Everyone gripes about air travel these days. Unpredictable delays. Bad (or no) food. Upselling and add-on fees. And now, “windowless window seats.” Some Delta and United users have had enough, and they’re suing the two airlines for allegedly failing to inform them that the window seat they paid extra for doesn’t actually have … well … a window.
We know MSPs spend plenty of time on the road and in the air, and while we can’t offer you extra leg room or stop that person in front of you from reclining, we can offer you a “window” into the week’s biggest channel news—the latest tools, partnerships, certifications, and more to help you run your business. Plus, find out which MSPs sold their businesses and what new faces you might encounter in your vendor relationships. And be sure to read to the end for some ransomware defensive moves.
So pull the shade up and take in the channel scenery!
Products & Solutions
ConnectWise Rolls Out Email Security and Training with Proofpoint; Expands RMM Third-Party Patching
ConnectWise, an IT management and security platform provider, partnered with Proofpoint on its new email security and security awareness training offering. The AI-powered ConnectWise Email Security and Security Awareness Training with Proofpoint solution is built into the ConnectWise Asio platform.
This new offering delivers advanced threat protection against email threats like phishing, malware, ransomware, and business email compromise (BEC) attacks. It also defends against data loss by scanning outbound emails for sensitive information and enforcing policies to prevent data leakage. The Modern URL Defense feature blocks malicious links in emails to prevent malware infections and credential theft.
ConnectWise also announced a major expansion to its RMM platform’s patching capabilities. Now covering over 7,000 third-party applications, this enhanced capability is available to partners through a Limited Availability program at no additional cost.
During the Limited Availability period, interested partners can sign up to access and test patching; provide feedback to the ConnectWise product team; and help shape the final, general availability release—which will include additional features such as patch failure ticketing.
Partners must request access to participate in this program. Some features may not yet be available during this phase.
LastPass Launches Passkey Support for Seamless, Secure Access Across Devices
LastPass, a password and identity management provider, announced the general availability of passkey support, which enables passkeys to be created, stored, and managed directly in the LastPass vault, alongside passwords.
Passkeys are cryptographic key pairs that replace passwords. They’re designed to be immune to phishing, can’t be reused, and only the public key is stored with the website or app, while the private key stays encrypted within the user’s LastPass vault.
Now, there is one vault for all credentials, with passwords and passkeys managed together. Passwords and passkeys stay encrypted in the vault, not on third-party servers. And passkeys sync across devices, browsers, and operating systems.
Passkey support builds on LastPass’ foundation of FID02 certification and marks a major step in LastPass’ strategy to help users and businesses move beyond password fatigue, phishing risks, and ecosystem lock-in.
Consultant Mike Semel Introduces Compliance Systems for MSPs
Cybersecurity and compliance consultant Mike Semel released a new generation of compliance systems designed for MSPs. The programs are built to help MSPs deliver high-margin, scalable, audit-ready compliance services to clients in regulated industries.
The systems include:
CMMC for MSPs – A specialized CMMC training and implementation system built for MSPs working with defense contractors to share across their management, sales, and technical teams. It includes detailed coverage of the 110 CMMC Level 2 practices and 320 assessment objectives. Also included are a done-for-you Customer Responsibility Matrix and other templates and training MSPs can deliver to owners/executives at defense contractors who must legally attest to their CMMC compliance.
Compliance Essentials for MSPs – A foundational toolkit that includes prebuilt training, policies, and templates for HIPAA, GLBA, FTC Safeguards, and CMMC Level 1. Also included are a risk-based selling class, a Shared Responsibility Matrix, and guidance for MSPs to lower their legal liability. Designed for fast implementation, most MSPs can begin delivering compliant services in under 30 days, according to Semel.
Compliance Mastery for MSPs – For MSPs aiming to become recognized compliance leaders. This program includes advanced guidance on HIPAA, financial regulations, NIST Cybersecurity Framework (CSF), business continuity planning, and client risk assessments. Includes Compliance Essentials for MSPs.
Total Compliance for MSPs – A bundled option combining all three systems for MSPs looking to offer end-to-end compliance services at scale.
Partnerships & Integrations
Keepit and Ingram Micro Announce GTM Relationship in Canada
Keepit has teamed with distributor Ingram Micro in a new go-to-market relationship in Canada.
