When I first met the team at Cytracom some years back, they were a unified communications vendor. That made the company’s 2022 introduction of ControlOne, a SASE solution, puzzling until Cytracom executives explained that a voice service worth paying for requires secure, stable connectivity and ControlOne would ensure that’s available. So from the cheap seats, at least, Cytracom was still primarily a VoIP vendor. It just now had an MSP- and SMB-friendly networking and security tool as well.

The picture started getting more complicated early this year, though, when Cytracom announced its acquisition of Telivy, a vulnerability management vendor. You could argue that Telivy’s software was a great tool for exposing vulnerabilities that businesses could then address by deploying ControlOne, which in turn remained a great foundation for selling voice services. But it became clear that Cytracom had different, bigger plans in mind when it described the Telivy deal in a press release as “another milestone in the company’s evolution to deliver a comprehensive technology platform for MSPs.”

Yes, but what kind of platform? The answer was unclear, to me at least, until a conversation with John Tippett (pictured), Cytracom’s COO, at Vision last week about a more recent acquisition began bringing it into focus.

The acquisition I’m alluding to happened in June, when Cytracom bought Tentacle, a governance, risk, and compliance vendor. This time the press release called the transaction “a significant advancement in Cytracom’s Security Risk Management (SRM) strategy” that “further aligns with the company’s mission to empower MSPs to grow beyond traditional IT services and embrace a more strategic advisory role.”

And it’s growing easier to see what that means. It’ll take a bit, but eventually Telivy’s software will arm MSPs to inventory vulnerabilities in end user environments and feed them to Tentacle’s solution, which will map them against a variety of security frameworks, cyber insurance requirements, and regulatory mandates. Want to eliminate those compliance gaps? Simply deploy ControlOne.

“You can do a risk assessment and find problems, and when you win the client and deploy SASE, you could think, ‘single click, make these problems go away,’ and SASE can take action based off of the risk assessment,” Tippett says.

All of that’s one-time project work, but Telivy does vulnerability monitoring as well as assessment. So once that system, Tentacle, and ControlOne are all in place an MSP can use them not just to create compliance policies but to enforce them in real time. Cytracom must do three things before it can realize that vision, though:

1. Create a shared identity management foundation for its various solutions

2. Use that foundation to integrate those solutions more closely with one another

3. Retune Tentacle’s app, which was designed for use in enterprise IT departments, for MSPs

That process, which will take time, is already underway. Cytracom, in fact, began a staged rollout of Unity, the identity management foundation that makes everything else possible, week before last. When the process is complete by end of summer, Tippett says, “we’ll start connecting all of these dots together.” And when that process is complete, ControlOne will start automatically isolating vulnerable endpoints in response to real-time signals from Telivy and Tentacle until a technician implements a fix.

But why, in the emerging age of agentic AI, require technicians to get involved at all? Eventually, Tippett suggests, Cytracom’s platform will remediate compliance issues autonomously. Look even further out, he hints, and you can imagine the company identifying and addressing compliance deviations in areas beyond the network that a SASE solution can’t touch. Will the portfolio expand to accommodate that?

“It absolutely will,” Tippett says, through a combination of building, buying, and—most intriguingly—partnering.

“We have several partnerships that we’ve not announced yet that we’re working on that will be more of an ecosystem play,” Tippett says.