 Tom here from Warner Systems, and welcome to a special sponsored interview and technical demo. Sponsors are chosen from my channel based on what I feel is in alignment with you, the audience, and we'll be discussing either a product or having a conversation that I hope you will find interesting, engaging, or useful, maybe even all three. Now let's get to the sponsor for this video, which is SassLeo. We are going to be covering how they can uncover, manage, and secure your client's Sass ecosystem. This is a really cool product. We're working on using a demo right now at my office and testing it with our clients. This is a really interesting product when it comes to giving you really solid visibility into what's going on in the browser, where people are logging in, what they're logging into, and what, you know, email addresses they're using to do this. This is a real blind spot that, well, with everything going to the cloud, we need more visibility into. And SassLeo has a product for that. So me and John have a fun conversation about it. And so let's get started. Hey, John, how are you doing today? Hey, I'm doing good today. How are you, Tom? I'm doing great. And we're ready to dive into some data on this. And this has been fun because I've been testing the product as well. So it's not just a sponsored spot. I've actually found this really interesting. And we're looking at how we integrated to our stack because we have all these tools to get compliant to manage the inventory of software. But then what do we hear every day? We're in the cloud or everything's in the cloud. And we have some clients that just, well, many people are going to resonate with this. There's no on-prem servers anymore. It's all in the cloud. We still have to make an inventory of the things they use. It may not be the traditional software, but that's where you're like filling that gap in a very interesting way. Is just being able to collect all that. Where does idea come from? Well, first off, Tom, isn't it great that we don't have to worry about little server closets anymore with the new businesses? I've put in enough of those and finagled around them. Yeah. Now, they're not all gone. We wish we could get there, but we're getting close to it. I'm back and forth. I like some things on-prem still. When it's reasonable, there's use cases for it. But you're right. There's definitely lots of unmaintained servers that are the only thing they're doing is providing botnets a place to live. That's exactly. That's a whole other topic. But as far as an application standpoint, this is almost like a blind spot is this, you know, where are people going? Where are my people going? Because the first place I'm testing this, of course, is internally at my office because I want to know where are my people going? What are they signing into? Who has what? And you obviously seen this, you worked in the MSP space, so you see this as a problem yourself and probably led up to this. Yeah, exactly. And that was actually kind of perfect, right? The only reason I've climbed in enough little small data center rooms is because I've been in the MSP world. I spent 13 years in it prior to starting this business. But you're right. You're hitting on a key pain. Most small businesses today are really just born in the cloud. The ones that have a lot of prem are migrating most of it or predominant to the cloud, except for, of course, always great use cases. But back when I was still working at the MSP back in 2015, there were only eight SaaS apps for the normal company. And now we're seeing it up to like 135 SaaS apps. And I just remember back in the day, it was always guesswork. We were always trying to figure out what the customer is using. It was manual, it was tedious, it was error prone. And so it kind of bothered me, right? Because we talk about software inventory, you know, the RMMs do a great job of telling you what's on the computer. They'll let you know everything installed in the world. But the minute that user clicks Google Chrome or Microsoft Firefox, it's just a visibility gap. And so what it boils down to is MSPs have great visibility on the endpoint. They have fantastic network tools and collectors out there to know it's going on the network. Yet that number two line item on the customer's budget, which is probably SaaS all under them, it's a complete blind spot. So that's really all we started with was to solve visibility in the blind spot. And the product has changed and more so along the way. But that was our original marching mission. And I think part of it, too, that people don't realize is the onboarding off-boarding process. And until an employee is gone, something happens, they leave the company. No one always knows what that particular person was doing over time. Not just on a daily basis, but sometimes on a monthly cycle. There's so many different websites to have to log into, whether it's regulatory ones where they have to update information, upload information and keep those up to date. So having that list is not easy to get to go. This job role has these defined websites that they have to go to to upload this data. The other thing and data loss prevention is constantly everyone's trying to load an app to stop data loss prevention, but we already know where it's going. They're uploading it to the cloud. That's if they're if they're getting rid of the data. And I correct me if I'm wrong, but I think this happened at Google and even Google had got kind of blindsided by this because someone uploaded things just using a different Google account. So of course they're using Google accounts, but which Google account. And this is where unless you're in the browser, you don't have visibility in there. So that it's another spot. It's not just the inventory of things that people are going to. It's also what login do they use for Office 365 Dropbox? Maybe you have a business Dropbox, but I login to my personal Dropbox. So I'm not going to trip any alarms in terms of sim monitoring or any of the other normal stack of tools. Your normal web monitoring goes, well, yeah, they went to Dropbox. But what account did they log in with? So you you get that extra insight with that. Yeah, that extra insight is something we definitely matured into just out of necessity. I mean, Google had their incident. What was Tesla who had their incident with code being pulled out with developers in Dropbox? And even if you follow some of the latest security events, you know, where people are getting compromised during these apps and using personal accounts back to the Cisco breach. I know we did a big couple of weeks ago for our product around that Cisco breach response. But, you know, just it's a lack of visibility that has lots of problems that as soon as you start to pull open the hood, you start to realize, boy, what have we gotten ourselves into? And it's kind of fun because, you know, our partners are the ones that are telling us what they want to see and what they want to build. But going back to that off-board journey, I don't know, I feel like everybody here has probably dealt with that pain. Hey, what did what did Susie, the VP of Sales, use? You run a report from the R&M. She must have used Python, SDK, Java, the Java run time as Susie was running. Right. And it's interesting, because this came up again with one of our clients, they have someone who's higher up at the company. And, well, you know, because we haven't fully embedded this with that question is that they're they don't not know all the websites this person has access to because they knew they weren't using a password manager for a lot of it. And they know the person wasn't good. They were higher up C level person. And their fear is they can still log into sites, but they're not sure what all sites they are logged into. So this is the case. They're using .NET, just trust me, Tom. So let's demo the product. Well, so what's some of the insights that you get from this? This is this is where this is going to be fun. Yeah, absolutely. This is my favorite part. So, you know, being a technologist, this is this is something I can do every day. But we talk about some of these other things, right? You know, we hit on the Cisco thing. We talked about having a password manager last pass. And I know that we were just chatting before off screen a little bit about that last pass breach and your response to it. I love the response the way that you did it with your wife. That was hilarious. It sounds like that video is doing really well. Yeah, it's one of those things where it's it's how the common users see it. And us as people providing technology, we want to make things as easy as possible to read and to understand so they're actionable. And it's that impact with the general users. This is something I like about when you first log into Sasslow, you see the recent breaches and suggested actions. So you don't have to disseminate everything. Maybe you didn't even know Plex head of reach recently, but, you know, suggested action change passwords last pass does not recommend action on behalf, which makes sense to me after reading it. Some users panic, but it's but that's the point. I think not only do people not know what people are using, but because this is so new, especially for the industry that we serve the managed service provider industry, they don't know how to react. And so our team is not only curating all this data to help tell you what the customers are using and how to handle operational things like Sassops around onboarding and onboarding. We're also monitoring for Sass security events, opening up tickets in your PSA when those events happen and telling you or telling your techs what need to happen in that case. So in this event here, you can see, you know, we don't have any customers or environment with last pass, but we had five clients impacted by the slack breach. And we can give you the list of users, give you the list of clients and all that would pop up into your actual PSA. And so Sass third party security breach monitoring is one of those things that we really like giving because it's a really invisible area. Not only do you not know they're using slack, but you don't know when the breach happens and you don't know how to respond. And so we bring that together. That's just one of the areas we focus in on that. Right. And it's this is something if you don't know the inventory of web applications your clients using when there's an incident on those, you're like, what? I don't know. Do cool. This is a breach. But how many clients do I have using it? That's not an easy one to answer. I mean, I can pull my software inventory that I have through my RMM and say, oh, yeah, I know everyone using this in this version of this program. So we have to make sure this is all patched and updated for them. But the completely different animal once it goes into the web. Yeah. And in a lot of the cases, you really can't. There's not much free to do, but there's sometimes recommendations. But I put it this way, like the video with your wife earlier when she got the response from last pass is like, well, wouldn't it be nice if the MSP could at least communicate to their customers without having to wait for the vendors to tell them? Wouldn't it be nice if that person they're paying the money to came to them and said, hey, not only do we see this tool, maybe a shadow IT or something that shouldn't be there, but this is an incident that's happened. Maybe that, you know, promotes them into dealing with the situation of using Slack when it's shadow IT or something like that. No, let's touch on something that I probably should have started with was how you get this deployed, how you get this set up. This is this is an agent that runs