Can ConnectWise Drive Down Cybersecurity Costs for MSPs?

The march toward managed security services involves some challenging math. No doubt, the industry is growing. But the managed security supply chain — spanning software companies, MSSPs, MSPs, end-customers and more — also faces some cost challenges.

That reality surfaced two years ago during ConnectWise IT Nation 2018, when the company and its MSP partner ecosystem attempted to sort through potential managed security pricing models. In breakout sessions that year, ConnectWise co-founder Arnie Bellini made it clear that he was seeking ways to drive down security costs — so that MSPs could lock down their own networks more effectively, protect customer environments, and generate healthy profit margins.

Fast forward to February 2019. Private equity firm Thoma Bravo acquired ConnectWise. Then at IT Nation 2019 in October, ConnectWise acquired Continuum. Among the potential perks: Continuum had built a Security Operations Center (SOC) practice that had traction with some MSPs. And under CEO Jason Magee, ConnectWise vowed to bolster its security posture and stature — both internally and across the MSP market.

Over the past year, ConnectWise has made progress on the security front. But I suspect the company also discovered a hidden challenge with the acquired Continuum SOC.


Now, to be clear, the rest of this blog is filled with my speculation. I don’t know the following as factual. –jp

My thesis goes like this: Continuum’s SOC largely leveraged third-party cybersecurity software. Paying for that third-party software, naturally, was a cost center for Continuum. No doubt, Continuum and new owner ConnectWise pursued more efficiencies through automation. Smart. But the SOC’s dependence on third-party security software meant that ConnectWise didn’t fully control it’s long-term pricing and R&D fate.

The challenge: As the ConnectWise SOC grew, so too would ConnectWise’s costs for running third-party subscription software. Somehow, ConnectWise needed to free itself of those third-party costs to better support a multi-tier model that extends from ConnectWise to MSPs to end-customers. The potential solution: Acquire and inject more of ConnectWise’s own intellectual property into the SOC, or perhapsĀ leverage open source in some dramatic way.

Next Move: Coming Soon?

Fast forward to present year. The ConnectWise IT Nation 2020 Virtual conference is set to start on November 10. And ConnectWise may be set to acquire both Perch Security and Stratozen, rumors suggest. Perch offers co-managed threat detection and response for MSPs. Stratozen is a master MSSP that offers SOC as a Service, co-managed SIEM, and SIEM as a Service to more than 1,000 organizations.

If the alleged acquisitions surface, some MSPs may think this is ConnectWise’s attempt to have partners consume and sell more stuff. Sure, that’s part of it. But the bigger picture involves ConnectWise’s effort to drive down the cost of delivering cybersecurity from itself to MSPs to end-customers, ChannelE2E believes.

This isn’t a new journey. Both ConnectWise and Fishtech Group invested in Perch Security’s Series A round in 2018. Fast forward to present day. Perhaps both ConnectWise and Perch faced an inflection point. Maybe Perch was in the market for more funding. And perhaps ConnectWise knew it needed more of its own security IP in-house, rather than paying third-party software firms for SOC software capabilities.

Service Providers or Security Software — Or Both?

In some ways, both Perch Security and Stratogen are managed security service providers. In other ways, they’re software companies. The big question: Can their intellectual property, under ConnectWise’s potential ownership, help MSPs to drive down the cost of delivering cybersecurity from Tampa to MSPs to end-customers?

We may get the answer during ConnectWise IT Nation Connect 2020 virtual edition, starting on November 10. In the meantime, here endeth my speculation.

Return Home



    Dave Sobel:


    It’s not a bad theory. The key will be if PE driven ConnectWise will break with the pattern we see of less investment in R&D in favor or top line revenue growth just by acquisition. In order to make that acquired IP valuable, you have to continue to invest in it, and I’d challenge that most of the PE driven companies are buying and then not investing further. The proof is in their press releases, highlighting more personnel changes and company acquisitions than investments in significant new products.

    I’ll offer that most of the approaches to security are trying to solve it by assembling the “perfect” combination of products, when the real direction looks more like zero…. zero trust security architectures, and I’m hearing buzz around zero-access solutions, where the vendor has thought so much about security that they can assure users and partners they have no access to anything.

    A significant portion of that is the way the solutions are implemented, not simply what they are. There’s room here for a savvy vendor to make this process easy, and the parallels to what we see in enterprise with configuration management monitoring against cloud solutions is apt.

    I’m watching to see who does something interesting. Is it ConnectWise? Maybe — they would have to buck the trend and plan that is being run by so many of acquire and roll up rather than build. I’m highly skeptical, and also very willing to eat crow if proven wrong.

    Dave Sobel
    Host, The Business of Tech

    Joe Panettieri:

    Hey Dave: I hope all is well.

    I know some private equity firms certainly cut R&D as part of the ownership and M&A process. But I’ve also seen PE firms increase R&D spending. That said, we’ll dig around for R&D metrics at ConnectWise and across the sector to see if specific data points reveal any trends.

    Separately, we expect to report official M&A updates from IT Nation sometime this week. Stay tuned.


Leave a Reply

Your email address will not be published.