previous post, cloud applications (like Office 365) whose use within businesses is skyrocketing.

Clearly, however, not all point solutions are created equal. A carefully assembled, multi-vendor solution, using only established best-of-breed components, might arguably be up to the tasks demanded of it -  but at what cost?

Disparate licensing agreements. Disparate billing arrangements. The need for a separately purchased and configured remote monitoring and management (RMM) console...

These obstacles are a world away, in cost and complexity terms, from a one-vendor solution with specialist components that target specific security layers, and with its own in-built "single pane of glass", delivering unified management, from very first use, across the customer's entire security estate.

Buyer beware!

Conclusion: integrated suites make security (and business) sense

According to experts quoted in security publication CSO Online, 2016 is the year of advanced cyber attacks, insider threats, ransomware, “cloud wars” - and a huge shortage of in-house cyber talent that security partners will have to help their customers to fill!

Against the backdrop of this surging demand, the notion that partners can profitably supply and effectively manage individual point solutions to simultaneously address such a vast (and growing!) expanse of ever more sophisticated threat sources doesn’t stand up to reasoned analysis.

There seems to be only one sensible way forward for partners in the security channel, and Forrester once again nails it when it writes: “Integrating the security management and analysis within each layer is crucial when protecting against advanced or targeted attacks.”

The day is surely coming when there simply won’t be much point in point solutions.

Keyboard equipped with a red ransomware dollar button.
Keyboard equipped with a red ransomware dollar button.

There has been report of several companies becoming infected by the Crysis Ransomware and as such we have had a look into what it does and how it can be prevented.


First detected in February 2016, this virus has multiple methods of infection typically an email which has attachments using double extensions to make them appear non-executable.  Although it has been seen to also come through SPAM emails and compromised websites.  There has also been reports that it has been distributed to online locations and shared networks disguised as an installer for various legitimate programs.


Crysis Ransomware itself is capable of encrypting over 185 file types across fixed, removable and networks drives and uses RSA and AES encryption, once infected it will also look to delete the computers shadow copies.  Whilst also creating copies of itself into the following locations.

  • %localappdata%\­%originalmalwarefilename%.exe
  • %windir%\­system32\­%originalmalwarefilename%.exe

The virus will then look to create/edit certain registry keys to ensure it is run on each system start.

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"

Finally after encryption there is a .txt file placed in the computers desktop folder, sometimes this accompanied by an image set as the desktop wallpaper.

  • %userprofile%\­Desktop\­How to decrypt your files.txt

There has also been reports of Crysis stealing data and credentials from the affected machines and passing these back to its Command and Control server.  This would then allow the computers and local networks that have been infected to become vulnerable to further attack if the credentials are not changed.

It has also been seen that Crysis will monitor and gather data gathered from IM applications, webcams, address books, clipboards and browsers prior to sending this to the C&C server with the windows variant stealing account and password credentials.


To reduce the risk of infection we recommend the following

  • Ensure you are using an upto date AV product
  • Ensure any specific Ransomware prevention tools in the AV are used
  • Ensure you have a regular tested backup of the data
  • Educate users in the dangers of opening attachments from an unknown source



Bitdefender have updated their GravityZone cloud console with some new features over the weekend and here at Blue Solutions we are happy to guide you through these changes and how they will affect you and your customers.


The big news is that Bitdefender has now incorporated Anti Ransomware vaccine to all its cloud customers, and will be rolling this out through the on-premise version on Tuesday 27th Sep 2016.  This module is activated through the policy section  Antimalware --> On Access settings

Gravityzone Ransomware Vaccine Policy Setting
Gravityzone Ransomware Vaccine Policy Setting

By activating this module, machines will be protected from all currently known forms of Ransomware.

Other New Features

Update Rings - this feature allows Administrators of the program to  chose when in the validation cycle an update is received.

Anti-Exploit Techniques - a new set of powerful techniques which further enhances existing technologies to fight targeted attacks.  These are integrated into the existing Advanced Threat Control module.

Web Access Control Rules - The categories list has been updated with multiple new categories added.

Exchange Protection - This can now be enabled/disabled when editing a customer with a monthly license subscription.


The above features are now in place for all current users of Bitdefender Gravityzone in the cloud and will be rolled out to Bitdefender Gravityzone on-premise users from the 27th Sep 2016.

For more details on the above features and a look at the other features included please click here

logo     bs-logo

Over the last week we have seen an increase in the amount of companies receiving emails containing Zepto Ransomware, a file encrypting virus based on the infamous Locky cryptoware.
Most of the emails have been carefully crafted to ensnare the victims using social engineering techniques, typically greeting the recipient by first name and asking them to open an attachment which they had requested.
zepto image
The attachment will typically be either a .zip extension or .docm extension and once opened will run a malicious JavaScript which then encrypts all files on the users machine with the .zepto extension

To try and combat the infection, we offer the following advice
1. To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
2. To protect against VBA malware, tell Office not to allow macros in documents from the internet.
3. Ensure your AntiMalware program is upto date
4. Ensure your users are careful with email attachments and only open the ones they are sure they have requested
5. If possible set email filtering to quarantine all .zip and .docm files

cloud-application-controlWhat customers' employees do within web, cloud and social apps can be a significant threat to their business. We look at how they can limit the risks.

We recently took a look at vendors’ web security offerings, and came to the conclusion, in this post, that much of this risk landscape is being driven by employees and their ceaseless interactions with the raft of web, cloud and social media applications on which so many agile business processes now depend.

As this excellent piece in ITPro explains, it is now imperative for businesses to “understand exactly how data is moving in, around and out of your organisation”, and to provide the “visibility and the ability to discover, analyse and control the information staff are accessing or sharing.”

Whether employees are updating marketing posts on Facebook, drilling down into Salesforce, uploading price lists to Dropbox, or liking comments on Twitter, the potential for both intentional and unintentional data compromise or reputational damage is high.

So how do security vendors tackle this end-user challenge, and create cloud application control solutions that MSPs and other partners can sell and provision to customers profitably?

 Cloud application control: the all-seeing-eye?

The first thing to say here is that cloud application security is not simply about automatically blocking malware, or filtering out clicks on risky URLs, or scanning for abusive language.

Rather, it is about being able to visualise and analyse all users’ application activity simultaneously and in one place, make informed human business risk decisions on it, and, where necessary, change parameters and automated settings to suit.

So, for example, why is a user uploading or deleting a profile image? Are they trying to hide their identity?

Why is someone removing a public link – was something there that should not have been exposed to public view in the first place? If so, how do you address the process failure that allowed such a link to then be posted?

Why is someone permanently deleting files from a recycle bin – are they trying to cover their tracks? For what reason?

With or without malicious intent, these are potentially damaging behaviours – but it takes a human eye to assess them, and that can only happen if all relevant information and alerts are assembled in one dashboard, where they are easy to interpret, at minimum management overhead.

Cloud application control consoles are therefore critical, enabling end-user and MSP alike to monitor and manage both users’ behaviours and the service that is being delivered.

Cloud app control – it’s not everywhere

Yet take a look at the “Treacherous 12” top cloud computing threats recently listed by the Cloud Security Alliance at the recent RSA Cybersecurity Conference, as reported in this Infoworld article, and it hardly paints a picture of a cloud application risk landscape that has been comprehensively tamed.

On the one hand, this presents a healthy sales opportunity for MSPs, who can deliver cloud application control solutions as an inroad into new clients.

But it also provides MSPs with a means of protecting themselves against the ever more litigious risks associated with other cloud applications that they already deliver to their customers.

To give just one rather urgent example, according to this TechTarget article some 75% of all cloud apps used in European enterprises are out of compliance with the new EU data protection regulations that are set to take effect in less than two years – and any MSP providing or provisioning them will be liable, as the incumbent “data processor”, for any security breaches sustained.