on endpoints and a browser plugin option that you have as well. Yeah, so the beauty of our platform is deployment is simple. We it was built by text for text, really. I think, Tom, you can attest to that when you trial internally. But, you know, first off, we just integrate in the PSAs or the RMMs you've got. It's not that hard to set up the configuration. We make sure that each step by step integration guide is less than 10 steps. And when you deploy, so you just deploy it once into your or you configure it once in your RMM. And then you can press the button on to an endpoint. And when it deploys on the endpoint, it configures the client and the Sassler dashboard. It inherits all the partner application stack rules. It inherits all the other workflow rules, like alerting on data breaches, alerting on high-risk shadow IT. And then it builds it and then curates the rest of the data moving forward for you for things like your QVR lifecycle, which we recommend or putting data into lifecycle integrations or some of our other integrations. And so the platform itself deployment pushes a endpoint agent out. And then what it does is the configuration of the client screen here. And then that endpoint push actually will also configure the browser extension. Those two things are actually talking in tandem. So the endpoint agent, the browser extension, maybe people don't know under the hood. They're actually full-time communicating to understand which users logged in on the device. What user are they logging in into in the browser? Do we see any security events there? It's capturing data, upload data, download, none of the sensitive contents, but the type of data, the name of the file, like we probably shouldn't see password.xlsx upload in the Dropbox, but we do. And yeah, we do. We should never even see password.xls, all right? Yeah, you should never see it, period. That can be its own tool, like password Leo, if that exists anywhere in your computer, password should not exist. But yeah, that's where we catch that rich user metadata up in the browser extension and behaviors inside the browser. And this is something I want to point out. You're not doing this by doing a man and a middle certificate, correct? You're doing this all by the browser plugin. Yeah, and that's the beauty. The deployment, you don't have to go configure the network. You don't have to go set up rules inside your firewall equipment. You literally just push a button on your endpoint and start getting rich data. And that's important because this way it does not interfere with other tools a lot of people have that do because it's necessary. The man in the middle, if you're using some type of web filtering tool, it's going to want to install a certificate. Many enterprise firewalls or enterprise proxies have a certificate in there. And you don't want to have more and more certificates where they're fighting or competing with each other. And sometimes you have to put in certificate bypasses because it brings baking websites because of certificate pinning. The one thing about doing it in the browser, you're at the point before the encryption or after, depending on how you want to look at it, but you're on the unencrypted side. That's how you're able to see which one of the things is going into. You're able to get into like, hey, I can see you logged in with this username and Dropbox or this username in Office 365. Yep, and exactly. That's how we're able to catch some of that data. And to be fair, that puts the onends on us and we're really confident in what we capture and being very cognizant of what we capture too because we are at that layer capturing data that doesn't put any level of risk to the organization. They're just usernames, stripping query parameters out of any data that might get there. I mean, as engineers, we've thought about these data points that are out there that we could be catching. And so we're really cognizant there and make sure we're only presenting tactical data to the MSP that needs to be there as a result. Yeah, because you don't capture the password field, but you do capture the username. Yeah, the obvious stuff. Yeah, goodness, I don't want that data. No, you don't want the liability. No, not at all. But we make sure we do it and we also are really cognizant in how we collect it because the reason we want that information is to help guide recommendations internally, people using personal accounts or people using service accounts or shared accounts to access resources. But even further in the browser extension, we're now capturing like OAuth flows. So we can actually see when a user is logging in with Google or Microsoft that OAuth consent. We could see some of those security events now. And the reason we find that important is because we actually are now correlating that to the third part of our collecting mechanism, which is the integration into either workspace or Microsoft 365. And so we can correlate a single sign on OAuth flow in the browser against a single sign on OAuth flow from 365 to make sure there's a matching indicator. Capturing weird events, we can start flagging things that aren't being driven by the user. Yeah, and it's really interesting too. You think of application security logs as something you would dump from having an endpoint on there watching the app usage, but watching the browser usage and pulling up, it is the same thing. It is applications used even though they're web apps, but you do get a lot of rich data from this and allows you to do different triggering on it. I mean, it's very actionable intelligence. This has been fun as I've been playing with it myself. Yeah, and I think what's honestly the most fun, Tom, is we get a lot of partners who will take our data, spin it out, configure a web hook out to their data ingestion engines. The things they do are far more fun than the things we can