Unless you’ve been so inundated with “everything AI” that you’re doing the equivalent of putting your fingers in your ears to drown it out, you know that Open AI rolled out GPT-5 this week. The new version ups its so-called “vibe-coding” game—you tell the AI what you want to build, AI writes the code, makes architecture decisions, and builds the app or feature. (You check its work, of course.) But since there’s no “vibe-coding” GPT (yet) for doing the hard work of running all aspects of your MSP business, we put together the channel news you may have missed.

This week, vendors rolled out solutions tackling risk in new ways, smarter firewalls, tools to rein in shadow AI, and more. We also report on some new security-related partnerships and a popular industry event that’s being “retired.” Plus, we include some new research on ransomware that finds victims are often getting hit more than once—read to the end to find out why.

Happy reading—no vibe coding required!

Products & Solutions

Liongard Launches ThreatImpactIQ to Prioritize and Remediate Vulnerabilities

Liongard, an attack surface management platform, launched ThreatImpactIQ, an add-on to the LiongardIQ platform that allows MSPs to prioritize risks based on business impact, align actions with compliance frameworks, and leverage continuous threat intelligence for targeted remediation. ThreatImpactIQ integrates with vulnerability scanners like Rapid7 and Tenable. It ingests findings and transforms raw results into prioritized, context-aware risks that MSPs can track, remediate, and report, all within a single, streamlined interface.

“ThreatImpactIQ helps partners focus on what matters most,” said Michelle Accardi, CEO of Liongard, in a press statement. “By prioritizing vulnerabilities in the context of business impact, it enables faster, smarter action safeguarding clients, building trust, and scaling security services with confidence.”

ThreatImpactIQ updates risk profiles daily with fresh threat intelligence; suggests and initiates risk mitigations across common platforms like Jira, ServiceNow, ConnectWise, and more; and generates reports in OSCAL JSON, and human-readable formats, aligned with federal and industry standards.

ThreatLocker Provides Real-Time Visibility into Configuration Risks, Compliance Gaps

ThreatLocker, a provider of endpoint security and zero trust solutions, announced a new feature called Defense Against Configurations (DAC). The DAC dashboard gives MSPs and IT teams a visual overview of risk in their environment, color-coded to indicate severity. The dashboard prioritizes misconfigurations, identifies related frameworks, and offers filtering and scoping.  

DAC covers system settings across Windows and Mac environments, mapping findings to major compliance frameworks, including NIST 800-171, Essential 8, CIS, HIPAA, and ISO 27001.

Further, administrators receive a weekly DAC email with a quick snapshot of their configuration risk posture. The subject line includes the number of critical misconfigurations in the latest scan, and within the email, color-coded summary boxes break down the count by severity, making it easy to gauge overall impact at a glance. The email includes a detailed list of misconfigurations and the number of affected endpoints or policies.

Because DAC lives directly on the endpoint, it captures system configurations at the source, providing current results without adding performance overhead.

DAC is available to all ThreatLocker customers as part of the core offering, with no additional license or installation required.

WatchGuard Rolls Out Next-Gen Firebox Tabletop Series Firewalls for MSPs  

WatchGuard Technologies, a provider of unified cybersecurity for MSPs, announced the newest edition of its Firebox Tabletop Series of firewall appliances. The new T Series Fireboxes provide intelligent firewall security, AI-powered threat detection, and eco-conscious hardware. 

The appliances work for businesses maintaining on-premises environments, transitioning to the cloud, or operating in a mix of both. This generation’s main improvements include enhanced VPN and UTM performance to help alleviate common issues like sluggish network speeds. 

According to the company, every tabletop model can smoothly run the full suite of WatchGuard security services.  

“We worked closely with our MSP community to build these next-gen tabletop appliances for the real-world needs of midmarket organizations,” said Jay Lindenauer, vice president of network security at WatchGuard, in a press statement. “We’re combining the increasing value of our founding product, the Firebox, with ongoing platform advancements, like AI-driven XDR, to ensure that partners and their customers can operate in a faster, more connected world.”  

Each of the new Firebox tabletops features a sturdy metal case with ultra-low-power components and reduced packaging material. 

General availability for the high-end Firebox T185 begins in August, with the remaining models rolling out later in the fall. 

LastPass Debuts SaaS Protect to Address Shadow IT and Shadow AI

LastPass, a provider of password and identity management solutions, unveiled SaaS Protect, which gives MSPs direct, centralized control to block unapproved apps, enforce safe credential policies, and guide user behavior across every managed client.

Building on the company’s SaaS Monitoring capabilities, SaaS Protect features include customizable SaaS app policies, credential risk detection, and real-time enforcement reporting.

SaaS Protect allows admins to quickly restrict access to unsanctioned or high-risk SaaS apps and guide user behavior with custom warnings; generate governance reports with SOC 2 and other compliance frameworks in mind; and identify duplicate or over-licensed apps.

A LastPass spokesperson added that SaaS protect can open the door to new business conversations for MSPs too. “With just a few clicks, MSPs can spot new technology trends and uncover solutions gaps, giving them the insight to offer new value-added services that drive profitable business outcomes,” the spokesperson said. 

All current LastPass Business and Business Max customers can access the beta of SaaS Protect. LastPass is including SaaS Protect in the Business Max bundle at no additional cost. General availability is expected in early Fall.

ConnectSecure Launches Professional Services Suite and MSP Boot Camp

ConnectSecure, a provider of vulnerability and compliance management solutions, rolled out professional services offerings to help MSPs build structured, revenue-generating practices around vulnerability and compliance management. As part of this offering, ConnectSecure announced a new Certified Administrator Boot Camp, a four-day, 12-hour course designed to help MSPs deepen their platform expertise and broaden their service capabilities.

The professional services provide partners with the policies, processes, documentation, and legal templates needed to operate as professional cybersecurity providers, win new business, and clearly define service commitments. ConnectSecure offers flexible engagement models, including “Do-it-With-You” and “Do-it-For-You” services.

The services include free platform onboarding for all new partners; ConnectSecure Certified Administrator (CSCA) Boot Camp; a vulnerability management program workshop for MSP leadership, covering strategy, policy, packaging, and legal frameworks; and ConnectSecure Virtual Administrator, a tiered consulting service that gives MSPs expert help with platform management.

Also included are deep dive sessions on topics like agent deployment, network scanning, and sales growth via prospect assessments, plus legal support for cybersecurity practice.

Partnerships & Integrations

Sophos Partners with Rubrik and Halcyon

In a new strategic partnership, Sophos will provide Sophos M365 Backup and Recovery Powered by Rubrik to its MDR and XDR customers. This marks the first MDR-optimized Microsoft 365 backup and recovery solution fully integrated and managed in Sophos Central, Sophos’ security operations platform.

Rubrik features for Sophos MDR and XDR customers include secure, immutable backups; the ability to restore Microsoft 365 emails, OneDrives, SharePoint sites, Teams channels, and more to original or alternate users, including inactive accounts; and automatic discovery of Microsoft 365 users, sites, and mailboxes and the application of Entra ID-based policies,

This offering will be available through Sophos’ channel partner network in the coming months.

Sophos also announced a strategic, real-time threat intelligence sharing partnership with Halcyon, an anti-ransomware solution provider.

Following Halcyon’s recent announcement of a community-focused Ransomware Research Center, this data-sharing initiative will inform defenses across both Sophos’ and Halcyon’s solutions. It will benefit customers using Sophos Endpoint powered by Intercept X, as well as Sophos MDR, Sophos XDR, Halcyon’s Anti-Ransomware Platform, and other joint capabilities.

As part of the collaboration, Halcyon and Sophos will also implement mutual anti-tamper protections that allow each platform to monitor and safeguard the other’s agents in customer environments.

