Skip to content

12 Must-Read Books Every MSP Should Own

We’ve compiled a list of 12 essential books to help you master the art of selling, how to negotiate deals better, a deep dive into various IT technologies, winning at customer success, and what it takes to thrive as an MSP in 2024 and beyond. Grab a good cappuccino, espresso, or Earl Grey tea, and get your bookmarks ready! 

Here’s the TL;DR

  1. Simplified Cybersecurity Sales For MSPs 
  2. The Pumpkin Plan
  3. Package, Price, Profit: The Essential Guide to Packaging and Pricing Your MSP Plans
  4. Phoenix Project
  5. The IT Business Owner’s Survival Guide
  6. Managed Services in a Month
  7. The MSP Growth Funnel
  8. The MSP Owner’s Handbook: QBR Edition 
  9. MSP Secrets Revealed
  10. The E-Myth Revisited
  11. Never Split the Difference
  12. The MSP’s Survival Guide To Co-Managed IT Services

Coffee Table MSP Book Collection: 12 Essential Reads for MSPs and IT Professionals

  1. Simplified Cybersecurity Sales For MSPs: The Secret Formula For Closing Cybersecurity Deals Without Feeling SlimyJennifer Bleam

Simplified Cybersecurity Sales for MSPs will show you how to sell cybersecurity successfully and get into the mind of a successful salesperson. Win more clients over with this must-have book for MSPs. 

  1. The Pumpkin Plan: A Simple Strategy to Grow a Remarkable Business in Any Field – Mike Michalowicz

Mike Michalowicz tells it like it is. Plenty of relatable analogies and witty humor to keep your interest going from cover to cover. The Pumpkin Plan gives you the tools to harvest and plant your business seeds. Discover who the winning customers are and unlock opportunities for long-term sustained growth. 

  1. Package, Price, Profit: The Essential Guide to Packaging and Pricing Your MSP Plans – Nigel Moore

Ever wondered how to package your MSP business? Nigel Moore can lend a hand. You’ll learn about what to include and exclude in your plans, various pricing strategies, and how to deal with complex clients. Nigel offers practical tips that you can implement immediately to futureproof your business. 

  1. Phoenix Project: A Novel About IT, DevOps, And Helping Your Business Win – Gene Kim & Kevin Behr

Kevin Behr and Gene Kim dive into the story of Bill, an IT manager at Parts Unlimited, who has been tasked with the project of his career, The Phoenix Project. Bill has 90 days to fix the mess that is behind schedule and way over budget. Will he succeed or will his entire department get outsourced? Find out. 

  1. The IT Business Owner’s Survival Guide: How to save time, avoid stress and build a successful IT business – Richard Tubb

Richard Tubb is one of the most recognizable names in the MSP industry – bar none. The IT Business Owner’s Survival Guide provides you with all the tools to handle the stressful daily grind. Learn how to put your social media on autopilot and when you should part ways with clients.

  1. Managed Services in a Month: Build a Successful, Modern Computer Consulting Business in 30 Days, 3rd Edition – Karl W. Palachuk

30 days. That’s all the time you’ll need to grow a successful MSP business. Karl W. Palachuk will teach you how to create service agreements and service offerings that scale. Whether you’re a newbie or seasoned professional, you’ll gain a ton of insights from this book. 

  1. The MSP Growth Funnel: A Complete Guide To Marketing & Selling Managed Services – Kevin Clune

Want to get to know your audience better? Kevin Clune will take you on a buyer’s journey through the four stages of the customer acquisition funnel. From choosing the right content topics to crafting your pitch and ultimately closing the deal, it’s all here.

  1. The MSP Owner’s Handbook: QBR Edition – Marnie Stockman Ed.D. & Juan Fernandez

Increasing client revenue. Delivering QBRs. Scaling your MSP business to the next level. Sound good? The MSP Owner’s Handbook will show you how to achieve it all. Marnie “literally” authored the book on Customer Success for MSPs, while Juan scaled an MSP to $20M in six years. Learn from two of the best in the game. 

  1. MSP Secrets Revealed: 101 gems of inspiration, stories & practical advice for managed service provider owners – Mark Copeman

Shh, don’t tell anyone you have the marketing and lead generation secrets. Mark Copeman will show you how to treat customers as if you’re going on dates (seriously). You’ll also get the scoop on how to recruit and build the right onboarding program, spread revenue dependency, and become a numbers wizard.

