Continuous Vulnerability Management: How MSSPs Can Mitigate Application Risks for CISOs
It has been more than a decade since venture capitalist Marc Andreessen declared that Software Is Eating the World. He was more than right. Companies of every size now leverage home-grown, commercial and cloud applications to drive their digital businesses forward.
Still, the cloud- and Web-based application economy has also created a world where businesses often don’t have enough time to test and safeguard all of their code. Hackers certainly see all of those applications as prime targets for attack. But those application security challenges also present a new opportunity for MSSPs. Indeed, smart security service providers are pushing into continuous vulnerability management, according to Invicti CEO Michael George.
George certainly knows his way around the service provider market. He previously partnered with private equity firm Summit Partners to overhaul, build and scale Continuum — a provider of managed network operations center (NOC), security operations center (SOC), and remote monitoring and management (RMM) software for MSPs in the SMB sector. George further scaled Continuum when the business shifted to Thoma Bravo’s ownership in 2017 before it merged into ConnectWise in October 2019.
Continuous Application Vulnerability Management: Scaling the Business for Customers and MSSPs
Fast forward to present day, and George has been on-board at Invicti since late 2021. The journey so far has included hiring key executive leadership who previously held key posts at such companies as Mimecast, Rapid7, RSA and Sumo Logic. Moreover, Gerhard Watzinger — known for his influence at CrowdStrike and KnowBe4 — has joined as chairman.
But where exactly is Invicti heading next, and what are the potential vulnerability management implications for MSSPs and CISOs? Michael George provides answers in this MSSP Alert video interview:
Michael George’s Perspectives: What the Interview Covers
The interview covers five chapters:
- Chapter 1: Introductions
- Chapter 2: Recapping Each Security Wave
- Chapter 3: The Rise of Continuous Vulnerability Management
- Chapter 4: Scaling the Invicti Team for Customers & Partners
- Chapter 5: The Invicti Journey Ahead with MSSPs and CISOs
Here’s a minute-by-minute recap:
Chapter 1: Introductions
- 0:36 – Looking back (recapping Continuum for MSPs) and looking ahead (where the market is going with Invicti for MSSPs and CISOs).
- 1:42 – Summit Partners and Invicti: The business relationship.
- 2:15 – Understanding platform shifts around cloud and ubiquitous applications – and related cyber requirements.
- 3:37 – Understanding dynamic application security testing.
- 4:01 – As Marc Andressen predicted: Software ate the world. Now, what that means for security.
Chapter 2: Tracking Each Security Wave
- 4:25 – Wave 1 – Infrastructure security: What companies have spent on security — so far.
- 5:10 – Wave 2- Human security: Rise and evolution of phishing attacks explained.
- 5:47 – Wave 3- Application security: The target that MSSPs & CISOs must now protect.
- 6:35 – How ubiquitous application development triggered new security needs.
- 7:25 – What the ubiquity of websites means for application security issues.
- 7:58 – The race to redeploy everything on cloud – and the security implications.
- 8:36 – Roll all that together and cybercriminals have massive opportunities.
- 8:55 – How COVID and work-from-home further complicated cyber matters.
Chapter Three: The Rise of Continuous Vulnerability Management
- 11:01 – Preparing MSSPs to offer continuous vulnerability management — what that means for customers and service providers.
Chapter Four: Scaling the Invicti Team for Customers & Partners
- 14:28 – The Invicti team: Key executive and team hires — including former executives from Mimecast, Rapid7, RSA, Sumo Logic and more.
- 17:03 – Cyber pioneer Gerhard Watzinger — known for his influence at CrowdStrike, KnowBe4 and McAfee — joins as chairman.
Chapter 5: The Invicti Journey Ahead with MSSPs and CISOs
- 18:35- Understanding Dynamic Application Security Testing (DAST).
- 20:55 – Supporting Shift Right and Shift Left customer needs.
- 21:55 – CISOs can have it their way: Consume Invictic directly or via an MSSP.
- 23:04 – MSSPs are the fastest-growing segment of the Invicti business.
- 23:22 – A learn, try, buy consumption model.
- 24:49 – How to differentiate as an MSSP: Test around application vulnerabilities.
- 25:12 – Gartner Magic Quadrant: The Challenger Position, market growth & company growth
- 26:17 – The ultimate meaning of Invicti, and finding the company online.
- 27:21 – Conclusion.