The Hottest New Cyber Espionage Target: Your MSP Business

Tara-Newman_HeadshotA notice for our international managed service providers on how to protect your practices against “APT10”

By Tara Newman
Director of International Sales and Marketing
RapidFire Tools

As a managed services provider (MSP), it’s your job to protect your clients’ networks from threats. Yet according to a report from global consulting firm PwC UK released this month, cyber criminals are now targeting you, the managed service provider. While you know security is important, and you have likely been encouraging your clients to invest in security services, it’s time to double down on your own internal security efforts.

The group responsible for the recent attacks targeting MSPs is a “China-based threat actor” identified as “APT10.” This group has been effectively launching lucrative cyberattacks across the globe since 2009, and is now focusing its energy on MSPs in a campaign PwC UK has termed “Operation Cloud Hopper.”

Red-QuoteAs is the case with most data breaches, these attacks start out with a phishing scam, typically in the form of a desirable communication from a reputable organization. Once clicked, the malicious file installs malware. Criminals then use a sophisticated set of custom tools to gain user credentials that allow them to use the MSP’s existing tools to access and extricate sensitive and proprietary customer data.

While the attacks typically come in the form of a phishing email, the strategies and tools being used to target MSPs are so advanced that anti-malware companies often struggle to keep up. Whenever a new threat arises, it takes time to patch the gap in coverage. This means even with have an anti-malware solution in place, your IT network still faces windows of vulnerability.

To bridge those network security gaps, and prevent employees from unwittingly giving cyber criminals unbridled access to your network, it’s important to scan for internal vulnerabilities that anti-malware solutions might miss.

PwC UK estimates that thousands of MSPs across the world—especially in Europe, North America, Australia, and Asia—have already fallen victim to APT10 cyberattacks that expose sensitive customer data.

Why MSPs Are Being Targeted by APT10

As an MSP with direct access to high-profile companies, cybercriminals see your organization as a lucrative target. Instead of trying to compromise ten to 20 separate companies, all these criminals have to do is compromise an MSP’s network to gain entry to data from dozens of other businesses.

Why go after a single fish when you can take down the whole school? That seems to be the mind-set behind of cyber criminals targeting MSPs with phishing attacks that compromise end-customer data.

Why Malware Protection Isn’t Enough Anymore

To protect your MSP business against being the next victim of Operation Cloud Hopper, it’s important to craft an internal security solution that doesn’t just prevent external threats, but also looks for vulnerabilities and threats that are already inside your network.

You might be surprised to learn that, according to Security magazine, internal vulnerabilities are responsible for 70% of data breaches in small and medium sized businesses (SMBs).

Using a tool to scan for common internal vulnerabilities, such as unusual user behavior, can be an effective and easy way to identify, investigate, and eliminate threats inside not only your network, but also your customers’.

Beyond the security essentials you already have in place, consider adding an internal vulnerability scanner like Network Detector to your existing security toolset. With Operation Cloud Hopper showing no signs of slowing its efforts to compromise MSPs’ client data, it’s important to have extra security measures in place now, to prevent your network from being used as a tool to harm your customers.

To learn more about how Network Detector can help you prevent costly APT10 Operation Cloud Hopper attacks, click here.


RapidFire Tools on “MSP Radio”: Using the 60-33-60 Rule on Cyber Security

RapidFire Tools’ vice president of development, Win Pham, recently sat down with blogger Nate Teplow from Continuum, a leader in the remote management space and an integral RapidFire tools business partner. Since both companies are focused on helping MSPs profit from a comprehensive security offering, Win shared his expertise on how to leverage network assessments on an “as-a-service” basis, addressing the cyber security concerns that have become so prevalent in today’s IT landscape, especially for SMBs.

In a podcast on Continuum’s “MSP Radio” program, he describes the “60-33-60 Rule.” It’s a compelling warning which MSPs can use to help end-users comprehend the urgency of cyber security.

60 percent of all cyber security attacks target small companies—a ratio that’s changed significantly in recent years. By inference, SMB organizations are more vulnerable to breaches than ever before.

