Most MSPs have exposed attack surface

MSPs everywhere are concerned with attacks against their tools — and for a good reason. Attacks against MSPs are rising, and large-scale ransomware attacks can be catastrophic for an IT business. MSPs face the difficult task of defending against organized cyber criminals, who often have more money and resources than the MSP.

In response to these threats, many MSPs are having conversations about risk. They are taking a multi-faceted approach to secure their internal tools — but the current best practices don’t fully solve for the issues of enumeration or granular access controls. For example, the paradox of restricting access to an RMM system is challenging to solve, and some MSPs have tried to home-brew solutions with mixed success.

Having experienced this problem firsthand, we created Reverse-proxy-as-a-Service (RPaaS), a reverse proxy designed specifically for MSPs. This monthly subscription service offers a drop-in solution to deploy all the needed security layers to protect self-hosted MSP tools. It reduces the attack surface by implementing eight different security controls that work in concert to achieve security best practices.

While proxy service was first designed for Connectwise Automate, today, it brings the same level of protection to a growing number of MSP tools. MSPs across the globe use our proxy service, which complements the security practices of every MSP with self-hosted tools.

Available in:


Easy DeploymentInitial setup takes less than 15 minutes
Multi-Layer8 different security controls are integrated into the implementation
Fully ManagedEnjoy enhanced security without adding management overhead
Designed for MSPsAll parts of the service are designed with MSP workflows in mind

Supported Applications

ApplicationProxy SupportWAF Support
Connectwise Automate
(including Cloud Hosted)
Connectwise ScreenConnect
Connectwise Manage


Obfuscated FQDNsAvoid DNS and certificate enumeration with FQDN obfuscation
HTTP header hardeningProtect against client-side attacks with proper header hardening
TLS cipher hardening Use robust encryption (while keeping legacy compatibility)
IPS scanningProtect against transport protocol attacks
GeoIP restrictionsReduce surface area by only allowing known countries
Custom built ACLsCreate custom access controls tuned precisely to your use cases
Connection log shippingSend all connection data via Syslog to your SIEM or SOC
Custom domain supportBring your own domain for branding and ease of transition
HA cluster readyScale your infrastructure with HA clustering and load balancing
Self-service APIMaintain your ACLs and view diagnostic data with our API
WAF add-onPerform deep inspection and stop Layer 7 attacks with our WAF
CW Certified integrationRest easy knowing that our solution is certified and supported
24x7x365 SupportEngage with our support team any time day or night

More details

By default, many MSP tools will have weak TLS ciphers, reveal their underlying technology stack, not implement HTTP header best practices, accept all connections, and be vulnerable to enumeration in tools like Shodan. A reverse proxy can help an MSP address all these issues and add further layers of security to protect against attack. Below is a recorded webinar displaying this feature set for Connectwise Automate.

Next Steps

Ready to get started?

Please fill out the form below if you’d like to set up a trial of our proxy service:

    Need a quote?

    Use our self-service quote form below to get a quote delivered directly to your inbox.