Overlaying cloud application control on these existing apps could help to significantly reduce many MSPs’ exposure to this kind of risk, or at least expel any ambiguity as to what is a breach occasioned by vulnerabilities in the application itself, and what is a breach caused by risky operator interaction with the cloud application environment.

Who sells cloud application control solutions?

Unsurprisingly, these factors (and others) have encouraged industry analysts to comment enthusiastically on the projected rise of cloud application-specific security solutions. Channel Pro, for example, has cited Gartner’s statement that, in 2016, 25% of enterprises will use a cloud access security broker.

But this presents something of a difficulty, given that there are actually so few vendors producing solutions in this space.

One player that has broken the mould, however, is CensorNet, and for good reason. It has developed a cloud app control solution that hits on all the critical MSP hot buttons at once – it is white-labelled to boost the MSP’s brand profile, can be up and running without infrastructure costs, is deployable in minutes, and offers stellar system performance and scalability thanks to its proxy-less architecture.

Yet one swallow does not a summer make. Can MSPs take cloud application control mainstream with so few vendors in the frame?

Put it this way, they’re going to let down a lot of customers if they don’t. Consider this: the average employee already accesses seven different web applications at work, but according to one recent article, 58% of respondents had no training in how to use those apps safely, 39% were unaware of the risks associated with them, and 44% hadn’t been trained in how to transfer and store corporate data securely.

Add to that the revelation, in the same article, that 23% of respondents have already experienced cloud data losses or breaches, and 20% have reported unauthorised access to their data or services, and the need for organisations to understand who is doing what in the cloud, to what, and why, is no longer a nice-to-have – it’s a critical imperative.

Over to you, MSPs...

Cloud App SecurityOffice 365, Google Drive, Sharepoint: businesses love them, but we ask if security vendors do enough to help partners address their known vulnerabilities – profitably!

In a recent post, we looked at the known security limitations of cloud-delivered applications like Office 365, Google Drive, Sharepoint, and others.

As we pointed out, identifying security weaknesses in these platforms and providing cloud app customers with solutions to them can prove profitable, according to industry commentators – but are security vendors even addressing this space in the first place, let alone in a way that enables vendors to make viable margins out of it?

Cloud application security: how big is the pie?

The first point we need to make here is that the potential market for these kind of security solutions is big and growing. Since 2011, as this Worldwide Cloud Applications Market Forecast 2015 – 2019 shows, the Cloud applications market has more than doubled, and now accounts for 20% of the overall enterprise applications space.

By 2019, Cloud applications subscription revenues could make up 35% of the total addressable market opportunity.

Captured amongst all that, of course, are the very applications businesses most want MSPs and other partners to provide – hosted email, file sharing, collaboration, and so on.

And these are the very applications that, whilst delivered in a secure manner, are not fully able to secure the content that passes through them, making them vulnerable to risks like advanced and hidden malware, ransomware, phishing attacks, leaking of sensitive data, file sharing on unauthorised devices, and remote user network breaches.

In short, there’s plenty of pie available – and cloud application security is potentially the utensil that enables MSPs and other partners to carve themselves a sizeable slice of it!

Delivering security for cloud apps: how hard can it be?

But the second point we have to consider is that cloud applications need security that is built expressly for cloud computing conditions – and existing security techniques fall down badly in this respect, resulting in few solutions that are fit for purpose.

Just take a look at traditional web monitoring, for example – it funnels traffic out of the cloud and into a separate service, adding significant latency that negatively impacts both performance and capacity.

Only if pre-cloud approaches are consigned to the dustbin, and direct cloud-to-cloud API integration is offered in its stead, can vendors play strongly in this space, and partners reap the benefits.

In this scenario, a literally instant cloud app security deployment is possible, requiring nothing more than the submission of administrator credentials for the apps in question.

Bundling, licensing, pricing – can partners make money out of cloud app security?

Quite apart from the fact that very few vendors are actually active in the cloud app security space in any serious way, my third point is as much to do with the partner model as it is with the scarcity of those offerings.