33 percent of firms that get attacked require three or more days to recover. That’s a watershed of lost business. For a smaller company with finite resources, this kind of downtime has a tangible impact on the bottom line.

60 percent of small businesses fail within six months of being hacked for the first time. An absolutely staggering figure.

Listen to Win’s podcast on our business partner Continuum’s “MSP Radio” program, where he reveals how MSPs can acquire step-by-step guidelines for implementing an effective, well-structured, and easily deployed menu of Cyber Security services. A tiered security offering can establish ongoing revenues for MSPs while mitigating risks for their clientele.


Thanks to Continuum and its Continuum Podcast Network for helping us spread the word. Stay tuned for additional webinars from RapidFire Tools on how MSPs can take advantage of these opportunities.

* Source of stats: Symantec International Small Business Association

On the Road: A Blueprint to Success

Rapid Fire Tools AwardsBy Michael Mittel, CEO, RapidFire Tools

Our sales executives at RapidFire Tools travel to close to 100 events a year. That’s a lot of time connecting with managed services providers. But you’re the ones who day-in, day-out are looking for better ways to grow your practices, increase your profitability and enhance relationships with the end-users whose networks you support. You shouldn’t have to go it alone, which is why we invest in these opportunities to educate MSPs about the advantages of network assessment tools.

But from our perspective, it’s not enough just to let you know our tools are available. We want to make sure you know how they work, and how you can leverage them in the practical marketplace for gain. What we’ve found from being in the thick of the MSP events is that people are still looking for exactly how to get the best value from their solutions, and not every vendor is delivering that knowledge. You want to know how to structure your offering, how to market these services, how much to charge, how to configure your contracts, and how to best manage a multitude of end users once they’ve signed on for these services.

Based on that feedback, we want to teach MSPs how to sell “Security-as-a-Service” and “Compliance-as-a-Service” from start to finish. We’ve been bringing this knowledge to events all year long, including a March webinar on Cyber Security. We conduct live webinars, often more than once per month, explaining how this and other network assessment disciplines can increase your business.

While we’ve been out on the road, here’s one other thing we’ve found in the field:  Validation of that strategy. Time and time again, RapidFire Tools has left trade events with awards in-hand, recognizing our efforts to educate and train solution providers. Here’s a roster of awards we’ve racked up in 2017 thus far:

• Best IT Workshop, ASCII Success Summit Houston
• Best Revenue Generator, ASCII Success Summit Houston
• Best Partner Program, SMB TechFest Q1 2017
• Best Channel Vendor, Managed Services 2017, Business Solutions
• Best Revenue Booster, 2017 ChannelPro SMB Forum

We’re proud of these achievements. But just like our approach to educating the marketplace is very grassroots and practical, we take a similar view of our trade event awards. It’s not the glory we appreciate in being selected for these awards—which come by way of reseller votes, editor picks, and sometimes from the companies hosting the events. We’re more excited by the recognition from you, our MSP customers, confirming that our hands-on immersion in the channel produces effective outcomes for solution providers.

You can speak with us first-hand at the following events in March including:

XChange Solution Provider 2017
March 5-7, 2017 National Harbor, MD

MSPWorld 2017 Conference
March 26-28, 2017 New Orleans, LA

CharTec Academy
March 28-30, 2017 Bakersfield, CA

ASCII IT Success Summit

March 29-30, 2017 Orange County, CA

We’d be happy to help set you on a path to greater success through network assessments.

Close More Business Using Network Assessment (Part Two)

By Mark Winter, Vice President of Sales, RapidFire Tools

Network assessment is a unique and effective discipline under the “network security” umbrella. A network assessment tool doesn’t simply monitor a network, the way RMM software does. It provides ongoing network “snapshots,” which when conducted regularly can identify patterns and behaviors that potentially predict a breach. It’s a more proactive and holistic way to support a client’s network security program.

Our earlier “Close More Business” blog explained how network assessment can be used to offer non-invasive, fast data collection; to onboard new clients; and to upsell services such as back-up and disaster recovery. In part two of this series, we’ll examine additional ways to help the MSP increase business and mitigate risks for its clientele.

