Flash by Cavelo: The Next MSP Tool (EP 929)

Hello friends, Uncle Marv here with another episode of the IT Business Podcast, recording at IT Nation in Orlando. We are at the Rose and Shingle Creek, and this episode is presented by Thread, a previous winner of the Pitch It competition, and that is coming up later this afternoon. But right now, I am joined by a good friend of the channel, Larry Meador.

How you doing, Uncle Marv? I'm doing pretty good. And I have a first timer on the show, but somebody you need to know, James Mignacca, CEO of Cavelo. Thanks, Marv.

James, how are you? And you pronounced my last name perfectly. I don't know if that's perfect. Well, better than some.

Better than most. Yeah. That's what I like to do.

I think we've all been called worse. Yeah. So friends, you know about Cavelo, continuous scans, identity classification of data centric security, all of that good stuff.

But I want to talk about this new swag you brought me. Yeah, I can see it. Always can you see it.

People can't see it, but as you may know, Cavelo made a statement by giving me the hockey jersey that now sits forefront up in the rafters there. And now we've got a little plush animal here. That is Flash.

He is our horse. He is our new mascot for Cavelo, because Cavelo in Italian, am I correct, is horse? Well, Cavelo, the pronunciation Cavelo in Italian means horse originally went with our original logo was actually a horse, like a horse. And so the idea was we started the platform doing data discovery and of course, in the old days, they would be able to find things like you'd use them to find things. 

And so that was kind of the premise. And then we're bringing back the horse. Mark, we're bringing back the horse.

Did anybody even know that it was a horse in the beginning? It was early days, but it was very dear to my heart. So I'm super excited about the horse. And we were two weeks ago.

Yeah, two weeks ago, we were somewhere. And I said to Larry, I'm like, Larry, we're bringing back the horse. He looks at me and he's like, as he looks at me all the time, it's like crazy.

And sure enough, we brought back the horse. And, you know, I think for us, it's an interesting milestone where, you know, we've it's not to suggest we're changing our brand or anything like that. It's an addition to our brand.

But we call the horse Flash, which is a new product that we're actually releasing this week. There we go. There's the there's the drop.

So the product is called Flash. The product is called Flash. But, you know, let me tell you the real drama on how this happened.

OK, because we were conducting a boardroom at another event. Oh, I thought you were going to say we were in a bar. No, no, we were not in a bar.

We've been in bars and we may have been in a bar afterwards, kind of conjuring up a horse. But the way this all came about, we were in a boardroom event or in a boardroom at another event talking to MSPs. You can say the event if you want.

Oh, OK, that's cool. We're exchange Denver. There we go. 

OK. And we're given our presentation to teach the MSPs about what Cavelo is, what we do, what we believe in, all of that good stuff. And he and I were tag teaming things.

And all of a sudden he just kind of turned around and looked at me and said, you know what, do you mind if I go rogue and we just skip the deck? And I kind of just went, oh, what are we going to do? What's coming? Let me tell you, I was like, he was scared. He was like, I have no idea where he's going with this, but he's the CEO and founder of the company. You go where you go.

Yeah, I go where he goes. Absolutely. I do what he tells me to do.

So I'm like, James, go for it. And what happened was we now joke about saying we went rogue, but he just basically said to the MSPs, he said, you know what, we're up here touting why you need to be using our platform, and we're not talking to you about what is it that you need? And he said, I'd like to learn what is it that the UMSPs need to sell a platform like this, Covella. And boy, that started a conversation that we got kicked out of the boardroom because we were over our time allotment, but they came and found us afterwards because they wanted to continue this conversation.

And basically what we heard from them was they love what Covella does for their clients, for them as well, but they needed help in going to market with this and how do they sell it to their clients? And so that gave James the idea of what we're about to talk about, which is the product that we're announcing here at IT Nation. And that's also why the horse came back into play. And our little buddy here, his name is Flash, because he represents the new product that we're releasing, which is Covella Flash.

And then we're going to start calling the main platform Covella 360, because it's really kind of an all-encompassing platform that takes care of your clients. Let me go back and double down on what you talked about and the fact that most MSPs really need to know what it is and why and all of that. It's been a lot of times, you know, as an MSP, I get pitched a lot and the pitches are always, you just need to use our product.

It's better than X, Y, Z. And I'm like, why, how, or mine does this, I'm good. One of the things I know that we've tried to do in this industry is have vendors educate MSPs on what it is they're supposed to be doing. Your platform in particular, I mean, asset discovery, vulnerability management, and all the other stuff that I mentioned kind of just trails off in a sense.

How has it been, you know, educating people not just on your product, but why we need to do all of these things within your product? So I've never met a prospect that doesn't want to offer a cybersecurity service. Think about it. It adds more revenue, reoccurring revenue, means that their customers don't need to go somewhere else, right? So it's stickier.