ever think of. We're just trying to build this stuff that people are already hacking together in their MSPs. I mean, this data has lots of merits and value. It's just useful. It's really fun actually watching the partners push us in different areas on how they're taking it. So what are some of the things you already have built in for actioning on security alerts, essentially? What is the anomaly that you would see or something commonly you see in their insight that would trigger to help you know that something's going wrong? Yeah, yeah. Now, that's where we have a lot of pre-baked things and it really comes down to configuration. One area that I think Sausageo does excel in is it's beyond the tech. It's really coming from our whole founding team were in the MSP business before. So everybody that has the lens, whether it's implementation engineering or sales has the lens of MSP. So what we can do is we can alert on too much or we can alert on too little. We've figured out a nice little magic middle ground but we can alert on any time that a user is using a service account, anytime somebody installs or accesses a new application or puts their data into a new application. We can query those down to do we only want critical apps? Like, anybody signing up for new file sharing tools? We should know about that. Anybody signing up for a new marketing platform? Maybe it doesn't matter. But when that marketing platform, let's say Melchimp was signed up for and we don't alert on it, when it gets breached like it did earlier in the year, we wanna know about that event. So it's about fine tuning it but shared accounts, service accounts, data breaches, mismatch single sign-on, new apps, all sorts of things we can do alerting on but a lot richer when we get to the reporting side of things. Yeah, I think this is cool too because I can't answer the question yet. I don't know exactly how many of my clients might be using Melchimp. I mean, you know, cause we do a lot of co-managed IT so maybe their internal IT department knows about it. Maybe they don't. And this is one of those things in Wonders of Breach you need to tell people actionably because they probably, and this is back to the end user experience, something got breached. I don't, maybe that looks like a phishing email because I've been trained on those. I'm just gonna delete that thing that says it's probably just trying to get me to click on something or reset my password. And then I'll be talking to the IT department about this phishing email I clicked. I'll just ignore it. And this way we're the ones calling the users, doing an interactiveness with them, going, no, Melchimp really did have a reason you should reset things or, you know, possibly you lost data or something may have happened. Like, here's the action. Here's us having that conversation with you. Well, and that's the thing. I mean, you don't need to know that Melchimp happened as like a frontline ticket. But when you're building conversations with your customers, you may want to know it's there so that you can talk to them strategically. I always make one joke, Tom, and I have to make it on this webinar. It's not really a good joke. I think it's funny, but like, I always say that like, nobody ever wakes up deciding today's the day for a new SaaS tool. Like today's the day I'm finally using Dropbox. Like, I've held off long enough. But the reason that happens is because they're just trying to solve a business problem. And so, if you ever want to hear me get really passionate about SaaS and the management thereof, you'll hear me start talking about like, talking about SaaS and the vision of business problem solving. Imagine as an MSP, you're going from, I didn't know they had Melchimp too. I know they have Melchimp. What business problem are they trying to solve? Oh, I didn't know they were trying to solve this. Maybe I can help inject myself here and support them better here. Or they already have a tool that does this or we have a better tool that can solve this. Or think of the strategy that you can really have when every app that you're bringing visibility into is solving a business problem. So that's why I get excited. I think that's really an interesting perspective because if you are not just servicing your technology but also trying to make them more efficient by knowing what apps they use, you can even have some insight. Like, you know, it'd be better if you use this or these apps may work better for you. So that comes back to like strategic business planning more than just quarterly business review, but like truly acting as like a VCIO. We're like, all right, I'm going to help you guys with your information and help you do something more efficient. But first I need a baseline of what are you using now? What are those tools? That's a hard question just to ask at a table. It may be known, it may be lesser known, but this gives you like empirical data. This is, here's everything. Here's everything you guys are using now. By the way, you're paying for subscriptions and things like that you may not know about. You know, because someone logs in once a month in this other department and you guys already have a company, one over here that they're logging into. And this person uses their personal Gmail to plug them in over here for some reason. And Tom, you hit it on the nose. Actually, it was one of our first go-to-market partners is they used our tool for AutoCAD license remediation. But what you hit on the nose was the fact that this belongs in the QBR. So one thing that's important to realize is there's a lot of alerting that's going to be part of your functional knock area where, you know, high-risk events, things that you need to look at, things you need to talk to your customer about, but where the real meat and the value that we see our partners extracting out of SAS is that QBR cycle. Because