Netsurion thinks a good part of the SMB and SME market is ripe for EDR security protection, and that their offering, designed for SMBs, will make their MSP partners managed security experts in the eyes of their customers.
Netsurion has beefed up their SMB-focused security offerings with the introduction of EventTracker EDR, and the availability of this endpoint threat detection and response technology as a unified solution with their SIEM platform, delivered as a managed security service.
Netsurion is emphasizing that this is the first time EDR and SIEM technologies have been jointly available as a single managed security service, and while multiple service providers have such a service offering already, this is the first one on the market where both EDR and SIEM parts have been developed by the same provider.
“We are the only software vendor who offer both who have done both internally,” said A.N. Ananth, Netsurion’s chief strategy officer. “There are other companies who splice one together from vendor A and one from vendor B and offer that.” Sometimes, he noted, Netsurion is the vendor A, with their SIEM being used with another EDR product.
Ananth said that EDR is particularly effective as a managed service because it involves a response team, and that requires a 24/7 SOC, which is something that SMB and SME customers cannot afford to assemble on their own. EventTracker EDR uses heuristic network machine learning and process monitoring functions to ensure that only approved programs, applications, and processes can run, which makes it effective against unknown threats and zero day attacks.
EDR started out as an offering for the very high end of the market, but Ananth doesn’t see this as an obstacle to SMBs embracing it now.
“SIEM was originally supposed to be for the big boys too, but we focused on SIEM for SME and then SMB and have been very successful there,” he said.
Ananth divided the potential market for EDR into four groups, of which he said the two largest, in the middle, will be excellent prospects for EventTracker EDR. The top is Group A, which buys everything themselves and have lots of people, are higher in the market and aren’t relevant here. The bottom one is Group D, which Ananth said doesn’t want to spend money on IT at all, and are the sort of folks who think black and white TV is fine.
“The middle two groups are very relevant to this however,” he noted. “Group B is people who don’t want to get too far behind the curve, who are generally SMEs, and group C are people who see IT as a necessary evil and not a strategic advantage. B is the largest group and C is the second largest. We think that B will move right away on this. They are ripe for it. They recognize the problem, and while they are not anxious to be the first adopter, they don’t want to get too far behind, Our message to them is that if you buy EDR from someone else, you still have to integrate it with the SIEM. We have already done that. We also have it as a managed service, to make it easier for them.”
With type C, Ananth said acceptance here will be slower, but it will come – principally as their AV service contracts come up for renewal.
“When their AV comes up for renewal, they will look for any option to do cost savings, and so will look around,” he said. “They are super-constrained on staff, and will look to MSPs for help, and we think this integrated solution is something they will find attractive.”
There are multiple other players in the EDR space, but Ananth believes that Netsurion is very well positioned in their market.
“We see the current EDR market broken into two types,” he said. “One is traditional endpoint protection vendors like Symantec, McAfee and Sophos, and the other are the newer specialists like Carbon Black, CrowdStrike and SentinelOne. The first group generally makes a product ,so its self-serve and that’s a challenge for them in our market. Symantec just announced a new EDR managed service, but we think that this will not have the level of personalization we can offer. In addition, none of these are integrated with a SIEM, so don’t offer the full breadth of solution that we do.”
The other group has a different set of issues in the SMB space.
“The other fellows like CrowdStrike, they are heavyweight tools, fantastic in terms of power, but you need a team of people for them, and that’s hard for our market to absorb,” Ananth said. “We already found that with SIEMs, that powerful doesn’t work in our market. These solutions are very capable, but we don’t find them super-applicable in our space. Our EDR, like our SIEM, is designed for the SME. You can’t just come from the enterprise and take out a large feature or two and declare victory. Well you can, but it likely won’t sell well.”
Ananth noted that some of their SIEM channel partners will take to EDR like a duck to water, and some won’t have any interest at all, and that’s pretty much to be expected.
“With this kind of product, the channel will be a bell curve,” he said. “Some will really get it. They have been itching to get their hands on something they can use because the power of those vendors with the atomic cannons in this space makes them nervous. They worry about customer loyalty and security if they can’t offer something like this, and the impact on margin that would come from that. At the same time, we know that there will be some MSPs who are the equivalent of the Class D customers, who are happy just to sell AV.”
Ananth said that this kind of solution lets MSPs be able to legitimately position themselves to customers as having MSSP capabilities, without the giant investment or staff and expertise that would be required to do that.
“Becoming an MSSP is hard, and most MSPs don’t have the skills or investment resources to do so,” he stated. “Running a 24/7 SOC means having and keeping a minimum of six highly skilled people, assuming no one ever goes on vacation. It’s a fallacy to think that most MSPs can be transformed into MSSPs. But with this MSSP-level service, they white label it. It’s our service and our SOC. This lets them do that. And with some of them, it will give them a push and they will get off to the races and develop more of these capabilities. Some never will. But we are equipping and arming all these folks. If they use our service, their customers will benefit, and they will benefit.”
General availability of EventTracker EDR worldwide is expected in March 2019.