In today’s world with a multitude of different security services, one seems to be dominating the rest: Managed Detection and Response (MDR). So, what is MDR, and why would I want to use a Managed Detection and Response provider? Well, join me as I explain the benefits and how you can choose the right one for you.

What is an MDR Provider, and Why Choose One?

An MDR provider delivers remote Security Operations Center functions to monitor, detect, respond, and remediate cybersecurity threats. According to Gartner, “MDR service providers offer a turnkey experience, using a predefined technology stack (covering areas such as endpoint, network, and cloud services) to collect relevant logs, data, and contextual information.”

The MDR provider covers a lot of ground, which means that everyone seems to be an MDR provider these days. That’s not necessarily a bad thing, but the trick is finding the right provider for you. There are some things you should be looking for outside of reputation and marketing materials. You need to ultimately know your shortcomings as an organization and WHY you are looking for a provider.

• Is it the lack of FTE resources?
• Is it the lack of expertise in security?
• Is it the never-ending costs?

If it’s any of these things, then you are not alone. According to www.isc2.org, an estimated 3.4 million cybersecurity professionals are still wanted. Combine that with constant job hopping, and it’s not only extremely hard to first find a talented cybersecurity team but also to retain them. Then, you must start to think about if you want full coverage. My hat goes off to you for hiring at least eight full-time employees… just for full coverage! Stepping into that a bit further, these full-time employees must be skilled in what they do. Sure, you can hire anyone, but then you must train them.

Looking at the never-ending costs, it makes it extremely difficult to actually buy the tools you need for proper protection. The tools continue to get more expensive and complex. The continual torrent of new tools that do specific things can be a daunting hurdle. Try looking at a security portfolio and remembering all of the different acronyms: SIEM, EDR, SOAR, XDR, ZTNA, DLP, etc. The list can go on and on and get confusing extremely fast.

So, why should you choose an MDR? An MDR provider comes with many resources that an organization struggles to find, and then some. This not only lowers your cost of purchasing, installing, and maintaining all the associated hardware and software, but it also reduces the need to hire and maintain additional staff to run the SOC 24×7. Depending on the MDR provider you are collaborating with, they can have very specific industry experience, they come with full-time employees to monitor across the clock, and they bring the tools with them. Some will even fully integrate your existing solutions into their tools for better telemetry across the organization’s security portfolio.

Benefits of an MDR Provider Approach

Are all MDR providers the same? Absolutely not. Can the right MDR provider give you a lot more with a lot less? ABSOLUTELY! One of the best parts is that you do not have to train or attempt to retain these individuals, nor do you have to deal with the complex and costly licensing for the tools they will be bringing with them. You have one point of contact that knows who is working on what and can give you valuable insight into what is going on across the organization. You do not need to find resources specializing in things like Incident Response (IR) when there is an issue. You do not need to be the one who is feeling alone with your hair on fire if there is a suspected incident. You have a team behind you of deeply knowledgeable experts who know the steps that need to be taken to secure you and prevent as much damage as possible.

Another benefit of an MDR provider is being able to sleep easy at night, knowing that someone is watching and investigating on your behalf. Some will even come with guarantees, which is an added assurance to help ease your mind.

In conclusion, do you need an MDR provider? Not really. But you should absolutely take a step back and look at the never-ending costs associated with hiring and retaining security experts and the added costs of technology. And how about the peace of being able to sleep at night?

Find out how we can help you with a comprehensive MDR service so you can benefit and rest assured that your organization is properly protected.

The cloud can be highly beneficial, but it can also be very complex.

Recently David Heinemeier Hansson, the creator of the Ruby on Rails and CTO of 37signals (makers of Basecamp and HEY), made a surprising announcement… they were leaving the cloud.

Hansson sings the praises of cloud computing when the application is simple and low traffic, or when the load is highly irregular. The first eliminates complexity with fully managed services; the second provides flexibility only offered by the cloud when there is uncertainty about whether ten servers or a hundred are needed.

“Renting computers is (mostly) a bad deal for medium-sized companies like ours with stable growth,” Hansson said. “The savings promised in reduced complexity never materialized.”