  1.  The E-Myth Revisited: Why Most Small Businesses Don’t Work and What to Do About It Michael E. Gerber

This is one book every MSP and small business owner entrepreneur should own. Michael E. Gerber will guide you through a variety of strategies that encompass people, marketing, management, organizational, and systems. Discover what the Turn-Key Revolution is all about and how it can take your business to the next level.

  1. Never Split the Difference: Negotiating As If Your Life Depended On It – Chris Voss & Tahl Raz

Valuable lessons from a former FBI international hostage negotiator that you can apply the same principles to your MSP business. Gain the upper hand when it comes to negotiating client contracts and service agreements. Leverage tactical empathy to understand your clients’ needs and master the art of mirroring and labeling to build trust.  

  1. The MSP’S Survival Guide To Co-Managed IT Services: A Crotchety Old Geek’s Road Map on Marketing, Selling and Providing Managed Services to Organizations with Existing IT Staff (CoMITs) – Bob Coppedge

What exactly is CoMITs and why does it matter for you? Bob Coppedge will show you how to market to organizations that have IT departments by bridging the gap between IT employees and MSPs. Learn how to adapt your existing business and tools with CoMITs to simplify your internal IT and foster stronger relationships.

Make these 12 insightful books part of your collection. 

But that’s not all. 

We’ve also curated 11 Valuable MSP YouTube Channels to subscribe to and 14 Essential Podcasts for MSP Success

Follow Guardz to stay up-to-date on the latest cybersecurity findings and research to transform your MSP business at any level.

Start Free Trial

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

Start Free Trial

Storware’s New Licensing Revolution

We are thrilled to unveil a significant update to our licensing model – a move driven by the dynamic needs of our esteemed Partners and Customers. Our commitment to delivering adaptable and efficient solutions has led us to introduce changes that will revolutionize the way you approach data management.

Without further ado, let’s dive into the key highlights of this announcement: 

Capacity-Based Licensing for NAS, Ceph and other remote storages

Addressing the demands of modern data management, we are introducing significantly cost-effective, additional licensing model tailored for remote storage, like NAS, Ceph, Ceph RBD and so on.

Extension of the Front-end Terabyte license to all supported sources

Updated frontend terabyte license brings unmatched versatility by allowing its usage across all supported backup sources. Whether you are dealing with Virtual Machines, Containers, Cloud Instances, Microsoft 365, or any other source, our licensing model provides a unified approach across different platforms, ensuring simplicity and efficiency in your operations.

Most Affordable Microsoft 365 Backup

As part of this exciting update, we are proud to offer the most cost-effective backup solution for Microsoft 365.

Extension of the OS Agent license

The scope of endpoint support falls under the OS Agent. This enhancement offers unparalleled flexibility, allowing customers to choose between desktop or server licenses based on their specific needs.

These updates represent a pivotal moment in our commitment to innovation and customer satisfaction. We believe that by introducing these enhancements to our licensing model, we are not just keeping pace with industry trends but setting new standards for flexibility, affordability, and efficiency. Thank you for your continued trust in our solutions.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Storware
Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.

Scale Computing Named to Prestigious 2024 MES Midmarket 100 List

Edge Computing Solution Provider Recognized for the Third Consecutive Year for its Forward-Thinking Technology and Positive Impact on Midsize Business Partners

INDIANAPOLIS — July 15, 2024 — Scale Computing, a market leader in edge computing, virtualization, and hyperconverged solutions, today announced that MES Computing, a brand of The Channel Company, has recognized Scale Computing on its 2024 MES Midmarket 100 list. The list recognizes top vendors that have proven themselves to be forward-thinking technology providers offering products and services that support midmarket organizations and drive growth and innovation for those customers.

Scale Computing was named to the list for its award-winning solutions that power the growth of its midmarket business partners. Scale Computing Platform (SC//Platform) brings together simplicity and scalability, replacing existing infrastructure and providing high availability for running workloads in a single, easy-to-manage solution. Eliminating complexity, reducing costs, and decreasing management time, SC//Platform delivers faster time to value than competing solutions and enables midsize organizations to run applications in a unified environment that scales from 1 to 50,000 servers.

“We are thrilled to be named to the exclusive MES Midmarket 100 list, as it reinforces our commitment to our midsize business partners,” said Jeff Ready, CEO and co-founder of Scale Computing. “Scale Computing provides organizations of any size the ability to scale quickly and affordably, without sacrificing cloud-like ease of use, scalability, and availability. We continue to be dedicated to driving growth and supporting innovation among our partners, allowing them to do more profitable and productive work. Our inclusion on the MES Midmarket 100 list clearly demonstrates our dedication to that mission.”

