Every endpoint detection and response (EDR) and extended detection and response (XDR) solution requires people to manage them. Many large enterprises will hire a team of experts to run an in-house security operations center (SOC). However, resource-constrained businesses that cannot afford to run a full-fledged SOC typically turn to MSPs to manage EDR and XDR. And those MSPs likely use a third-party managed detection and response (MDR) service to handle monitoring, investigating, responding to and remediating incidents.
Eventually, we kick the can down the road. The responsibility of EDR and XDR management shifts from businesses to MSPs to MDR providers. The bottom line is that EDR and XDR are expensive to manage. Both solutions are a full-time job that demands 24/7 attention from highly skilled experts. And the burden repeatedly gets ‘hot potatoed’ across the IT space in an effort to protect profit margins.
Restrictive profit margins have become the norm
Historically, the accessibility of EDR and XDR has been bleak. IT security talent shortages have made it difficult to attract and afford top-notch security professionals with the right credentials and skills. The professionals that are adept at managing advanced security solutions are in high demand. As an MSP, it is exponentially harder to turn a profit against increasing operating costs.
According to Canalys Forum EMEA 2023 Expert Hub: Alpha MSPs, even the highest performing MSPs are looking to achieve 40% or above in service gross margin. In addition, it is generally thought that at least 25% is necessary for their profit to be sustainable. Based on these findings, many MSPs are setting the bar low with the anticipation of restrictive margins.
Despite financial barriers, your clients need EDR and XDR to effectively combat complex cyberthreats, but the problem is that the barrier to entry is too high for resource-constrained businesses and MSPs who are often alienated from EDR and XDR markets. The question remains: How can you deliver adequate protection without blowing your and your clients’ budget?
Technological advancements are changing the EDR and XDR picture
In recent years, the AI wave has taken the cybersecurity world by storm. Both AI fanatics and skeptics can agree that AI is rapidly changing security market. AI is not only helping to improve detection rates, but also empowering your technicians to do more — regardless of their experience or credentials.
AI can tackle both issues of the EDR and XDR management equation: Mounting costs and dwindling IT security talent pools.
For example, Acronis Advanced Security + XDR with Copilot provides a natural language, generative AI-assisted chat experience for MSP technicians. The feature leverages OpenAI’s ChatGPT 4.0’s large language model (LLM) to help IT professionals with incident investigation, analysis, response and remediation — with easy-to-understand natural language text.
Copilot removes a lot of the ambiguity behind handling security incidents. From generating attack summaries to getting response recommendations, your technicians can use its natural language capabilities to gain a clear understanding of incidents; make faster, well-informed decisions; and speed up incident response efforts.
For instance, after investigating an incident, a technician can enter a prompt into Copilot such as “What kind of response actions should I take?” Copilot will generate a straightforward response: “Sure, here are some recommended response actions that can help mitigate the incident:
- Quarantine malicious processes related to this incident.
- Add all malicious processes from this incident to the blocklist.”
Equipped with this information, your technicians can respond faster within the context of the incident. The beauty of Copilot is that it provides recommendations and responses that are bite sized and easy to comprehend.
Level up your existing team
Technicians of all skill levels can accomplish more with Copilot. The complex security tasks that would normally require the attention of tier-three security experts can now be performed by tier two. Moreover, the advanced security tasks that are typically performed by tier two can now be performed by tier one. This means that IT security professionals are empowered to complete the tasks in the tier above, and overall, you can solve more issues across the board.
Ultimately, this dramatically reduces the level of skill required to deliver EDR- and XDR-based services. AI-enabled security solutions such as Copilot can help you reduce your dependency on costly tier two and tier three experts and increase your reliance on tier one professionals that are far more ubiquitous in the talent pool.
Save time with automation
In addition to delegating tasks down tier, AI-enabled security also reduces the time spent on tasks overall with automation. For instance, creating a script for threat hunting or checking workloads across clients can be generated in Copilot. Nowadays, there is less of a need to write scripts from scratch. You can bypass the high costs of script development while also minimizing the risk of human error with AI-based scripting.
Make EDR and XDR available to your clients
Technological advancements such as Copilot enable MSPs to leverage their existing team and deliver more robust security services at a lower cost. This approach makes advanced security solutions accessible to the masses by extending innovative technologies to resource-constrained clients who previously thought that these solutions were out of reach.
You no longer require the complex and often expensive infrastructure traditionally associated with advanced security operations, such as sophisticated SIEM, SOAR and SOC setups. Instead, you can empower your technicians with AI-enabled tools like Copilot to manage EDR and XDR efficiently. This shift in responsibility not only helps in protecting a wider community from cyberthreats, but also ensures MSPs can achieve healthy profit margins.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.