Even if solutions were plentiful, reselling them in a subscription or perpetual licensing model produces the same challenges that any other reseller in any other IT market encounters – high upfront subscription costs, unpredictable income, lack of flexibility to scale services up and down (and missing out on the additional revenue that such upscaling generates).

The risks of this approach are well documented - but then if so few vendors are in this space in the first place, how many of them do we think are in a position to offer the potentially more profitable MSP alternative?

Then there’s the question of how vendors actually incorporate cloud app security offerings into their overall security portfolio – or don’t! Currently, the view from the bridge here is that one prominent vendor is now bundling cloud app security within its existing security services, in a cloud-based MSP model, at no extra licensing charge – but other vendors haven’t even started to play catch-up on this.

In conclusion: cloud app security vendors could do better

There it is, then: cloud app security solutions are rarer than hen’s teeth!

They demand an instantly deployable, cloud-centric architecture that most security vendors simply haven’t applied to this space, a margin-rich partner model that the vast majority of vendors seem unready to offer, and a “business as usual” attitude to bundling that, for many vendors, seems too radical a string to add to their bow.

That massive cloud app pie is there for the securing – but, as it stands, most vendors aren’t even making a dent in the crust, still less serving up anything that profit-hungry partners would find a tasty proposition.

Businessman pushing virtual security button on digital background

The Web opens a window between networks and the world, creating risks businesses can’t manage. We look at 3 killer web security features that put MSPs in this space.

According to the Threat Landscape 2015 report published by the European Union Agency for Network and Information Security (ENISA), the “observed current trend” for web attacks is described, simply and rather ominously, as “increasing”.

Of course, what this also means is that the opportunity for MSPs to play into this space, by managing organisations’ web security headaches for them, is potentially huge.

But the market is crowded - so what are the killer web security innovations MSPs need to offer to really differentiate themselves from competitors?

Innovation 1: defeating outbound threats in a pure service model

Web attacks aren’t just inbound – in fact, the most devastating consequences can occur as a result of outbound traffic, for example if a Botnet, Key Logger, or other malicious program sends out information from within the customer’s network.

The innovation here is happening on multiple levels.

MSP solutions are now taking over the role of constant outbound web security monitoring that customers’ teams often simply do not have the capacity to provide.

Immediate alerts, by email or SMS, when a threat is detected, plus automatic blocking of malicious requests, protect the business from haemorrhaging its own IP and sensitive data, and safeguard teams’ core productivity.

Network usage and threat analysis reports, delivered to inboxes, then enable stakeholders to understand top threats, overall network traffic, and trends, enabling them to adjust security policies and manage future risk.

Ease of deployment: we are now looking at MSP solutions that require no on-site hardware or software, and can protect the entire customer network instantaneously simply by being “pointed” at the security vendor’s DNS structure.

Lastly, protection is no longer a trade-off against performance. An MSP delivering a web security service like this one benefits from over 2,500 auto-updates to its threat definitions daily, but doesn’t have to funnel checks and traffic through the bottleneck of a proxy server - thus maintaining optimum surfing performance.

Innovation 2: visibility into cloud apps and social media

As one vendor has explained, “Ten years ago, web security meant stopping people going to the wrong website. Today…it has become increasingly about visibility and analysis of activity within cloud applications that employees are accessing,..”

Across services like Facebook, Dropbox, Twitter, and even enterprise applications like Salesforce, what are customers’ employees posting or uploading? Is it appropriate to the audience it reaches? What are they clicking on? How are they storing sensitive data, where are they sending it, and why? Are they using language that could hint at malicious or criminal intent?

Any one of these concerns is a potential reputational and compliance timebomb – but MSP solutions are now available that take the heat out of HTTPS in three ways.

Firstly, it is now possible for MSPs to deliver visibility into cloud application usage, enabling customers to see actions like file uploads, message posts, data storage, and look inside the content of risky or suspicious activity.

Secondly, MSPs can now control access (or enable customers to control access) not only to cloud applications, but to specific features within them – by individual, role, device and location.

