TubbTalk 121: Application Security: What MSPs and MSSPs Should Know for Success

An Interview With Michael George

Michael George is CEO of Invicti Security. They’re an accurate automated application security testing platform that scales like no other solution.

He tells Richard Tubb why application security should be a priority for today’s MSPs. And, he explains why Invicti believe that the new frontier for cyber hackers is applications. Because it’s much harder to get in directly into infrastructure, and application security is often weaker.

The Importance of a Strong Company Culture

Reflecting on his time at Continuum, Michael says that it took time for the team to gel and come together. “It didn’t happen instantaneously, but by the end we felt like a family. We had a remarkable culture.

“In it, everyone was bound together by a common mission and objectives. They all had the right attitude and work ethic, and something magical happened. That’s what you need for a strong company culture. I knew the names of so many of my staff of 1,400 people, and their families too. You need to show interest.”

Why Application Security Testing is so Important in Modern Cybersecurity

For a long time, smaller businesses have felt that they weren’t significant enough to be a target of a cybersecurity attack. We now know, of course, that by believing they weren’t vulnerable, they made themselves targets.

“At every level, including the vendors, companies were being attacked. Once the hackers got into them, they could infiltrate thousands of other businesses. Now that people understand the risk, it’s become a priority for them. But they’re still fairly clueless when it comes to understanding their weak points.

“We use a tool called Discovery which looks at internal and external applications in a business, and they don’t even realise how many they have. Some are dormant but still on the system, and they represent an entry point. Without application security testing, they can’t be fully protected.”

Not completely sure what application testing is? This might help!

How Invicti is Viewed by the Wider Cybersecurity Community

Michael says the fact that their tools are easy to use is a hallmark of what they do. “We’re dealing with very important, big and complex problems, but we spend a lot of time on both the user interface and the user experience.

“When we onboard customers, we take time to get them up and running, and then they get unlimited scanning per application. We know they’ll have to scan the same applications over and over.

“I think the cybersecurity world sees us as a sophisticated, high value tool which is easy to implement and has features that none of our competitors offer. We even offer ‘proof-based scanning’, which we implement when we’re trialling the solution with a prospect. That really demonstrates our worth.”

How Invicti’s Application Security Fits in to the MSP Market

Michael explains that the majority of their users are SMBs, and their average sale price is in the same zone as a PSA or RMM. “From clients we’ve worked with, we know that application security is one of their biggest worries. Those who’ve moved into MSSP – a security focus – need a tool to help them protect their clients.

“If applications are vulnerable, you need to correct that immediately. But at the same time, we don’t want to be a standalone solution. So we’ve worked hard on integrations. We have a very simple API layer so you can plug into your existing stack. Take our data and use it wherever you are.”

The Practicalities of Solution Consolidation in Cybersecurity

Michael says that most MSPs and MSSPs tend to use the same few vendors, and it’s essential that these tools work together. If one doesn’t suit your needs, you have to look elsewhere, but there are only a handful at the top level.

And that, Michael says, is where consolidation comes in. “We’ve seen a few big mergers recently, and for the most part they’ve been positive for the users. Consolidation is inevitable, and it’ll happen in the cybersecurity world sooner rather than later. There will only be a couple of winners, and Invicti intends to be one of them.”

How Invicti Helps MSPs Manage Risk in a Scalable Way

One big advantage that Invicti has is that its scans run very fast, and they prioritise and highlight the key areas that need addressing so they can be remediated quickly. Clients can also choose what to scan for, so they may look for API vulnerabilities, or zero-day threats.

The tool (Acunetix) is cloud-based and runs on Linux, making it secure and accessible. Scans can be run concurrently, and there can be tens of thousands of scans done in a short space of time. That means the MSSP can support multiple clients at the same time, so scaling doesn’t mean they compromise on their ability to deliver results.

How to Connect With Michael George

• Invicti
• Follow Invicti on Twitter
• Like Invicti on Facebook
• Follow Invicti on LinkedIn
• Connect with Michael on LinkedIn

How to Connect With Me

• Subscribe to TubbTalk RSS feed
• Subscribe, rate and review TubbTalk in iTunes
• Subscribe, rate and review TubbTalk on Stitcher Radio
• Subscribe and rate TubbTalk on Spotify
• Follow TubbTalk on iHeartRadio
• Follow @tubblog on Twitter

Mentioned in This Episode

• ConnectWise
• Jira
• Jenkins
• ServiceNow
• A3Sec SAS
• Smart Solution Consulting GmbH
• Monogo
• Bulletproof
• Kaseya
• Linux
• Summit Partners (growth equity firm)
• Book: David Foster Wallace: Infinite Jest
• David Foster Wallace Kenyon College commencement address: This is Water
• Invicti’s AppSec Indicator report
• Invicti’s MSSP Program
• Invicti Resources Library

You Might Also be Interested in

• Podcast (featuring Michael George): Dealing with Customer Objections to Outsourced Services
• On-demand webinar: Protecting SMB Clients From Today’s Cybersecurity Threats
• Podcast: How do Criminals Think? Cybersecurity for MSPs

 

You might like: