Two Lessons from Amazon

| 0 Comments

Amazon is now advertising on their boxes that they are “made with less material.” They actually have taken it a step further in some areas, doing away with the boxes completely. What can we learn from this?

First, the Amazon is not straightforward, to say the least. Their page goes over all of the environmental benefits (important for point two) but fails to mention their skyrocketing fulfillment costs.

Amazon’s success means incurring massive shipping costs. Their shipping costs are as much as the annual GDP of Tanzania (which itself is 75th in the world).

Clearly, Amazon can make more money — billions — by saving on packaging.

Amazon Fulfilment costs by Year – Statista

Lesson two: going green can be good for business. It isn’t always a cost-saver and I won’t pretend that it is, but reducing waste is an easy win for companies and the environment. Amazon’s website says that they’ve reduced per-shipment packaging by 41% since 2015. If if this was only a moderate cost savings, say, 10%, that would be $32,000,000,000 since 2015.

Let’s play devil’s advocate and hypothesize for a minute that Amazon was trying to do this out of the good of their heart for years and had to spend billions on R&D to make it happen. What do you think the ROI would be? Spending $10bn on waste reduction would still be a 3x ROI.

Investors would do well to consider that environmental and businesses wins can align.

McCarthy’s Weakness

| 0 Comments

Edit: Sep 30 2023 Update

McCarthy made a shocking decision today, governing over keeping the gavel:

But McCarthy shocked his party — and most on the Hill — by deciding to put a “clean” bill on the floor that could be enough to doom his speakership. The short-term funding patch that passed includes none of the GOP’s spending cuts or border policies. The only addition: $16 billion for disaster aid sought by the White House.

[It] passed the 45-day stopgap funding patch, 335-91, with help from more than 200 Democrats and 90 Republicans voting no. It’s an unexpected move that is certain to accelerate a far-right rebellion aimed at taking his gavel.

This increases his odds of keeping the speakership: an attempt to strip him of it was certain, with this bill he may peel off enough Democrats to keep him in the seat.

Original

Kevin McCarthy’s major weakness isn’t that he can’t quite find a political fit for who he is, nor is it the sense that he keeps track of which way the winds blow.

His problem is that he likes and wants his job, and everyone knows it.

Speakership under a Republican Party is a special place in hell. There isn’t anybody that’s particularly happy with any decision you make, ever, and a plurality of your peers don’t care to help you keep the gavel.

A speaker needs every vote to remain speaker, he or she can lose precious few. This allows any small band of party members to make life impossible for whatever reason. They don’t like the politics of a deal, they don’t like you, it’s Tuesday.

But this trick only works when you have something to lose. This was Paul Ryan’s strength: he genuinely didn’t seem like he ever wanted the job. He trounced his opponents in every primary and general election from 1998 forward. Want to take the gavel away? Have at it. Who wants the job anyway (answer even at the time: Kevin McCarthy).

And so Ryan’s indifference or perhaps antipathy towards the speakership insured that he kept it.

McCarthy has the exact opposite problem. His love for the gavel ensures its loss.

For whoever wants to keepeth their job, must foresake it.

A contrarian might say that Pelosi proves me wrong. I disagree, Pelosi is fortune enough to have Trump as a foil, the most unifying figure in Democratic Party history.

We basically run a coalition government without the efficiency of a parliamentary system.

Paul Ryan

It’s the case for both parties — but one of the coalitions is willing to stick together, at least until the opposition is truly failing.

Is $600/mo for a used car crazy?

| 0 Comments

WSJ has an article hitting on how rising interest rates are hurting consumers. Not exactly stunning stuff.

But this graph blew me out of the water. Car payments are now $800/mo new and $600/month used? The most I’ve paid for a car is $20,000 (used) and the payments were a little under $400/mo.

But sure enough, for a moderately priced car that’s the math.

$594/mo for a $30,000 loan at 7%
$545/mo for a $30,000 loan at 3.5%

Of course, the interest rates only tell part of that story: doubling the interest rate only increases the payment by $50/mo. That’s also misses part of the picture, at current inflation rates that $50/mo will be “worth”$60. (5 years of 4% inflation)

The prices of cars are so much higher across the board. These two charts from FRED show the relative price of used cars and new cars. Note: this doesn’t show direct prices, it shows the increase or decrease compared to 1984

Which means my $20,000 purchase with 2018 interest rates would now be $30,000 +/- Double the interest rate and I’m at nearly exactly $600/mo: right what WSJ reported.

