Press "Enter" to skip to content

Q&A with Tim Weller, CEO of Datto

Last month, Datto, a provider of cloudbased software and security solutions purpose-built for delivery by MSPs, strengthened its cyber security offering with the acquisition of Infocyte, a specialist in Endpoint Detection and Response (EDR) technologies and Managed Detection and Response (MDR) services.

Datto’s second security-focused acquisition in less than 12 months, following that of Israeli cyber threat detection company BitDam last March, highlights the growing importance of frontline cyber security solutions to its proposition.

BitDam advanced threat protection and spam-filtering technology, which protects cloud-based collaboration tools such as Microsoft 365 and Google Workspace from ransomware, malware and phishing, including zero-day threats, has already been integrated into Datto’s security stack in the form of SaaS Defense.

Announced at DattoCon in October, this provides MSPs with patented technology to proactively detect and prevent malicious malware, phishing and Business Email Compromise (BEC) attacks on Microsoft Exchange, OneDrive, SharePoint and Teams.

The complete integration of SaaS Defense with Datto SaaS backup and recovery in the company’s new SaaS Protection+ solution enables MSPs to provide their clients with multi-layered protection against cloud data loss caused by user error, ransomware and other security incidents.

Now, with the acquisition of Infocyte, Datto plans to reinforce its endpoint line of defence by integrating the Austin, Texas-based company’s capabilities into the Datto RMM platform. These include patented technologies that continuously collect and correlate data from endpoints to identify potential threats and vulnerabilities, supported by a team of security analysts in a Security Operations Centre (SOC) who can respond in real-time to escalated cyberthreats.

These capabilities represent a significant strengthening of Datto’s capabilities within the Protect, Detect and Respond stages of the NIST organisational security framework that Datto already addresses with its complementary Datto RMM Ransomware Detection and SaaS Defense application security products.

To find out more about the thinking behind the acquisition and its benefits for Datto MSP customers and their clients, Technology Reseller caught up with Datto CEO Tim Weller.

Technology Reseller (TR): How does the Infocyte acquisition fit into your security ecosystem and product strategy?

Tim Weller (TW): At our investor day in December, we talked about Datto’s RMM platform and Datto’s SaaS platform as being our two key platforms for security. Last year, we acquired BitDam and integrated them into our SaaS Protection platform, giving us security for all of Microsoft 365 – email, Teams, SharePoint – and some Google Workspace as well. Now, we’re acquiring a small company called Infocyte that we’ll integrate into our RMM platform. RMM works on the endpoints, SaaS works at the end user level – they’re two pieces in a security stack.

About a year ago, we launched a ransomware detection tool for RMM, so we’re already in the security business with an add-on for that, which itself is a critical part of an MSP’s base security platform.

This [acquisition] is an obvious development for anyone who’s been watching Datto. We’ve telegraphed our move into this protection, detection, response space for six to nine months with a lot of internal development work. That’s our primary motion – we love to build tech from scratch – but we also have an active M&A team. When we met Infocyte last summer it wasn’t clear whether they were for sale or not. We just got to know and like each other and decided we’d combine.

TR: So, you’re going to integrate Infocyte’s technologies into your RMM, much as you did with BitDam and SaaS Protection?

TW: That’s right. We essentially extended their technology. At the time, BitDam was a very small company going down the route of selling to enterprises. We pulled their technology off the market and repurposed it for managed service providers. After a further six months of development, we integrated it into our SaaS Protection platform. It’ll be similar with Infocyte.

Infocyte does have a business that serves MSSPs as well, doing incident response and some other things. We will keep that operating on the side, as they are valuable partners to us in their own right and because MSSPs often serve MSPs in this complicated world where several different layers of partners work for each other. But we’ll take the bulk of their technology components and integrate them into Datto RMM and make that even stronger than it already is.

TR: Will this technology provide an added layer of security for MSPs, as well as for their customers’ endpoints?

TW: It will to the extent that MSPs manage their own endpoints and to the extent that in some of the attacks we’ve seen over the last few years the attacker has tried to escalate from the MSP’s RMM and get inside the MSP.

We have done an enormous amount of work over the last five years working on security for our RMM. It’s really built-in from the beginning, because on the one hand an RMM is an incredibly valuable tool for MSPs to manage security – I occasionally hear an MSP say ‘we’re getting rid of our RMM to be safer’, but doing that does not make you safer. On the other hand, it is a very exposed tool if you have security threats that can weaponise it. We now have almost 60 people on the security team who are just focused on keeping the RMM safe, and this acquisition – Infocyte has 27 employees – will extend that. But the primary focus is to get add-on solutions for MSPs to protect their clients.