Sell Managed Security-as-a-Service

Your client’s networks—and indeed, their businesses—are constantly at risk. The market is rife viruses, spyware, malware, and worms that can inflict irreparable harm through downtime, loss of data, and security compromises. Even the most robust of anti-virus and malware protection doesn’t perform perfectly 100% of the time.

Network assessments can serve as regular “Security Health Checks” for your clients, helping them protect their assets, guard against downtime—and basically sleep better at night. However, regular is the key element here. A single assessment is only the first step of what should be an ongoing process, one that recognizes network changes and behavioral models over time.

An MSP can often sell managed security assessments as a supplemental service, generating incremental revenue, since such is not often included in the standard service contract. Many of our partners report gaining $250 more per quarter per client for the most basic security services, which would include performing vulnerability scans of the clients firewall (and other public-facing IPs), validating that systems are secure (patched, have a/v), conducting data mapping of employee access and more.

Identify New Projects

A network is an ongoing entity, moving through a lifecycle that constantly changes. Whether you’re prospecting a lead or visiting an existing customer, an IT assessment doesn’t just provide simple network documentation, it often unearths opportunities to provide additional services.

For instance, assessment reports detect when systems are near capacity, and identifies machines that are approaching end-of-life. The reports identify the opportunity for upgrades and migration projects, delivering concrete documentation to clients and prospects alike of exactly what machines and platforms require a refresh. Network Detective’s Active Directory analysis can assess whether there are inactive login credentials with enabled access, which are often ex-employees or old vendors. This poses a serious security risk from both disgruntled ex-employees and hackers who could gain easy access to confidential information.

One of our MSP partners used Network Detective to detect a huge security risk: More than 700 accounts on their client’s network maintained log-ins that were still active, despite those users no longer being employed by the organization. That assessment led to a substantial networking project for the MSP.

Offer an Exchange or Cloud Migration

Microsoft Exchange migrations continue to provide a terrific opportunity for an MSP to gain revenues, whether migrating to Microsoft Exchange 2016 or to Microsoft Office 365. A network assessment report creates a record of the client’s current Exchange environment, allowing the MSP to ascertain the overall project parameters, in addition to providing the necessary information required for such an undertaking regarding client mailboxes, distribution lists, and mobile device usage. A post-migration assessment provides documentation of the new environment, detailing the scope of the work and verifying its completion.

A similar course can be taken for a migration of network assets to the cloud. Assessment reports document the client’s environment so the MSP can analyze the current network, determine which components are candidates for the migration, and assist in the detailed planning and execution as the MSP transitions servers or desktops to a hosted platform. Of course, a post-project assessment would be performed to document the new environment, to verify accurate project completion.

We’re not finished educating the managed services market on how to profit from network assessment tools. Part 3 of this blog will outline how IT assessments can be used to affect MS SQL Server health checks, and conduct lucrative HIPAA or PCI compliance assessments—which some of our MSP customers have turned into an ongoing practice.

RapidFire Tools’ Detector Named a “ChannelPro SMB All-Star” for Unique Focus on Internal Threats

The leader in non-invasive IT assessment solutions has won three channel awards this quarter, for its solutions and for its MSP training on how to increase business

ATLANTA – Dec. 8, 2016 – RapidFire Tools Inc., the leading Network Detective line of non-invasive IT assessment tools, has been named a winner in the ChannelPro SMB All-Stars awards program for its “Detector” Cyber Security software appliance. The ChannelPro SMB All-Stars program recognizes a select group of hardware, software, or services vendors whose products or services have made a significant impact on the SMB channel in the calendar year. Winners were selected by the editors of ChannelPro magazine, one of the most prestigious media publications in the IT channel; in addition to a panel of top-flight partners within the channel ecosystem.

RapidFire Tools’ Detector appliance, launched in May of 2016, helps managed services providers (MSPs) identify internal threats to the network, automatically scanning a company’s IT environment on a pre-scheduled basis to identify questionable user behavior and patterns that could indicate a potential security risk. The tool sends daily alerts to MSPs on detected issues, incorporating an innovative “machine learning” paradigm that allows the appliance to gather more relevant insights the longer it is attached to the network.