Winners were selected based on their go-to-market strategy, how they serve the midmarket, and the strength of their midmarket product portfolios. MES Computing defines the midmarket as those organizations with an annual revenue of $50 million to $2 billion and/or 100 to 2500 total supported users/seats.

“The MES Computing Midmarket 100 list recognizes the industry’s key vendors that are invested in meeting the technology needs of midmarket organizations. The products and services offered by these manufacturers are helping midmarket businesses innovate, grow and thrive,” said Samara Lynn, senior editor, MES Computing, The Channel Company. “Midmarket businesses are a critical driver of the U.S. economy, and we look forward to seeing how our Midmarket 100 honorees continue to serve this vital market segment.”

The MES Computing Midmarket 100 list is featured online at mescomputing.com/midmarket100.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing 
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

How SOC 2 Compliance Can Make or Break Your Business

With data breaches becoming more frequent and damaging, businesses must prioritize data security to maintain customer trust. SOC 2 (Service Organization Control) offers a comprehensive framework to ensure organizations manage and protect customer data effectively.

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is an auditing framework designed to evaluate and ensure that organizations manage customer data securely and responsibly. 

Achieving SOC 2 compliance is not just about ticking boxes; it is about building trust with your customers. When a company meets SOC 2 standards, it assures customers that their data is being protected with the highest security measures. This assurance is crucial in gaining and maintaining customer trust, which is a significant competitive advantage in today’s market. Furthermore, SOC 2 compliance helps companies meet various regulatory standards, showcasing a commitment to data protection that is increasingly demanded by both customers and regulators.

In essence, SOC 2 is more than just a certification; it is a testament to an organization’s dedication to maintaining high standards of data security and integrity. 

For companies looking to distinguish themselves in a crowded marketplace, SOC 2 compliance is a powerful tool that demonstrates a commitment to protecting customer data and meeting stringent regulatory requirements.

What are the Requirements and Criteria of SOC 2?

The Trust Service Criteria are a set of principles used in the SOC 2 framework to ensure the secure management and handling of customer data. 

There are five main criteria, defined by the AICPA:

  1. Security

The SOC 2 security principle ensures that sensitive information, including intellectual property, financial data, and personally identifiable information (PII), is securely controlled and protected. 

This involves validating access controls, utilizing Multi-Factor Authentication (MFA), implementing intrusion detection systems, and employing robust threat protection measures. By focusing on these areas, SOC 2 ensures that data security is maintained at the highest standard.

  1. Availability

The availability principle examines whether service providers can keep their systems fully operational, ensuring continuous service delivery. 

This involves assessing performance monitoring tools and processes to respond to security incidents promptly and effectively. By doing so, organizations can maintain high availability and reliability of their services, meeting customer expectations.

  1. Privacy

The privacy principle evaluates how an application or service processes personal information in line with the AICPA Generally Accepted Privacy Principles (GAPP). 

This includes ensuring that adequate access controls are in place to prevent unauthorized access and privileges. Verifying user identities, validating devices, and limiting privileged access are crucial steps in maintaining privacy and protecting personal data.

  1. Confidentiality

Organizations must ensure that their confidential or sensitive data is effectively protected against unauthorized access. 

The SOC 2 confidentiality principle validates these protections through the implementation of access controls, data encryption, and firewalls. These measures are essential in safeguarding sensitive information and maintaining trust with customers.

  1. Processing integrity

The processing integrity principle focuses on the accuracy and reliability of data processing. 

Through quality assurance and monitoring controls, service providers can ensure that their processes for storing, delivering, modifying, and retaining data are secure and effective. Organizations must be prepared to implement and manage these controls to protect customer data and maintain the integrity of their services.

How Does a SOC 2 Audit Work?

A SOC 2 audit is a comprehensive evaluation process that assesses an organization’s controls and processes related to security, availability, processing integrity, confidentiality, and privacy. 

There are 2 types of SOC 2 audits:

  1. Type I Audit

A Type I SOC 2 audit evaluates the suitability of the design of an organization’s controls at a specific point in time. It provides an independent assessment that the controls are appropriately designed to meet the selected trust service criteria (security, availability, processing integrity, confidentiality, and privacy). The Type I report details the organization’s systems and the effectiveness of the controls based on their design.

Type I is useful for organizations looking to provide initial assurance of their control design and readiness for future operations.