So it helps up with churn. And so what boggled my mind is there were a lot of MSPs that were struggling to make the leap, and I don't think sometimes vendors listen. And so what I heard was that if you think about that leap, right, it means you're investing in a new product offering, right? So that means cash flow, right? So back to your cash flow, you probably, they think that you need to hire another person, like a cybersecurity expert to be able to do this, which for our product's not true.

But more importantly, we got into this kind of back and forth with some of our new prospects where it's like they get, they understand they need to do it, they want to do it, but they didn't know how. And when it comes to go to market, you know, I think there's a lot of aspects of go to market, right? Like there's collateral, you know, from a marketing perspective, all that good stuff. But what I realized is at the end of the day, people just want to show something, right? They want to give a glimpse of this is what we could provide to you, the value, and you could have a one pager marketing, one pager every day, but like people are so tired of the noise.

You said it. How many times do you get a phone call? How many times did the better product, right? And we could, I could argue about our products better, but that's not, that's, that doesn't matter to you. What I realized is... It matters if I understand why it's better.

I mean, I think what happens is we get into the mindset of checking off the box. I've already checked off the cyber security box. Why, why do I need another check in that box? I think it's what happens a lot of times.

Sure. And, and taking a step back, we were an MSP 15 years ago, so I understand, I understand what it's like to be an MSP. And one of the things that really matters is cashflow, right? That, that's really what keeps, that's what everyone cares about and churn and all that stuff.

And so what we realized is we need to help our partners out and creating a lead jet, because at the end of the day, selfishly, it helps us, but it helps you. And we're, we are the partner that believes in the MSP ecosystem because we were an MSP. So we're here to stay.

We're not leaving. We're not, this is, this is us, right? And so what we decided to do was do a flash, which is basically any one of our existing customers gets flashed for free. Did I say free? You did say free.

I heard free. Nothing's free. So, but truly it's, it's free.

And, and what it is we're, we're, it's basically a one-time risk assessment, cyber risk assessment that you can provide to your customers to say, Hey, this is what you would get as a one-time, you know, assessment. And this is why you need the full stack, the reoccurring, right? So it kind of gives the prospect, your customers an idea of what is their cyber stance, posture at this point in time. And it's, I want to be very clear.

It's not a scare tactic, right? It's not that it's a, it's giving some substance and context, you know, where's your data, where's your vulnerabilities. Right. And so like people don't have a good grasp of this and they don't know what they don't know.

So if you're pitching something and you're saying all these high level stuff, that's great, but they think it doesn't affect them. When you could pinpoint, you say, Hey, here's the report. It says that your CFO has $10 million of sensitive data.

Whoa, that's real, right? Oh my goodness. You got a passport, you got credit card information everywhere. Like this is the real deal, right? Then it's like, then you can have the conversation to say, this is why it's bad.

Because if you get breached, this is your potential liability. And so for us, it's like, again, we're investing in our ecosystem, our partners, our customers, we want them to be successful. So we're delivering the service for free for all our existing customers.

Now, does this qualify as a cross between a risk assessment and a gap analysis? Yes. Okay. So, so let me talk a little bit about that.

Uh, so we do the, uh, configuration management was the CIS benchmark. So we'll tell you, you know, where, where, what that, with the configuration, uh, best practices is. We'll tell you, uh, data discovery, where all your sensitive data is like passport, visa, banking information.

By the way, do you know how many people take pictures of passports and credit card information? We're all kind of guilty. I know I just had a, uh, a law firm where we went through a folder and I was opening it up and it was all the driver's licenses of their clients. And I'm like, why is that there? And, and, and sometimes they don't know, or they don't know.

It's not, it's not good. And 80% of breaches happen because of human error. So imagine just not knowing it's there or saving it.

We've had this happen where someone accidentally saves it to a personal Dropbox. We'll tell you where all that sensitive data is and is mind blowing. You know, people just don't understand that it's everywhere because of the fact that there's so many facets that you can put data in now, you know, there's so many, there's many cloud services out there, uh, that you can accidentally save as, um, and so then we do vulnerability management, which is something that's important.

It's obvious, you know, uh, it guards against, uh, ransomware and things like that. Uh, and, uh, and, um, and so the idea is for our existing customers. Get more prospects on the platform.

It's a win win. Yeah. It's a, it's a great migration path too, as well.

Cause I mean, you know, as James was just talking on the Cavelo 360 product, it's built off of five pillars. And you know, the whole thing here is how do you guys as an MSP protect what you can't see? And we're going to help give you that visibility. We're going to show you where the assets are, where the sensitive data lies, who's got access to it, what they've been doing with it.

