All your questions answered
All your questions answered
The most common questions we get from your fellow MSPs
What is…? We’re glad you asked. ConnectSecure would not be what it is today without the feedback and queries we get from our customers. To help you quickly access the answers to some of the most common questions, we put together this list.
Company
+
What is ConnectSecure?
ConnectSecure is a cybersecurity company focused on serving the Managed Service Provider space. It is the only cybersecurity company that puts MSP interests first. Built by MSP industry pioneers to solve the cybersecurity problems MSPs face, ConnectSecure leverages a collaborative model of product development that integrates MSP insights.
+
Why did CyberCNS sell or change its name?
As part of the acquisition of CyberCNS, Peter Bellini, the ConnectSecure CEO, wanted to re-brand the company to 1) reflect a move from Canada to the US and to 2) position the company to provide additional cybersecurity products and services, complementary to vulnerability management.
Positioning
+
Is ConnectSecure Vulnerability Management (CS-VM) an agent, a probe, or something else?
ConnectSecure Vulnerability Management is a Software as a Service (SaaS) offering that has a “cloud” side component and “customer” side component (the agent). The agent itself can be installed on any one machine on a customer’s network as a probe.
+
Can CS-VM scan nodes associated with employees that Work from Home?
ConnectSecure has a so-called “lightweight agent” that can be installed on end-user devices of remote users and work-from-home users to scan those local systems for vulnerabilities and compliance gaps.
+
What are the kinds of assets that CS-VM can scan? (routers, firewalls, PCs, etc.?)
The CS-VM can scan network gear such as routers; switches; access points; firewalls; end-user devices, such as laptops and desktops; printers; and servers and virtual machines.
+
I have an RMM and antivirus software, why do I need CS-VM?
Every day, more than 50 new vulnerabilities are discovered. These cannot be addressed by RMMs and AntiVirus software. A vulnerability assessment solution such as ConnectSecure is a must to stay protected.
+
CS-VM is promoted as being an all-in-one solution. What exactly is included that competitive products might distribute across multiple products?
ConnectSecure includes scanning for: 1) Network vulnerabilities, 2) End-user device vulnerabilities, 3) Compliance scans, 4) Application Baseline scans, 5) Active Directory scans, 6) Cloud asset scans.
Competitors typically have some of these features in different “modules” that have to be purchased at an additional cost.
Competitors typically have some of these features in different “modules” that have to be purchased at an additional cost.
+
Is there on-premises as well as SaaS?
Yes. The preferred model is SaaS, but ConnectSecure also has a fully on-premises version for MSPs working with defense or government contracts.
+
What industry frameworks does ConnectSecure support?
ConnectSecure meets all the requirements of NIST’s Cybersecurity Framework 1.1 for the Identify category.
+
What category of the NIST framework does CS-VM operate within?
ConnectSecure Vulnerability Management sits squarely in the Identify category of the NIST framework but, based on its ability to patch Windows applications, also performs functions associated with the Protect category.
Integrations
+
What third-party products does CS-VM integrate with, and where can I get more information?
ConnectSecure integrates with popular PSA and RMM systems. It also has integrations with several SMB Firewalls and communication tools like Slack and Microsoft Teams. The full list of integrations is here.
+
Does it integrate with SIEMs?
Integrations with SIEMs is work in progress and expected in the first quarter of next year.
+
Where do you get your vulnerability feeds from?
Several sources, including the NVD, Vulners, OEMs. These are curated to reduce false positives.
Infosec
+
How does ConnectSecure ensure the security of its own product(s)? How can I be sure I am minimizing the chance of a supply chain attack on my client?
ConnnectSecure has tightly defined and explicit Privacy and Data Breach policies as well as Terms of Use that are open and available on the website.
Principle of Least Privilege: Access to code and credentials is customized to meet and not exceed the needs of the employee.
Automated Tools to Monitor Internal Behaviors and Vulnerabilities: This was the Sprinto tool. We can examine how internal assets map to the standard for compliance of the asset, and we can also understand how our internal staff is behaving relative to their development privileges and assigned responsibilities.
Sophisticated Development Operations: Leveraging GitHub and Pipeline, the Dev/Staging/Master-Production environments feature limited access and clearly defined rules that enable code to move from one environment to the next. This protects the production code from projecting any code that hasn't been fully tested and examined for infosec best practices.
As a feature of the point above, non-authorized staff, like Support, have no access to any of the code and no privilege to move the code through its Dev-Staging-Production journey
All access credentials are encrypted during the development process. When code may be shared between developers, sensitive information is not exposed nor is it available outside of defined permissions.
The multi-tenant environment of the software has been designed to ensure that the data and credentials from one tenant (client of the MSP) is completely separated from the data and credentials of another.
Principle of Least Privilege: Access to code and credentials is customized to meet and not exceed the needs of the employee.
Automated Tools to Monitor Internal Behaviors and Vulnerabilities: This was the Sprinto tool. We can examine how internal assets map to the standard for compliance of the asset, and we can also understand how our internal staff is behaving relative to their development privileges and assigned responsibilities.
Sophisticated Development Operations: Leveraging GitHub and Pipeline, the Dev/Staging/Master-Production environments feature limited access and clearly defined rules that enable code to move from one environment to the next. This protects the production code from projecting any code that hasn't been fully tested and examined for infosec best practices.
As a feature of the point above, non-authorized staff, like Support, have no access to any of the code and no privilege to move the code through its Dev-Staging-Production journey
All access credentials are encrypted during the development process. When code may be shared between developers, sensitive information is not exposed nor is it available outside of defined permissions.
The multi-tenant environment of the software has been designed to ensure that the data and credentials from one tenant (client of the MSP) is completely separated from the data and credentials of another.
+
What type of internal security program does CS have and can you provide me with documentation?
ConnectSecure is SOC2 compliant.
Trial
+
How much time do I have to use the Free Trial?
Two weeks is the default period. It can be extended if required for valid business reasons.
+
Are there any features/functions of the production product that are missing in the Free Trial?
No. The trial is fully functional.
Capacity
+
How large an IT environment can CS-VM effectively support?
We have customers using the product for up to 40,000 assets. The architecture is scalable and, in theory, there is no limit. ConnectSecure can work with customers with very large deployments to suggest best practices to support that environment.
+
I understand that CS-VM is multi-tenant. Are there any practical limitations to how many clients I can host on one platform?
There’s no limit. We have MSPs using us to support several hundred customers today.
Buying
+
How is CS priced?
We charge customers based on the unique number of assets being scanned per month. We have three standard pricing tiers: 1) Up to 2,500 unique assets it is $299 per month, 2) Up to 5,000 unique assets it is $499 per month and 3) Up to 10,000 unique assets it is $999 per month.
+
How do I buy CS-VM?
Please contact us sales@connectsecure.
+
Is CS-VM available through distribution?
Yes. We have MSP Store and Pax8 as our main distributors in the US. In other markets, we have either local distributors.
Function
+
Does your external scan look at the OWASP Top 10 vulnerabilities?
Yes.
+
Does CS look at Configuration compliance?
We do this today for several popular SMB Firewalls.
+
What Active Directory hygiene does CS identify?
AD Users, Groups, OUs, and GPOs
+
What assets/systems can CS-VM patch?
Patching is, right now, limited to third-party applications on Microsoft Windows.
+
How do I prioritize remediation of vulnerabilities?
All vulnerabilities are prioritized as Critical, High, Medium and Low.
Other
+
What privileges do I need to give agents and probes?
Usually the local service account/AD account.
+
What if my EDR stops the CS process?
Whitelist the ConnectSecure agent.