Why MSPs Are Rushing To Add CDR

You can’t fight today’s threats with yesterday’s technology.

MSPs who want to better secure their customers and increase revenue and profits will need to add cloud detection and response (CDR) to their tool stack—or risk falling behind their competitors.

Cloud detection and response technology protects software-as-a-service (SaaS) applications and cloud infrastructure by providing continuous monitoring, real-time threat detection, and automated response and remediation.

“In some capacity, everyone’s going to need this level of functionality in their toolkit,” says Jim Lippie, CEO of SaaS Alerts, a CDR company that Kaseya acquired in October. “I think MSPs have come around to the fact that they need to be thoroughly invested in cloud detection and response, because the traditional threats that we’ve been watching for over a decade are not the threats that are currently compromising their customers.”

Jim Lippie

Further, Lippie says MSPs need to be looking beyond Microsoft 365 and Google Workspace, because those are now just table stakes. “That’s why we’ve continued to push the envelope around monitoring other third-party SaaS applications because it’s going to help MSPs better protect their customers and also better the economics within their business,” he notes.

What’s The Threat?

The increasing use of cloud applications is “a gift for cybercriminals who see the potential for broader and more unsecured attack surfaces,” says Lippie. “The rules are changing, and MSPs need to keep up. To protect their customers in this new environment, they’ll need greater visibility into user behavior, login and geolocation data, and potential weak points.”

Employees are signing up for and integrating more and more SaaS applications with their Microsoft or Google credentials, and often failing to set up MFA, according to SaaS Alerts’ SaaS Application Security Insights (SASI) Report. Another study from Okta, 2023 Businesses at Work, found that the average business uses 89 apps.

And data from the Cloud Security Alliance (CSA) revealed that SaaS security has become a top priority for 80% of organizations, but 65% of organizations struggle with tracking and monitoring risks from third-party integrated apps and rectifying SaaS misconfigurations. In addition, more than half (58%) of organizations estimate their current SaaS security solutions only cover 50% or less of their SaaS applications.

How Does CDR Differ From Other Detection And Response Tools?

Managed detection and response (MDR), endpoint detection and response (EDR), and extended detection and response (XDR) solutions are important, Lippie says, but “they tend to focus on the threats of yesteryear as opposed to most of the threats that are happening today, which are coming from cloud-based attacks or through cloud-based applications. And the average EDR, while necessary, is really focused on devices and networks. We’re focused on securing the user.”

CDR is a relatively new category that started in the enterprise, and like other IT trends, has been moving down to the SMB space, Lippie says.

A variety of tools and solutions offer some elements of CDR, such as CASB (cloud access security broker), SASE (secure access service edge), SIEM (security information and event management), SOAR (security orchestration, automation, and response), CWPP (cloud workload protection platform) and CNAPP (cloud-native application protection platform).

However, even the Cloud Security Alliance noted that “manual audits and CASB are not enough to protect companies from SaaS security incidents.”

“The reality is that there are people that do pieces of what we do, but no one does the entire platform,” Lippie says.

He adds, “There are companies that will specifically do 365 configuration management, but that’s the only piece that they do. There are people that will do the real-time monitoring and alerting of SaaS. And then there are folks that through a SOC will remediate based on what they find. We’re the only ones right now in the MSP ecosystem that will do all of it plus—and this is a really important piece—protecting the MSP’s tools themselves.”

RELATED: 5 Things MSPs Need To Know About Cloud Detection And Response

Why CDR Is The Next Frontier For MSPs

With some traditional revenue sources drying up, MSPs have an opportunity to bundles services around CDR. “The professional service projects and product sales, which have always been a component of the economic story for MSP, are in decline,” Lippie says. “MSPs need to start figuring out how they’re going to backfill some of that lost revenue, and I believe that it’s through the ability to monitor additional third-party SAS applications.”

Lippie outlines what he calls “SaaSenomics” for MSPs.  “They should be getting 75% gross margins if they’re doing this the right way.”

The core principle is the ability to increase your MRR by properly securing cloud-based applications. There are three components. First is to properly secure SMBs’ Google Workspace or Microsoft 365. Next is to monitor their other third-party apps like Dropbox, Slack, Duo, Octa, or AWS.

“Let’s just say they get 10 customers that are willing to have them monitor another third-party SaaS application for an additional $200 a month,” Lippie says. “That’s an additional $2,000 a month in monthly recurring revenue.”

The third component is a security protection plan, he says. “The MSP can go to their customers say, ‘Look, you pay us an extra $1,000 a month for a protection plan, so $12,000 a year, and no matter what happens, we’ve got you covered.’”

With SaaS Alerts, which is available as part of Kaseya 365 User or standalone, Lippie says the MSP mitigates their own labor risk because data is retained for a year. “You can go back from a forensic standpoint and look at all the data that led up to that specific compromise.”

Embrace The Future

Lippie says it’s time for MSPs to start thinking differently. “Think more about what the customer deals with every single day and the applications they use and the use cases, as opposed to what the MSPs have always done,” he stresses.

The transition to cloud has been underway for a while now and Lippie says MSPs need to adapt their solutions to win on the transition.

“MSPs need to understand where the threats are coming from and prioritize what is going to take down my customer. What are the highest probable threats and how do I start mitigating those threats? When you start thinking that way, it’s inevitable that you come back to cloud detection and response.”

Share:

Author:

Colleen Frye

Colleen Frye is executive editor of MSP Success. A veteran of the B2B publishing industry, she has been covering the channel for the last 17 years.

RELATED ARTICLES

Get The #1 Media Source For MSPs!
Thousands Of MSPs Trust
MSP Success Magazine
For The Best Industry News, Trends And Business Growth Strategies. Subscribe now!
 

Upcoming Events

Stay Up To Date

Thousands Of MSPs Trust
MSP Success Magazine
For The Best Industry News, Trends and Business Growth Strategies

Never Miss An Update