2023 Q3 Kaseya’s Datto EDR & RocketCyber Update Webinar

| 0 Comments

Sorry, “innovation update” webinar.

None of this is confidential to the best of my knowledge. The webinar is recorded and I expect all of the new features to make their way into the documentation if they haven’t already. Quotes are best effort, I’m typing them up as they go, so they might not be exact. Some quotes have been cleaned up for grammar and spelling. Finally, the post isn’t chronological, I ordered things so that it fits into understandable narrative.

Today’s webinar features Mike Puglia and JV Varma.

My Key Takeaways

If you paid attention to the other recent product updates, you’ll find the same things here. Better Autotask and BMS integration, especially for billing, ability to launch the Datto RMM web remote from the other product’s console, integrations with Compliance Manager.

Q3 and Q4 updates look like they are addressed at real MSP issues. It also looks like they have Huntress in their sights. Maybe they couldn’t buy them?

I’m also a fan of adding the same capabilities across all the products at once: PSA billing integration, RMM Web Remote launches, Compliance Manager integration, etc. It makes the whole product line more coherent and I can trust expect that I’ll have similar features across products.

Datto EDR

Integrated billing with Autotask and BMS. This is not surprising; they announced a similar feature for Datto RMM in an earlier webinar. To repeat myself, I’d guess that on average, MSPs have 2-3% shrinkage. Eliminating this would be a huge gross profit boost to the industry.

Now – if only Kaseya could bill us MSPs correctly!

Ransomware Rollback

Moving into GA, not available to all partners until EOM.

From the screenshots it looks to me like it can’t be much past beta, the UI is a stock .Net UI, the controls don’t even adjust vertically with the expanded windows – but they do horizontally.1

I’d be anxious to test this. I wonder if it is fast enough to catch all of the files in the newer Rust-based variants of ransomware, some of which are said to be so fast that the encryption is over by the time you’ve isolated the process.

I would also like to hear how it works with cloud storage. What happens if I rollback hundreds of files to OneDrive? Those kind of changes don’t always play nicely.

This isn’t ransomware removal or a BCDR replacement.

Back to the EDR

You can launch the Datto RMM web remote from the EDR dashboard. Another feature we’ve seen come across the Kaseya product line. BMS integration? “Early 2024”

There are now alert suppression rules. I’m not a Datto EDR user, I’m surprised that this wasn’t already a feature.

Especially for a product for the Channel, alert fatigue is real and it should be a core part of any mature product.

If I understood, hashes are only supported as of now. Wow.

“EDR by its nature is a little chatty.” You don’t say.

A quick aside here, we have the opposite problem with Huntress, which is so quiet it is nearly impossible to know if it is doing anything, other than taking their word for it. We’ve got porridge that is too hot and another that is too cool.

Upcoming EDR Things

Your clients will be able to listed out as separate organizations, with locations as you want. Again, I’m not a user but, this is new??2 How do you have a non-multi-tenant product in the Channel?

You will be able to automatically sync EDR locations based on the RMM site3. The RMM is “the source of truth.”

This is an interesting choice, a sync to IT Glue would make a lot of sense to me, the difference, I suppose, is that ITG philosophically doesn’t write back to integrations.

How is SSO going to work? Do I need a Datto EDR login and an RMM login? What if my permissions are different?

You will be able to schedule scans4 by site (and location?)

JV states that you don’t have to switch back and forth between the EDR and the RMM but doesn’t show if you can jump from the RMM to the EDR. If we are going for labor efficiency that is just as important as EDR to RMM.

Policies

You can go beyond global policies that you have today, and can apply policies to specific sites or locations.6 Coming in Q4.

Automated Responses Coming:

Some rules will let you customize the response but “with great power comes great responsibility” and you can’t edit all of them. “We have to make sure that you are not causing undue stress to the system… such as isolation.” I really wish I had been live to ask what that meant. Whose system?

