MSPs, keep your lunch money

I learned a lot of lessons riding the bus in middle school. One of those lessons was that, for some reason, I couldn’t stand when a big kid picked a fight with one of the smaller guys. Still don’t like it. If you want to make me mad, go pick on someone smaller than you. It’s funny how things still stick with me, even to this day.

Recently, I came across an article from the folks at Crowe. If you haven’t heard of them, it’s because you’re not a nerd like me. They are a big professional services firm. They’re just shy of being in the Big Four, which makes up the largest four accounting firms in the world. Last I checked, they’re number 8. So, we’ll say that they’re in the Big Ten. Which isn’t football. Remember, I’m a nerd, not a sportsballer.

Anyway, our fine friends at Crowe recently published a PDF entitled “Why Your MSP Should Not Be Your MDR Provider.” Ouch. Low blow. And just like that bully on the school bus, I felt like I should respond for my fine friends in MSPs, many of which are doing a superb job being an MDR provider.

First things first though: we need to let out the big elephant in the server room. Crowe would probably say (meanly, I might add) “Well Wes, you’re biased. Your MDR pretty much exclusively serves MSPs.”

To which I might respond (perhaps slightly less meanly, as I’ve been called the Mr. Rogers of Cybersecurity a few times): “Sure, I’m biased. But so are you. You see, MSPs have been eating your lunch in offering MDR services and you’re now feeling the pain, leading you to write this article in defense.”

Ouch. Hate to say it so bluntly, but I always say that your best friends tell you the most truth. So, what I thought I’d do in this article is respond to the virtual bully on the bus and stick up for my MSP friends a little bit. I’m going to take their “10 Reasons Why Your MSP Should Not Be Your MDR Provider” and give a response that I think Crowe should think about.

1. Claim: “SECURITY: MSP protection stops at operations, but MDR protection goes beyond operations to security resilience.”

Wes’ Response: While it’s true that managed IT stops at operations, why wouldn’t MSPs be able to include “security resilience” (whatever that means?) as well? The two aren’t mutually exclusive. And, I can point to a hundred of our partners that have mastered both.

2. Claim: “PREVENTION & MITIGATION: An MSP focuses on end-user experiences, but MDR focuses on cyberthreat prevention, identification, and mitigation.”

Wes’ Response: Ok, I think we’re learning something on this one. Crowe seems to misunderstand that the vast majority of MSPs don’t actually run and operate the MDR process in-house. They partner with someone like Perch and co-manage that process. So, imagine this: an MSP that’s responsible for a great end-user experience ALSO manages the security process itself to ensure “cyberthreat prevention, identification, and mitigation” through a partner like Perch? No wonder MSPs are eating Crowe’s lunch.

3. Claim: “TRAINING: MDR and MSPs have different training requirements.”

Wes’ Response: See point 2 above. Again, Crowe appears to misunderstand that MSPs co-manage a solution like Perch. And don’t even get me started on Perch’s vs. Crowe’s capabilities and training around security. If I went there, Perch might become the bully. ;-)

4. Claim: “TECHNOLOGY: MSPs apply technology operationally, but MDR applies technology strategically.”

Wes’ Response: In their reasoning on this in the article, Crowe states: “MDR focuses on big data analytics, artificial intelligence, and machine learning.” Ouch. I guess they win buzzword and SEO bingo. But, Perch does these things in spades. And, we have the awards to prove it and the automation proficiency to scale it.

5. Claim: “SURVEILLANCE: MSPs provide efficient operation, whereas MDR offers surveillance and detection aimed at secure operations.”

Wes’ Response: Here’s something I’ve learned from years of working with MSPs. MSPs know their clients’ networks better than Perch. Better than Crowe. So instead of having a standalone MDR that intentionally chooses not to work with the MSP like Crowe, what if the MDR platform worked hand-in-hand with the MSP to offer visibility and allow the MSP to interpret the results and threat escalations since they are the ones that know more than the rest of us combined? That’s exactly what the end-user client will say as well, which is why they trust their MDR services to their MSP as well.

6. Claim: “DETECTION: An MSP is a target for bad actors, but MDR is a watchdog.”

Wes’ Response: This is true. Painfully true. And Perch was warning about this way before Crowe had any idea. And our solution? Let’s help the MSP just as we help their clients. That’s why every single MSP partner we work with deploys Perch in their own networks as well. Crowe would be wise to start thinking of MSPs as partners rather than competitors. Just a free tip, though I do accept bribes in Bitcoin.

7. Claim: “NUANCE: An MSP applies formulaic service, whereas MDR understands nuances.”

Wes’ Response: I think we’re reaching the bottom of the barrel here. See my response on claim 2. There’s no reason an MSP can’t do both, especially when co-managing a solution like Perch.

8. Claim: “HOLISTIC APPROACH: MSP services are à la carte. In contrast, MDR services are holistic.”

Wes’ Response: It’s true that most, though not all, MSPs offer advanced security like MDR as an additional à la carte item. But that’s changing. But ask any MSP if they offer it à la carte because they want it that way or not. The answer is always: “No! I wish every client could get it, but some don’t want to pay for it.” So, while the needle is moving, this takes time. And Crowe’s expensive MDR services certainly don’t help here either. So, if I may be so bold, this claim is a little bit like the pot calling the kettle black.

9. Claim: “24/7 COVERAGE: MSP coverage is reactionary, but MDR provides 24/7 coverage.”

Wes’ Response: True. That’s why they partner with Perch. We don’t sleep. Not even at 2 am on Christmas morning.

10. Claim: “CUSTOMIZATION: An MSP generally offers an off-the-shelf solution, reselling someone else’s technology and sometimes even services.”

Wes’ Response: Ouch. I think Crowe might not understand the Perch co-managed solution at all. We offer an industry-leading 45+ API integrations, thousands of event notifications, alerts, visualizations, and dashboards – every one of which can be edited and customized by the MSP. But I digress. This argument isn’t between Perch and Crowe.

So, there you have it. A quick read-through of the article shows that MSPs are actually well-positioned to serve their clients with an MDR. In fact, because the price models of legacy MDRs prevent the majority of SMBs from even being able to afford an MDR, I might even go so far as to say that MSPs are the only way for SMBs to be properly protected from cyber threats.

We'd love to hear your thoughts. Find us on Twitter, LinkedIn or write in to hello@perchsecurity.com

Next: Duck, duck, jab: How Perch flies above the competition