  1. Type II Audit

A Type II SOC 2 audit goes beyond the design evaluation and also assesses the operational effectiveness of these controls over a period of time, typically over a minimum period of six months. The Type II report provides a more comprehensive view by verifying whether the controls are not only designed effectively but are also operating as intended during the audit period. This includes testing the controls and reviewing evidence of their implementation and effectiveness.

Type II is preferred for organizations seeking comprehensive assurance and demonstrating an ongoing commitment to maintaining effective controls.

Both Type I and Type II audits are valuable for organizations aiming to achieve SOC 2 compliance, depending on their specific needs and the level of assurance required by clients and stakeholders regarding the security and integrity of their systems and data handling practices.

How Important is SOC 2 for Businesses?

SOC 2 (Service Organization Control 2) is critically important for businesses, especially those involved in technology, cloud services, and data management. 

Achieving SOC 2 compliance signifies that an organization adheres to rigorous standards in managing and protecting customer data. This certification not only enhances credibility but also builds trust with clients and partners by demonstrating a commitment to data security and privacy. 

The SOC 2 report holds significant importance for companies that use services from providers. Because these services are crucial, it’s essential to audit and validate them for internal controls, particularly concerning information security, processing integrity, and data reliability.

In today’s regulatory environment, SOC 2 compliance is often a requirement for doing business, as it helps companies meet industry-specific regulations and contractual obligations. Moreover, SOC 2 provides a competitive edge by assuring potential clients that their data will be handled securely, thereby reducing the risk of data breaches and associated liabilities. 

How to Get SOC 2 Compliance

Obtaining a SOC 2 report involves several essential steps that require collaboration between the organization and an independent auditor. These ensure that organizations meet the stringent standards set forth by the AICPA for managing and protecting customer data. 

Here’s a detailed guide on how to obtain SOC 2 compliance:

  1. Define the Scope and Objectives

First, define the scope of your SOC 2 compliance effort. This involves identifying the systems and services that will be included in the audit. Determine which of the five trust service criteria (security, availability, processing integrity, confidentiality, and privacy) are relevant to your organization’s operations and client expectations.

  1. Perform a Gap Analysis

Conduct a thorough gap analysis to identify any existing controls and processes that do not meet SOC 2 requirements. This assessment helps pinpoint areas that need improvement or additional controls to ensure compliance. Document all findings from the gap analysis as they will guide your compliance efforts.

  1. Implement Necessary Controls

Based on the gap analysis, implement or enhance controls and processes to meet SOC 2 requirements. This may include:

  • Security Controls: Implementing access controls, encryption measures, and intrusion detection systems.
  • Availability Controls: Ensuring redundancy and failover mechanisms to maintain service availability.
  • Processing Integrity Controls: Implementing data validation and error handling processes.
  • Confidentiality Controls: Implementing measures to protect sensitive data from unauthorized access.
  • Privacy Controls: Implementing procedures for handling personal data in accordance with privacy policies and regulations.

  1. Document Policies and Procedures

Create and document policies and procedures that outline how each control is implemented, monitored, and maintained. This documentation is crucial as it provides evidence to auditors that your organization has established and follows effective controls.

  1. Conduct Internal Testing and Audits

Before undergoing a formal SOC 2 audit, conduct internal testing and audits to verify that the implemented controls are operating effectively. This step helps identify and address any deficiencies or gaps in controls before the official audit.

  1. Select an Independent Auditor

Choose an independent CPA firm with SOC 2 expertise to conduct the audit. Ensure that the auditor understands your organization’s operations, the scope of the audit, and the relevant trust service criteria.

  1. Undergo the SOC 2 Audit

During the audit, the auditor will review your documentation, interview personnel, and test the effectiveness of controls. For a Type I audit, the focus is on the design of controls at a specific point in time. For a Type II audit, the auditor will assess both the design and operational effectiveness of controls over a specified period.

  1. Receive the SOC 2 Report

After completing the audit, the auditor will issue a SOC 2 report. This report includes:

  • A description of your organization’s systems and services.
  • The auditor’s opinion on whether the controls are suitably designed and, for Type II audits, whether they are operating effectively.
  • Details of any control deficiencies or areas for improvement.

  1. Address any Findings

If the audit identifies deficiencies or areas for improvement, address these findings promptly. Implement corrective actions and remediate any issues to enhance your controls and ensure ongoing compliance.

  1. Maintain Ongoing Compliance

SOC 2 compliance is not a one-time achievement but an ongoing commitment. Continuously monitor and update your controls to adapt to changes in technology, regulations, and business operations. Conduct regular internal audits and assessments to ensure that your organization maintains SOC 2 compliance over time.