here's the deal, you know, people are first overwhelmed, you know, the 50-person company that has 147 apps, where do I begin? And if there's any takeaway from us, whether you're using Sassio or whether you're using some DNS logs and building your own tool internally or whether you've got another solution that can find these SAS, the key things to talk about is, and the way that we found our partners being successful is talking about the top 10 shadow IT, right? You know, in this portal right here, we've got about 190 apps. But imagine going to your quarterly business review where you're normally talking about timeline objectives and where you're going to take their IT, but also, you know, taking 10 minutes of that QBR and saying, hey, since we last talked, these 10 new shadow IT resources popped up in your organization. You know, these are the people that are using them. Here's the risks we're dying about it. Like, should this be sanctioned? Should this not? Is there a project here to get this properly rolled or not? Should we take this innovation that this one employee has had and elevated across the organization? There's opportunity in the shadow IT to talk, but it's strategic. We really, here at SAS, you don't have this vision that shadow IT is a slap on the wrist approach. It's a, you know, elevating that innovation out there. And we enrich you, I mean, with the data you need to talk to your customer, you know, if you see intercom and an organization, it's not just an icon, it's rich data around the users, how they're spending time in it, how they're accessing it. If there's security events across it, things like that. And I think, you know, back to the cybersecurity side of this, right now, business email compromise is huge. It's not talked about because it's not as much fun to talk about as ransomware, but a lot of this comes from not necessarily, and Cisco's case in point on this, not necessarily someone figuring out because you've got the best protection, you've got all the filtering in the world on your business email. And then they logged in with the Yahoo address and you didn't realize it. There was a social engineering attack a few years ago that happened on a city. And the way they did it was the city blocked the attack properly with all the good mail filtering, but then the person called in, hey, I'm a contractor for something. Can you open this file attachment? Oh, I don't see it. Oh, do you have a personal email address I can send it to? And the person gave them their Yahoo, they logged into their Yahoo address and the ransomware fun began. Clever social engineering and all it took was them logging in there. I mean, you can try to block mail.yahu and those are good things to do, but not everybody does that. Not everyone has always the sophistication. And also it's harder to block Gmail if you're a G Suite company or some of the Microsoft sites because you can log in with a personal one on some of those sites. So that's comes back to you flagging anytime someone logs in with a non-business email address. That's one of the things you can completely trigger on, right? Yeah, absolutely. And this is actually one of our components in the shadow ideas. How much of this is work log in versus not? And you can see the breakdown here, going through the filter, a lot of work usage is good, but then we start to see the break off. And this is where we get into personal. And in this case, we may not see an incident where there's a blend, but in a lot of real world examples, we'll see a breakdown where there's, 50% of the apps are all work sanction, maybe 20% of the app are personal. Then we've got this weird middle ground where some people are accessing a resource with a personal account. Some people are accessing a resource with a work account. And those are areas that will highlight every one of our apps actually we have a, in the background a shadow IT score and it's impacted based off are people that using work and personal being blended is a high risk app. Is it lots of people or is it siloed? And that's when we present here in this screen kind of those top 10 things to talk about. Yeah, and this is comes back to the onboarding, off boarding, for example, someone leaves. Oh, they logged into this site. Good, we have that. Oh, what'd they use? Oh, they were using their personal email. I need to do a password resex. I don't have their password. And we already, that person has already left the building. They're gone. They don't work here anymore. How do we get access to that? Oh, yeah. Now it's not registered to the company address. You know, we can't just redirect that email. Boy, that's happened unfortunately a lot. That's Well, and that's usually one of the areas we get pushed into a lot. We're really innovating in our employee off board area because the reason we actually rolled out a single sign on detection was to make life easier for our MSPs when it came down to off boarding and onboarding. And so, you know, one of our key reports here is like this employee off board report and checklist. And this is something we've rolled out to help, you know, focus on what tactically needs done on pullover version we have here of that same user. But like tactically what needs done. And the reason I want to pull this here is to bring light to some of these things. First off, how many apps were being used with single sign on? So when you remove them from 365, what are you also revoking them from? Being able to present that right here as a frontline item. What apps did you were not part of a single sign on? So Adobe connect for instance here, you didn't take them out when you off boarded them your line of DMARC ended here because you weren't able to get them out of Adobe connect. Or in this case, it looks like this MSP may have flagged themselves as managed by partner. So they know now on their checklist to