And then as James was just talking, we build in the vulnerability management and the configuration management, and that's all done on our full platform on a continuous basis. So that's, you know, always going, you're getting notified when something deviates or you've got some problems out there with Cavelo flash, you're getting the same thing, but it's a snapshot in time. You're going to be able to just see it right now.

It's not going to be this continuous type scan, but it's a way for MSPs to like James was saying, go out there and, you know, throw the hook out and try to, you know, put bait on the hook, throw it out there and try to catch that fish, you know, the new customer or the existing customer that's been refusing you saying, Oh, this stuff's not that important. I'm not that worried about it. You're perfect.

The example you just brought up was perfect. You know, you've got a legal firm who's got copies of the driver's licenses of all their clients. Do they have any idea how much that could be worth or what their exposure could be? We're going to be able to show you.

They should, but they don't. They should. Exactly.

And I was just also thinking, so I have another law firm that wants me to open up the ability to transfer files back and forth between a remote server and an end user on a remote device. And I'm like, I don't think that's legal. Um, and I just went through, there's a Florida bar opinion about safeguarding data and all of that stuff.

So my, my whole thought as you guys were both talking is I need to run this against their environment to show them, because to be honest, I'm their MSP. Yep. I don't know what's in their stuff.

Cause I don't have time to go through looking through their folders and stuff. And you'll never get it a hundred percent accurate because it's impossible. And so it's automated.

It's a, it's real time. And like from a three 60 standpoint, continuous perspective. But like Larry said, the flash is a one time.

And you know, I always say it's like the one time is great because it shows you a snapshot. It's like my, uh, my oldest son's, uh, bedroom. I tell him to clean it up next day.

It's messing. Right. That's the reality of the environment.

Oh yeah. You see it all the time. Oh yeah.

You're compliant today, but who knows about tomorrow? Right. It's a moving target. Yeah.

But now if you've got a platform that's telling you what's going on, it helps make your life a little bit easier. Okay. So this flash, I'm thinking of it more as a, like a fast track onboarding type of scenario where you can go in and do this.

You can do all that. It's really easy to use. So let me just, can I talk to, I was going to ask, is it something that will work on local on-prem network as well? So imagine, uh, you are the MSP and you have a prospect that you want to do the one-time, uh, uh, risk assessment.

You basically, let's say there's five folks, like the executives, they're always the worst ones, right? Like I know I'm the worst, but in a good way, no comment, no comment. Uh, you put it in their email address, sends them an email. They click on it.

And then basically, uh, there's a, it pops up a status bar when it's done like 15, 20 minutes, you know, maybe a little bit longer. Obviously you have to tell them this is coming because we've, we've trained our people not to click on exactly. So you, you have to control that.

You basically as an MSP, this is your sales approach, right? You can also just do the external, uh, external websites, whatever it might be, just to give an idea of what, what the vulnerabilities are there. Anyways, once it's done, uh, PDFs available and they, you can, as an MSP choose to get on a call with them, present it or send it to them. However you want, you can actually go in and customize the report to however you want to do it, your logo, your, your, your, your color scheme, whatever it is, we don't care.

We just want you guys to get more prospects. Yeah. Now, if we're sending this to the CEO and they're clicking the link, I'm thinking that it's only going to examine what they have access to or what they can see based on where they are at that time.

Exactly. Okay. So we want them to do it when they're in the office.

Uh, well you can do it whenever, wherever they are. Okay. Because cloud services like, um, uh, like Office 365, you would have access to it or whatever.

It really depends. Like, I think there's, there's, there's pros and cons to either, or like if they're working from home, there's, there's reasons why you would want to do it from home too, because there might be some other attack vectors that are, you know, right. Available or yeah.

Okay. So I'm thinking about this one client cause they're on-prem. So I want, I want the CEO in their office, right.

So they can see what's on that network or I send it to their junior IT on staff. Yeah, I can do that. And then they could, they could basically be the liaison.

Or is it something that I can just drop in one of my RMM clients and run it myself? Yeah, you could do that. A hundred percent. Okay.

Actually, can I just, that's actually really smart. Oh, stay there. Uncle Marv, that's great at the same time.

Yeah. I love that. That's actually, that's extremely, yes.

Okay. Yeah. So you can execute it.

They wouldn't even know. I mean, cause you know, my existing clients, I need to do that for them. And I can just pop up and say, Hey, guess what? I was looking at this, uh, Florida bar opinion.

Thought I'd dig around. Here's what your network says. I love it.

That's great. Yeah. All right.

Larry, we need to chat, man. Yes, we do. Yes, we do.

Although you might be too expensive for me. No, no, no, no, no, no, no, no, no, no, no. Okay.

