I flew from the Kaseya Connect conference I covered in my last two posts to this year’s RSAC Conference in San Francisco late on a Tuesday, which meant I had yet to visit the sprawling expo hall first thing Wednesday morning when I met with Vikram Ramesh, N-able’s chief strategy officer, at a hotel outside the event venue. What are exhibitors talking about, I asked him.

Would it shock you if his answer involved AI?

“That’s the flavor of the year,” said Ramesh with a wee grin. It was two years ago as well, he continued, except that then, mere months after ChatGPT’s debut, the talk was all about generative AI.

“Everyone was throwing out copilots,” Ramesh recalls.

Now they’re all talking agentic AI, and I plan to get into the security implications of that technology here a few weeks from now. In the meantime, though, my third RSAC of the genAI era feels like a good time to assess how those copilots Ramesh recalls have impacted security, and how much further they and more traditional forms of AI can—or should—go toward reducing our reliance on skilled, expensive, and extremely scarce flesh-and-blood security professionals.

It wasn’t a given back in 2023, but LLMs and chatbots have made a difference since then for those professionals and the businesses they protect. “It’s really allowing them to do what they would normally do more quickly,” says Arctic Wolf CISO Adam Marrè.

Indeed, back in 2023, investigators in N-able’s SOC (which was Adlumin’s until N-able bought the company last year) used to require upwards of 90 minutes to identify indicators of compromise when responding to incidents, according to Ramesh (pictured).

“Now with AI they can do that in 10 seconds,” he says, leaving more time for other activities. Threat hunting by N-able’s SOC team, for example, is up 153x since the introduction of AI, according to the vendor’s 2025 State of the SOC Report.

And that’s just a starting point. AI already handles 70% of routine tickets in N-able’s SOC, and it’s only getting better. “I don’t think we’ll ever get to 100%, but we’ll probably get to 90% or 95%,” Ramesh says.

The question I and many of the people I spoke with at RSAC have is whether or not that’ll be a good thing. Executives who pay the very large bills required to build, staff, and run SOCs desperately want the answer to be yes. But that’s precisely what worries the people who work in those SOCs. Fully 96% of them, in fact, view overreliance on AI as a potential threat, according to 2024 research from Bitdefender, and 37% call it a very significant one.

“The closer you are to the reality in the field, the more skeptical people are,” notes Martin Zugec, Bitdefender’s technical solutions director.

And it’s not just job insecurity or professional jealousy, insists Michal Jankech, vice president of enterprise, SMB, and MSP at ESET. AI’s very good at drawing generalized conclusions from massive data sets, he observes, but will need far more precise, individualized training than any vendor plans to give it at present to sift through the nuances hidden in specific attacks on specific end users.

“I still think there is a big role for humans,” Jankech says. “Fully autonomous is a faulty promise.”

Marrè hopes that promise doesn’t deter newcomers from seeking a career in security. “I like to tell the operators and other young people who want to enter the field, please enter,” he says. “We’re not going to be able to AI our way out of this.”

Adam Khan, vice president of global security operations at Barracuda Networks, couldn’t agree more. AI undeniably helps analysts at the company’s SOC identify and respond to incidents faster, he says, but there’d be far less need for AI—or analysts, for that matter, or SOCs—if end users would just adhere to the security fundamentals experts have been urging them to embrace for ages. Barracuda sees it over and over when remediating ransomware attacks.

“When you get to the root cause, these are just assets that are left online open to the world without MFA,” he says. “This is basic cyber.”

Running toward integrations

Last week’s post was all about the money Kaseya, Syncro, and Blackpoint Cyber have riding on the proposition that MSPs who have long wanted more integrations in their tool stacks increasingly want fewer. And while that prediction could prove right for reasons I discussed, it’s worth noting quickly just how many of the companies I spoke with at RSAC this year are running toward integrations rather than away.

Take CrowdStrike, for example, which has over 800 of them at present, is continually adding more with a stream of big and less big partners, and couldn’t be prouder of it.

