Content, MSP, Networking

ConnectWise Launches Security Alert, Software Patch Website

ConnectWise has launched a security alert website to help customers and partners track security related statements, vulnerabilities, patches, compliance and privacy updates from the software company.

Jason Magee, CEO, ConnectWise
Jason Magee, CEO, ConnectWise

ConnectWise has also hired GuidePoint, a third-party cybersecurity solutions company, to further validate the company's patches and vulnerability mitigation efforts.

The new ConnectWise Security Trust site "will be a primary source of information on security incidents, relevant alerts and of course critical patches and product updates," ConnectWise CEO Jason Magee wrote in an open letter to partners and customers.

The site and letter from Magee surface as ConnectWise seeks to clarify how the company investigated and addressed eight potential security vulnerabilities in ConnectWise Control, a remote management software tool that's popular with MSPs (managed IT services providers) and IT departments.

ConnectWise Control: Bishop Fox and ConnectWise Perspectives

Bishop Fox says it discovered and reported the security firm's vulnerability findings to ConnectWise. Huntress Labs further validated the findings at the request of CRN, which reported on the alleged security issues earlier this week.

In response to the Bishop Fox report, ConnectWise has posted a matrix that explains ConnectWise's stance on each potential issue.

The matrix also includes third-party perspectives from GuidePoint, the third-party cybersecurity solutions company that ConnectWise hired to further validate the company's patches and vulnerability mitigation efforts.

ConnectWise's latest cybersecurity efforts surface at a time when MSPs and their software platforms remain prime targets for attack. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

MSP Security: Basic First Steps

To get ahead of the cyber threat, ChannelE2E and MSSP Alert have recommended that readers:

  1. Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
  2. Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
  3. Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
  4. Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
  5. Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA ConferenceBlack Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 in January.)
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.