Matt Holland, CEO and founder of Field Effect, has been thinking about holistic MDR that would work for companies of all sizes since 2009. Bootstrapped from its inception in 2016, Field Effect received one round of funding in 2022 for $34.5M USD and has developed its platform entirely in-house. At the end of last year, the company introduced MDR Core, a complement to its flagship MDR Complete solution inspired by the needs of MSPs. In this conversation with MSP Success, Holland shares his vision for replacing all the disparate cybersecurity tools MSPs use today. Plus, he reveals why RMM vendors should be worried. This is an edited and condensed version of that conversation.
Takeaways:
- Holland’s vision is to replace multiple security tools with the Field Effect MDR platform, an all-in-one solution that covers all attack vectors.
- By eliminating tool sprawl and simplifying security operations, Holland says Field Effect helps MSPs improve margins and operational efficiency.
- With plans to introduce a secure RMM, Holland aims to challenge the status quo and further consolidate the MSP tech stack.
MSP Success: Let’s start by telling me about your growth in MSP partners over the past year.
Matt Holland: The growth in 2024 in the MSP space is largely predicated on our very intentional willingness and effort to listen to the MSP community and focus on delivering what is being asked for. Taking that mindset and executing accordingly has really helped evolve our relationships with our partners and given us the foundation to move forward to do bigger and better things for the MSP community.
MSP Success: Tell me a little bit about Field Effect MDR. It includes 15 tools. Is that everything MSPs need in their cybersecurity stack?
Holland: Our goal when we started building our platform back in 2009 was to build a giant “easy button” when it comes to delivering cybersecurity for SMEs. Along the way, we adopted the MSP channel as the primary way we did that. That platform captures what we consider to be the solution for cybersecurity. Everything a small to medium business would need, and consequently, anything an MSP would need to deliver really, really good cybersecurity.
We call it holistic MDR. But what that really means is our platform will protect In all the areas that an attacker will engage from. We started selling that as a singular all-in-one. Along the way, again listening to the MSP community, we realized that we needed to create a lighter weight version of that, MDR Core, which has been a big part of our growth in 2024.
MDR Core is a really good fit for businesses up to 25 users, although not necessarily only for that. It includes an endpoint agent, cloud monitoring, and our suspicious e-mail monitoring service. It protects you in the key areas that you need to be protected in and when it comes to the amount of value it delivers, it is still above and beyond any of our competitors.
MSP Success: How do you differentiate Field Effect MDR from other cybersecurity platforms?
Holland: Back to the origins of the company, we started building an “easy button” and that’s something that is expressed in the partner experience. We have a proprietary patent pending approach called ARO [actions, recommendations, and observations] that allows us to deliver very salient cybersecurity feedback and guidance without having to look at alerts. That’s how we deliver cybersecurity feedback to partners and then customers. We have been refining this approach literally for decades. So while our competitors will be adding new features and growing as any company would, our approach has just been around longer and is much more mature.
And I think the ARO approach is game changing for partners. Something we’ve heard time and again is the amount of efficiency, time saved, and quality of life improvements for MSPs when they adopt our platform [are] very significant. … and ultimately improves their margins.
MSP Success: Does your solution automate some of the remediation, so the MSP isn’t buried with all the noise of alerts?
Holland: 100%. That’s something that we got out in front of much sooner than our competitors. So that in all aspects of what we deliver, if we detect something we can either block it, automatically freeze it in place, or remediate it. It really depends on how much an MSP wishes to opt in to use these features, but you can scale our system all the way up to aggressive and it will take a significant number of actions on your behalf, if that’s what you choose to do. Our MDR service is backed by a 24/7 globally distributed SOC and our ability to achieve efficiency through this type of blocking and remediation is a key part of how we’ve been able to grow. It’s something we constantly refine and improve. That’s been our DNA from day one.
MSP Success: There’s also been buzz this past year around cloud detection and response, or CDR. Does that fall into your bucket too?
Holland: We were actually the first to market with it in 2017. Full stop. I don’t want to say something as bold as we invented it, but we were in the market in 2017 with the ability to automatically detect a threat or an account breach and block it in its place. It has been a part of our platform this entire time. It is an incredibly mature system. We started with using traditional analytics back in 2019. We did a very large push to introduce AI into the system and today it is an incredible strength in the platform.
MSP Success: And as much as we want automation, you have people in the loop too?
Holland: 100%. Our MDR implementation utilizes traditional analytics and automation and AI and humans, where it makes sense to use each one of those things. You’ll see a lot of hyperbolic messaging out there where AI solves all problems or it’s this new AI implementation of MDR. I would take those types of announcements with a grain of salt because we have seen, based on experience, that there are appropriate times and places to use AI. There are great opportunities to use traditional analytics; they just perform better. And there are times when you need to bring humans into the loop and that is something that I think we’ve struck a really good balance on.
Even though we have a very technology-heavy platform, we still have that globally distributed 24/7 SOC that drives the MDR service. When you pick up the phone, you’re talking with one of our top-notch analysts. We have the same people who have been evolving the system since 2017, still in the chairs today. So it’s people who really know the system and that really makes a difference. I would not discount the importance of retaining really good SOC analysts.
MSP Success: And as you know, there’s been a lot of focus on MSP profitability and tool sprawl. How does how does Field Effect MDR address profitability for MSPs?
Holland: When we decided to get into the MSP space, we felt this to be a core differentiator of what we had built up to that point and what we continue to build. That’s one of the reasons that we strive to replace as many technological pillars as possible, and why we keep on adding new features. This is all driven by listening to MSPs, what they like, what they don’t like. Looking at the stacks of technology that MSPs use. And then trying to utilize the incredible technology foundations that we have to replace something else.
Our end game is to be the one and only tool that an MSP needs. We will get there by continuing to evolve our platform and save money for MSPs. MSPs pay way too much for technology. What they get is complexity and problems. Field Effect’s mission is to address that and drive a lot more margin into MSPs. This is something that we’ve been working on for a very long time.
It is a straight line to improving their quality of life and their profitability that we’re quite excited just to continue driving towards it.
MSP Success: As you know the larger RMM players have been adding cybersecurity tools into their offerings. Do you consider them competitors?
Matt: I think RMM companies should be more concerned about when we will build our RMM and introduce the world’s first secure RMM. That is, I think, a much more interesting proposition than whether RMM companies are selling cybersecurity.
MSP Success: Are you building an RMM?
Holland: We are in the early stages, yes. I can say that, based on what we’ve got cooking, it will be incredibly disruptive for RMM companies.
MSP Success: What’s on your road map in the nearer term?
Holland: We’re about to release our new implementation of our roaming DNS feature. This is something that will be a new level of awareness and reporting around what applications are doing on the host. So it’ll be a next level of iteration around that protection. We’re releasing cloud MDR in Q2 as a standalone product for the first time. As I said, we were the first to market with it and it is a mature and spectacular product. So we’re quite excited to release that as a standalone.
There are quite a few other things, but I think for strategic purposes I’m not going to let them out of the bag yet.
To learn more about Field Effect’s origin story, see Before There Was CrowdStrike Or SentinelOne, There Was Field Effect – And It’s About To Revolutionize How We Approach Cyber Security