According to ChannelPro publisher Michael Siggins, “While most security tools focus on external threats, RapidFire Tools’ Detector appliance guards against internal ones ranging from maliciously altered firewall settings to inadvertently flawed network configurations. Capabilities such as this distinguish Detector’s value in the IT marketplace, and it’s what earned RapidFire Tools its place on this year’s All-Star list.”

The All-Stars designation is one of several awards that RapidFire Tools’ and its products have garnered this quarter. The company also won “Most Innovative Solution” at the ChannelPro SMB Forum 2016 event, which took place on Nov. 3 in Boston. That honor was granted to the RapidFire Tools Network Detective modules, including the Network, Security, MS Exchange, HIPAA Compliance, PCI Compliance, and SQL Server tools. In addition, RapidFire Tools won a “Best Education” award at the SMB TechFest Quarter 4 conference, which took place in Anaheim, California, Oct. 20 to 21, 2016. That award was granted based on the seminar that was presented by RapidFire Tools’ National Sales

RapidFire Wins ChannelPro SMB All-Stars Award for its Unique Focus on Internal Threats

Manager Matthew Koenig, which coached MSPs on how to increase business through network assessment. The session was one of dozens of training opportunities RapidFire Tools has offered to the MSP community over the course of 2016.

“We’re especially honored to find ourselves on the ChannelPro SMB All-Stars list since it acknowledges that we’ve made an impact on IT solution providers in the small business sector,” said Michael Mittel, CEO and president at RapidFire Tools. “As a company that started out as a small-business MSP, we’re proud to have developed a portfolio of tools that help MSPs enhance their value proposition and grow their businesses. Capabilities such as Detector’s automated assessment scheduling and alerts give MSPs a resource that exceeds those of typical security disciplines like anti-virus and remote monitoring applications. It delivers a more proactive, holistic view of network activities, empowering MSPs to better mitigate client risks and develop stronger relationships in the SMB space.”

About RapidFire Tools and Network Detective

RapidFire Tools Inc. is the developer of the Network Detective series, an award-winning portfolio of non-invasive IT assessment tools used by thousands of service providers around the world, including the Network, Security, MS Exchange, HIPAA Compliance, PCI Compliance, and SQL Server modules. The tools allow MSPs to discover issues and generate custom-branded analysis reports on network performance, which can be leveraged for client presentations and internal service documentation. These reports proactively identify questionable network activity that could lead to a breach or failure. The Network Detective assessment and compliance modules automatically acquire a vast amount of network data – including assets, users, configurations, and vulnerabilities – all without installing any software, probes, or agents. RapidFire Tools was founded in 2010 by entrepreneur and former MSP Michael Mittel to help IT service providers capture new business, expand their practice areas, and mitigate risks for their end-customers. The company, its solutions, and its extensive MSP training efforts have won a roster of awards including Best Revenue Generator, Best Solution, and Best Education from channel and managed service provider associations and media across the country.

Contact: Bob Vogel
RapidFire Tools, Inc.

Network Assessment In Plain English

At ChannelPro’s November partner event, editors caught up with RapidFire Tools’ National Sales Manager Matthew Koenig to get his no-nonsense take on the benefits of non-invasive, easy-to-implement network assessment tools.

The result is a down-to-Earth “How-To” briefing. Koenig explains how MSPs can plug a simple IT assessment tool into any network, quickly producing straight-forward, organized reports that can be presented to CEOs in a way that they can immediately grasp and apply to their businesses. The reports identify critical issues, creating a prioritized set of action items for the MSP to quickly and easily develop a plan of action in order to address possible issues that a client or prospect’s network and security infrastructure may have. And as a business-generating tool, a network assessment scan “gives you the whole reason to go out on a sales call.”

Close More Business Using Network Assessments (Part One)

Network Assessment TrendsBy Mark Winter, vice president of sales
RapidFire Tools

Note: This is the first of a two-part series addressing the ways IT services providers can leverage network assessments to drive new business.

