‘This isn’t necessarily for the tech folks. It’s for the people selling the service. We’ve talked about attacks for years, but now it’s about the business case. This is no longer a nice-to-have, it’s a need-to-have if you want to stay in business,’ says Cavelo CEO James Mignacca.
Attack surface management startup Cavelo has rolled out a new way for MSPs and MSSPs to start security conversations faster, and turn them into business drivers, with the launch of Cavelo Flash, an agentless, near real-time risk posture assessment tool designed for prospecting.
The idea behind Flash came directly from partner feedback, according to Cavelo CEO James Mignacca, who said the Kitchener, Ontario-based vendor realized many MSPs weren’t struggling with the technology of cybersecurity but rather the business of selling it.
“We’re not transaction selling, we’re relationship selling,” Mignacca told CRN. “We were an MSP 15 years ago, so we understand what MSPs actually care about. At the end of the day, it’s great to build technology, but let’s be honest, MSPs care about new logos, MRR [monthly reoccurring revenue] and building new services they can sell.”
[Related: How Autonomous AI Cyberattacks Will Transform Security: Experts]
Traditionally, establishing a security risk baseline revolved around stitching together vulnerability scans, penetration tests, scorecards and third-party services, the CEO said. That process can typically be slow, expensive and often outdated. Smaller MSPs, in particular, struggle to compete due to the cost and operational overhead. Cavelo Flash is meant to flip that model by making risk assessments fast, lightweight and usable in sales conversations.
“What we learned from our partners was simple: lead gen,” he said. “There’s no MSP out there that doesn’t want new customers. So we went backwards and built a product that’s really about sales enablement.”
With Flash, an MSP can enter a prospect’s email address during a conversation and generate a one-time report in minutes. That report highlights vulnerabilities, sensitive data exposure and configuration risks without requiring an agent to be installed.
“You can’t go to a prospect and say, ‘Hey, trust me, install this agent,’” he said. “They’re not going to do it. This is about building trust. You’re giving them something tangible they can actually see and understand.”
Flash includes vulnerability management, automated data discovery and classification, and configuration management, which all can be used as a gateway to the Cavelo 360 DSPM platform. Cavelo 360 is a data security posture management platform that enables continuous monitoring, automated remediation and actionable insights.
Mignacca said Flash is even suitable for emerging MSPs trying to break into cybersecurity services without making a large upfront investment.
“A lot of MSPs don’t want to spend all this capital building out a full platform before they even have customers,” he said. “So we’re reversing it. Use Flash to build a book of business first, then move into continuous monitoring with the full platform when it makes sense.”
Rather than focusing on isolated vulnerabilities, Cavelo’s broader platform looks at risk multidimensionally including where sensitive data lives, who has access to it and how vulnerabilities intersect with real business impact.
“By leveraging Cavelo Flash as a prospecting tool, we’re able to identify vulnerabilities that directly affect a client’s cybersecurity posture,” Wayne Hunter, CEO at Allen, Texas-based Avtek Solutions Inc., said in a statement. “Cavelo Flash gives us the insight we need to properly scope new prospects and tailor the right solution from the start. That clarity translates into immediate impact, and that’s something our clients notice right away. It’s helped us boost customer satisfaction and build trust from day one.”
Looking ahead, Mignacca expects Flash to evolve alongside new risk vectors, particularly AI.
“AI is just another asset in your organization,” he said. “Who’s using it, how are they using it and what sensitive data is going into it? That’s going to be the next big area of risk, and we’re already thinking about one-time AI risk assessments.
“This isn’t necessarily for the tech folks,” he added. “It’s for the people selling the service. We’ve talked about attacks for years, but now it’s about the business case. This is no longer a nice-to-have, it’s a need-to-have if you want to stay in business.”
