Best Endpoint Security and EDR Tools for MSPs

Whether they want to or not, Managed Service Providers (MSPs) are being forced to pick up more and more security functions. An endless stream of malware attacks followed by the recent rash of ransomware incidents has made it necessary for them to augment whatever services they were providing with some basic security safeguards.

Over time, the need for security services has grown, and is now one of the hottest areas of the MSP space. That is why there are now so many MSPs operating solely in security, also known as Managed Security Service Providers (MSSPs).

Some providers have evolved managed services from their own security software offerings. They already possessed a portfolio of security offerings and have expanded their scope by adding as-a-service offerings, often supported by help desk and consultancy-type support. But a great many other MSPs bring together security tools from vendors, sometimes just reselling a service. Their value add is that they take care of a great many of the details of managing, maintaining, and deploying security services, making their clients’ lives easier.

Well-established MSPs, too, are finding it increasingly necessary to augment their non-security-based services with some security features and services. Thus, few MSPs these days can ignore the security space. Their existing and potential customers demand at least basic security functions.

Most IT security vendors and providers offer attractive discounts to MSPs and MSSPs to make it profitable for them to incorporate these services into their own offerings. Conditions and terms vary widely from provider to provider.

Top Security Services for MSPs

As such, there are a large variety of services to choose from. Here are some of the best endpoint security tools for MSPs. Please note that some vendors offer multiple services. These are included, as it makes sense to deploy a collection of tools from one vendor rather than having to establish relationships with a great many different ones to offer comprehensive security. The growing number of XDR, or extended detection and response, platforms give MSPs a comprehensive security platform they can build on. MSPs can utilize these tools and services to build their own unique offerings.

Here then are some of the top endpoint security (and other security) offerings that MSPs can incorporate into their own services.

Sophos

Sophos Intercept X with XDR: An extended detection and response (XDR) service that synchronizes native endpoint, server, firewall, and email security. It provides a holistic view of an organization’s environment with a rich data set and deep analysis for threat detection, investigation and response.

Sophos Firewall: Powered by Sophos Firewall’s Xstream architecture, the new XGS Series appliances deliver the industry’s best zero-day threat protection, identifying and stopping the most advanced known and potential threats – including ransomware. The new appliances feature industry-best Transport Layer Security (TLS) inspection, including native support for TLS 1.3, that is up to five times faster than other models available on the market today. MSPs can install these at client sites to keep their other offerings more secure.

AT&T

AT&T is another vendor that offers a wealth of services for MSPs.

  • AT&T DDoS Defense addresses Distributed Denial of Service (DDoS) attacks, which can take down entire networks, websites, and even countries in extreme cases.
  • AT&T’s network security offerings give MSPs what they need to help protect and connect customers as well as their users, data, and applications on premises, remotely, or in the cloud.

Other AT&T services that MSPs could tap into include:

  • Secure Remote Access
  • Secure Web Gateway

Trend Micro

Trend Micro offers an integrated managed service across email, endpoints, servers, cloud workloads, and networks. Its managed detection and response service, Trend Micro Managed XDR, drives improvements in time-to-detect and time-to-respond while minimizing the risks and impact of threats. This enables MSPs to choose what monitoring services to offer out of email, endpoints, servers, cloud workloads, and network security solutions.

Here are the various services available:

  • Trend Micro Cloud App Security for Microsoft Office 365 or Google G Suite
  • Trend Micro Apex One multi-layered endpoint security
  • Trend Micro Deep Security Software
  • Trend Micro Cloud One workload security (virtual, physical, cloud, and containers)
  • Trend Micro Deep Discovery Inspector

CrowdStrike

CrowdStrike is a top Endpoint Detection and Response (EDR) vendor and offers a number of services MSPs can utilize individually or collectively.

  • CrowdStrike Falcon Prevent is a Next-Generation Antivirus (NGAV) service that combines prevention technologies with attack visibility and simplicity to help MSPs get up and running immediately.
  • Falcon Insight is an EDR offering. It delivers continuous endpoint visibility that spans detection, response and forensics to ensure nothing is missed and potential breaches are stopped.
  • Falcon Discover allows users to quickly identify and eliminate malicious or noncompliant activity by providing real-time visibility into the devices, users and applications on a network.

Syxsense Active Secure

Syxsense Active Secure is a managed service that offers vulnerability scanning, server and endpoint patch management, plus endpoint security. It enables IT teams to prevent cyberattacks by scanning authorization issues, security implementation, and antivirus status. That takes care of a number of functions that organizations often fall down on. Patching, for example, is a common IT weak spot, and many breaches happen because an organization failed to apply an available patch. This service gives MSPs something they can offer to take care of that function and a few others.

Verizon

Verizon Managed Security Services protect more than traditional endpoints. They encompass application-level firewalls, content screening, email security gateways, endpoint security, host intrusion detection systems (HIDS), host intrusion prevention systems (HIPS), load balancers, log monitoring and management, network intrusion detection systems (NIDS), network intrusion prevention systems (NIPS), proxy servers, unified threat management (UTM), VPN, and operating system and active directory monitoring. A good choice for MSPs looking to offer their clients a range of security services.

