“Our goal is trying to make life easier for them, and we’re starting that today. You’re going to see continued innovation and getting into new things that will help our partners,’ says Mike Puglia, general manager of security products and chief marketing officer–customer at Kaseya.
Multiple products and feature rollouts were announced at DattoCon this week in Washington, D.C, ones that now benefit both Kaseya and Datto partners under one single umbrella.
Along with product integrations following Miami-based Kaseya’s $6.2 billion acquisition of Datto, Kaseya is continuing to invest in new Datto products and capabilities to help MSPs be more innovative.
“Our goal is trying to make life easier for them, and we’re starting that today,” Mike Puglia, general manager of security products and chief marketing officer–customer at Kaseya, told CRN. “You’re going to see continued innovation and getting into new things that will help our partners.”
Two new Datto offerings include managed SOC (security operations center) powered by RocketCyber, which Kaseya acquired in February 2021, and Datto EDR (endpoint detection and response).
[Related: Kaseya Takes A Page Out Of Datto’s Playbook To Enhance Partner Program]
“Datto had acquired (threat detection and response vendor) Infocyte in the beginning of the year so we’re taking the Infocyte technology and we’re going to have our own EDR product, so people have choices,” Puglia said. “A lot of people have an AV that they love and would love to add EDR to it but they don’t have EDR in that particular product, so we can sit there on top of it. If they want to use the free Windows built in AV, we can control it and add EDR.”
In early 2023, Kaseya is adding a rollback capability to Datto’s ransomware protection tool.
“[The ransomware protection tool] doesn’t replace antivirus or any of the technology, it’s the emergency break glass,” he said. “It’s sitting there as kind of the canary in the coal mine and it’s watching the computer. If it sees things starting to be encrypted, which means everything else has failed, it tries to kill the process that‘s doing it and tells the user, ‘Hey, this computer is getting encrypted.’”
Puglia said it’s important for a number of reasons, including “trying to stop the last thing you can do.”
“If it’s on one computer, it’s about to happen elsewhere,” he said.
The idea behind the rollback capability is when a machine is encrypted, “it actually isn‘t instantaneous. It can take quite a while to encrypt all your files, depending on how big the machine is.”
He said the ransomware EDR currently sees files being encrypted and tries to kill it. The rollback capability will make a short-term copy of those files as it‘s being written.
“So it kills it and then it says, ‘’the last files that I saw getting encrypted, let me recover them back to their state five minutes ago,’” he said. “It doesn’t replace your backup and disaster recovery. It’s kind of the last line emergency break glass.”
Dustin Bolander, founder of Austin, Texas-based MSP Clear Guidance Partners, told CRN the rollback capability is “neat,” but he has concerns.
“The security side of me is skeptical of how useful it is in real-life problems,” he said. “Typically there is some kind of dwell time that the attacker was already in there, so if you just start any rollback where you saw encrypting happening, most of the time you’re probably missing what other action they took on the network.”
He added he’d still want to find out when the hacker got in and then restore backups prior to that standpoint.
Another announcement involved KaseyaOne, an existing single sign-on platform for Kaseya tools, which now includes all Datto products to help MSPs be more efficient.
“Integrations between the various modules allow technicians to be more efficient,” Puglia said. “In the ideal world, 25 percent more efficient.”
And rolling out in 2023, with early access in October, will be SASE (secure access service edge) which straddles the security and networking space, Puglia said.
SASE will route traffic from the user through a secure access point in the cloud that will authenticate them. It will then run all the traffic “through firewalls, intrusion detection, DNS, lookups, all that stuff,” and then the traffic will travel to the “rest of the world or paths into the rest of the world.”
“So everything goes through that secure access location in the cloud,” he said. “Even if I stole your passwords, I stole your phone and I’m a hacker, you can set up access policies to say, ‘I don‘t care who they are, only allow traffic in that came from the Datto cloud.’”
It gives MSPs a central point to control every user, he added.
Bolander believes it’s a “really cool” technology, “but it’s putting your eggs heavily into one basket.”
“Not only is it from the security standpoint, but people cannot even access the internet or anything else if the SASE system has issues,” he said. “It needs to be extremely well-designed and extremely well thought through.”