Introduction: Modern security challenges for MSP software providers

ConnectWise, established in 1982, provides business automation software that powers thousands of managed service providers (MSPs) globally. Like many software companies experiencing rapid growth through acquisition, ConnectWise manages a complex technology ecosystem. As their platform and attack surface expanded to over 43 products, so did the need for a more scalable, proactive security solution to detect trending vulnerabilities and manage their external exposures.

The Challenge: scaling security across a growing portfolio

Before implementing ProjectDiscovery's Enterprise tier, ConnectWise's security team faced significant scalability challenges with their previous solution. In addition to leveraging industry-leading enterprise security solutions and bug bounty programs, they heavily utilized custom scripting to address security gaps, often performing manual scans and managing fragmented workflows across multiple cloud providers.

Senior Director of Security Operations Jason Ferguson shared, "Our attack surface continued to grow and mutate as we rapidly acquired new products and technologies. Traditional tooling often left quick wins laying on the table." The team struggled with limited ability to manage rules at scale and unclear update cycles, while maintaining custom security scripts became increasingly burdensome as roles and responsibilities evolved.

The challenge intensified during the pandemic when the security landscape shifted dramatically. "The market was flooded with researchers utilizing vulnerability reporting and bug hunting for primary or secondary income," Ferguson explained. "This created an unprecedented scale of security research activity."

Seeking a more integrated approach, ConnectWise adopted ProjectDiscovery. Its automated scanning capabilities and customizable templates immediately demonstrated value.

ConnectWise chose ProjectDiscovery due to its strong open-source adoption and efficient scanning capabilities. Having previously relied on custom scripts and open-source tools like Nuclei, the team trusted ProjectDiscovery's reliability and active development. The platform's ability to create custom Nuclei templates and conduct targeted scans provided a tailored and scalable solution.

ConnectWise selected ProjectDiscovery over competitors like Tenable Cloud for its community-driven agility. With continuous Nuclei template updates, the team confidently identifies vulnerabilities as they emerge.

Implementation: An easy and straightforward integration experience

The onboarding process was remarkably efficient. Ferguson described how quickly they could segment their complex infrastructure.

Key implementation benefits included:

Real-world impact: The ScreenConnect vulnerability response

ProjectDiscovery proved invaluable during a critical security incident involving ConnectWise's ScreenConnect product. The team used the platform to quickly write Nuclei templates for identifying impacted hosts at scale, independent of internal licensing and check-in systems, providing a deeper outside perspective and enabling continuous monitoring of worldwide patching progress. The ability to parallelize scanning improved performance dramatically, allowing ConnectWise to track vulnerable instances across multiple regions and coordinate response efforts with partners.

During the initial proof of concept alone, ProjectDiscovery identified several lower-severity issues that other traditional scanning tools had missed. When chained together, these issues presented a direct risk requiring immediate remediation.

Results: faster discovery, better coverage and community benefits

After adopting ProjectDiscovery, ConnectWise saw immediate improvements in their security operations:

Conclusion: A foundation for scalable security

ProjectDiscovery has become a bedrock of ConnectWise's security strategy. By automating vulnerability detection and leveraging community-driven security knowledge, ProjectDiscovery allows the ConnectWise team to focus on delivering value to customers while staying ahead of potential threats.

Ferguson emphasizes that the platform's impact extends beyond just tool replacement: