Managed Service Providers (MSPs) are an important part of the IT environment, providing the knowledge and the trusted partnerships that enable organizations of all sizes to embrace innovations made available by our era of digital transformation.
While there has never been a more exciting time to be an MSP, there are also many challenges MSPs must navigate to acquire and preserve long-lasting client relationships. Specifically, MSPs cite maintaining profitability (27%), bolstering growth (33%), and managing cybersecurity (30%) as some of their top business issues.
When it comes to managing cybersecurity, safeguarding client endpoints is a critical part of the MSP service offering. To streamline the process, MSPs should have an endpoint security vendor that helps to overcome common issues that can cut into profits and lead to client churn, like prioritizing response efforts and managing security at scale.
Read this article to view 5 essentials that MSPs need from their endpoint security providers and for tips and solutions to ensure your MSP is successful in this area.
Your selected endpoint security vendor should ensure that you can streamline your client deployments, simplify your ability to prioritize your response efforts, and manage your clients at scale. Ultimately, your vendor should optimize the efficiency of your time and efforts so that you can continue to grow your business and maximize revenue.
Your vendor should:
- Simplify deployment across multiple endpoints
- Optimize time efficiency with prioritized alerts and responses
- Automate isolation and remediation of infections
- Make it easy to manage your clients at scale
- Enable you to demonstrate value to your clients
Whether you’re onboarding a new client or adding an endpoint for an existing one, deploying endpoint security software is an everyday occurrence for MSPs. If it doesn’t go smoothly, it sets a bad, first impression for new clients, and the lengthy deployment cycles can consume your valuable service time. Therefore, it’s important to prioritize partnering with an endpoint security vendor that makes new software deployments simple and fast.
MSP teams have a variety of skill levels and experience, so there are a few things you should look for in your vendor to ensure deployments are a positive experience for both you and your clients.
To support your team’s preferred deployment processes, the endpoint security software must give you multiple options for installation on your client endpoints, including active directory, SCCM, and third-party application deployment tools. And to work in your current and future clients’ varied environments, look for a vendor whose product supports major operating systems, including Windows, Macintosh, and Linux. Equally important, the deployment process should minimize disruption so that your clients have an “invisible” experience. Ensure that your selected endpoint security product enables remote deployments and doesn’t require a system restart following installation.
Once deployed, the solution should provide effective default group and policy configurations that protect your client endpoints while you develop and apply any additional policies that are tailored to their needs. The solution should also have a central console that immediately displays the new endpoint once it has been installed. Further, the vendor should provide a discovery tool that makes it easy to maintain an inventory of all endpoints on your client’s network and the endpoint security software version that they are running.
The list below provides recommendations to simplify your deployment efforts:
- Select an endpoint security vendor that provides capabilities to perform bulk deployment across multiple endpoints within a client site
- Pick software with versions available to support Windows, Mac, and Linux operating systems
- Choose endpoint software that, right after installation, has default security policies to protect endpoints
- Choose a vendor that has a central dashboard that provides immediate visibility into your client endpoint deployments
- Use a discovery tool to identify all the endpoints on the client network and verify that the software versions are up to date
Prioritizing alerts and responses
MSPs are remarkably busy, especially as team members often serve many roles—from sales and support to project management. Choosing the wrong endpoint security product can exacerbate this issue by generating an overwhelming volume of alerts that waste team members’ time by looking into non-critical threats.
Your endpoint security solution-of-choice should enable you to stay laser-focused on the major threats, so you can be efficient in responding to high priority issues as they arise. A solution that empowers you to prioritize your time and response efforts will allow you to minimize the potential impact of infection by mitigating lateral spread, reducing dwell time, and reducing the impact of the infection.
MSPs can effectively manage their client’s endpoint security response needs with a solution that provides effective detection capabilities and granular threat visibility to guide your response efforts.
Your solution’s detection engine should combine a blend of techniques. It should include traditional signature-based detections as well as advanced layers, such as application behavior and anomaly detection machine learning, to identify and respond to zero-hour threats. The solution should identify specific families of malware and categorize threats into standard levels of response actions so that your team can know what action to take, such as scanning, isolating, and remediation.
An endpoint security solution that provides strong threat visibility will allow you to effectively coordinate your response efforts. This should come in the form of a “command center” dashboard that lets you see endpoints with the highest risk threats, enabling you to quickly prioritize your time and actions. The dashboard should let you sort and filter alerts by a group of endpoints that require immediate attention. Also, when it comes to varied MSP team skills and wondering what to do next, your solution should provide meaningful, suggestive actions on how to best respond to the threat (e.g., isolate now, remediate).
MSPs should adopt the following mechanisms to optimize threat response efforts:
- Develop an incident response plan for common types of threats and infections
- Invest in an endpoint security platform with a detection engine that can identify zero-hour threats and their relative severity
- Ensure your endpoint security solution has a configurable dashboard that lets each team member highlight the priority threats (e.g., sorting tables of alerts, custom dashboard widgets, etc.)