TR: Twenty-seven employees doesn’t seem like a great number if Infocyte’s technologies are going to be widely adopted by your very large customer base.

TW: BitDam was similar in scope and scale so it’s consistent with the way Datto does things. Our unique take on M&A is that we’re not looking to buy revenues; we want to find people that love to build tech. It helps a lot if they’ve already got some tech, and it helps a lot if they’ve got a small amount of revenue and customers, but if they’re serving enterprises or they have much bigger revenues and we don’t like the tech stack, we would view an acquisition as a step backwards.

Believe it or not, small development shops of six or eight or 10 people can move mountains in these areas, if that’s where their passion lies. In Infocyte’s case, the founding team came from the US Air Force where they built some early SOC and early cyber defence tools. So, they’ve been in this industry a long time – a decade plus. And that’s not uncommon – the BitDam team came from the Israeli military years ago.

TR: And what sort of take up are you expecting there to be?

TW: That’s a good question. I don’t want to get bound to precise forecasts or projections, but I’m somebody that believes every MSP is going to have to put a full security stack in for every single SMB client.

Go back a decade and your job as an MSP for a dental practice or a law firm might have been to procure laptops and get Microsoft Windows and Office all set. Today your job is to protect their data, protect their applications.

Cyber attackers have figured out that SMBs are good targets because they’re usually more exposed. Ransomware is ransomware, bitcoin is bitcoin and the big company CIOs do a better job of protecting themselves, so I like to think that if there’s anything short of 100% penetration, either the MSP wasn’t going about it right or Datto’s product wasn’t right.

I’ll save my projections for later in the year, but to give you a sense of the addressable market, the headline of my DattoCon keynote was ‘MSPs, you are in the security business’. You need to own and embrace that. Hardware, service desk and help desk are still very important to your clients, but the core of your brand as an MSP now is ‘we’re going to secure your digital assets because the value of your company is in your applications and data’.

TR: Lately, you’ve tended to do an acquisition every year or two years. Is that because you need time to ingest these new companies? Or is there another reason?

TW: It’s probably because we’re fussy. We look at 50 things at a high level and then we meet five or six management teams. The cultural fit is very important to us; we don’t want them to be too big or too small; they have to be technologists; and they have to have a passion for building software. It doesn’t do you much good to buy the software and see the team leave, so we’re very careful.

If the goal was just to buy more companies, they’re out there – M&A has been a very hot space in the last couple of years – and we certainly have the capacity to buy a couple of things a year. But we have a methodical nature. We’re also very focused on our product set.

I’ll give you an example. We were shown a UCaaS video conferencing company a couple of years back and we really liked them. So we talked to a bunch of MSPs and they all said the same thing: ‘small, medium businesses don’t use video conferencing’. Three months later when the pandemic came along I’m thinking ‘Oh, that would have been a nice thing to have purchased’. So, we’re very disciplined. We always talk to partners. We always say ‘Is this something you need?’. We’re very tuned into what they’re selling and today that’s security.

TR: Is security now Datto’s main selling point?

TW: It is. I think it’s taken people a long time to figure out that Continuity, our flagship product, is security even though we’ve been saying that for years. I wouldn’t spend a dollar on firewalls, antivirus, endpoint, all these other things until I knew I had strong backup and a capability to recover. I’ve been in technology for decades and lost enough data in the ‘80s and ‘90s to know that that’s where you spend your money first – you move into a new house, you get insurance because if the house burns to the ground, you need to be able to replace it. Then you start thinking about door locks and smoke detectors and all those other things. Catastrophe could strike, so you have to have a recovery capability.

So, we’ve always been in the security business, even if the tech world defines that as what you are doing in detection and response, what I would call frontline technologies. The Infocyte acquisition is another step in our inevitable move into those frontlines, but we still do thousands of restores every year and increasingly many of those are ransomware malware related. Your heart stops if your small law firm gets ransomwared and you can’t open for business without paying the Bitcoin. If we can restore your environment, we’re your favourite vendor for the next 10 years.

TR: You don’t want to get too good at stopping all the cyber threats.

TW: I’d be happy to work with MSPs at any point in that stack. As a citizen of the world I’d rather stop the attacks in advance, but there is a certain smile that comes to your face when disaster strikes and you’re able to put somebody’s environment back together. It just feels good. It’s a good reason to go to work every day.

Please follow and like us:

Be First to Comment

Leave a Reply

TechnologyReseller: 2021