Due to staffing and technical challenges, organizations are turning to Managed Security Service Providers (MSSPs) for IT security management, and one of the biggest trends is to use MSSPs to deploy and Endpoint Detection and Response (EDR) solutions on their endpoints. EDR offers an MSSP the highest level of security for an endpoint while avoiding the level of administrative complexity and nuance of traditional endpoint protection solutions. Additionally, as MSSPs turn up EDR Managed Detection and Response (MDR) services to help reduce the risks users and vulnerabilities introduce, there are key capabilities that service organizations need to consider, especially in a multitenant environment.

One core capability an MSSP needs to look at is how multiple customers are managed. A solution that lacks true multitenancy adds administrative burden by forcing one to turn up individual console instances that need to be administered separately or develop custom portals to integrate into their SOC. Multitenancy capabilities enable the management of many customers from a single console allowing for easier group management changes and system upgrades. FortiEDR features a full multitenant environment that allows MSSP's to log into a single portal and manage their entire environment while also allowing their customers to access their environments individually. This makes deploying global settings and make changes across the entire environment easily while still allowing for the distinct configuration structure needed in an advanced EDR configuration.

The ability to quickly deliver their MDR service is also key for a successful MSSP. In order to respond to an incident in a timely manner, an MSSP cannot go through the typical sales cycle of quotes, approvals, PO's, and license delivery. They need to be able to deploy at will and turn up service quickly. To ensure this, an MSSP should look for solutions that can be deployed quickly and easily as part of their service stack. If the product is not able to be licensed dynamically, the MSSP would be forced to purchase licenses they are not yet using in order to ensure they have the ability to deploy to customers that have had a security event. Fortinet offers an MSSP pay-as-you-go (PAYG) licensing model that allows MSSP's to deploy the solution to their customer environments as needed and only pay for the licenses used on a monthly basis.

This capability has additional benefits by allowing an MSSP to quickly turn up and turn down a Proof of Concept (POC) environment while only being billed for the licenses during the time of the POC. It also reduces the sales to operations timeline by allowing an MSSP to deploy immediately after sale and avoid license procurement delays. The ability to quickly deploy in turn shortens the time to revenue for the MSSP allowing them to quickly bill for their overall MDR service.

As MSSP’s integrate automated response capabilities into their solutions to add value and ensure their customers are better protected, how the product will integrate with an existing service stack is another aspect looked for. With FortiEDR, an MSSP can extend their service capability by using the FortiEDR API to integrate with any solution stack they currently have. Extended EDR, also called eXtended Detection and Response (XDR), is a capability that ensures the EDR solution is not a detached solution and will function beyond just the protection of an individual client. Additionally, an MSSP can utilize the already integrated capabilities of FortiXDR which combines the capabilities of FortiEDR with components of the Fortinet Security Fabric along with AI analysis.

While the security functions are crucial for any EDR, MSSP’s do need to consider how the product will align with their business. If you’re an MSSP looking to add MDR services to your portfolio, contact Fortinet today to learn more about how FortiEDR and the entire Fortinet portfolio have been built to help MSSP’s build successful services.