- Create a policy for prioritizing endpoint response based on business criticality
Isolating and remediating infections
One successful malware attack can wreak havoc on your client environments, moving laterally from the first infected endpoint to other machines. When an infection occurs, you need an endpoint security solution that lets your MSP team respond to the situation like a pro.
Time-consuming remediation approaches don’t deliver efficient or rapid time-to-response and can quickly eat away at your profit margins. Your ideal endpoint security partner should provide automated threat isolation and remediation capabilities that allow you to quickly and efficiently contain the attack and restore your client’s endpoints to their pre-infected, trusted state.
Automation here is essential when choosing your endpoint security partner. Solutions that require lengthy and time-consuming remediation efforts will break an MSP’s high-volume-low-touch revenue model and can lead to client dissatisfaction and churn. Automating your client’s malware isolation and remediation processes will limit the malware from doing further damage and will significantly lower your response times.
MSPs also need a partner solution that provides automated recovery from ransomware attacks in its remediation arsenal. The endpoint security software should include just-in-time endpoint backups that allow you to wind back the clock to negate the ransomware attack’s impact on your client’s environment. Without this capacity, if a client gets hit by ransomware, you’ll have the time-consuming project of restoring the impacted system from machine backups, which can take days. Automated ransomware rollback can handle the situation within minutes.
The list below provides tools and processes for your endpoint isolation and remediation efforts. We suggest you invest in an endpoint security partner solution that provides:
- Comprehensive isolation capabilities, including network isolation that restricts all endpoint-initiated processes from communicating, process isolation that prevents new processes from starting up on the endpoint, and device isolation that stops
- Ransomware rollback that immediately protects and restores encrypted, deleted, or modified files—returning the endpoint and valuable data to a known, good state
- Automated and thorough remediation that identifies and removes all artifacts associated with the primary threat payload
Managing clients at scale
Without the right organizational tools, managing endpoint security for multiple client accounts can present a challenge for MSPs. This can especially be the case when it comes to managing high volumes of client endpoints. It’s not simply enough for your endpoint security partner to have an effective solution—the vendor must also provide a management framework that makes it easy for you to run the business side of your endpoint security operations.
Your partner should make it simple for you to issue licenses for conducting pre-sales software demonstrations, adding endpoints to existing client environments, and onboarding new client endpoints. You’ll also need visibility into your available licenses to ensure that you always have the desired amount on hand. To support this, your vendor should provide current data that allows you to keep an accurate count of your consumed versus available licenses. Further, it’s important to confirm that your vendor has a simple process for upgrading or downgrading software products (i.e., moving to other products within the vendor’s portfolio) to suit your clients’ changing needs.
You should carefully review an endpoint security vendor’s ability to support your MSP business and your clients at scale. Look for a vendor that provides multi-tenant management of your client sites, including users and endpoints, through a central console. Rather than relying on a cumbersome process of accessing separate dashboards for each client, this approach will empower you to efficiently manage your clients from a single place.
The console should provide current status and report on your client sites, as well as provide user permissions that allow your clients to see their endpoint data. Your vendor should also have a flexible licensing model that lets you manage and quickly provision all your clients from a single shared license pool.
MSPs should choose an endpoint partner with the following capabilities to manage clients at scale:
- Select an endpoint security platform that provides multi-tenant management of clients through a single user interface
- Ensure endpoint security licenses are immediately available for your demonstrations, evaluations, and new client provisioning
- Select an endpoint security platform that provides intuitive, point-and-click control for upgrading or downgrading software versions, license pools, and role-based access of client users
Demonstrating value to your clients
Conveying the value of your MSP business is essential to drive growth and profitability. If clients are not fully aware of the value that your endpoint security service provides, it can be difficult to navigate conversations about renewing the service or upgrading to premium software offerings. When it comes to demonstrating value to your clients, the saying “show, don’t tell” holds. Metrics from your endpoint security partner will make this possible The value of your endpoint security services can be shown with data on the number of threats your MSP detected and remediated over time for clients. Context makes this data more meaningful and relevant, so your endpoint security vendor’s reports should provide clear descriptions that allow your clients to fully grasp the severity and volume of the threats that were prevented from impacting their staff productivity and business operations, which, in turn, will help them understand the value of your service.
Your endpoint security vendor should provide a wide range of reporting capabilities that show your customers the value of your endpoint security service. Your vendor should have time-based, summary reports that detail the number of detections and remediations, along with top malware families and endpoints that are most at risk. Your clients should also have access to this data, as desired, so your vendor should provide a self-service option that allows your clients to generate reports on their sites and endpoints.
Sending your clients regular reports, such as quarterly endpoint security health updates, should not be a time-consuming process. Your ideal vendor should streamline this for you by providing branded reports that are automatically generated and emailed to your clients on your behalf.
MSPs should adopt the following mechanisms to demonstrate value:
- Select an endpoint security vendor that provides reports summarizing your MSP security activities, per client, and overtime
- Train your MSP team on your best practices for delivering reports to your clients, including any narrative they should include conveying the value of specific data
- Develop materials, such as case studies, that can educate your clients on the potential impact of the high-severity infections that your endpoint security service caught and remediated
- Include an action plan on how your MSP can enhance the client’s security practices to protect them from the rising volume of new malware threats