Interviews - News - Analysis: For successful growth with Managed Security Services

MDR is not a technology, but a service

From the customer's point of view, it is about how Managed Detection and Response (MDR) is used to test and introduce stronger security performance and, from the MSP's point of view, how a central MDR service is linked to important systems via APIs through to the establishment of alarm chains.

EDR vs. MDR: What are the differences?

EDR (Endpoint Detection and Response) focuses on protecting the endpoints of a network. It provides visibility and analysis functions to detect and respond to potential threats. MDR (Managed Detection and Response) goes one step further. It combines data from different sources, such as network and IT traffic data, and provides a more comprehensive view of the entire network. MDR is a service where an external partner takes over the monitoring and response to security incidents, resulting in faster and more effective threat detection.

Integration of different data sources

A key advantage of MDR is its ability to integrate data from a variety of sources. This can include email security providers, network data, firewalls and cloud data. Such integrations enable comprehensive monitoring and rapid response to security incidents. For example, APIs can be used to integrate data from Microsoft 365 or other cloud services, creating an even more comprehensive security solution.

Detect compromised backups

Backups are one of the most common points of attack for cybercriminals. MDR can help detect compromises in backup systems by using APIs that allow for quick integration and monitoring. This ensures that attacks can be detected quickly and appropriate action can be taken to minimize the damage.

Customer education and range of services

Introducing customers to managed security services requires careful education about the benefits and differences between EDR and MDR. IT service providers need to ensure that their customers understand the importance of comprehensive security solutions and are willing to invest in them. A managed service not only provides protection, but also continuous monitoring and rapid response to threats, which adds significant value.

Flexibility and adaptability

IT service providers must be flexible and adapt to the specific requirements of their customers. Whether as the main service provider for the entire IT or as a specialized security consultant, the ability to offer tailor-made solutions is crucial. In addition, setting up a 24/7 security service requires careful planning and preparation, including legal aspects and internal simulations.

Standardization and further development

A standardized portfolio and clear integration criteria are crucial to ensure that all security tools remain efficient and manageable. IT service providers should continuously invest in the further development of their services, including vulnerability management and penetration testing, in order to constantly improve their customers’ infrastructure and make it more secure.

"Standardization is the key. We are building a standardized portfolio and setting basic criteria such as API integration. All products must be able to feed into our data lake."

MSP Journey · Managed Security Services · Sophos & Olaf Kaiser · Portraitbild Marc Hoeffle
Marc Hoeffle
IT Booster GmbH
Olaf Kaiser:

Good morning, Marc. I'm delighted to be talking to you today as an expert at MSP Journey about a special topic in the field of security. Please briefly introduce yourself and your company.

Marc Hoeffle:

Thank you very much Olaf. My name is Marc Höffler, I am the founder of IT Booster. We are a small IT and service company from Speyer in the Rhineland-Palatinate, Zurich and Mannheim region. We specialize in accompanying customers on their digital journey with cloud and security services and making them more secure.

Olaf Kaiser:

IT Booster is an extremely interesting name. Let's see if we come back to it later. Let's talk about the security issues first. In your opinion, what are the possible forms of service for the customer and what are the differences?

Marc Hoeffle:

Gladly. In simple terms, EDR (Endpoint Detection and Response) increases the visibility of potential threats in the network, with a strong focus on endpoint protection. MDR (Managed Detection and Response) combines different data sources and provides more visibility, for example from network or IT traffic data. MDR is not a technology, but a service. The MDR partner therefore has more visibility of everything that happens in the customer network and can better detect and respond to security incidents.

Olaf Kaiser:

If we look at the data layers for MDR, what else is included? Does it also include mail information or traffic information?

Marc Hoeffle:

Yes, in principle the X is arbitrary. It depends on which partner you work with and which technology you use. Usually it's APIs. You can integrate email security providers, network data, firewalls and even cloud data such as Microsoft 365 logins. In the best case scenario, third-party cloud providers such as HubSpot or Salesforce can also be integrated.

Olaf Kaiser:

Yesterday I read in a Sophos report that compromising backups is a common target for attackers. Can MDR also help to detect if backups have been compromised?

Marc Hoeffle:

Yes, I think so. There are APIs that enable quick integration. You can also use these interfaces to see whether a backup solution has been compromised, provided it is technically connected.