Recently Veritas Technologies commissioned independent research about this very thing. Of the 1,500 technology and IT decision-makers surveyed from 12 countries, 100% agreed that using public cloud services benefited their organizations. However, 94% also reported failing to stay within their cloud budgets, overspending by a whopping 43% on average.

The Cloud Promise and What Makes It Complicated

Marketing around the cloud promotes the idea that it reduces the necessary amount of hardware needed, thereby lowering initial capital investment and avoiding the need to hire very expensive IT staff. The assurance is that generalists can manage these new environments. The result should be monitored, resilient data centers, forever running on modern hardware.

But no cloud service provider can claim to be perfect. And the features normally associated with the cloud services, such as site redundancy, automated backups, and high bandwidth networks, typically don’t come without additional costs.

The cloud is famous for its instant gratification. On-demand resources are more costly than the alternatives, but they are sometimes necessary. There are several ways to mitigate these costs, such as discounts if you can use Reserved Instances, which are upfront commitments to use a certain amount of capacity over one or three years. Then, there are Spot instances that take advantage of unused capacity from all the major providers for a deeply discounted price. However, these instances are subject to abrupt cutoffs and are really only suited for stateless workloads that can tolerate disruption. You can even rent Dedicated Hosts, or you can choose to utilize Virtual Private Data Centers that avoid the hyper-scalers and leverage VMware to maintain consistency within the current environment.

Given all the factors and choices, you can see how complicated the cloud can quickly become. Implementing backup and recovery strategies, choosing the appropriate storage, managing data access, unaccounted egress fees, coping with varying performance, and dealing with auto-scaling benefits and the accompanying hazards… the skills to take advantage of these capabilities and navigate the risks are not innate.

How Our Expert Cloud Services Help Ease Your Burden

We can start with a Cloud Assessment to gauge your readiness to migrate. This helps you determine when, what, and how much to move to the cloud. Once migrated, we can monitor and proactively manage your workloads and resource utilization. We can implement best practices, conduct capacity planning, and help standardize and streamline your operations through enterprise-grade tools.

By leveraging our cloud services, you benefit from the experience required to balance your workloads through the flexibility of On-Demand, versus the long-term commitments of Reserved Instances, and the stability of Dedicated Hosts. Additionally, we can help with tools to buy and sell excess reservations to ensure maximum ROI on your cloud purchases.

In conclusion, many items surrounding the cloud need to be considered and evaluated. Working with a knowledgeable, trusted, credible, and neutral party to optimize your environment and mitigate risk is key to a cost-effective and efficient cloud strategy.

Do you have concerns over your current security posture and feel like there’s more you could be doing to restrict access to sensitive information? In this blog, I’m going to discuss features that Microsoft 365 and Azure offer to allow for a zero trust environment that enables users to be productive while having the control to secure their data. Microsoft offers an extensive toolset natively to 365 and Azure to accomplish this protection.

Microsoft 365 Data Governance

Let’s start with the governance of your data for user access. In today’s remote workforce environment, it’s imperative that users prove their identity in order to have access to the organizational information they need. Enforcing policies and procedures for managing and protecting data and applications to determine who has access to the data and who can make changes is critical.

• Azure Active Directory Identity Governance – with the use of entitlement management, access reviews, privileged identity management, and terms of use policies, you are able to restrict and allow access to only the data that specific users or groups need to accomplish their tasks. Configuring privileged users to approve access and review those who need permission to those resources eliminates the need for IT Administration. The Azure AD P2 license provides this service.

Microsoft spends a significant amount of its budget on security each year, which has led them to be a leader in the Gartner® Magic Quadrant for Security Information and Event Management. There’s no denying that Microsoft receives more signals than any other Security Protection organization today. Let’s take a peek at what’s under the hood for these features.