By following these steps and committing to robust data security and management practices, organizations can achieve and maintain SOC 2 compliance, demonstrating to clients and partners a commitment to protecting their data and meeting industry standards.

How does senhasegura help companies obtain SOC 2?

Our comprehensive suite of features ensures that companies efficiently and effectively meet the stringent regulations necessary to obtain SOC 2 certification. 

By leveraging senhasegura, organizations can securely protect and manage their data, thereby consolidating regulatory compliance and fostering trust among stakeholders.

Here are the key features senhasegura uses to help companies meet SOC 2 regulations:

  • Access control: senhasegura allows only authorized individuals to access critical systems and information, aligning seamlessly with SOC 2’s security principles.
  • Monitoring and auditing: Our platform monitors and records all activities of privileged users, facilitating thorough review and auditing of access and modifications—a critical requirement for SOC 2 compliance.
  • Credential management: senhasegura securely creates, renews, and stores passwords, minimizing the risk of credential exposure and preventing unauthorized use.
  • Multifactor authentication: We enforce MFA to add an extra layer of security, requiring multiple forms of verification before granting access.
  • Secure remote session: Administrators can securely access remote systems without knowing passwords, enhancing security and traceability.

Commitment to Compliance and Security

At senhasegura, we conduct rigorous independent audits to ensure the integrity and reliability of our security, privacy, and compliance controls. These audits are instrumental in helping our clients achieve their information security objectives and comply with the most stringent regulatory standards.

Industry-Leading Certifications

In addition to SOC 2 and SOC 3 reports, senhasegura holds prestigious certifications that underscore our commitment to excellence in digital security:

  • ISO 27001: This international standard validates our implementation of a robust Information Security Management System (ISMS), ensuring comprehensive protection against threats.

  • GPDR Compliance: We adhere strictly to the General Data Protection Regulation, safeguarding the security, privacy, and integrity of users’ personal data through stringent processing and protection protocols.

Transparency and Trust

All our certifications and reports are accessible in our Trust Center, underscoring our dedication to transparency and security in every operation. These credentials affirm senhasegura’s position as a leader in digital security, prioritizing the protection and success of our valued customers.

Conclusion

As data breaches continue to pose significant risks, businesses must prioritize robust data security measures to reassure customers and adhere to regulatory standards. SOC 2 offers a structured framework for evaluating how organizations manage and protect sensitive data. 

Achieving SOC 2 compliance isn’t just about meeting regulatory checkboxes; it’s about demonstrating a steadfast commitment to data security and privacy. By adhering to the stringent criteria of security, availability, processing integrity, confidentiality, and privacy, companies not only mitigate risks but also enhance their credibility in the marketplace. 

SOC 2 compliance not only safeguards data but also empowers organizations to thrive in an environment where trust and transparency are more important than ever. Top-rated PAM solutions like senhasegura can make compliance easy.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

How to find PKIX-SSH services on your network

What is PKIX-SSH?

PKIX-SSH is a fork of OpenSSH which has been modified to support X.509 v3 certificate authentication. runZero often sees this on network management devices and baseband management controllers.

Latest PKIX-SSH vulnerability: regreSSHion

On July 1, 2024 the OpenSSH team released version 9.8p1 to address 2 vulnerabilities. The most critical of the two allows Remote Code Execution (RCE) by unauthenticated attackers under certain situations. This vulnerability was discovered by Qualys and dubbed “regreSSHion“.

For more details and guidance for locating OpenSSH please see our prior OpenSSH Rapid Response post.

On July 6, 2024 PKIX-SSH version 15.1 was released to address the regreSSHion vulnerability which impacted versions 13.3.2 to 15.0.

Are updates or workarounds available?

Version 15.1 was released to address the vulnerability.

How to find potentially vulnerable PKIX-SSH systems with runZero

For locating assets with the impacted PKIX versions go the Software Inventory and use the following query:

name:"Roumen Petrov PKIX-SSH" (version:>13.3.1 AND version:<15.1)

Specific services can be found using the Service Inventory and the following query which will remove some of the versions known to be patched or otherwise not impacted:

protocol:ssh ( _service.product:="Roumen Petrov:PKIX-SSH:13.%" OR _service.product:="Roumen Petrov:PKIX-SSH:14.%" OR _service.product:="Roumen Petrov:PKIX-SSH:15.0" )  NOT  (os:OpenBSD OR banner:"PKIX[13.2" )

We have a canned query named “Rapid Response: OpenSSH regreSSHion RCE – PKIX-SSH” that can be used to locate potentially impacted systems.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×