Invest in Customer Education to Ease the Switch to EDR, Partners Say
Endpoint detection and response (EDR) has replaced antivirus as the preferred cybersecurity solution due to its greater benefits and higher return on investment, but the message may not have reached the customer yet. .
This is the view of the partners who participated in the inaugural CRN Boardroom Impact Session. But they also warn that many customers have not made the trip.
For MSPs, that means investing time in educating customers on how and why approaches to cybersecurity are changing.
According to Frane Lisica, Chief Technology Officer at Boutique Systems, “Ultimately, it’s a journey as well as a requirement for businesses to understand security posture.”
Lisica said the bigger implication of a breach is often unknown until it happens. Breaches cause business continuity issues, they affect the functioning of supply chains and, for internal staff, they may not be able to work, while an investigation is underway, he says.
Another issue facing partners is that many business leaders continue to have an outdated view of how cybersecurity threats should be addressed, said Anton Thysse, chief executive of CT Group.
“The landscape has changed so much that traditional antivirus (antivirus) is a very responsive tool. Once an infection occurs, it notifies you and starts trying to stop the infection. Whereas the new way to solve these problems is to use endpoint detection and response, or even a managed endpoint detection response product or service. This proactively examines the environment and almost profiles a machine, a network, a desktop, and all the machines inside, to detect when something is not working within the bounds of what the machine should be doing.
Thysse said that while the industry has abandoned the reactive approach, not everyone has gotten the memo.
“It only evolved in the technical space,” he said. “Once you start talking to board members about market developments, it’s a very sensitive topic. If not handled properly, it may seem like you are trying to promote a product or sell them something that really adds no value.
According to participants in the Boardroom Impact session, it’s important to convince business leaders that most antivirus products are being replaced by products like EDR.
Education is key to this process, and an important part of that is being able to describe the risks, said Alen Zenicanin, cybersecurity manager at CrossPoint Technology Solutions.
“The way I approach managing customers consuming cybersecurity services is through a risk register.”
He said that operating an IT risk register with each of your clients is beneficial in many ways.
“First of all, it helps them identify their risk profile in relation to the landscape. But also, many people won’t sign up to accept a risk.
Having only AV is a major risk given how easily it is circumvented, he said.
“And often when a customer is offered the option to accept the proposal, which is only a few dollars more than what they are paying for the antivirus, instead of accepting the risk of being hacked or the expense and brand impact that comes with it, it puts the customer in a position where it just makes sense to go for the solution offered instead of putting their name down to accept the risk.
MSPs who want to help their customers transition to new ways of securing their IT infrastructure need to be patient and maintain their commitment to education, said Chris Mannering, Founder and Director of Step FWD IT.
“It takes them on this journey and empowers them. I often talk about how much I loved my Nokia 5120. You know, that phone was phenomenal. I customized the cases and played snake with them and it was awesome in 1998!
“My needs have evolved. And the same can be said for security. The world has changed in this whole security game. And so the solutions that protect you must keep pace.
“AV was a pattern file recognition system that had been running since 1998. But now we’re looking at behavioral trends where the threats are just much more sophisticated. And EDR is the solution that can not only block, alert and detect, but also [also] give you this audit trail to find out then how it happened? »
Like all technologies, EDR continues to evolve and improve, especially as advances in AI and machine learning are deployed in the fight against cyberattacks.
It’s a problem that Paul Maggs, consultant for Arinco, the fastest growing company on the CRN Fast50, is very familiar with.
“With cloud-based services, there are a multitude of different endpoints that connect to these EDR solutions and from there we get a lot of signals. We get a lot of data. So the advantage of EDR, and the way it’s evolving, is that we’re collecting all of this data and these signals. Everything drowns in the cloud.
Maggs said that by analyzing what is happening with endpoints, it is possible to determine what is malicious and what is not.
Promoted content – Focus on three key benefits of EDR
Ultimately, any investment per customer domain comes down to ROI. Nick Burden, account manager for N-Able, said partners need to focus on three important issues.
“First of all is the safety benefit,” he said.
“The second issue is incident response time and the ability to reduce it as much as possible. This is what EDR offers partners. This saves time and increases margins, which is the name of the game for MSPs.
The third problem is deployment. “It’s your time saved and how quickly you can implement this tool to get it up and running and keeping your customers safe.”