I had the opportunity to speak with Tyler Leonard, CEO of AnchorSix and Todyl partner, who shared his cybersecurity journey and how he built it into a core part of his business. From tackling big issues like double extortion ransomware to improving customer relations through consolidation, Tyler shared tips that MSPs of any size can plug into their operating models. Here’s some of the highlights from our conversation.
Tyler Leonard: I am the CEO of Anchor Six, a managed service provider based in Utah that also serves Arizona and Florida. We’ve been in business for 25 years and have been a Todyl partner for around four years now. We don't target any specific vertical, but have seen success in legal, construction, manufacturing, and the automotive space.
TL: The lack of cohesiveness with cybersecurity tools and approaches. We used multiple different tools to meet niche issues for customers, whether it was budget constraints, a specific compliance need, or even just something we wanted to test out.
Todyl checked many boxes for us and struck us as something that we could standardize on. We implemented it for a handful of clients early on, and the timing was great. When some incidents occurred, Todyl quickly made a name for itself. Those clients weren't using many Todyl modules, which provided evidence of the platform's overall value and made future conversations about deepening their security stack much easier. Between the effectiveness of those first layers, the other capabilities of the product and, ultimately, having the kind of package that can work for clients with tight budgets… it all coalesced into a successful outcome.
TL: Data exfiltration. So many ransomware groups have transitioned to double extortion schemes. We've been fortunate that we haven’t been bitten, but our clients were terrified about getting ransomware on their servers. We could throw every layer of security at them that we can imagine, but the only thing that really gave us enough comfort to sleep at night was having fantastic backups.
We would go to the customers and say, “As long as you get some great backups in place, I think we can all sleep at night. Even if a bad actor gets in there and hits you hard and we can't see it coming, at least we have those backups and can get you back up in business in short order.” And we all felt good about that.
But now, with this transition to double extortion schemes, backups alone don’t provide that comfort anymore. It’s a hard conversation to have with our clients: “Remember the days when we could all sleep at night just having fantastic backups in place? Well, that's not exactly going to cut it anymore. We have to talk about your data and what will happen if, and most likely when, it ends up on the web.”
That’s leading to more serious conversations about security. We have to prevent attackers from getting in, and they can get on the backups, too. If they're in, we have to know as soon as possible because, the sooner we find out, the faster we can shut down a data exfiltration attempt or at least minimize it.
TL: Initially, we used fairly one- or two-dimensional tools that were once the darlings of the MSP industry. It didn't seem like those tools were evolving, though. Some tried, but they seemed very reactionary and not well executed. They were questionable in terms of being as effective as they claimed. The packaging and pricing didn't seem to follow the same footsteps that made them attractive in the first place. The community didn't seem to be super excited about following them into these newer charted territories. This allowed newer competitors like Todyl to emerge.
That's what grabbed our attention. Todyl’s approach made it easy for them to stand out in the crowd. It got our attention. We looked at it, and we liked it.
Sure, all the standalone tools in the Todyl stack existed elsewhere, but it was a hodgepodge. Integrating them together, even if you could make sense of it, presented challenges in terms of managing multiple vendors, different tool stacks, configurations, different alerts… To create a similar solution from multiple vendors would ultimately be pricey and difficult to sell to customers. Doable, but more difficult.
Now, instead of saying, “We've partnered with six different companies and have made this fantastic cocktail for you,” we say, “We partnered with one company, it's Todyl. Here's why we partnered with them, and why this is a great partnership. They've simplified things for us and simplified it for you.”
We're not having a conversation about six different things. We're having a conversation about as few things as possible, mainly the business outcomes we provide, which is all they care about now. They don't care about the tech; they want results.
TL: Yeah, there's been a handful. We've been very lucky that we haven't had any serious events, but we had a couple that could have gotten scary.
One incident showed the makings of a double extortion scheme by the Play ransomware group. The targeted client had the whole Todyl MXDR stack with EDR on all machines.
We got an alert late one Friday night that some suspicious enumeration happening within the environment. We don't like enumeration at 9:30 at night on a Friday, so we jumped in immediately.
We discovered a malicious actor had gotten onto an employee laptop, likely from outside the network. In the short span between receiving the alert and our response, they were getting busy very quickly. They had downloaded a tool to extract data, but we were able to shut it down within minutes of its initial timestamps, so virtually nothing was extracted. If we hadn't received that alert, we wouldn't have known what was happening until it was far too late.
TL: Without evolving our security, we would be having different conversations with customers: “Sorry about the security event. Sorry that the firewall and antivirus weren't enough.”
We'd potentially lose our customers' confidence. It's easy for clients to assume that you're doing everything related to security. If you're not regularly showing them what you're doing and not doing, explaining the gaps and how to address them, those gaps are going to burn you one way or another.
MSPs can't do it alone. We've got to stay current with products and vendors that are leading the charge so we can bring solutions to the table. We can't talk about gaps without clear answers.
There's no silver bullet, though. No stack will provide 100% security. We have to explain why our recommendation will provide the best value based on the specific risks that matter to them.
TL: Number one, you've got to have a good relationship with your clients. You need to know their technology, discover their risks, and communicate those effectively.
It forces you to come to the table with the right recommendations. You're not bringing DOD-level recommendations and replacing everything with a $2000 per user per month plan. You have to understand their business and risks to recommend the right recommendation.
That will then lead you to looking into all the solutions that you can bring to the table, because there's an ocean of them. Ultimately, you need to find one that works for that customer but also works for you as an MSP because you probably have a good bit more than one customer.
TL: Give it a try! There's a lot of marketing out there—every vendor has reasons why they're the best. There's a lot of tools out there that are genuinely good tools and check a lot of boxes. I think Todyl is in that list of top-tier solutions you actually want to try.
So, do a trial and a demo. Kick the tires on it, take it out for a drive, give it some walking-around money, and see how it fits into your stack. That'd be the biggest recommendation I could make.
