While Datto EDR is a relative latecomer to the market, the company is touting that it’s much easier to use for MSPs serving the SMB space.
Datto, which has been busily building up its security portfolio to complement their data protection solutions for the MSP market, has announced the introduction of Datto EDR. Based on the technology that Datto acquired with Infocyte in January, Datto EDR provides MSPs with an endpoint detection solution that is both highly effective and easy to manage and deploy.
“Datto wants to build out their security,” said Chris McKie, Datto’s VP of Product Marketing for Security and Networking Solutions, a security specialist who was most recently at FireEye. “I’ve been in security since 2007, and this focus on security is why I came here over a year ago.”
Datto previously had some EDR capabilities through their RMM, but these were limited.
“It included other capabilities that map to the identification aspect and gives you asset visibility,” McKie said. “However, the detect and response parts were weak areas, and that’s why we acquired Infocyte, to strengthen us in both MDR and EDR.”
Datto has made some enhancements to the Infocyte technology.
“Originally, Infocyte had an extremely robust EDR product, which had some anti-ransomware capabilities,” McKie stated. “It did well, and they had some unique products. However, Datto caters to MSPs so we took the offering and adjusted it so it was ideal for an MSP. Most EDRs today are still built for the enterprise, and as a result they are noisy and generate a lot of alerts. You basically need a SOC staff because they are extremely complex, and most MSPs don’t have the capabilities for that. So we took the product and changed it around for MSPs. The original Infocyte customers have been brought along that path, where the technology hasn’t changed, but the experience has. We also added things like smart recommendations that were not there before, and aligned the solution to the MITRE ATT&CK framework.”
Until recently, EDR was still a comparatively hard sell for MSPs to many SMB customers because it was comparatively expensive.
“Price is a factor, but prices have come down,” McKie said. “There is increasing awareness even among SMBs that it’s protection that they need. It’s also critical if they want cyberinsurance, which is now starting to dictate what your security stack looks like. EDR is now increasingly required as part of the stack.”
McKie also sees Datto EDR as well positioned against vendors in the space who have been there much longer and have more brand recognition.
“There are established marketing leaders, but they are very complex and generate a lot of alerts,” he said. “I saw this at FireEye. Unless the MSP has a very good SOC team in place, they tune down the box so it deals with fewer alerts. The problem here though is that if you tune it down too much, then things get by that you would have caught.”
In contrast, Datto EDR is designed with simplicity in mind. Each alert in the dashboard comes with a specific response function. This will help teams through the remediation process with detailed mitigation recommendations for the most common threats.
“We also address a common pain point that most MSPs deal with in the way that our EDR is integrated with Datto RMM,” McKie added. “There is one pane of glass, and one RMM console with the EDR integrated.” That, he said, was an advantage for MSPs over using a third party product for the EDR.
“Datto RMM also integrates with our managed SOC offering – Datto Managed SOC powered by RocketCyber,” McKie said. “That paints the road of where we are going – more integrations and capabilities tailored to the MSP.”