go into Adobe connect. But also where the desktop apps that they were using that by revoking access to the endpoint you'll be able to revoke access. And this is kind of the screen for the partner to look at but this is really the screen for the client to look at. Okay, here are the things that aren't managed by my partner. My partner doesn't take care of the GoDaddy account that's managed by Ralph internally or code creators in Cornerstone. These things are stuff that my MSP either doesn't know about or doesn't have access to remediate out wasn't merged in a single sign on and this is what's left for me. And this becomes really valuable when off we're in the part customer or a key employee like earlier because now you know what you weren't able to clean out so that you can give them a line of things to say, hey, maybe we should take care of that moving forward for you. But right now let's work together to get this stuff out of here. These are before you off for an employee really important to run because this is where you get that answer. Did they log in into how many of these with their personal email addresses so we can start working towards that change. And by the way, the PDF reports are pretty slick that come out of this. I was playing around with those that easy to do, easy to set up and print. Yeah, well, and one thing also that does flag in a lot of these cases here that's not in that pre-canned one I have there not only just one account but what are the other accounts they're accessing? Are they using a service account like general at? Are they using personal accounts down to some of these resources? This key user I chose maybe doesn't have it here but were they using personal logins? And they will also show a little alert icon and show you a segment. So for instance, if Dwayne managed to use QuickBooks with somebody else's account we'll show you the other users that were using that account that now by rotating out that service password you need to inform those other people that were using QuickBooks. Hey, you were sharing with Dwayne, Dwayne's leaving we need to rotate that password. So trying to give them a real tactical checklist of things to take care of because right now it's just guesswork and it really just doesn't get done in a lot of cases unfortunately. Well, and this is nice to help us build that list because I know plenty of people have this in a spreadsheet somewhere. It's usually enabled web sign in passwords.xls. Yeah, yeah, not passwords, yeah. Yeah, now last thing I wanna touch on is your ability to have visibility in a browser does that include right now or will it in the future the ability to see whether or not they've turned on things like password saving as an option? I know there's something you were looking at. Yeah, so one area that we're continuing to add data around is the password area and how they're leveraging the actual password itself. We do have a browser account security report we'll enhance and enrich this thing as we mature. If you ever follow me on LinkedIn and hear about how we're doing releases it's really partner influenced we're directly tapped in building what their requests. So whereas we may not see password syncing or other things like that we do collect a handful of browser configurations and all of the data we collect is presented out to the customer for them or for you the partner to see. Like this case here was our reaction to Cisco when they had a personal login be part of a compromise we would see where they logged in up here in the browser with their personal account or where they logged in down in the actual browser with their work account. So we brought this to light. We found on average, by the way this is interesting about 52% the average across all of our customer base 52% of users are using work accounts 30% are using personal accounts and the rest just don't have an account. Yeah, wow. Which is a lot of users with potential credit card data saved or a lot of users with potential password chains saved or any litany of things that probably just shouldn't be in there. And for context what happened with Cisco was someone was logged in with their personal Gmail but using stuff in the browser from Cisco and then they hit save password. So even if they're using a password manager their personal account synchronization was synchronizing the business account passwords within there. And then someone logged into that account to get the passwords they needed for things because the password syncs. So I was like, I do is get that person's personal Gmail I synchronize a browser logged in as them now I have all the passwords that they had saved in that browser. It really creates a scary scenario. Well, it does. And these are just one of the many things we're trying to solve this whole the minute we pulled, I joked earlier we lift the hood, the minute we lifted the hood it got wild. So one thing that we have done and this can help kind of summarize here we've touched maybe five or 10% of the platform but what we do is create something for you as the MSP called the SAS Health Score. And that's our guiding principle that is all these different things it's personal logins into a browser account it's shared accounts, it's services accounts it's shadow IT, it's, you know all these litany of issues boiled into a score. And the beautiful thing is when you're talking with your customer during your QBR life cycle presenting this SAS Health Score we present kind of those top 10 remediation steps per score. So how many things are shadow IT that need remediated? How many of those things are core IT that need remediated? How many shared accounts have we seen since we last worked with you? We didn't even talk about the QBR stack or the application stack rules that we can build but it's all these areas that we give you tactical stuff to talk to your customer about versus, you