A provider of cloud backup and recovery platforms, Keepit operates its own data centers in Canada, independent of global hyperscalers. This gives Canadian businesses full data sovereignty and a storage solution that’s always compliant with Canadian laws and regulations—whether they operate solely in Canada or across borders. Keepit also guarantees customer data stays in place, with no middleware transmissions outside the region.
Ingram Micro will assist in marketing, selling, and supporting the Keepit portfolio while enhancing flexibility in purchasing and financing solutions that incorporate Keepit’s SaaS data protection services.
M&A – MSPs
Valeo Networks Expands to Ohio with Acquisition of SpliceNet Consulting
Valeo Networks, an AI-enabled MSSP, acquired SpliceNet Consulting, an MSP based in Cincinnati, Ohio. This acquisition marks Valeo Networks’ entry into the Ohio market. The financial terms of the transaction have not been disclosed.
Founded by Jim Gast in 1999, SpliceNet has grown to 10 people with a strong focus in the legal sector, with over 200 law firms as clients. SpliceNet is also a recognized leader in helping organizations adopt AI technologies such as Microsoft Copilot, working in cooperation with Microsoft through its endorsed monthly Copilot virtual speaking engagements.
All SpliceNet employees will become part of Valeo Networks as the company integrates into the organization. Gast will transition to director of AI-driven, new business development.
“We’re excited to welcome SpliceNet Consulting to the Valeo Networks family,” said Travis Mack, CEO, Valeo Networks. “This move establishes our presence in Ohio while adding a company with deep expertise in serving the legal sector. SpliceNet’s strong client relationships in Cincinnati make this an excellent fit for our continued growth.”
Corporate Technologies Acquires Cenetric in Kansas City, Expanding to Its 18th U.S. Market
Corporate Technologies, a national managed IT services, cybersecurity, and cloud solutions provider, acquired Cenetric, a Kansas City, Kansas-based MSP founded by Brittany Fugate in 2008.
This acquisition is Corporate Technologies’ eighth overall, and its third since partnering with Tonka Bay Equity Partners in 2023. It also marks Corporate Technologies’ 18th market expansion since its founding in 1981.
“Brittany has built an exceptional business,” said Jim Griffith, CEO of Corporate Technologies, in a press statement. “Cenetric’s reputation and client-first approach make it a perfect fit. We’re thrilled to welcome Brittany and her team.”
Evergreen Acquires Next7 IT
Evergreen, a family of managed IT services and software partners, acquired Next7 IT. Founded in 2010 as a one-person team serving Pittsburgh, Pennsylvania, area businesses, Next7 IT has grown into a 26-person MSP supporting clients in legal, manufacturing, and professional services.
Next7 IT will continue operating independently under its existing name and leadership, under Lyra Technology Group, Evergreen’s portfolio of managed IT services providers. Once the acquisition is complete, founder Don Houk will retire from the company and COO David Stumph will take the reins as CEO of Next7.
M&A – Vendors
LevelBlue Completes Acquisition of Trustwave
Cybersecurity company LevelBlue completed its acquisition of MDR vendor Trustwave. The combined company integrates LevelBlue’s expertise in network security, strategic risk management, and threat intelligence with Trustwave’s MDR powered by the Fusion Security Operations Platform, offensive security capabilities, and elite SpiderLabs threat intelligence team. Financial terms of the transaction were not disclosed.
LevelBlue’s expanded intelligence ecosystem now merges OTX, the world’s largest open threat-sharing platform, with the proprietary detection logic and advanced research capabilities of both LevelBlue Labs and Trustwave SpiderLabs.
In addition to acquiring Trustwave, LevelBlue recently completed its acquisition of Aon’s Cybersecurity and Intellectual Property (IP) Litigation consulting groups, including the cybersecurity firms Stroz Friedberg and Elysium Digital
Certifications
ISACA Introduces AI-Centric Security Management Certification
ISACA, a nonprofit certification and training association, launched an Advanced in AI Security Management (AAISM) certification. AAISM is designed to equip cybersecurity leaders with the specialized skills needed to manage the evolving security risk related to AI, implement policy, and ensure its responsible and effective use across the organization.
Security professionals who hold a Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) are eligible to pursue the AAISM.
Exam preparation options include the AAISM Review Manual (digital and print versions), as well as the AAISM Online Review Course and Questions, Answers, and Explanations Database (QAE), both of which allow one year of access to fully prepare for success on the exam.
