The Most Important Platform Updates in 2025
In 2025, the continued development of the platform was again dominated by partner feedback. Numerous updates were developed directly from practical experience and were implemented specifically for use in everyday MSP operations. We have summarized the most important changes below.
Security Cockpit
With the Security Cockpit, we have created a central interface that provides a bird's eye view of the IT security situation for all customers. Cross-customer group analyses, prioritized recommendations for action, and clear risk management help to quickly identify the most urgent areas for action and increase the effectiveness of security measures.
Managed Services
In the area of Managed Services, the distinction between managed and unmanaged services has been further refined. MSPs can specify which products and systems are covered by a managed services contract and which are outside their area of responsibility.
The security rating can be differentiated accordingly into managed services view, unmanaged services view, and overall view. This makes it clear which security-related findings fall within the MSP's area of responsibility and which do not.
In addition, the Managed Services configuration has been expanded: Multiple service packages can be defined and assigned to customers. Individual targets can be classified as managed, partially managed, or unmanaged, enabling a clear contractual and operational separation within the platform.
Internal Network Check & Asset Discovery Expansion
In 2025, the internal Network Check made it possible for the first time to check entire customer networks for vulnerabilities – from traditional end devices to printers and smartphones to Linux and macOS systems. The check is performed via a dedicated gateway that operates as a virtual machine in the customer's network.
Later in the year, the internal Network Check was expanded to support multiple gateways per customer. This allows different network areas to be scanned specifically via separate gateways and larger or segmented networks to be covered more efficiently.
In addition, Asset Discovery was expanded so that larger networks (Class B networks) can now also be reliably detected and analyzed.
Ticketing Integrations
With new ticketing integrations to TANSS and c-entron via the woasi interface, security-related findings can be automatically transferred to tickets. This allows measures to be initiated directly from the platform and processed in a structured manner.
Automatic ticket creation improves the traceability of the measures implemented and supports consistent documentation of security-related checks. At the same time, it facilitates the billing of IT services in the MSP environment.
Check Optimizations
In order to make testing more flexible and efficient, the existing check mechanisms were specifically expanded in 2025. A new feature is the ability to perform individual checks on specific targets or sub-areas. These are particularly suitable for selective checks, retests, or specific questions outside of regular scans.
Two new metrics have also been introduced to improve the classification of results: check coverage and check timeliness. These metrics provide transparency regarding the completeness and timeliness of the underlying checks, enabling a more realistic interpretation of the security rating.
In addition, Agent Checks can be started in parallel for multiple targets using bulk actions. This significantly reduces the manual effort required to perform checks.
In addition, automatic exclusion of inactive endpoints has been introduced. Endpoints that have been offline for an extended period of time are no longer included in the assessment. As soon as a device is active again, the associated vulnerabilities are automatically included in the assessment again. This prevents distorted assessments due to outdated or unreachable systems.
Expansion of our Network
In 2025, we added Elovade Deutschland GmbH, a strong distributor, to our sales network. The official launch date was February 11, 2025.
Elovade is one of Europe's leading software distributors, specializing in IT security and cloud services. Founded in Wetzlar in 1995, the company has a team of over 200 experts who support thousands of IT service providers and system houses across Europe in the sale and implementation of software.
Thanks to successful cooperation with all distributors, we were able to expand our partner network to 1,150 partners by the end of 2025. The number of our customers rose to 7,747 during the same period.
Events & Webinars
Events
For us, 2025 was all about personal interaction. In addition to our online formats, we were present at numerous events, including the Fokus MSP Conference, it-sa, and the Elovade meet-ups. This allowed us to meet partners and interested parties in person, answer questions directly, and gather honest feedback. We also traveled throughout the DACH region to visit numerous partners in person. But a particular highlight was definitely our first Partner Day in St. Pölten!
Workshops
Our partner workshops continued in 2025 and were very well received. In addition to technical workshops focusing on operation, best practices, and operational processes, we also offered sales sessions on the successful integration of lywand into managed services. We had a total of around 600 participants, which reinforces our decision to expand this format further.
