Cloud App SecurityManaged security monitoring and investigation of security incidents for SaaS services.
Compliance AssessmentSecurity risk reports to lead your security conversationswith customers.
Endpoint Policy ManagementDevelop and enforce end-to-end protection for customer networks, users, apps, and data.
EDRManaged threat detection and response for desktops and servers.
SIEMThreat visibility, faster response times, and stronger layers of defense for your clients.
Network Threat Detection by PerchCo-managed threat detection and response solution to protect client networks.
SOC Services24/7/365 threat monitoring and response in our security operations center.
Cyber Research Unit
Threat Hunting and Threat Intelligence for TSPs and MSPs
All about the CRU
All the latest in security news. The CRU identifies new vulnerabilities, researches them, and shares what they find with all to see.
The CRU has developed automated tools to perform basic analysis on security incidents to help automatically make decisions on escalation and remediation.
With “research” in the name, it only makes sense that research is involved. They dig deep into automated and manual malware analysis, vulnerabilities, and more.
The CRU monitors ransom leak sites and malicious botnets for new threats, uses OSINT resources, and utilizes data from the Perch platform to help create content and complete research.
With the CRU, cyber threat hunting involves building visualizations to highlight abnormal activity, searching through data for new indicators of compromise (IoCs), or testing various queries and reviewing the results.
The CRU is a big fan of hosting CTFs, and for good reason. From their eyes, cybersecurity capture the flag events are a great way to dip your toes into cybersecurity or build upon expert skills.
Threat ReportView All >>
Windows Installer Elevation of Privilege Vulnerability
Microsoft released a patch for CVE-2021-41379 during their November 9, 2021, Patch Tuesday updates. The patch was supposed to correct a flaw in the Windows Installer that would allow a malicious user with local access to delete any file using elevated SYSTEM privileges.
Emotet is back
On Monday, November 15, word began leaking of a new version of Emotet being distributed. The initial sighting showed an Emotet DLL being downloaded by Trickbot, but since then multiple reports have come in of new malicious emails with malicious Emotet attachments spoofing replies from stolen email chains, presumably originating from already infected hosts.
Exchange ProxyShell being used for Babuk ransomware attacks
News came out earlier this week of a threat actor, commonly referred to as Tortilla, exploiting the Exchange ProxyShell vulnerability. According to intelligence released by Cisco Talos, Tortilla has been operating since July 2021. It mainly focuses on US businesses, though they have targeted a few organizations in the U.K., Germany, Ukraine, Finland, Brazil, Honduras, and Thailand.
ConnectWise Cyber Research Unit Threat Feeds
View the CRU threat feed >>
This repository contains lists of threat intelligence discovered by the CRU using our internal sandbox built on top of the Perch platform or found while threat hunting. This data is threat intelligence the CRU has been collecting for years and using internally at ConnectWise for threat hunting and threat analysis assistance. We use this intelligence daily, searching for these indicators in our customer's network data to find new threats and filter out false positives. This feed is updated daily.
Who we are
Sr. Director, Global SOC
With more than 25 years of security, engineering, sales, and operations experience, Drew brings the whole kit and kaboodle to the CRU. He leads the Global SOC team, bridging the gap between security operations and threat research.
Director, Threat Team
He has over 20 years of experience in IT, with more than 10 of those in cybersecurity. He comes from Perch Security, where he managed operations and security. He spends his free time enjoying tacos, breaking things, and BSides.
Bryson brings more than 10 years of cybersecurity experience on top of another 10+ years as a system admin. He’s skilled at reverse engineering, malware analysis (he downloads it for fun), Python, Linux system admin, web hosting, and CTFs.
Senior Threat Researcher, CRU
7 years of cybersecurity experience. Skilled in Python. Knows all about automation. Loves data science. Wouldn’t mind a few more bots.
Threat Researcher, CRU
Ross comes to the team with 6 years of cybersecurity experience, a B.S in computer science – information assurance, and a background in Python, incident investigation, red teaming, and Docker.
Certifications: GCIA, OSCP
2021 MSP Threat Report
Download the report >>
See what the CRU put together in the second edition of the MSP Threat Report. Get an eye-opening look at what MSPs faced in 2020 and predictions for 2021 and beyond.