Most MSPs have exposed attack surface
MSPs everywhere are concerned with attacks against their tools — and for a good reason. Attacks against MSPs are rising, and large-scale ransomware attacks can be catastrophic for an IT business. MSPs face the difficult task of defending against organized cyber criminals, who often have more money and resources than the MSP.
In response to these threats, many MSPs are having conversations about risk. They are taking a multi-faceted approach to secure their internal tools — but the current best practices don’t fully solve for the issues of enumeration or granular access controls. For example, the paradox of restricting access to an RMM system is challenging to solve, and some MSPs have tried to home-brew solutions with mixed success.
Having experienced this problem firsthand, we created Reverse-proxy-as-a-Service (RPaaS), a reverse proxy designed specifically for MSPs. This monthly subscription service offers a drop-in solution to deploy all the needed security layers to protect self-hosted MSP tools. It reduces the attack surface by implementing eight different security controls that work in concert to achieve security best practices.
While proxy service was first designed for Connectwise Automate, today, it brings the same level of protection to a growing number of MSP tools. MSPs across the globe use our proxy service, which complements the security practices of every MSP with self-hosted tools.
| Available in: |  |  |  |  |  |
Benefits
 | Easy Deployment | Initial setup takes less than 15 minutes |
 | Multi-Layer | 8 different security controls are integrated into the implementation |
 | Fully Managed | Enjoy enhanced security without adding management overhead |
 | Designed for MSPs | All parts of the service are designed with MSP workflows in mind |
Supported Applications
| Application | Proxy Support | WAF Support | |
 | Connectwise Automate |  | |
 | Connectwise ScreenConnect | | |
 | Connectwise Manage | |  |
 | Hudu | | |
 | Bitwarden | | |
Features
| Obfuscated FQDNs | Avoid DNS and certificate enumeration with FQDN obfuscation |
| HTTP header hardening | Protect against client-side attacks with proper header hardening |
| TLS cipher hardening | Use robust encryption (while keeping legacy compatibility) |
| IPS scanning | Protect against transport protocol attacks |
| GeoIP restrictions | Reduce surface area by only allowing known countries |
| Custom built ACLs | Create custom access controls tuned precisely to your use cases |
| Connection log shipping | Send all connection data via Syslog to your SIEM or SOC |
| Custom domain support | Bring your own domain for branding and ease of transition |
| HA cluster ready | Scale your infrastructure with HA clustering and load balancing |
| Self-service API | Maintain your ACLs and view diagnostic data with our API |
| WAF add-on | Perform deep inspection and stop Layer 7 attacks with our WAF |
| CW Certified integration | Rest easy knowing that our solution is certified and supported |
More details
By default, many MSP tools will have weak TLS ciphers, reveal their underlying technology stack, not implement HTTP header best practices, accept all connections, and be vulnerable to enumeration in tools like Shodan. A reverse proxy can help an MSP address all these issues and add further layers of security to protect against attack. Below is a recorded webinar displaying this feature set for Connectwise Automate.
Next Steps
Ready to get started?
Please fill out the form below if you’d like to set up a trial of our proxy service:
Need a quote?
Use our self-service quote form below to get a quote delivered directly to your inbox.