Success Stories
In cooperation with our distributors, we held success story webinars together with four partners. They reported live on how they use lywand in practice, what advantages this brings, and what eye-opening moments they experienced along the way. But they also spoke openly about where there were initial hiccups—for example, when integrating it into their own service portfolio or when communicating with customers.
The view from the MSP perspective was greatly appreciated, as it is different when a partner reports directly from their day-to-day work. The webinars were correspondingly well attended and the feedback was clear: the content was practical and valuable.
All success stories are also available to read:
Technical Insights
Security Audits Conducted
Over the course of the year, numerous security checks were carried out via the platform - both externally and Agent-based within the IT environments:
16 million Agent checks, which regularly checked end devices for security vulnerabilities
76,843 devices detected via Asset Discovery
4,843 external scans with a total of 25,875 checked targets
These figures make it clear that security audits are increasingly no longer seen as a one-off process, but as an ongoing one. The high number of Agent checks in particular shows that many MSPs have firmly integrated vulnerability management into their day-to-day operations.
Identified & Automatically Resolved Vulnerabilities
4,998,741 vulnerabilities were actually discovered last year.
1,551,945 vulnerabilities were automatically resolved – that's around 31% of all vulnerabilities discovered.
286,503 vulnerabilities are currently stored in our database and can be automatically identified as part of our security checks.
The high proportion of automatically resolved vulnerabilities is an important factor for operational efficiency. It shows that a significant portion of the risks can be closed without manual intervention – a decisive advantage for improving security in the long term.
These Were the Most Common Vulnerabilities
Overall, it can be seen that most of the security gaps identified resulted from known vulnerabilities and a lack of basic maintenance. The following issues were particularly common:
Unpatched Systems
Some of the most common vulnerabilities related to unpatched or outdated systems for which security updates had not been installed. As a result, known vulnerabilities remain exploitable, even though corresponding corrections are already available. An example of this is CVE-2025-64678, a vulnerability in the Windows Routing and Remote Access Service, which can be fixed via a regular security update.
Outdated Cryptography and Insecure Protocols
Another recurring focus was outdated cryptography and the use of insecure or discontinued protocols. Such configurations remain in place in many environments for compatibility reasons, but no longer meet current security requirements. These include CVE-2016-2183 (SWEET32), which uses outdated 3DES ciphers in TLS/SSL, as well as the continued operation of TLS 1.0 / TLS 1.1.
Misconfigurations
In addition, numerous vulnerabilities could be traced back to misconfigurations in the infrastructure, such as open ports, inadequate access controls or insecure cloud configurations. In practice, such configuration errors often remain undetected for a long time and significantly increase the attack surface. Regular configuration reviews and system hardening can provide a remedy here with comparatively little effort.
Weak Passwords
Weak or repeatedly used passwords were also frequently identified. Among other things, these simplify brute force or credential stuffing attacks and in many cases enable the first point of entry. The use of password managers and multi-factor authentication significantly reduces this risk and involves little implementation effort.
Support
The intensive use of the platform was also reflected in support. A total of 2,500 support tickets were processed. The average initial response time was 34.62 minutes and the average resolution time was 16.87 hours.
For us, these figures are an important indicator of how well the product, processes and support work together. Fast and reliable support is crucial, especially for security-related issues.
Outlook for 2026
2026 is all about scaling up, expanding into new markets and further developing our platform - with a clear focus on a better overview, more efficient processes and even easier use in our partners' everyday lives.
We already reached important milestones at the start of the year: the Renovation Plan is now available not only at customer level, but also across all customers in the Security Cockpit. Recommended measures can now be prioritized centrally and planned in a much more structured way.
Another new feature is the completely revised Management Report. It builds on the new measures system and presents security-relevant information even more clearly and comprehensibly for decision-makers. Managed services are explicitly taken into account so that responsibilities are presented transparently and results are classified in the context of the respective service scope.
On this basis, we are now pushing ahead with the next stage of expansion: with the planned integration with NinjaOne, we are creating an even closer link between vulnerability management and endpoint management. The aim is to integrate findings from security audits even better into existing operating processes in future.