“The vision from George [Kurtz, CrowdStrike’s CEO] and our executive team early on was to say, ‘listen, we’re not going to be a closed framework. We’re not going to have a closed platform. We want to be open to solve customer needs,’” says Amanda Adams (pictured), vice president of Americas alliances for the security leader. “It’s put us in a great spot to service our customers today.” And even more so going forward, she adds, given rapidly growing adoption of XDR, MDR, and AI-based security solutions.

“Data is king, right?” Adams says. “From an ingestion standpoint, the more visibility that we can get from our customers’ environments, the more that we see, the more that they’re protected too.”

According to Marrè, Arctic Wolf regularly adds integrations for exactly the same reason. “It’s an absolute strength that we have,” he says. “The more data we ingest, the better security we can provide.”

Furthermore, the efficiencies single-vendor platforms offer come with tradeoffs, asserts Dave Russell, VP of enterprise strategy at Veeam and no stranger to regular readers of this publication. “Security is a good example where you may want purpose-built solutions with best of breed capabilities,” he says, noting that Veeam has some 65 integrations at present for that very reason.

SonicWall, for its part, bought MDR vendor Solutions Granted year before last in part because of the integrations that came with it and their total addressable market implications. There are lots of Cisco, Fortinet, and SentinelOne fans out there, notes Michael Crean, SonicWall’s executive vice president of managed security services.

“Because we’ve built this open ecosystem, we can support them, we can bring them in, we can help them with their licensing, we can do their training, we can help them with their configuration management,” he says. “That’s hugely beneficial not only to us but really to our partners, and it just opens up additional possibilities that you don’t have to buy everything from us.”

SonicWall’s total transformation takes shape

SonicWall CEO Bob VanKirk had way more than MDR TAM in mind when he engineered the vendor’s acquisition of Solutions Granted, or its separate purchase of Banyan Security and Trapmine, within the same four-month window. Like so many other top executives in security, he was thinking platform, and we got our first and most complete manifestation of his vision last week.

Last Monday, to be precise, when SonicWall introduced two new firewalls, the NSa 2800 and 3800. Generally speaking, there’s nothing terribly revolutionary about one of the most familiar names in firewalls shipping two new models. What makes these particular devices an exception to that rule is less about the firewalls themselves than what they come with:

• Outsourced configuration and management from SonicWall’s SonicSentry NOC team

• Embedded zero-trust network access functionality

• Cloud-based, multi-tenant management

• Annual and month-to-month subscription licensing options

• Those third-party integrations I just told you about

• Up to $1 million of cyber warranty protection via Cysurance

Add in the firewall hardware itself, and what was once an essentially siloed appliance suddenly becomes the foundation for a multi-component platform targeted quite consciously at a very specific demographic.

“What we’ve been doing over the course of the last three years—the total transformation of SonicWall—really started with a relentless focus on our partners, with a key focus on MSPs,” said VanKirk (pictured) from the RSAC show floor.

The managed security element of the solution is especially relevant to that audience, VanKirk continues. “The threat actors are moving on new CVEs in days. You need Mike [Crean] and his team behind you as an MSP, as an MSSP, constantly looking at any configuration 24x7 and providing monthly help checks.”

There’s more coming, including (as we told you last summer) SASE functionality based on SonicWall’s Cloud Secure Edge service. Due “very soon,” according to VanKirk, that functionality was less urgently in demand than the capabilities released last week. “We’re not seeing or hearing that as a core requirement across the SMB space,” he says.

Follow Me on LinkedIn

Getting the DMARC message

We wrote a few weeks ago about why TLS certificate management, a seemingly sleepy little market, is fast becoming a big and growing opportunity for MSPs thanks to changes imposed by Google and Apple. An RSAC conversation with Mike Anderson, global channel manager at EasyDMARC, introduced me to a second, similarly overlooked opportunity.

This one, embedded in EasyDMARC’s name, stems from changes enacted by Google and Yahoo a year ago and Microsoft mere days ago that require domain owners who send 5,000 or more messages a day to use DMARC, an authentication protocol designed to curb spoofing, phishing, and other email-related threats.

