As we continue to be bombarded with stories of hacking and ransomware - this summer's breach of 22 towns in Texas being a deeply troubling case in point - the need for comprehensive endpoint detection and response (EDR) is palpable.
For SMBs especially - the market that we serve at eGuard Tech - the need for comprehensive EDR has never been greater. SMBs are becoming the prime target for hackers, who know that smaller businesses are less likely to have a full security stack in place and can offer not only access to their own networks, but a potential way in to partners', customers' and suppliers' networks as well.
Without an EDR solution in place, any business - SMB or otherwise - is leaving itself exposed to the whim of the hacker. But what is EDR? It seems that for the MSP community, as well as among clients, there can be gaps in understanding what EDR actually means.
Simply, it provides organizations with the means of detecting and responding to threats at their endpoints (PCs, tablets, smartphones) before they become attacks. And with breaches taking on an ‘if' not ‘when' status, every single one of your clients should be engaging you for EDR.
In reality, however, clients aren't directly asking for it - quite the opposite in fact. Therefore it is imperative that you not only know exactly what EDR is, but that you include it in some form in every managed services contract you offer.
It starts, of course, with antivirus, but this is only one layer of EDR. It must be accompanied with end-user education. This is critical in successful EDR. Nothing is coming to our endpoints directly, there is always a user who clicks on something and puts it on the system, so endpoint protection first starts with end-user education. This is then layered with the software protection of antivirus, along with AI software that can intelligently seek out, illuminate and analyze present threats. And our solution is always multi-layered. The more layers of protection you put on there, the better your solution will be and the more protection you will get.
One of the challenges you're likely to face with EDR is lack of customer awareness. We are almost never asked for EDR, which means we have to sell not just ‘it', but ‘the idea of it' to our clients. This lack of awareness can often manifest itself in customers assuming that their basic built-in firewall is sufficient to cover the business from the border to the actual endpoint. It isn't, and you often find that customers just don't pay enough attention to that to understand it or give it the importance it requires.
Then we have to tackle implementing EDR correctly, which is where a lot of MSPs fall short, especially when it comes to the peripheral measures we should be taking. For example, is your customers' antivirus software getting its regular updates? Are you paying attention to patching? This can often be a serious shortfall in the EDR implementation process and one you mustn't overlook. You need to always go above and beyond what the software itself is offering. Be sure to configure DMARC, which builds on SPF and DKIM. These are all things you can put in place to protect a customer's domain from bogus emails, which are so often the key for hackers to get to the endpoint, yet this is still lacking and leaving customers open to EDR weaknesses.
A great way to tackle this is to ensure that you have EDR as an inherent part of your process. We work to a simple checklist that our onboarding tech goes through with each new customer to ensure nothing is missed during setup. Once the client is set up, we monitor their endpoints via monthly reports that highlight any patching that needs to happen, and which of those patches are critical. This way you can stay on top of your EDR and avoid having gaps.
If you only remember a few things about EDR, make sure that first and foremost you don't discount end-user education. Also, antivirus tools must always be kept up to date. And always, always back up. Backup should always be part of the solution stack; and we are talking a reliable backup with multiple restore points and, of course, an off-site replication.
Your customers may not be directly asking for EDR - they may not even know what it means - but one thing is certain: they cannot operate their business without it and expect to be secure. As their MSP you must raise their awareness of EDR and why they need it. If you don't, ‘if' will not only quickly become ‘when' but will rapidly turn into ‘how much?' and ‘can we survive this?' This is not a place you want your customers to ever find themselves, so don't discount EDR.
Khaled Farhang is founder and CEO of Washington-based MSP eGuard Tech Consulting Services.
Some say performance, others say money but it may be systems and processes that carry the day
Klaus Schlichtherle tells CPI that rolling out the VAD's acquired MSP arm has taken longer than expected because of vendor wariness around monthly billings
Distributor giant signs new revolving credit facility to fund further growth via acquisition across EMEA
Leaked memo reveals datacentre and enterprise divisions will come together and its cloud unit will expand