As you might imagine, we talk to a lot of technology solution providers. And while it’s great to learn more about how each of you run your practices, I’m still floored when I hear from those of you who aren’t leveraging network assessments to close more business. Here are three key ways network assessments can further that goal:

Non-Invasive, Fast Data Collection

Effective Network Assessment tools are specifically designed so that you can run a data collector on a prospect or client network without installing software. Our Network Detective tools are completely non-intrusive, requiring no registry changes, and nothing installed—which is especially important when you’re using the tools to prospect for new clients. The reason behind this is you don’t want to make changes to the network or let the existing IT provider know you were there.

Ideally, assessments should be conducted quickly. For example, the Network Detective modules can automatically gather data for a basic assessment in as little as 45-60 minutes on an SMB network. And it’s easy to do. In fact, you can run the automated data collector during an introductory meeting with a potential client, then use your free time to build a rapport with the prospect.

Not Just Data … Value-Added Intelligence

Network assessments can also give you a “look under the hood” of each potential customer, allowing you to identify and highlight issues you can sell against. Our Network Detective tools provide detailed Risk Scores that go beyond providing you with a single number on a scale. You also get the details behind the score, so you know what issues are generating the greatest risks, as well as a management plan to help you prioritize your resources in serving your clients.

Upsell Managed Services

In addition to basic information, network assessments give you insight into other areas of an end user’s technology environment like back up and recovery processes—a crucial area of potential network vulnerability. With that in mind, RapidFire Tools and Datto just introduced a customized network assessment module specifically designed for Datto users. Datto MSPs can leverage this tool at no extra charge, and use it to conduct free assessments of the end-users’ back-up and recovery systems. This creates another avenue you can leverage to build the prospect’s trust and open a dialog to upsell back-up and recovery solutions.

When used in combination with Network Detective’s full range of network assessment reports, you can quickly position yourself as a valuable partner who can deliver insights on BDR and vital findings about overall network activities. We encourage our MSPs to “over-deliver” to clients and prospects alike in this fashion. It’s a great way to both secure new business, and establish a schedule of regular assessment scans for existing customers, building ongoing revenues.

In parts 2 and 3 of this blog, we’ll look at other ways network assessments can help you close more business, including information on creating a managed security service, cloud migration opportunities, and selling MS SQL Server Health Checks.

* * *

RapidFire Tools’ VP of Sales Mark Winter appeared on this year’s CRN 100 People You Don’t Know But Should List, announced in October.



Lingering PCI Compliance Questions, Answered 

Even MSPs with an admirable understanding of PCI Compliance still have enduring questions about the requirements, as set forth by the PCI Security Standards Council. Part of the reason for this (in addition to the standards being downright complex) is that the council evolves these requirements on a regular basis.

The progression of the standards is not arbitrary—if anything, it’s a purposeful action on the part of the council to keep up with an advancing threat of ever-more resourceful hackers. Malicious software purveyors continue to develop new ways to compromise data that can be stored on a merchant network, so the standards are frequently amended to address new challenges.

RapidFire Tools offered a live Q&A session at the end of our recent webinar, “The Next Big Thing for IT – PCI Compliance Services.” The presentation was conducted by RapidFire Tools’ special guest, PCI compliance expert Charles Hoff.

We thought it would be helpful to share some questions from attendees, and our responses. They explore some of the latest requirements, how international merchants are affected, the scope of organizations subject to the standards, the recommended frequency of scans, and more.

Q: Can you tell us about international changes in privacy as it relates to PCI? 

A: The PCI DSS is applicable to all merchants, even those outside of the U.S.  In fact, the PCI Data Security Council solicits input on its standards from stakeholders outside the U.S., as well as from within. However, enforcement has been stricter within the U.S.  It is expected that enforcement rates will increase in the U.K. and in Europe in the future.

Q:  Can you explain about the QIR Certification Program and Visa’s January 2017 requirement? 

