ConnectWise launches Cyber Research Unit to provide MSPs with cutting edge threat intelligence

The new CRU integrates existing ConnectWise assets drawn from multiple acquisitions in a more formal and comprehensive form than before, and includes a threat intelligence feed.

Wes Spencer, CISO of Perch Security

Today, at their ConnectWise IT Nation Secure event in Orlando, a hybrid conference where the on-prem activity began yesterday, while the virtual component starts today, ConnectWise is announcing their new Cyber Research Unit [CRU]. Using ConnectWise’s Perch platform, the CRU provides a much more formalized and integrated threat intelligence feed than ConnectWise has offered before, specifically customized for MSPs

“Think of the CRU as the culmination of a lot of threat intelligence processes we already had in place,” said Wes Spencer, CISO of Perch Security. “Now it’s formalized, and specifically built for MSP partners. There are other threat intelligence teams out there – Cisco Talos is one – but they aren’t designed for partners servicing the SMB market. MSPs and the small business  sector are effectively left out.”

The objective of the CRU is to provide cutting edge threat intelligence.

“Here are the intelligence pieces you need to act and respond on these threats,” Spencer said. “We’ve been doing some of these things very ad hoc before, such as the Perch weekly threat report. It’s not gated. Anyone can read it. But it wasn’t formalized in any way. Now it becomes formalized. We are also announcing the release of the ConnectWise CRU threat feed, which non-ConnectWise partners as well as ConnectWise partners can pull. We are also moving into deep integration with CompTIA ISAO. We are becoming very formalized in the processes we are creating.”

Drew Sanford, Senior Director, Global SOC Operations at ConnectWise

“Over the last few years, we have brought together multiple capabilities from multiple companies,” said Drew Sanford, Senior Director, Global SOC Operations at ConnectWise. “We have taken disparate strengths from different teams from different companies and have brought them together – Perch, Continuum, StratoZen – all now complete together in one team and one unit. At one level, there had been some degree of integration before, especially between Perch and ConnectWise, but not at the research level. Now we are bringing them altogether into one unit.”

Sanford said that the biggest piece of the announcement is the threat feed launch.

“We are making publicly available the viability of having access to the intelligence threat feed,  where partners and non-partners can both strengthen conversations in what they are doing in protecting their sites.

“We are seeing millions of threats a year across the entire ecosystem,” Spencer said. “This is an MSP-focused threat feed that gives SMBs the protection that they care about. Anybody can go and see it and use it. It’s for the community to make the world better. We are already using it ourselves. People will look at this and ask how they can use it.”

Spencer noted that they saw with the Microsoft Exchange vulnerabilities that one threat actor would override another in what became an attacker feeding frenzy.

“We probably have better visibility in what’s happening into this Exchange vulnerability than anyone,” he said. The mission of the CRU is to be that timely vaccine, that central nervous system. That’s the goal. I will count this successful if when an emerging threat happens, MSPs ask ‘what does the CRU say.”

The next step for the CRU is deeper enriching of the data.

“Being able to broaden the analysis comes next,” Spencer said. “It’s one thing to have research, but if I’m able to see how the different pieces come together, I can start predicting behavior, and build solutions to protect the SMB and partner community.”

The CRU core team is three people plus a couple of senior managers in the research unit, and effectively also includes 6-7 people from the threat hunting team.

“Both feed information to the other on how to act,” Sanford said. “Our complete SOC is about 140 individuals worldwide.”

“This is a very exciting beginning,” Spencer concluded. “There will never be a reduction in cyberthreats, and MSPs will be forced to defend themselves. ConnectWise will protect them with every tool and capability to help them. They don’t have to go in this journey alone.”