These can include, for example, functions that enable users to upload or delete profile images, remove a public link, permanently delete files from a recycle bin, disable a security group, and many other types of actions that can be high-risk in certain contexts, both with and without malicious intent.

The massive productivity gains that cloud apps can deliver are thus largely retained, but at a far lower level of accompanying risk.

Thirdly, this “cloud application control”, to be viable across multiple applications, and, potentially, hundreds or thousands of users, has now evolved into a centralised service that can be controlled from a single dashboard, reducing admin and management overheads, and enabling MSPs to keep their margins keen.

Innovation 3: holistic threat view

Analysis of web attacks in isolation does not always deliver the full web threat picture. Web users are invariably email and collaboration software users too, for example, so web threats often propagate through these channels, via vulnerable endpoints.

The danger for the MSP providing a web security service is that if they don’t have a truly holistic view of each user and the threats that have been ranged against them in the recent past, the true threat pattern – and so the true extent of users’ vulnerability – will not be fully understood. Service fail!

But MSPs are already over this hurdle, for two reasons.

They can now access a centralised management console that makes all the relevant threat data visible in one synopsis, (an example of which is shown in this video).

And the web security application itself can be connected to other security applications (email, collaboration, endpoint) in one integrated service.

The benefits of this approach are immediate, in the sense that the customer is less likely to get caught out by a threat pattern that the MSP’s service hasn’t picked up on!

But they’re also forward-looking, as threat intelligence is actively shared between applications, making detection of multi-channel threats easier in the future.

MSPs and web security – the future

But let’s play devil’s advocate here for a moment. MSPs can deliver services around everything from email provision, to backup and business recovery, to accounting and finance, to business analytics, and more besides. There is no shortage of growth markets for MSPs – so why choose web security?

None of us have a crystal ball, but the view from the bridge at analysts The Radicati Group looks pretty decisive in this summary of their 2015 to 2019 predictions.

“The Corporate Web Security market”, they say, “continues to grow at a fast pace, fueled [sic] by on-going concerns about corporate security… The market is expected to grow from over $2.1 billion revenues in 2015, to over $3.9 billion in 2019.”

The Group also tells us that “Cloud based Web Security solutions are seeing increasingly strong demand”, bolstered by the need for “powerful Web Security protection on the go, without the complexity of connecting back to the corporate network.”

The web security market is on the up. MSPs just need to make sure they’re delivering the right features to get a profitable slice of it.

Keyboard equipped with a red ransomware dollar button.

Ransomware is on the rise, but the authorities struggle to deal with it, so businesses often end up paying the ransom! What are security vendors doing to combat it?

You don’t need to look very far to see the hoo-ha that ransomware has recently caused.

This is not only because the sheer volume of ransomware attacks has swollen as never before (global cases increased by almost 170% in 2015, with the UK “disproportionately hit,” according to this article), but because the number of cases reported has actually gone down.

This can only lead to one conclusion: businesses are paying the ransom, in an attempt to get their businesses back up and running, because the authorities are failing to help them do so!

It’s one hell of a gamble. Cybercriminals aren’t exactly known for their integrity or willingness to be bound by contract, so where’s the guarantee that they’ll give businesses back the access to their files once they’ve coughed up?

Indeed, as FBI Cyber Division Assistant Director James Trainor has commented,  “Paying a ransom doesn’t guarantee an organisation that it will get its data back—we’ve seen cases where organisations never got a decryption key after having paid the ransom.”

Ransomware: what it is, what it does

Before we go any further, though, let’s clarify terms. All ransomware (CryptoLocker, CryptoWall, and CTBLocker are names that crop up often, but there are many others, some of which are listed here) is about blocking a business’s access to a system and/or its files until a sum of money is paid to the malefactor.

In practice, this happens in many different ways, varying from scareware, to browser or screen-locking software, to encrypting ransomware. (This Malwarebytes infographic, that our partners can now request to co-brand and use for their own marketing campaigns, explains it very neatly).

In a further malevolent twist, cyberattackers may choose to “leak” the files that they have sequestered if the ransom is not paid, exposing a business’s potentially confidential and legally privileged information to public view online.

