CTech – In early 2020, American technology firm SolarWinds was hacked by a Russia-linked group implanting malicious code into its 33,000 customers who use its Orion system to manage their IT resources. The next year, hackers associated with the Russia-linked REvil ransomware-as-a-service group hit Kaseya and its 30 managed service providers, affecting more than 1,000 businesses in 17 countries.
It was becoming clear that the world was entering a new form of warfare
“I don’t know if it’s luck or success, but there is no product that can’t be hacked — that’s a given,” explained Atera’s new CISO Oren Elimelech. “I’ve seen country levels being hacked. It’s all a matter of how many resources you have.”
Elimelech was brought into Atera following the SolarWinds hack and just before Kaseya was hit. As its new Chief Information Security Officer, he was tasked with understanding how to improve the company’s product and make it not only a strong product in terms of productivity and effectiveness, but how to make it secure and avoid the same fate as its competitors. He says that from what he has seen so far, the software solution company for managed service providers has “segmented” everything to do with corporate solutions and everything to do with its production into two different aspects.
“You can turn off the entire office mailbox and it will not damage or have any access to production environments — that’s very good,” Elimelech added. “We’re listening to customers and listening to the market. We’re trying to find out where the gaps are. Following SolarWinds they made changes, following Kaseya they made changes — everything. That’s how it works.”
Atera has raised a total of $102 million over two rounds to help provide its customers with an all-in-one software solution for remote monitoring and management, automation, and remote control support. Founded in 2014, the company is experiencing growth as it helps organizations operate and address technical issues from wherever they are — something becoming more important following the pandemic and the “new normal” of having employees working from home across different servers. Today, it is approaching 8,000 customers, achieved entirely without a devoted sales team.
Traditional IT professionals would operate on a “break-fix” term, similar to a plumber for a home. He or she would be called onto the premises in the event of an issue. As things moved increasingly online and up to the cloud, IT services evolved into more of Atera’s model: an MSP (managed service provider) that is usually retained with a monthly fee. Connecting via the cloud may be helping companies operate through the pandemic, but it’s a “Hacker’s Delight.”
“Once it’s based on the cloud, it’s a new perspective,” Elimelech continued. “How do we secure the access from the cloud to the on-prem and provide monitoring capability in the most secure manner? How am I able to support a technician sitting anywhere in the world, supporting his customer, and providing him with a self-automatic capability but it’s still secure? That is a huge challenge.” It isn’t just offering what competitors are lacking, but anticipating other technical aspects companies might face down the road, he tells CTech.
To combat some of this and prevent what the world has seen in its competitors, Atera has added built-in fraud detection to its all-in-one offering, allegedly something that no other company in the market offers customers. In the future, the company will help enable security scanning on the network built directly into the product. Elimelech confirmed that the Atera roadmap under his watch will integrate capabilities to notify clients and SMBs if their online credentials are leaked or manipulated by hackers on their network.
“It’s actually being used today with Google and Microsoft, so we are taking their initiative,” he said. “If the big giants are doing it, why don’t we do it? None of our competitors are doing it. … SMBs might use Atera and if we find inside the network passwords that were hacked, we can notify them and tell them ‘look, be aware!’ Eighty percent of the security is just knowing you’re exposed.”