Content, Content, Networking

SaaS Application Security Research: MSP and SMB Findings


A typical small or midsize business (SMB) that runs SaaS applications like Microsoft 365 faces roughly four Brute Force Attacks per day -- a reality that presents both a challenge and an opportunity for MSPs, according to the first SASI (SaaS Application Security Insights) report from SaaS Alerts.

A Brute Force Attack uses automated trial-and-error software to guess a user or system's login info. Such attacks are frequently tied to SaaS account hacks involving Microsoft 365, WordPress and more.

The SASI report is based on anonymized application security records for over 100 MSPs, 750 SMBs businesses and more than 30,000 end-users. Most of those SMBs, supported by MSPs, run Microsoft 365 -- though a small minority run Google Workspace.

SaaS Security: Anecdotal Research Findings

Based on data gathered from January 2021 through May 2021, some of the SaaS Alerts findings include:

  • The 750+ SMBs faced roughly 3,000 brute force attacks per day. That's roughly four brute force attacks per day per SMB.
  • China, Vietnam, Brazil, Russia, India and Pakistan allegedly were the top sources of the brute force attacks.
  • Unauthorized logins most frequently involved bad actors allegedly located in the Ukraine, India, China, Germany and the Philippines.
  • 16 percent of SMB file sharing involved external users who were outside of the SMB business.
  • The most common critical alerts involved IAM (Identity and Access Management) events, along with application and security policy change events.

In terms of cybersecurity business models, MSPs that run SaaS Alerts are experimenting with four primary go-to-market business strategies and pricing models. You can get the specific SaaS security pricing models for MSPs on page 16 of the report.

MSPs and SMB SaaS Security: Establishing a Baseline

The first SASI report surfaces during a key week. Many MSPs are fine-tuning their cybersecurity business models, go-to-market strategies, and CMMC compliance efforts by attending the IT Nation Secure 2021 conference hosted by ConnectWise this week in Orlando, Florida.

Jim Lippie, CEO, SaaS Alerts
Jim Lippie, CEO, SaaS Alerts

More than an annual report, SaaS Alerts plans to release updated SASI report findings twice per year, according to CEO Jim Lippie. ChannelE2E believes that commitment represents an important stake in the ground for MSPs that are seeking to understand:

  1. how SaaS applications are attacked;
  2. how to monitor and mitigate such threats for SMB customers; and
  3. how to monetize SaaS security services.

The overall SaaS application security market appears to be in growth mode. For instance, both SaaS Alerts and Augmentt (another startup) are focused on SaaS tools for MSPs.

Also, at lease six SaaS application security startups have raised funding in recent months. SaaS Alerts ranks among them, having raised $1.2 million in seed funding from MSP industry veterans. Key backers include TruMethods CEO Gary Pica and former ConnectWise President David Bellini.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.