Kaseya Buys Graphus To Make Phishing Defense Easy For MSPs

‘This is something we bought because we got so much damn value out of it,’ says Kaseya CEO Fred Voccola. ‘It’s powerful but easy. There’s a lot of powerful technology out there, but it’s often hard to use and implement.’

Kaseya has purchased phishing defense startup Graphus to effectively defend Microsoft Office 365 and G Suite from email-based threats without requiring too much manpower.

The Miami-based IT service management vendor said Reston, Va.-based Graphus’ technology is very lightweight and easy to install, and can be implemented by MSPs with very little customization required, according to CEO Fred Voccola. The lack of appliance makes the configuration process straightforward, which Voccola said is essential for already overwhelmed MSPs.

“The criminals are doing very innovative things to trick, fool and deceive the majority of honest people in the world,” Voccola told CRN. “We need to make sure we are providing the right weapons for our customers to defend themselves against these existential threats.”

[Related: Kaseya Buys ID Agent To Strengthen Dark Web Monitoring Muscle]

Kaseya began using Graphus ten months ago after an email got through impersonating Voccola and asking the company’s new chief financial officer to pay a vendor $10,000 by clicking a link. The company was looking for a tool with robust flagging capabilities beyond Microsoft Office 365 Advanced Threat Protection (ATP) that would notice things such as spelling errors even if the email address was correct.

“This was a very practical thing,” Voccola said. “They built a really good product. It’s been great for our company.”

Terms of the acquisition, which closed July 2, aren’t being disclosed, Voccola said. Virtually all of Graphus’ 50 employees have joined Kaseya, including both of the company’s founders, according to Voccola. Kaseya is looking to add more employees in Vancouver and Las Vegas to support Graphus’ research and development efforts, Voccola said.

Graphus will be integrated into Kaseya’s G Suite and Office 365 email backup tools, as well as the credential monitoring and security awareness training capabilities acquired from ID Agent to better understand if a user’s credentials have been compromised, Voccola said. It’s difficult for an anti-phishing product to pick up on malicious emails being sent from a real account following credential compromise.

The dark web integration will allow Kaseya to determine the likelihood that an email address has been compromised so that Graphus’ scanning and analysis capabilities can be focused on the most likely offenders, he said. Checking the backlinks in every email to ensure they’re not malicious would slow the system down to a crawl, but integrating Graphus and ID Agent balances security and performance.

Kaseya will offer Graphus’ phishing defense capabilities at 30 percent to 40 percent less than competing products, though Voccola declined to provide specific pricing information. Graphus will be offered as a subscription, and can be managed from the same pane of glass as the rest of Kaseya’s IT Complete platform, according to Voccola.

“This is something we bought because we got so much damn value out of it,” Voccola said. “It’s powerful but easy. There’s a lot of powerful technology out there, but it’s often hard to use and implement.”

Most security products are designed for enterprise users, but he said Kaseya’s patching, compliance, multi-factor authentication, single sign-on and internal protection tools are tailor-made for the workflow of the MSP market. Security accounts for between 35 percent and 40 percent of Kaseya’s revenue today, making it larger than the company’s longstanding remote monitoring and management (RMM) business.

Kaseya’s security business is enjoying organic growth of more than 30 percent annually, Voccola said, and three-quarters of Kaseya’s security customers are buying security from them on a standalone basis.