Partners with HackerOne to find and fix vulnerabilities in its software
ConnectWise is continuing to build out its cybersecurity strategy with a new bug bounty program designed to have hackers sniff out vulnerabilities in its own software.
The Lowdown: ConnectWise’s strategy includes building up its own internal capabilities after vulnerabilities were found in its Automate asset management and Control remote desktop software and protecting MSPs that use ConnectWise’s technologies to secure their SMB end clients.
The Details: The Tampa, Florida-based company is partnering with HackerOne, which helps enterprises shore up their security postures by finding, reporting, and remediating vulnerabilities. The bug bounty program, which will be hosted by HackerOne, will reward hackers for finding vulnerabilities in ConnectWise’s portfolio.
The ConnectWise program announced this week is private, so it’s open only to hackers invited through the HackerOne platform. The managed service platform and portfolio company will remediate and disclose all issues found, with disclosures coming through ConnectWise Trust Site.
The Impact: MSPs have become a focus of bad actors because the remote monitoring and management (RMM) tools they use are seen as a way to access the corporate networks of their customers. Government agencies like the FBI and Department of Homeland Security over the past few years have warned MSPs and cloud providers that cybercriminals are looking to exploit them to get to their customers. Companies like Continuum, Blackpoint Cyber, MSPAlliance, and CompTIA also have put a spotlight on the growing threat to MSPs.
Such efforts become more important given that organizations increasingly are turning to MSPs and managed security service providers (MSSPs) for cybersecurity help in combating the growing number and sophistication of threats. A recent MarketsandMarkets report is forecasting the global managed security service space to grow from $31.6 billion this year to $46.4 billion by 2025.
Background: ConnectWise also has put an emphasis on cybersecurity this year. In August, the company expanded the security educational opportunities for MSPs and technology service providers (TSPs). Earlier in the summer, ConnectWise launched its MSP+ Cybersecurity Framework to help service providers improve their security skills.
The Buzz: “Cybercriminals move fast, so we have to move faster. Employing a bug bounty program with the help of HackerOne, the industry leader in this space, will allow us to do just that by finding issues before bad actors get a chance to exploit them,” said Tom Greco, director of information security at ConnectWise. “Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community’s expertise and participation in helping us keep our products secure. As we said earlier this year, the launch of this bug bounty program is yet another important addition to our security arsenal – and it’s the latest piece of our overall strategy to strengthen our own security standing so that we can better protect our partners and their SMB customers.”