Mimecast and SentinelOne Deepen Partnership to Drive Smarter Awareness Training

Advancing their technology partnership, SentinelOne and Mimecast are offering joint customers out-of-the-box AI detections for deeper visibility into human risk and more effective ways to manage it.

The new capability integrates real-time endpoint telemetry from SentinelOne into Mimecast’s Human Risk Management (HRM) Platform. Now, joint customers can ingest malware-related events from SentinelOne’s Singularity Platform solution into the Mimecast platform, allowing the correlation of threats with individual user behavior; surface high-risk employees; and deliver targeted interventions from behavioral nudges to adaptive policies.

Mimecast Engage customers can get the integration now for no additional cost.

People

Former CISA director Jen Easterly, a combat veteran and cybersecurity pioneer who has dedicated her life to national security, is joining Huntress’ Strategic Advisory Board … New Charter Technologies, a portfolio company of Palo Alto-based private equity firm Oval Partners, appointed Ryan Davis as chief information security officer. Davis joins New Charter from IBM, where he served as a business unit CISO.

Events

ConnectWise announced it is retiring IT Nation Secure as a standalone event, effective 2026. IT Nation will integrate the cybersecurity content into its IT Nation Connect conferences in Europe, Australia/New Zealand (ANZ), and North America annually. IT Nation plans robust cybersecurity tracks for 2025, with the expanded IT Nation Secure-style content and experiences beginning in 2026.

“With cybersecurity now embedded in every decision an MSP makes, it’s time for our event strategy to reflect that reality,” said Peter Kujawa, EVP & GM, Service Leadership and IT Nation, in a press statement. “We’re doubling down on security—just in a more integrated, accessible, and global way.”

Compliance

ThreatLocker achieved FedRAMP status for a special deployment of its suite of solutions operating in a government-only cloud. ThreatLocker is the only deny-by-default endpoint protection product in the FedRAMP Marketplace. The suite of solutions currently included with the FedRAMP Ready designation includes Application Allowlisting, Ringfencing, Network Control, Storage Control, and Detect.

By the Numbers

New Research: Ransomware, Like Lightning, Can Strike More Than Once

Almost a third of ransomware victims were attacked multiple times in the last 12 months, according to Barracuda’s Ransomware Insights Report 2025. Of those repeat victims, 74% say they are juggling too many security tools, and 61% say their tools don’t integrate—disrupting visibility and creating blind spots where attackers can hide.

In addition, many ransomware victims have insufficient coverage in key security areas. For example, 47% of the ransomware victims had implemented an email security solution, compared to 59% of non-victims. Moreover, 71% of organizations that suffered an email breach were also hit with ransomware.

Just under a quarter (24%) of the ransomware incidents involved data encryption, while a significant number involved the attackers stealing (27%) and publishing data (also 27%), infecting devices with other malicious payloads (29%), installing backdoors for persistence (21%), and more.

An Escalating Threat

The research also finds that:

• 57% of the organizations surveyed were affected by ransomware, including 67% of those in healthcare and 65% for local government.
• Ransomware attackers have a one-in-three chance of payout. 32% of ransomware victims paid the attackers to recover or restore data, rising to 37% among organizations affected twice or more.
• 41% of those who paid a ransom failed to recover all their data, for a variety of reasons, such as the decryption tools provided by the attackers may not work, or files were damaged during the encryption and decryption processes.

“The findings make it clear that ransomware is an escalating threat, and fragmented security defenses leave organizations immensely vulnerable,” said Neal Bradbury, chief product officer at Barracuda, in a press statement. “In many cases attackers can move through victims’ networks, gaining access to devices, data, and more without being detected and blocked … A unified approach to security centered on a strong integrated platform is vital.”

The report is based on the findings of an international survey undertaken by Barracuda with Vanson Bourne, gathering insights from 2,000 IT and security decision-makers across North America, Europe and Asia-Pacific.