• Enterprise Mobility & Security – One of the most important advantages of Microsoft 365 is the power to use Conditional Access policies. Azure AD P1 allows you to enforce multi-factor authentication (MFA) requirements for users by applying options for the Identity Protection users need to prove who they are in order to gain access to your resources. Single sign-on (SSO) allows users to be more productive in accessing the applications. Target users and devices with policies that can grant or allow access on Windows, IOS, Android, and macOS devices with application packages for enterprise and 3rd party applications.
• Endpoint Configuration Manager – This system management allows for mobile device and application management by implementing device compliance policies that help secure your data on trusted devices. Enforcing software updates and being able to remotely wipe organizational information provides a way of lifecycle management. Intune allows for application packages to be pushed to devices for a zero-touch deployment by IT.
• Azure Information Protection – Part of Microsoft Purview Information Protection is the process for labeling your data to control how these documents are shared. With the AIP Scanner, organizations are able to locate where their sensitive documents reside and apply a unified labeling client to restrict users from sharing sensitive information.

Microsoft 365 Security

Now, let’s dive into the meat and potatoes of Microsoft Security with Microsoft Defender. Microsoft has many products in the Defender line, which can lead to confusion on which of them is needed for protecting specific services. This question, as well as how to license the Defender services, comes up quite often when talking with clients. The management of the services through the Security Admin portal provides a centralized view of the attack spectrum using the Microsoft Graph API. Let’s highlight some of the Defender features for Microsoft 365 protection.

• Defender for Endpoint – Also known as Defender ATP, Defender for Endpoint is the Microsoft enterprise endpoint detection platform providing Core Vulnerability Management, Attack Surface Reduction, Next Generation Protection, Endpoint Detection and Response, Automated Investigation and Response, and access to Microsoft Threat Experts.
• Defender for O365 – This provides email protection for anti-malware, anti-phishing, anti-spam, safe links, safe attachments, and zero-hour auto purge (ZAP). Most notable is the Attack Simulation Training that users can benefit from.
• Defender for Identity – This cloud-based security solution identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions directed at your organization. You can monitor user behavior and activities using learning-based analytics to protect user identities and reduce the attack surface.
• Defender for Cloud – Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud (Amazon AWS and Google GCP) resources. You can continually assess, secure, and defend resources in the cloud and on-premises, as well as gain visibility into the Ghost IT applications being deployed, and control the usage of those applications.

Microsoft 365 Compliance

Compliance is a key factor in navigating the various regulations countries apply and meeting industry standards. Microsoft has the solution to help ensure you meet the standards which are specific to your organization, as well as the ability to apply the recommendations needed to comply.

• Microsoft Purview – This is a data governance, risk, and compliance solution that governs, protects, and manages your entire data estate for your organization. You can manage the visibility and governance of data assets; protect sensitive data across clouds, apps, and devices; identify data risks; and manage regulatory compliance requirements.

Deploying these solutions without help can be a daunting and time-consuming task. With MicroAge, a team of certified Microsoft 365 and Azure Engineers experienced in implementing these solutions can help you apply best practices to help your organization deploy a higher level of security, governance, and compliance.

The Early Seeds

For most of the 20th century, business models centered around large, integrated companies that could own, manage and directly control their own assets. By the 1950s and 60s as the population grew, the need for corporate expansion became clear, and companies looked to diversify in order to broaden their corporate base and create more economies of scale.

While much of those goals were achieved by the 1970s and 80s, bloated management structures and lack of agility also became the unintended consequences. Organizations soon recognized the need to create corporate structures and cultures that fostered flexibility, agility and creativity, while also allowing them to focus on their core business. Enter early outsourcing.

Today the words ‘outsourcing’ and/or ‘managed services’ can trigger all kinds of emotions – both good and bad – depending on who you ask. No doubt, this function has a lot of baggage, especially in IT where the technology landscape has become incredibly complex and there’s no shortage of horror stories to be found. When I connect with clients, it’s clear that many are holding on tight to misconceptions and myths, either from their own experiences, from the media hype, or both. So, I’m going to outline the most common myths we run into and offer some alternative food for thought, including some of the measurable value you can see from working with managed services providers.

3 Common Myths

MYTH #1: I’LL LOSE CONTROL OF MY COMPANY AND ASSETS.

