With today’s highly dynamic threat landscape suffering from a cybersecurity talent shortage and constantly siloed security functions, every organization needs to reduce the discovery time of a breach and make cybersecurity more accessible and human. This year, it’s estimated that a typical midmarket company can expect to be confronted with five to seven attacks per employee per month. Extended detection and response (XDR) is arising as a promising solution to these challenges.
For managed service providers (MSPs) and managed security service providers (MSSPs), XDR platforms allow them to offer the tools to set up their customers for success to tackle today’s ever-evolving threat ecosystem.
The primary reason is tied to one of XDR’s main benefits—faster and more accurate investigations.
From a 30,000-foot view, XDR provides continuous monitoring of all aspects of an IT security environment and features always-on awareness of the latest threats to improve a customer’s security posture. XDR’s primary benefit is its promise to address security gaps through automation and integration, reduce false positives, and remediate low-level threats, freeing up SecOps teams to prioritize high-risk alerts. It ultimately improves an organization’s ability to react by aggregating and correlating threats against contextualized intelligence, thereby reducing complexity to limit human error. Several businesses have reported notable time savings, up to 40 hours a week, by automatically identifying key threats and proactively resolving them.
In addition, XDR’s ability to identify high-priority threats with ease has been noted in allowing SecOps teams to have better visibility and control over their IT infrastructure, saving them time and offering guidance to increase their overall security posture. An XDR feature that most organizations embrace is the comprehensive visibility and control into all vectors (endpoint, email, cloud, network) that were routinely siloed in the past.
For all these reasons and more, MSSPs are integrating XDR platforms into their existing security offerings to customers. However, this isn’t as simple as with other one-off services.
XDR for the Channel: A Tailored Approach
In truth, XDR is more an approach to cybersecurity than one simple platform to deploy. Thus, there is no “one size fits all” way to integrate XDR into an MSSP’s relationship with their customers. The degree to which the platform is weaved in is determined by the specific security posture needs of the customer. There are also myriad levels to which a partner will be involved with managing XDR for their customers.
The most straightforward type of partner is those who simply resell XDR technology. These partners package up an XDR solution with additional services, offering their customers personalized, turnkey security packages. But as SaaS-based platforms have grown in popularity, especially considering how quickly the cybersecurity world moves, businesses are rarely looking for this kind of partner solution for their security needs.
Most businesses are more likely to want a partner that provides professional services and partakes in the deployment and implementation of XDR for their customers. This method serves as a sort of middle ground in terms of involvement. While the partner offers a ton of value in assisting in the deployment and integration of the platform, ultimately the customer manages their own environment with the assumption that they will run the entire operation.