know, personally I would say it's a bit overwhelming for most MSPs who are going from nothing to all of this. So that's where we as a not only technology vendor that came from the MSP but as implementation managers, as engineers are trying to focus on teaching the MSP what SAS management means is it's really nascent in the industry. We're just excited to shepherd a tool in and build a practice around it. Yeah, and this is one of the cool things too you have the talking points in your reports so it helps guide you through what you should be talking to the customers about so you're not just umming through a bunch of data you have talking points in there which I think is really helpful. Yeah, and to that degree the only thing I'll mention that would be remiss if I didn't cover is in those talking points and this is what actually this shows why I love working with the MSP community is we have a part of our platform called VCIO community and so across all of our partners we've now curated about 700 tips for SAS management and this is something that's unique to SAS Leo and so when you're presenting those QBRs what we do is we look at the Delta from when you last presented it to when you're now presenting it look at the shadow IT and we can bring in QBR rules so not only can we pre-define an apps configuration like box.com you know we're gonna say is probably we need to evaluate this on each customer and you know it's not business owner required but we can also say if we see box.com for the first time with a customer environment we can make notes that will present the QBR we can hand type a handful of ways that we wanna do it we can also lean into this VCIO community save these points and now every customer moving forward will inherit these VCIO notes so you don't have to be the smartest person in the room or you don't have to be the CEO of the MSP you can allow your technical account managers to inherit these talk tracks that you've maybe defined so you know every time you talk to an app it's not tribal knowledge it's an actual functional way you talk to your customer about this. Yes and I wanted to point this out as well publish comment talk clients I noticed there's ways to make this information available that I can type up in here and then add it to the collective information so I think that's kind of a it's a nice feature and I see how you're building that kind of like you have community within your tool. Yeah and these are all community driven comments when we actually released this feature released it maybe four or five months ago we had 300 notes we're up to 700 but those original 300 came from our partners we just emailed our partners and said hey would you like to be part of this community and you know I would have never thought as SPF DKM and DMARC set up for email and configured and include MailChimp it makes sense but as an MSP I would have maybe just thought oh MailChimp not a worry but now moving forward every customer I talk to if I see MailChimp in their environment whether it's an assessment of an existing customer or onboarding a new one I know that that's going to be part of my talk track with the customer when I present the assessment findings report. Yeah I like that community driven aspect I'm glad you brought that up because I didn't know about it when I first started demoing it and me and you've known each other for a minute so I was like oh this is a neat feature he's got in here. Well we build a lot to things we love when people use them and so one day we'll have to get like a three hour long session and we can jump into everything but you know I'll put it this way if you try to get your toes wet into what SAS Manager for SAS Discovery means you know we've figured it out for lots of partners it's still a new challenge to be solved and so I'm curious to see people's response or feedback or thoughts from today's presentation and talk and see what they think it should mean. Absolutely leave comments below for all of that but in terms of people who wanna get started with this and start messing around with it you will have a link down there to get you signed up with SAS so you have how long of a trial does it start right now? 250 endpoints for 30 days so you can take that you can deploy it you get to walk away with any of the data you collect we don't stop it it's not blurred outlines it's not on and off features It's the full thing you get a trial on there your onboarding is relatively simple the deployment if you're not using an RMM tool you have options to deploy this as we said like through Active Directory pushes you got PowerShell scripts that you can just paste in to an admin level PowerShell and just go and it'll just install it it's pretty straightforward. Yeah, well that's our claim to fame you meet with an implementation manager 15 minutes at the RMM will get you deployed. Yeah, so go ahead click those links to get started if you're interested in this product maybe if you're lucky enough depending how busy John is when you're watching this video he'll help onboard you personally I won't guarantee that though. I don't know, reference Tom in the link we'll get Tom a special slug on our website and if you go to www.sassler.com slash Tom then maybe go to the special calendar where we can sit down and chat about it. Yeah, so thanks for sponsoring this episode John this has been great I actually really like the product as well I'm not gonna lie I'm smiling because we've been playing with it and using it I really see the blind spots that are coming to life even my own company of just making sure we understand everything that all of my staff is using as we've grown so thanks again for doing this and links are down below to what we talked about signing for a demo if you're interested this is pretty awesome Thanks, thanks for having me here Tom, it's been a pleasure All right, thanks