RocketCyber

Mike reminds us to turn on two new apps. I thought that AI dog was supposed to do this?

IOC Detection

This came out a bit ago. Mike straight up causes it threat-hunting. Watch out Huntress. Related: it is interesting to hear them call this out as part of RocketCyber but not Datto EDR. Assuming this is trying to get some marketshare away from Huntress, why not add it in both places?

Integration with DarkwebID. Oh yay. Now I can get IDAgent alerts in two places (guess where I can’t suppress alerts? Oh yeah, IDAgent) You actually have to create a user new user in DarkwebID for this to work.

PSA integration with AT and BMS is now available based on:

  • Firewalls
  • Agents
  • Agents + Firewalls
  • M365 Seats

As I commented above, this is a positive change. It solves a real problem that MSPs face.

Linux Advanced Breach Detection App

Sounds like IOCs for Linux?

Remediation

Many security incidents have automated remediation available. If RC has a script ready you can click a button to run it.

RC doesn’t want to be too aggressive, so they won’t take these actions for you. Huntress does the same thing, sometimes, not always. I have yet to have clarity from either company on when the SOC will take action for you and when it won’t. And what actions they will take.

I don’t know that it is a hill I’ll die on, but I’d lose a couple of limbs: if you can fix it, then fix it. The security threats are coming harder and faster every day. A key part of industry expansion and delivering more value is security automation.

Why can’t I launch the web remote from here?

Alert Syncing in RocketCyber and EDR

Acknowledge the incident on either side and it will be marked as acknowledged on the other.

Same thing with Autotask tickets. Resolve the issue in RocketCyber, closes the tickets. Close the ticket in Autotask, resolves the incident in RocketCyber.

Upcoming RocketCyber changes

Syslog collector, be able to ingest and store generic syslogs for 1 year. Sounds like standard formats only. Have a JSON webhook? You’re still out of luck. With great irony, as I imagine every one of there integrations is JSON on the backside.

Here is the business case for ingesting JSON: you (Kaseya) don’t know why I need it, for the same reasons I’d want to ingest raw syslogs for WAPs. Compliance, CYA, security incident investigations. Parsing and saving syslog messages is more complicated than saving raw JSON. All you need to do is save the source – I’d suggest giving each webhook a customized URL – and then save the text. Done.

Reporting: you can schedule to go out via email or run on-demand.

And you can choose…. Executive reports. More coming soon. Neither more nor soon defined.

The screenshot looks like it could have been designed by Huntress Which is great, they have nice looking reports our clients like.

RocketCyber Report Screenshot

Huntress Report Screenshot

This only shows one of six informative pages. Huntress still has a giant leg up.

SaaS Alerts Integration

SaaS Alerts integration is coming. Depending on how this works, it would be a major boost for SaaS Alerts against Huntress’ new M365 “EDR” (it’s a SOC).

It isn’t clear what else the SaaS Alerts integration will bring over. SaaS Alerts works with far more cloud applications than RocketCyber does, so there is a lot of potential for both sides.

Syslog data is now natively ingestible with Datto WAPs. Then switches, DNA, Secure Edge. Mike says that it hasn’t come earlier because the Datto Networking team is making changes to the logs specifically for RocketCyber.

Compliance Manager Integration

This is a major theme across all of the Kaseya product webinars (interesting that they didn’t mention myITProcess)

Notes

  1. Someone is going to tell me that the UI stuff is because Kaseya has focused on the core features first. Which makes my point: they haven’t had time to finish the product. Or if it’s finished, it literally doesn’t look like it.

    And look, it’s OK. I’ve launched products that were not as mature as they would eventually become. Just don’t call it a mature product until it’s actually grown up a little.
  2. See note 1
  3. See note 2
  4. See note 3
  5. See note 4

Brutal Red on Red

| 0 Comments

Regarding the impending shutdown drama:

Rep. Garret Graves (R-La.)…

“We’re in a situation right now … where the arsonists are out there, number one, whining that their house is on fire. Number two, are going to want credit that they put the fire out. And then number three, they’re going to set up a GoFundMe site to get paid.”

Brutal

Most Read