So, so, so let, let me just say this. We want to, we want to own the market and what, what, and I'm, this is me being rogue. Oh, damn.

Our, we built a product, a product stack that, that replaces enterprise grade software, Tenable, Qualys, Promis. Okay. Let's just, we started with that.

Right. So, so to your point, yeah, that that's where you might say we're too expensive for you. What we're doing right now is we're, uh, we're releasing flash to our existing customer base come the new year.

We're going to sell it as a standalone. Okay. And so I expect this to be a product that, uh, some of the, uh, folks just use as an ongoing, like you will have certain amount of seats that you can deploy to and, and that's their, that's their risk assessment.

Here's the thing that I've realized. Not everyone has an appetite for the reoccurring, right? I, I, I truly believe that's where everyone should go. I, I, but you got to graduate, you got to graduate.

Well, I mean, it's one of those things where I'm having this discussion because of another product that we've been using for two years now, and the customer's like, can we, can we please stop doing this? And I'm like, listen, cybersecurity doesn't stop. Hackers don't stop. Bots don't sleep.

Right. We've got to do this, but I get what you're saying. But there also needs to be that level.

And I'm going to say this as a small boutique MSP, where a lot of the enterprise stuff doesn't translate to some of my small customers. I've got a few where it's just fine, but there's a good portion of my clients that are like, eh, we're too small. We don't need that.

I'm like, you do need that. That's what we heard in that boardroom. That's what we heard.

Yep. So that's, that's what 30% of our roadmap is carved out for customer feedback. This is proof that we do it.

Okay. All right. And for clarification, when we say customers, we're talking to our MSP partners.

Those are our customers because we don't go direct. I know, but I've still got to, I've still got to sell it to my customers. Yeah, no, absolutely.

Absolutely. And that's where Flash comes into play is now all of a sudden you've got a flat fee per month and you can do this one-time assessment for, you know, all of your clients and put it in their hands. And the beautiful thing is the reports are not techie reports.

They're very graphical. They really show a story. And we also explain what's going on within that report.

All right. I know we're over time, but I did have one more question because we talked about the asset, uh, discovery. We talked about the data classification, vulnerability management, identity access management, exactly.

What does that mean for you guys? So I'll give you a real life scenario. I just got an email from one of our, uh, uh, customers where they said we saved their butt. That's ass.

Can I say ass? You can say ass. We saved their ass. So basically imagine something happens and a file gets deleted.

We can tell you who's deleted that file. What point time we tell you who has access to those files and folders. And so a couple of scenarios where, um, that's important is let's say it's human error, someone accidentally deletes it, right? Then, you know, it's, it's, and this is part of regulatory compliance.

You know, who's deleted it. Let's say you don't know. Like the idea is, um, you want to limit the access to the files, the crown jewels, the one, the files you're trying to protect that will, will tell you who has access to it and when changes happen.

And a lot of times, and we've had this scenario where they're doing an audit, KPMG or whatever accounting firm comes in, they get access to the, the files that they need. They, they, they, they don't turn that off. Right.

Right. Um, and then let's say there's a malicious actor that gets in there. Malware takes down a server or a machine.

We'll tell you what files potentially were breached. That's the important piece. And we'll tell you who has access to it.

And you know, insider threat, like the Sony breach, let's say, you know, someone in maliciously actually took files. We'll tell you who that person is who moved those files. That's the identity.

Well, that's exactly what I was thinking of. I'm, I'm doing another deal, another law firm where, you know, files get moved around all the time and they're, they suspect somebody downloaded a bunch of their stuff onto a USB drive. I've got nothing in place to track that because they never wanted, you know, anything more than we just want to call you when we need you.

I'm like, yeah. Okay. So now it's like, we need to put something in place to track that stuff.

And this is all part of best practices and regulatory compliance. Yep. Absolutely.

Okay. So that's us. That is you guys.

Sweet. That's flash. Flash is being announced.

It's a, it's going to go standalone in January. Is it? Yep. Okay.

Does that mean you just customers and join just to get that? Yep. Okay. Come to the website.

Put in your credit card. Where do you go? You got it. All right.

So Cavelo folks, C-A-V-E-L-O. And I got something from lunch probably going to Cavelo.com. .com. You'll be able to see all we've got out there. And I will have a picture of flash, the mascot on the website.

We'll see how he stands up against the rest of the swag. You know, maybe I need to put a hockey Jersey on it. All right, folks.

Larry Meador and James. Well, come on, do it. Mignacca.

Oh, nice job. Uh, thank you guys for stopping by and enjoy the rest of the show. Awesome.

Welcome, Mark. Thank you, buddy. Always a pleasure.

Good to see you. Yep. That's it folks.

We'll be back with more from it nation here on Orlando. See you soon. Holla!.