A:  The program in question has been mandated by Visa. It applies to merchants that use service providers to install and maintain POS systems and software within the merchant environment, and it addresses the following concern:

POS providers often maintain remote access with the POS systems in their business merchant locations. Hackers have been using this remote access to install malware at merchant locations. In an effort to quell this troubling trend, Visa has mandated that as of January 31, 2017, merchants must contract POS providers that are certified as a “Qualified Integrator & Reseller” (QIR).  The QIR Certification Program is designed to help POS providers better understand data security responsibilities and practices within the payments system. Visa will maintain a list of QIR certified POS providers for the benefit of merchants.

Q:  With what frequency are merchants required to do internal scans? 

A: PCI DSS 11.2 calls for running internal and external network vulnerability scans at least quarterly, in addition to after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, or product upgrades). From a more practical perspective, it is highly recommended that organizations perform these scans on a much more regular basis, as in weekly or even daily, so that there is a more immediate awareness of when a new vulnerability occurs.  The company may simply document one of the quarterly scans as the “official” PCI DSS-required scan.

Can you clarify which organizations in the retail ecosystem are potential subjects for a PCI Compliance program? Is compliance only applicable to the organizations that maintain the credit card information on their systems? Many merchants utilize POS systems that communicate with a clearing company via equipment that the clearing company provides. Is the clearing company also subject to PCI compliance?

A:   PCI compliance covers any companies that are involved in the acceptance, storage, transmission or processing of card data. Therefore, as an MSP, your PCI Compliance services could potentially extend to any of the following:

  • A business that accepts credit or debit cards, even if they utilize a third party vendor’s hardware, software or applications to handle the payment
  • A service provider that stores credit or debit card data on behalf of another business
  • A hosting provider or other service provider that processes or transmits credit or debit card data on behalf of another business

We hope this addresses some of your lingering questions, as it did for our webinar participants, and helps you to take advantage of more market opportunities through network assessments. We’ll keep you informed about upcoming sessions on PCI and other compliance issues in our ongoing webinar training series.

Information Has Value, Data Doesn’t


As IT professionals it’s easy to get caught up in the ins and outs of technology—what’s in compliance (or not), which security loopholes are most dangerous, etc. But that zeal can quickly get lost in translation when you’re speaking with the business side of the house, a.k.a., the decision-makers.

So how do you bridge tech speak with the “just-keep-me-operational” mindset of the boss?

Bob Coppedge, owner of Simplex-IT, a seven-person Hudson, Ohio-based managed services provider, shows you. In this 17-minute video, Bob describes how his company leverages visuals to transform convoluted data into meaningful information that underscores business value. It’s a process he says can quickly onboard new clients and keep existing clients sticking around for the long-term.

South Carolina MSP Lands $500 K in Projects with PCI Compliance Tool

A RapidFire Tools’ customer used the PCI Compliance tool to gain close to half a million dollars in IT business. In the process, the MSP earned the trust of one of the largest entrepreneurial organizations in its marketplace, which could lead to even greater opportunities.

Want to gain the trust and respect of your largest customer? Identify potential vulnerabilities and mitigate them quickly. That’s what one RapidFire Tools customer did with our PCI Compliance Module.

As part of a contracted POS system installation, the owner of a major managed services company in South Carolina advised a prominent retail client to scan its 20+ franchise locations for PCI compliance vulnerabilities. Regulations were changing fast, and the MSP wanted to make sure the client understood all the risks involved.

The results were immediate and shocking. The client’s existing networks were rife with violations.

The PCI Compliance Module produced clear-cut documentation of a roster of issues, many relative to out-of-date legacy software that failed to meet the latest PCI Data Security Standards. The client—one of the most highly successful entrepreneurs in the region—learned he was vulnerable to substantial fines.

The MSP gained the trust of this crucial client through his firm’s diligence, and with the help of RapidFire Tools’ detailed reporting. As a result, the company was contracted to upgrade the networks at the 20 franchise locations in question, which represented close to $500,000 worth of work. In addition, that same entrepreneur invited the MSP to deliver a presentation on compliance issues at a national convention for franchisees, which could lead to untold ongoing projects.

We’re elated when we hear success stories like these about our assessment tools. The end-customer has been protected from business-threatening fines and breaches—and our MSP customer has prospered in the process. We’d love to help you become one of those customers.

1 2