It’s a fear, and I get it. But it’s also an outdated one if I’m being brutally honest. The industry has evolved far beyond this polarizing notion of internal vs. external with no shades of gray in between. The reality is that today’s managed services providers (MSPs) can have the skills, depth, tools and experience to seamlessly help manage pieces and parts of daily operations without you having to ‘hand over the keys to the castle,’ or give up full control of your mission-critical systems and core business functions.

While I’m certainly not suggesting all MSPs are created equal, I am suggesting that sourcing specific functions (e.g. telecom integration and collaboration, cloud migrations, database migrations, security compliance and patch management, etc.) can, and is, successfully accomplished by leveraging the MSPs with niche expertise in areas such as technology implementations, system or service best practices, and service excellence. This means you can expand the IT bench without losing the architectural control you want to support your core business and strategic growth.

MYTH #2: THEY ALWAYS HAVE CANNED SLAS THAT DON’T MEET OUR UNIQUE BUSINESS REQUIREMENTS.

Yes, some do, but not all. Your business rides on SLAs of all kinds, so I understand the consternation around having to deal with lesser SLAs than you need simply because the MSP only has so many resources or capabilities of its own. Fortunately, and again… the industry has evolved. Today’s successful MSPs build SLAs into your agreement for exactly what you want and need, rather than what they’re able to offer. SLAs are the heart of a capable MSP and should be specific to your business whether you need five nines availability, a tiered severity support system, or help desk response time, make sure it’s your requirements, not their canned offering.

That said, be sure to vet an MSP thoroughly… and by that, I mean call references, get sample reports, check their reviews, and interview multiple layers of the organization to be sure everyone tells a similar story. One tip I highly recommend is doing a little research of your own to find existing clients that they *do not* offer on their reference list and cold calling them to get feedback. Ask open-ended questions like:

• How long have you been a client and how did their learning curve go?
• How are they doing on your SLAs?
• What hurdles did you have on the culture fit and how did they handle it?
• What’s the best thing about working with them?
• What’s the worst thing?
• Do you plan to stay with them long-term?

You get the gist. Trust me, it’s worth the effort.

The CRN Managed Service Provider (MSP) 500 list recognizes leading North American solution providers that have demonstrated innovative and forward-thinking approaches to managed services. They help end users improve operational efficiencies and navigate the ongoing complexities of IT solutions, while maximizing their return on IT investments.

MicroAge is recognized annually on the MSP 500 List in the Elite 150 Category.

MYTH #3: THEY HAVE LOW-LEVEL SKILLS THAT WE JUST CAN’T TRUST.

Technology, and therefore the skills needed to manage it, are all advancing at an accelerated rate. Why? The knowledge-share and training today are like never before in history. You can get highly trained, niche-skilled labor in a managed services provider potentially easier than you can find FTEs on the open labor market, and you don’t have to add a capital-level budget to build a deep in-house bench or carry additional employees on the books.

As an example, sourcing daily security compliance operations to an MSP means you have an expert partner dealing with daily scans, security compliance, responding to security operations incidents, and proactively managing your patches and OS lifecycles. I don’t think I’m exaggerating when I say most of our clients call this as close to ‘heaven on IT earth’ as you can get, especially in today’s security climate.

BONUS MYTH #4: OUR EXISTING STAFF WILL FEEL THREATENED, OR THERE’S TOO MUCH CULTURAL MISMATCH FOR IT TO WORK.

Well, the reality is that managing this is largely on you, but it can be done. The key here is messaging, and it’s critical to get out ahead of this with your team before they ever get wind of your plan to procure an MSP. Here are some specific tips that may help:

• Identify key strengths and skills of your existing team
• Map them to your most important strategic initiatives
• Create a work transition plan for each team and resource
• Identify KPIs against the strategic plans by quarter and by year
• Position the changes as a redeployment of valuable FTEs to your most important initiatives
• Properly compensate individuals for shifts in their responsibility level(s)
• Involve them in the MSP requirements and interview process

In summary, the MSPs of today are a far cry from even ten years ago. Today, they can be highly skilled, adaptable, flexible, and high-value members of your team that give you the ability to offload the more mundane daily operational tasks that free up key staff to help you advance your broader strategic goals.

If you have questions about working with MSPs in your unique business situation or requirements, drop me a note – I’d love to connect.