CyberFox IAM and PAM Plans Phishing Awareness Update


CyberFox has been busy over the last few months. The identity access management and privileged access management company this month announced version 2.6 of its PAM solution, AutoElevate. In August CyberFox and cyberinsurance company Fifthwall said they were working together to optimize the cyberinsurance renewal process. And in June CyberFox completed its SOC 2 Type II audit.

In May CyberFox named channel and cybersecurity icon Wes Spencer as vice president of cybersecurity strategy.

In terms of the recent announcement regarding CyberFox’s PAM solution, AutoElevate 2.6 enforces an elevation of approval of user requests to install new software on end-user computers. The MSP notified immediately of the request and can approve or deny it via their mobile phones. The end user gets a 60 second window to update only the approved software. In addition IT admins are provided with temporary passwords of 256 characters.

“If I lose a systems engineer because he’s going off to another MSP, I normally have to hurry up and change every password,” said Adam Slutskin, one of the principals at CyberFox. With the new version that’s not necessary because that admin has nevr even seen the passwords used. The MSP just needs to eliminate that user from the list of admins to secure the system.

The news of AutoElevate 2.6 and other developments are part of an ongoing roadmap for the company which has about 2,500 MSP and MSSP partners. The company is not done yet. Several additional announcements and developments are on the horizon for the months ahead, the founders told ChannelE2E. But before we get into what’s coming, here’s a little background.

CyberFox’s Origin Story

Recognizing the importance of cybersecurity in the managed services market, former ConnectWise executives David Bellini and Adam Slutskin unveiled their new company, CyberFox, at the 2022 IT Nation Secure event.

With the proceeds from the sale of their ConnectWise equity, both had invested in two identity access companies – AutoElevate and Password Boss. They then merged the two to create CyberFox. And while the company’s initial focus was on password and identity access, CyberFox is building on its current offerings to address key cybersecurity challenges for MSPs.

Slutskin told ChannelE2E that CyberFox’s tech stack is aligned with CIS Critical Controls 2, 5 and 6. Slutskin said that aligning with these controls – per big studies from Microsoft and Verizon – protects organizations from 90% to 94% of bad actor activities.

“We’re serving SMBs, creating a suite of security products that are one-tenth the price of the BeyondTrusts or CyberArks but provide 90% of what’s needed,” Slutskin said.

What’s Ahead for CyberFox

In the Q1 of 2024, CyberFox plans to release a security awareness phishing simulation tool. This kind of tool is key for MSPs and SMBs because it is tied to cybersecurity insurance and being able to get an affordable rate, according to Slutskin.

In late October/early November CyberFox plans to deliver a new and enhanced version of its Password Boss password management software.

Another late October / early November tool the company is planning is called AutoBlocker. Instead of whitelisting sites, which some cybersecurity companies have done, CyberFox plans to create a blacklist that will deny by default. This means that the MSP doesn’t need a dedicated headcount to manage whitelisting, and CyberFox can offer the service at a fraction of the cost, Slutskin said.

While there’s no actual news on it yet, CyberFox has some ideas about what it wants to do to secure a key managed service tool – remote control.

But that said, Slutskin said that part of CyberFox’s philosophy is to keep it simple.
“We want to move fast and we want it to be cost effective,” he told ChannelE2E. “We know what it’s like to run an MSP. We know what it’s like to have 50 tools in your stack. How do you make money. So we don’t want to be the cost center.”

ChannelE2E will be watching new developments at CyberFox in the months and years ahead, so stay tuned.

Jessica C. Davis

Jessica C. Davis is editorial director of CyberRisk Alliance’s channel brands, MSSP Alert, MSSP Alert Live, and ChannelE2E. She has spent a career as a journalist and editor covering the intersection of business and technology including chips, software, the cloud, AI, and cybersecurity. She previously served as editor in chief of Channel Insider and later of MSP Mentor where she was one of the original editors running the MSP 501.