Compliance
Kaseya Publishes Customer Responsibility Matrices to Help Partners Meet CMMC Requirements
Kaseya, an AI-powered IT management and cybersecurity platform, rolled out customer responsibility matrices (CRMs) for a set of critical products MSPs use to ensure their customers meet Cybersecurity Maturity Model Certification (CMMC) requirements. A CRM document identifies the appropriate individual for implementing, managing, and maintaining cybersecurity controls to prevent gaps in compliance.
Software vendors required to meet CMMC are mandated to create CRMs. MSPs working with the Department of Defense (DoD) and other agencies must demonstrate cybersecurity capabilities to safeguard sensitive information.
“In order to provide best-in-class support to our partners, Kaseya has begun publishing CMMC Customer Responsibility Matrices product by product,” said Jon DePerro, vice president, FedRAMP and compliance solutions at Kaseya, in a press statement. “We understand the complexities around CMMC, and want to ensure our customers have the tools and capabilities necessary to meet compliance standards, not only for their businesses, but their customers too.”
Kaseya employed ControlCase, a CMMC C3PAO, to document and validate the customer responsibility matrices. The first group of matrices released includes Datto RMM, VSAX, IT Glue, vPenTest, Vulscan, Network Detective Pro, and Compliance Manager GRC, with more planned to be published before the end of the year.
RELATED: Kaseya’s Multimillion-Dollar FedRAMP Commitment Aims To Position MSPs For Future Opportunities
NinjaOne Achieves GovRAMP Authorization
NinjaOne, an automated endpoint management platform, received Government Risk and Authorization Management Program (GovRAMP) Authorization at a Moderate Impact Level. GovRAMP (formerly StateRAMP) is a standardized cloud security framework that solution providers must meet, providing state and local governments and education (SLED) organizations with stronger security and more confidence in the products chosen for their specific use cases.
People
Exclusive Networks, a specialty cybersecurity distributor, tapped IT veteran Justin Crotty to serve as both vice president of services, North America, and GM of Cloudrise, which Exclusive Networks acquired in 2024. Previously, Crotty was senior vice president of channel at NetEnrich … SonicWall appointed Michael Crean, founder of MSSP Solutions Granted (which SonicWall acquired) and U.S. Army Combat Veteran, as GM of the SonicWall Managed Security Services Division …
… Summit Holdings, the parent company of MSP Owners Group, has expanded its leadership team with Ryan McGill (CXO), Michael Amiri (CRO and co-founder), Carlos Martinez (COO), and Krista Foisy (product and program director) … Palo Alto Networks announced that Nir Zuk, its founder, CTO, and board member, has retired after more than 20 years. Lee Klarich, CPO, has been appointed to the company’s board of directors and has also assumed the role of CTO. Klarich joined Palo Alto Networks in 2006 and has been instrumental in driving the company’s product strategy and innovation.
By the Numbers
Cybercriminals’ Evolving Tactics Make Constant Vigilance an Imperative
As if you needed more evidence, ThreatDown’s new report on ransomware calls the situation “a record-breaking year.” What does that mean? From July 2024 to June 2025, ransomware attacks increased 25% year-over-year. In that time, 41 new groups emerged, active groups topped 60 for the first time, 42 countries recorded their first ransomware incident, and February 2025 became the worst month on record, with over 1,000 attacks.
That’s according to The 2025 State of Ransomware, the annual report from ThreatDown, the corporate business unit of Malwarebytes.
“Ransomware isn’t just a security problem, it’s a profound business and human crisis,” said Marcin Kleczynski, founder and CEO at Malwarebytes, in a press statement. “The escalation has led to severe real-world consequences, including compromised patient data, significant financial losses, and even human casualties. There is a critical need for constant vigilance as attackers become scrappier and more adaptive.”
The research reveals a persistent theme: Attackers are relying on fully or partially unprotected endpoints and servers to stage attacks. These blind spots allow criminals to act unobserved, away from the sensors and countermeasures of EDR and MDR, according to the report. Moreover, the research finds that most ransomware attacks happen at night, between the hours of 1 am and 5 am.
To combat these threats, the report recommends the following:
- Maintain an up-to-date inventory of hardware and actively seek out unauthorized “shadow IT” devices.
- Install licensed EDR software on every device that will run it.
- Audit exclusions periodically to ensure that they adequately balance business priorities and protection.
- Monitor CVEs for critical software like ESXi and firewalls, and patch aggressively.
- Keep comprehensive, air-gapped backups, and a gold disk image that can be used to quickly create a new computer with a basic set of applications.
Some good talking points for your next QBR.