Sounds simple enough, but implementing DMARC isn’t a snap, one of two reasons why 47% of the world’s roughly 300 million email domains don’t have it in place at present, according to research published during RSAC by Barracuda. The other is that a lot of businesses don’t even know that the industry’s biggest email service providers (not to mention the council responsible for the PCI DSS standard) have made DMARC use mandatory.

“It was optional for a long time, and people haven’t gotten the message. It’s no longer optional,” Anderson (pictured) says. “If you’re not DMARC compliant, you’re going to see your deliverability rates go down.”

Lots of businesses have seen their delivery rates for invoices and marketing campaigns go down, in fact, Anderson continues. They just don’t know why. EasyDMARC’s software is designed to help MSPs turn that mystery into margin by both simplifying DMARC adoption and managing continued DMARC compliance.

“We tailored the software specifically for the service provider model,” Anderson says, noting that the system is multi-tenant and integrated with ConnectWise PSA, Datto Autotask, and HaloPSA, not to mention Pax8’s marketplace and the Acronis Cyber Protect platform.

Even better though, he adds, the solution comes with a risk assessment tool MSPs can use to generate leads. Punch in a sales prospect’s domain and EasyDMARC will quickly return seven pages of detailed and often eye-opening information about why their marketing emails are bouncing, their invoices never arrive, and their email address is vulnerable to misuse by threat actors.

“Customers are 80% more likely to engage an MSP and do a deal if you give them personalized data-driven analysis that creates emotional connections,” says Anderson, citing EasyDMARC research. Those deals produce one-time DMARC implementation revenue followed by recurring monitoring and management revenue, he adds.

EasyDMARC’s grown its partner base from about 50 to over 2,500 MSPs in two years telling that story. That leaves tens of thousands of other MSPs, though, either unaware of why they should be offering DMARC services or wondering if it’s too late to get started.

“I’m like, no, this is only the first quarter,” Anderson says. “Get in the game.”

Share

Show time

I’ve written about the recent Kaseya Connect conference a couple of times recently. What I haven’t shared, here at least, is that I was an (uncompensated) moderator for several panels at that show, including one during IT Glue’s GlueXperience event-within-an-event about MSP growth secrets. If you missed it but wish you hadn’t, you’re in luck, because the latest episode of the podcast I co-host, MSP Chat, includes a recording of that session in its entirety. Listen here:

Also worth noting

• Prakash Panjwani will step down as CEO of WatchGuard this coming week. Vats Srivatsan, an operating partner at Vector Capital, will be his interim replacement.

• D&H now offers managed extended detection and response services from SonicWall.

• Coro has a new security awareness training module.

• Sectigo, who you’ve read about here recently, is now on the Pax8 marketplace.

• Intelligent least privilege access and risk remediation policy recommendations are among the latest AI-powered enhancements from ManageEngine.

• The new partner program from Cato Networks emphasizes transparency, predictable revenue, scalable growth, and maximized gross profit.

• Pia and CloudRadial have integrated the former’s AI-based automation platform with the latter’s client services automation platform.

• SuperOps has shipped an all-new contracts module designed to help MSPs wring more profit from services as well as track them.

• TeamViewer has a new edition of its digital employee experience platform coming specifically for SMBs.

• It takes one to know one. Pax8’s Rob Rae is the host of the marketplace operator’s new MSP Legends documentary series.

• Speaking of managed services legends, Dan Wensley is GTIA’s new CEO.

• NinjaOne has named Aaron Kinworthy its new VP of public sector and Egon Rinderer its new SVP of federal and enterprise growth.

• Alex Thurber is the new SVP of global channels at identity management specialist Delinea.

• New mobile features, AI-driven customer experiences, and communication management features are among the over 100 enhancements to GoTo Connect.

• A new high‑performance reasoning model is among several agentic AI features ServiceNow and NVIDIA are collaborating on together.

• NetApp and Intel are collaborating in AI too, on a solution designed to streamline adoption of inferencing.

• Citrix customers can now run multi-cluster environments hosted on the Prism Central solution on Nutanix Cloud Platform.

• The Alarm Protocol Relay algorithm in EPIK from Granite Telecommunications is the vendor’s third technology to be patented in less than a year.

• Dalyn Wertz is the winner of the Channel Marketing Association’s first-ever Founders Award.