ID Agent seeing strong MSP response to Dark Web monitoring offering

ID Agent offers a service that terrifies prospects by showing them their corporate data in circulation on the Dark Web, as well as a monitoring service to guard against it. They have Canadian MSP partners, and are in Toronto this week at a Datto show looking for more.

Kevin Lancaster, ID Agent’s CEO

WASHINGTON D.C. – Bowie MD-based ID Agent made the short trip to the CompTIA ChannelCon event here to impress their message of Dark Web monitoring and identity theft protection to the MSPs in attendance. At a time when identity issues are assuming increasing importance globally, ID Agent offers a solution that first frightens customers by showing them what corporate assets are being circulated on the Dark Web for nefarious purposes, and then offers an identity monitoring solution priced for the MSP market and its customers.

The Dark Web, that dark corner of the Internet where digital credentials are bought and sold, wasn’t the initial focus of the company that became ID Agent. Nor did they initially start out selling through MSPs.

“I first founded a company in 2003, whose mission was to bring emerging technologies into the government space,” said Kevin Lancaster, ID Agent’s CEO. “But they would then be bought by an enterprise vendor, and we would have to start all over. In 2009, we pulled together a platform around the Dark Web, which we didn’t really do anything with. Then we pulled it out in 2014 and built a first version of Dark Web ID, and we took it to the enterprise. At first, the Fortune 100 were offended by it, and believed that this was something that they could control themselves. But then breaches like OPM, Anthem, Target and Equifax happened. And we got enterprise customers, in government, the largest banks, public sector organizations and large sports leagues.”

At this point, ID Agent was still selling direct, and while they had signed up some enterprise customers, they weren’t getting enough.

“The enterprise still was somewhat slow to adopt, so we started looking at where we could get more value and reposition the tool,” Lancaster said. They added some MSPs after MSPmentor wrote a story on them, and have since worked aggressively to develop that market. Today they have 800 MSP partners.

“Peer groups have been an effective vehicle for engaging with new MSPs,” Lancaster said. “We have done between 50 and 60 shows, and have won awards, including a Best Revenue Generator award at an ASCII show.”

One of these shows, in Toronto, is this week. ID Agent will be presenting with Datto at the CyberSecurity Summit in Toronto on August 9. ID Agent already has a presence in Canada, and have several dozen Canadian-based MSPs.

Dark Web ID is the company’s flagship offering. It scans the Dark Web to identify, analyze and monitor compromised or stolen employee and customer data. SpotLight ID is the offering that actually provides ongoing personal identity protection and restoration. It is sold exclusively through ID Agent’s MSP channel. A third offering is Rapid ID Response, which lets MSPs help customers quickly respond to increasingly complex cyber threats and keep on the right side of identity-based regulations. That’s also becoming a key issue, Lancaster stressed.

“Our message to our partners is that we are about to be hit with a tidal wave of new laws and attention around privacy,” he said. “Most states have some kind of breach and privacy law now. Most MSPs have no clue that in Maryland, you have to notify within 45 days and offer some kind of protection if you have more than 1000 people that are exposed in a breach. A few states don’t have this kind of law, but not many. The new law California just passed [and scheduled to take effect at the start of 2020] impacts you if you have more than 50,000 people’s data. The law is somewhat vaguely defined, but if you are subject to it, you have to self-report within 72 hours. You also don’t have to be headquartered in California to be impacted by the law, as long as you have data from people there.”

Lancaster stressed that not only do few MSP customers have any kind of incident response plan – few MSPs do either.

“99.9 per cent of MSPs haven’t, unless they work in regulated industries and are more sizable,” he emphasized.

ID Agent is making their first appearance at ChannelCon, whose Washington venue this year was right in their backyard.

“Our messaging around the show to MSPs is that you have to think about security differently,” Lancaster said. “Our Dark Web tool is very visceral and easy to understand. We were initially reluctant to lead with that – by scaring prospects. But it brings security awareness to them in a very effective way. Compared to this, doing an anti-phishing questionnaire and giving a badge for passing a test just doesn’t cut it.”

Lancaster said that this breaks security down to the most common denominator.

“If you start talking about IP Flows, and SIEMs, prospects just see it as an expense and you lose them,” he said. “Our job is to let partners come in and show all an organization’s email addresses and passwords that are bring on the Dark Web being bought and sold.”

So what does this kind of search typically turn up? Lancaster said that the most important variable is how long the company has been in existence. Newer companies may not yet have been targeted.

“On the other hand, we have found a 90 per cent hit rate on an organization that has been around for three to four years,” he said. “With a company of 20 people, the average would be about a dozen items found on the Dark Web.”

While the Dark Web monitoring service is a differentiator, the actual credential monitoring service market has big players like Experian and LifeLock in it. Lancaster says that MSPs can offer a different kind of differentiator against those.

“We cost about a quarter of what they do!,” he emphasized.