FalconStor

FalconStor Backup as a Service (BaaS) is based on FalconStor software, in combination with servers and storage purchased from any vendor. As well as general backup, the company is well versed in dealing with IBM shops. The StorSafe backup-to-disk-target resides on-premises at the customer location to deliver up to 160 TB/hour of throughput with up to 95% in-line data deduplication. It ensures a second copy of the backup data is automatically transmitted offsite to the MSP’s datacenter or a public cloud for offsite protection. Backup is one of the most critical protections against ransomware – and also the most commonly offered MSP service.

Further reading:

SentinelOne

SentinelOne offers a number of AI-backed endpoint protection services that MSPs use. This includes: automated threat prevention, detection, and response; automated remediation to terminate malicious processes, disconnect and quarantine infected devices, and rollback events to keep endpoints in a clean state; and security analytics performed on endpoint agents. Automation features can be very helpful to busy service providers, MSPs can deploy any one or all of SentinelOne’s offerings.

MobileIron

Just acquired by Ivanti, MobileIron’s mobile-centric, zero trust security approach verifies every user, device, application, network, and threat before granting secure access to business resources. It makes it possible to segregate business apps and data from personal apps and data on mobile devices. It secures mobile productivity apps, including email, contacts, calendars, and tasks across iOS and Android mobile devices. Any MSPs offering device management would do well to take advantage of such services.

Lookout

Lookout offers several services that might be of interest to MSPs. These include:

  • Mobile Endpoint Security, which encompasses iOS, Android, and Chrome OS devices that have as much access as other endpoints. Without invading privacy, it can detect and respond to known and unknown threats.
  • Zero Trust Network Access to dynamically provide only the access needed by users and applications, with everything else locked down.
  • Cloud Access Security Broker service to control cloud apps and data.

Fortinet

Fortinet offers many security services to MSPs, communication providers, and mobile providers. The company helps its MSP partners reduce risk and minimize the impact of cyberattacks by providing managed security and monitoring services to protect enterprise data, infrastructure, and users—regardless of who, where, when, and how IT assets are accessed. Fortinet’s portfolio of integrated and automated security tools cover network security, cloud security, application security, access security, and network operations center (NOC) and security operations center (SOC) functions. The company is best known for its firewalls, but it also offers one of the lowest-cost EDR products around, plus the more advanced enSilo offering.

Other services include:

  • MSSP Cybersecurity
  • Managed SD-WAN for Service Providers
  • Managed SOC Service
  • Managed Cloud Security Service
  • Managed WAF (web application firewall) Service

Malwarebytes

The channel has become a big driver of Malwarebytes’ business in recent years, and the endpoint security vendor offers a portal for easy signup and sale and marketing assistance. A “partner first” approach helps ensure partner profitability. Malwarebytes’ OneView dashboard lets partners centrally manage customer accounts and access policies and request support when needed. RMM and PSA integrations are another feature aimed at channel partners.

CenturyLink

CenturyLink proactive Managed Security Services deploys teams of local security experts, who keep a close eye on networks 24/7/365. Protection of the network perimeter comes from CenturyLink Unified Protection and Compliance Service. This service utilizes a SonicWALL hardware gateway to safeguard against external attacks. This service also allows remote users to connect to the network safely through VPN. Gateway-enforced antivirus is included.

Rapid7

Rapid7 is another provider with a track record of providing services for use by MSPs. Rapid7 InsightVM, InsightAppSec, and InsightIDR are all available as managed services.

  • Managed Vulnerability Management makes it possible to hand over the operational requirements of a vulnerability scanning program to Rapid7 experts, something most SMBs don’t do well, if at all.
  • Managed Application Security allows companies to offload scan management, vulnerability validation and penetration testing.
  • Managed Detection and Response offers around-the-clock monitoring to defend against threats and stop attacks.

Cybereason

MSPs or users can take advantage of several grades of protection from Cybereason. The more you pay, the more coverage you receive:

  • MDR Core: Cybereason security experts provide network monitoring, root cause analysis, and guided response.
  • MDR Essentials includes the above and adds threat detection, triage, and guided response.
  • MDR Complete is a fully managed security solution that provides threat detection, triage, remediation, and analysis.

IBM

IBM Security Managed Detection and Response Services includes threat detection, fast response, threat intelligence, threat hunting, AI-powered automation, and human-led analysis across networks and endpoints in multi-cloud environments. Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) tools conduct investigations. These services can also take advantage of IBM’s Global Security Operations Centers (SOC) network. And MSPs using IBM services could certainly benefit from putting the tech giant’s name in their marketing materials.

Further reading: Managed Service Security Providers: Making the MSP Switch

Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including eSecurity Planet, ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

RELATED ARTICLES

Must Read