Olaf Kaiser:

How do you guide customers to the higher level of a managed service?

Marc Hoeffle:

There are two parts to this. A customer who is still at an antivirus level needs to be picked up early and educated about what EDR and MDR mean. We no longer talk to customers about EDR, but in most cases about MDR. MDR offers the functions of an EDR, but combined with a managed service that enables more comprehensive support and immediate response.

Olaf Kaiser:

Are you the main service provider for your customers' IT or the security specialist called in for MDR services?

Marc Hoeffle:

That depends on the customer. We can offer the entire spectrum, from support and operation to specialized security consulting. We have customers for whom we are the security service provider and others for whom we also look after the infrastructure. In both cases, we are always the security partner.

Olaf Kaiser:

How much work goes into the preparation before you have a 24/7 service in place?

Marc Hoeffle:

A lot of work. We clarify with the customer whether we can take action in an emergency without consultation and which systems we can access. There are legal aspects to consider and legal contracts that need to be concluded in advance. We also simulate various scenarios internally in order to be prepared.

Olaf Kaiser:

How do you deal with unplanned expenses?

Marc Hoeffle:

The dialog is extremely important. There is a price range for our service, but unplanned events must be invoiced separately. We discuss with the customer when additional costs will be incurred and what measures are required. In an emergency, a response team can be called in, the costs of which can quickly run into the five-figure range depending on the duration and the endpoints affected.

Olaf Kaiser:

What other services are essential for MDR?

Marc Hoeffle:

It depends on the customer. Protecting identities is a key issue. A sensible email gateway already takes a lot of work off your hands. You have to decide for the customer which attack vectors are most relevant and budget for the appropriate measures.

Olaf Kaiser:

How do you ensure that your security tools remain manageable?

Marc Hoeffle:

Standardization is the key. We are building a standardized portfolio and setting basic criteria such as API integration. All products must be able to feed into our data lake. We also have an in-house development for report generation. In the office, we use three dashboards for operations and security.

Olaf Kaiser:

What if you're not in the office?

Marc Hoeffle:

That is the critical point. We have classic alert chains and use stable technologies such as SMS to receive important alerts outside the office.

Olaf Kaiser:

What are your next steps in further development?

Marc Hoeffle:

Our focus is on active vulnerability management and penetration testing. We want to continuously harden our customers' infrastructure and improve it on a best-practice basis. In the worst-case scenario, we rely on our MDR service or the Rapid Response Team.

Olaf Kaiser:

What tips do you have for other managed service providers who want to become active in the field of security?

Marc Hoeffle:

Be courageous and take on the role of advisor. Seek dialog with your customers and clearly highlight the value-added services. Start with smaller projects and continuously expand your knowledge. It is important that you feel comfortable in your field and gain the trust of your customers.

Olaf Kaiser:

Thank you very much, Marc, for the detailed interview and the valuable insights. I wish you every success with your future projects.

Marc Hoeffle:

Thank you, Olaf. It was a pleasure.

MSP Journey · Managed Security Services · Sophos & Olaf Kaiser · Portraitbild Marc Hoeffle

Profile

IT Booster offers IT services, cloud solutions and sophisticated cyber security services. As experienced IT architects, we create solutions that are scalable and maximize availability. Standardization instead of isolated solutions creates a focus on IT as a value-adding element and not as a cost block. We believe in partnerships and are convinced that the best bond is exceptional service and transparency of performance. We see ourselves as an extension of your team and work hand in hand. Often at the same cost as today.
Marc Hoeffle
Managing Director
IT Booster GmbH
In the courtyard garden 11
68799 Reilingen

Related articles

Managed firewall in focus – from service definition to reporting

What services - both planned and unplanned - are included in your managed firewall packages? How can the customer purchase the whole bundle of hardware, software and services? All as one fixed monthly price? Are there really helpful reports for customers from the firewall? Which services are not included and are provided on demand or on request at the firewall? How do you deal with customers who already have another firewall in use?

Ongoing development as a model for success with managed security services

Everything you need to know about setting up Managed Security Services: How is the security model structured? How do customers decide between the three modules for endpoint protection and what tips the scales in favor of the higher variants? What is the customer response to your managed approach? Does the monthly notice period play an important role for you? Which automations are most important to you?