December 22, 2022, 02:31 PM EST
‘I would say, flat out, an emerging trend of charlatan level is the channel has to start auditing the claims of most of the security vendors,’ says Kyle Hanslovan, Huntress CEO
Huntress CEO Kyle Hanslovan said MSPs should audit security vendors’ claims that they provide 100 percent security, because people believe such claims, and that the best way to spread security awareness is through training and education.
“I would say, flat out, an emerging trend of charlatan level is the channel has to start auditing the claims of most of the security vendors,” Hanslovan told CRN. “When I hear someone tell me they provide a 24-by-seven security service and I look at their staff and they have six people, somebody either is a robot or they’re BS-ing.”
The most effective way to amp up security is through education, he said.
“Still to this day we see partners buy amazing products, like great next generation EDR, but they don’t configure it, they don’t manage it or to be frank, they don’t have the team on staff with the skills to manage it. So they have to solve that problem somehow at a cost that makes sense, whether that’s internal training or standardizing outsourcing,” he said.
The threat researching firm has always been a managed security platform, he said, but all the work that has been done, even through acquisitions, was at the endpoint.
“We started looking back and asking our partners, ‘Where are you struggling to manage?’ The number one thing we hear is, ‘No talent, still.’ And even if they do have talent, nobody wants to manage the mundane monotonous anywhere. They don‘t want to manage the cloud monotonous. They don’t want to manage user training,” he said.
To help with that, Huntress in August paid $22 million to buy Curricula, a story-based security awareness training platform that empowers employees to better defend themselves against hackers. About 15 employees came over in the acquisition.
“Now we have a whole team full of shady hackers and how do we help do all of that for [MSPs] and bring that expertise,” he said. “It’s going to take me probably three quarters to get it to where my standard is, but it’s totally usable today. It’s just I’ve got high standards for elevating it beyond just security awareness training.”
And with training also comes holding security vendors accountable.
CRN sat down with Hanslovan to discuss the impact of security awareness training, how a recession will impact ransomware attacks, 2023 security trends and why MSPs should audit security vendors going forward.