Invest in educating customers to ease the shift to EDR, partners say
Endpoint detection and response (EDR) has replaced antivirus as the preferred cyber security solution because of its greater benefits and superior ROI, but the message may not have reached the customer yet.
That’s the view of the partners who participated in the inaugural CRN Boardroom Impact Session. But they also caution that many customers have not made the journey.
For MSPs that means investing time educating customers on how and why approaches to cybersecurity are changing.
According to Frane Lisica, chief technology officer at Boutique Systems, “At the end of the day, it is a journey as well as a requirement for business to understand the security posture.”
Lisica said that the biggest implication of a breach is often unknown until after it has happened. Breaches cause issues with business continuity, they affect how supply chains operate, and for the internal staff they may not be able to work, whilst there's a while an investigating is ongoing, he says.
Another problem partners face is that many business leaders continue to have an outdated view about how cybersecurity threats should be addressed, said Anton Thysse, managing director of CT Group.
“The landscape has changed so dramatically that traditional AV (anti-virus) is very much a reactive tool. Once an infection occurs it then tells you and starts trying to stop the infection. Whereas the new way of addressing those issues is with endpoint detection and response, or even a managed endpoint detection response product or service. This proactively looks at the environment and almost profiles a machine a network, an office and all the machines inside of it, to detect when something is not working within the confines of what the machine should be doing.”
Thysse said that while the industry has moved on from the reactive approach, not everyone got the memo.
“It has only moved on in the technical space,” he said. “Once you start speaking to people at boardroom level about how the market has shifted, it's a very sensitive topic. If not addressed properly, it could seem like you're trying to push a product or trying to sell them something that is really not adding any value.”
It is important to get company leaders on board with the idea that for the most part antivirus is being replaced by products like EDR, according to participants in the Boardroom Impact session.
Education is key to this process, and an important part of that is being able to describe risk, said Alen Zenicanin, head of cybersecurity at CrossPoint Technology Solutions.
“The way I approach managing clients who consume cybersecurity services is via a risk register.”
He said that operating an IT risk registry with every single one of your clients is beneficial in many ways.
“Firstly, it helps them identify their risk profile in comparison to the landscape. But also, a lot of people won't put their name down to accept a risk.”
Having AV-only is a major risk given how easy it is to bypass, he said.
“And a lot of times when a client is presented with the option of either accepting the proposal, which is only a couple of dollars more than what they're paying for antivirus, as opposed to accepting the risk of being breached or the expense and brand impact that comes with it, It puts the client in a position where it simply makes sense to go with the proposed solution as opposed to putting their name down to accept the risk.”
MSPs who want to help their customers transition to new ways of securing their IT infrastructure need to be patient and to maintain their commitment to education said Chris Mannering, founder and director of Step FWD IT.
“It's taking them on that journey and empowering them. I often bring up how much I loved my Nokia 5120. You know, that phone was phenomenal. I customised the cases and I played snake with it and that was great in 1998!”
“My needs have moved forward. And the same can be said for security. The world's changed in this whole security game. And so the solutions protecting you need to keep up.
“AV was a pattern file recognition system that worked for 1998. But now we're looking at behavioural trends where the threats are just far more sophisticated. And EDR is the solution that not only can block, alert and detect, it can [also] give you that audit trail to then find out how did this happen?”
Like all technologies EDR continues to evolve and improve, especially as advances from AI and machine learning are deployed in fighting cyberattacks.
This is an issue with which Paul Maggs a consultant for Arinco, the fastest-growing company on the CRN Fast50, is very familiar.
“With cloud-based services, there is a multitude of different endpoints connecting into these EDR solutions and from that, we're getting a lot of signals. We're getting a lot of data. So the advantage of EDR, — and the way that it's moving forward is — we're collecting all this data and the signals. It's all getting fed up into the cloud.”
Maggs said that by analysing what's going on with the endpoints, determinations can be made about what is malicious and what is not.
Ultimately, any investment by customers area comes down to return on investment. Nick Burden account executive for N-Able, said partners need to focus on three important issues.
“First of all it is the security benefit,” Traditional AV is almost completely redundant today and endpoint detection and response solution provides better security, he said.
“The second issue is incident response time, and the ability to reduce this as much as possible. That's what EDR offers partners.” It saves time and increases margins which is the name of the game for MSPs.
The third issue is deployment. “It's your time savings and how quickly can implement this tool so that it will be up and running and keeping your customers safe.”