Reputationally, this can be shattering, but the financial impact of ransomware is breathtaking too. The Verizon Data Breach Investigations report puts the business cost of losing access to just 1000 records at more than £46,000!

In short, businesses are vulnerable, the authorities are swamped, and there’s no honour among cyber thieves. So it’s down to security vendors to step up to the plate and prevent ransom situations from arising in the first place. Here’s a taste of how three of them are turning the tables on the file felons!

Bitdefender: cross-product protection at startup

Bitdefender’s answer to the ransomware challenge has been to develop a Ransomware Protection module that is included in all Bitdefender 2016 products (including business versions sold through the IT channel).

Clearly, this makes ransomware protection accessible to the end-user, regardless of the product they or their organisation have purchased.

But Bitdefender products also activate the Ransomware Protection module at startup, and scan all critical system areas before files are loaded, with zero impact on the system’s performance.

At the same time, protection is provided from certain attacks that rely on malware code execution, code injections, or hooks inside dynamic libraries, so defence against the ransomware is instant, broad, doesn’t slow end-users’ core computing tasks down, and – most importantly of all – doesn’t let the ransomware get a foothold.

Malwarebytes: ransomware protection throughout the infection timeline

Malwarebytes has built a solid reputation on its ability to detect, monitor and block malware of all kinds, right from the earliest attempts by the malware’s author to probe the most effective delivery methods.

This means it can spot indications of threatening behaviours way before the threat actually deploys – and it has applied this philosophy to its Anti-Ransomware product, too.

In the words of their security blog, it “uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files.” The ransomware therefore “has no shot at encrypting.”

Although the product is still in beta, it is based on an already successful application  - CryptoMonitor - that Malwarebytes acquired from EasySync Solutions, so its provenance certainly inspires trust.

We don’t yet know how Malwarebytes will market the general release version for business users through the IT channel. Will businesses be able to buy it standalone? Or as part of the existing Malwarebytes Endpoint Security suite?

The latter is already a truly potent bundle. It includes the powerful Anti-Malware solution that (uniquely!) also comes with an inbuilt remediation tool – that is to say, it can clean up already infected systems, making for some very grateful customers!

It also includes the Anti-Exploit solution, that detects the zero-day exploits that other solutions simply miss. Factoring Anti-Ransomware into this already compelling combination would be something of a coup!

Watch this space…

Trend Micro: fight ransomware at every layer

Ever the source of insightful and sobering security stats, Trend Micro has publicly announced that ransomware infections among UK firms in February 2016 alone far exceeded the figures for the first six months of 2015!

Its approach to fighting ransomware is highly layered, with Ransomware Protection features included in its endpoint products (OfficeScan, Worry-Free Business Security), email and gateway products (ScanMail, Cloud App Security, Hosted Email Security, amongst others) and network products (Deep Discovery).

Trend Micro was named a Leader in the 2016 Endpoint Protection Platforms Magic Quadrant, published by industry analyst Gartner. This covers, amongst other technologies, anti-ransomware, so Trend’s solutions are definitely “up there” when it comes to stopping businesses being held at gunpoint!

Anti-ransomware: a pattern emerges

In all the three vendor cases mentioned above, there is a strong underlying truth: everything turns on being able to stop the ransomware infection happening in the first place. Once files are infected, it’s way too late.

This knowledge has certainly been an incentive for security vendors to act. If it’s not an incentive for businesses and the IT channel partners who supply them to act, too, I don’t know what is.

Benefits of managed IT servicesTwo thirds of companies now use managed service providers (CompTIA survey). But how should MSPs educate customers about the services they provide? See these tips.

In my last post, I wrote about the benefits of selling services through the MSP model, rather than relying on old-fashioned, unpredictable break-fix.

All well and good, but that’s often also about selling your customers on something new and different, when they’re used to something established and familiar – and we all know how difficult that can be!

So I spoke to some customers and some colleagues, and cast around on the internet, and came up with these useful tips to help you convince your customers that MSP is the way forward!

1. Don’t major on the technology. As this article in CRN eloquently argues, the mechanics of features and functions are absolutely not what will prompt your customer to make a decision in favour of MSP.

What your customers are really interested in is how MSP solutions can help them decrease risk, reduce costs, and – perhaps most critically of all – increase productivity.

Industry reports and analysis can strongly support your pitch in this respect. Comptia’s annual Trends In Managed Services research, for example, (you can see a non-gated slideshow summary here), contains some excellent references to productivity gains, savings, and ROI, all of which will be useful to you in a sales situation.

2. Ditch the “jargon monoxide”.
Do you have any idea how downright poisonous some of the language accepted in IT circles can be to someone seeking to make a purchasing decision?

Simplicity and clarity are watchwords in any sales situation, but when you’re trying to persuade a customer to abandon the break-fix model that they may have trusted for many years, they become critical. Test your pitch on friends, family members, and deeply non-technical colleagues – and if they don’t instantly “get it”, rethink it.

The psychological impact of obscure language is immensely damaging to MSP sales relationships – as this piece in MSPblog explains. Want to make your customer feel stupid? Make them feel like they’re excluded from your clique? Want to make it sound like you’re lying through your teeth? Then carry on using the jargon.

Change is already disruptive and painful for customers – don’t make it unfathomable and repellent too.

3. Get over the monthly rate objection.
From your point of view, the fixed monthly payment for your MSP services makes perfect sense – regular, predictable income in return for always-on monitoring and service.

Only, many customers won’t necessarily get that last part. In their mind, the choice you are giving them is between a monthly outflow of cash to protect them against something that “might never happen”, and an hourly rate that they only have to pay if something goes wrong.

The way to convince them is to highlight just how bad things could get if that something does go wrong. Would they get hit by financial loss if they were to experience more than, say, an hour’s downtime, for example?

How much have they invested in their IT infrastructure and how much more would they have to add to that to cover hourly-rate remediation in the event of something like major data loss or theft?

You won’t have to search very far to find some seriously compelling statistics on this subject. I wrote in another post recently that 58% of SMBs could not withstand any data loss whatsoever.

Consider, in addition, that data loss and downtime cost the UK £10.5 billion per year, according to this piece in TechWeek Europe, and one Gartner analyst has cited an hourly downtime cost, based on company size and type, of between $140,000 and $540,000 per hour!

4. Listen to pain points and tailor solutions.
The MSP model has brought a flexibility to the sales process that previously didn’t exist – particularly when it is teamed with solutions delivered through the cloud that can be switched on and off and scaled up and down on demand.

In fact, the reality is that there are very few solutions you couldn’t offer in an MSP version to meet your customers’ varied needs. From endpoint security, to data backup and recovery, and of course much more, it’s all up for grabs – but you need to understand your customers’ pain points first!

As MSPAlliance recently put it, (my italics), "MSPs must become supremely comfortable interacting with customers on a business level. This means knowing the business of your customers and being able to ask questions and listen to what causes them pain. Once the pain point has been identified, a technical solution to it can be created."

5. Master the proposal process.
It’s not only complex language that turns your MSP prospects off, it’s a sales proposal process that feels like it’s trying to funnel them into a one-size-fits-all solution, exacerbating their fear of the new and unknown.

The MSP model makes possible multiple alternative solutions in multiple combinations, so use them to give your customers a sense of choice and control. This isn’t break-fix-land, where every additional solution ratchets up the risk of an hourly-rate repair job, so don’t pitch it like it is!

For a superb, methodical sales proposal process that will help you to convincingly align solutions options with your MSP customers’ needs, check out this MSP blog post.

Get selling to your MSP customers!

I’ve said enough now – it’s your turn to evangelise! But remember, if you’re asking your customers to turn their back on the devil they know, they might need a little help understanding that MSP solutions could be their guardian angel…

break-fixThe break-fix model is out of date; staying with it means falling behind the competition. So we look at the benefits of moving your business to an MSP model instead.

The IT business is famous for its convoluted language and ever-changing buzzwords, but the essence of the break-fix model adopted by so many IT channel partners is as simple as it ever was – wait for something to break, then get called in to fix it.

Is this really the way forward? The problem, fundamentally, is that no matter how diligently a break-fix company delivers its reactive-only services, the fact that they are reactive-only immediately puts them in the lower branches of the service quality tree.

In short, to move their services up the customer value chain and make them more profitable, break-fix companies have to go proactive instead, preventing the breaks before the fix is even needed! And that means changing to the MSP model.

Here are a just a few core MSP benefits that decisively trump the old-world break-fix approach to doing IT business.

Predictable, recurring revenues

Think billing customers hefty amounts for break-fix intervention is profitable?

Think again. Break-fix is an expensive service to deliver because you can’t predict when something will go wrong. This means multiple ad hoc scrambles to deliver services for which the associated labour and time costs are notoriously hard to estimate and control.

Make no mistake, break-fix renders cost and budget planning almost impossible, and so can quickly turn out to be a drain on the business.

(In fact, for an entertaining tour through no fewer than seventeen separate reasons why break-fix is a bad idea, read this piece from

The MSP model, on the other hand, generates a reliable, recurring monthly fee, enabling predictable cash flow month in, month out, and with no requirement for customers’ systems to break!

Ultimately, this supports the planning process that underpins business growth – if you know how much your costs are each month, you know how many contracts you need to bring in to turn a profit.

It’s a far cry from waiting for something to go bang and then frantically working out how much you need to charge the customer for it to cover the lean weeks of recent times and those yet to come!

Higher-value customer relationships

Your core differentiator, as an MSP, is that you are not paid to fix the customers’ systems, you are paid to monitor them and prevent issues from taking hold in the first place, using, for example, RMM (Remote Monitoring and Management) tools, like this one. and PSA (Professional Services Automation) tools, an example of which is shown here.

What this in turn means is that you are no longer relying on your customers to fail in order for you to succeed; this positions you as a “trusted adviser” and enables you to forge stronger business relationships with them.

These stronger relationshjps pave the way for you to expand your service offering, grow those all-important monthly revenues (and the margin you’re making on them), and they also make your customers more likely to recommend you to other prospects!

Lower staff costs, higher productivity

The much-vaunted “single pane of glass” – a portal or console that enables you to easily onboard and manage devices, customers and users, no matter how many of them there are – is now a firm reality in the MSP universe.

Consequently, it takes far fewer staff to manage customers’ systems, which in turn delivers higher productivity at much lower cost. Needless to say, the same console can typically be used to deliver additional services to existing clients, on demand, instantly swelling your revenues and binding your customers closer to you.

Stops you cutting your own business’s throat…

With traditional break-fix services, the only way to make money is if something goes wrong. This is a double-edged sword; the danger is that if you do your job too well, you’re out of business (as if to reaffirm this, insolvencies amongst IT and communications companies rose by 22% at the end of 2014, compared to the previous year, according to research from Exaro).

Don’t do the job well, however, and the customer will soon see through it and be off consulting another provider.

With the MSP model, of course, all of this ceases to be an issue, because you are measured on your ability to monitor and to prevent disruption, not on your ability to clean up a mess once it’s already happened. You’re delivering a service that is always on and always revenue-generative, not sporadic correctives that temporarily plug urgent holes in your cash flow!

In conclusion: tips for moving from break-fix to MSP

Nobody’s suggesting moving from the break-fix model to the MSP model is painless – it isn’t (not least because you’re actually moving from one mentality to a fundamentally very different one).

But the Web is well stocked with helpful articles (like this one) calling out the essentials, others (like this one) giving more detailed advice on how you should actually price your MSP services, and discussion forums (like this one) that share the experiences of companies that have already made the transition.

Break-fix is broken. Talk to an MSP vendor about it, talk to an MSP distributor about it, talk to an MSP customer about it, but talk to someone, and soon.

Otherwise the next thing that breaks could be your bottom line.