How CrowdStrike is helping MSPs tackle SMB security woes

Small businesses are at an overwhelmingly higher risk of cyber and ransomware attacks than their enterprise peers, CrowdStrike says.

About 70 per cent of cyber attacks target small -to-medium-sized businesses (SMBs), with about 63 per cent facing ransomware and advanced threats, according to a recent report.

This leaves the market wide-open for opportunities for managed services providers (MSPs) and managed security services providers (MSSPs) to play a central role in an SMB’s security environment.

In Australia, the SMB market contributes half a billion dollars to the economy in gross domestic product (GDP), making up about 2.5 million businesses, according to the Australian Small Business and Family Enterprise Ombudsman (ASBFEO). 

Cythera services director Ben Cuthbert said SMB IT teams are struggling with budget constraints and with having to deal with a wider range of tasks, particularly in managing cloud environments.

“They’re maintaining software-as-a-service (SaaS) platforms with critical data and business information,” Cuthbert said. “They’re having to do more with less, more than they ever have been and I think security is becoming a second or third priority for a lot of these teams.”

Cuthbert said it was often brought in post-breach, addressing the incident response for a lot of SMB clients, which is often a crippling business event.

“It doesn’t matter whether you’re a small, one or two person shop all the way up to 1000-seat multinationals, we’re all having to deal with the same security problems and arguably for SMBs, these security events are actually much more business crippling because they literally shut you down and you just can’t trade,” Cuthbert said.

“One thing that we’re seeing is just a lot like clients are a lot savvier about buying managed services and a lot of clients are realising that they can’t have everything in-house.”

Security monitoring, alert triage, incident response, were a few of the services clients were requesting.

Cuthbert said Cythera uses automation to enrich alerts and bring events together as analysts need to make quick decisions when looking at an incident and need all the key information at hand, on top of using the CrowdStrike Falcon platform.

“That’s an area where we feel we’re a bit ahead of the curve where we invest heavily both in people in terms of development, but also in some of the platforms,” he said.

“We’re a very DevOps heavy team because to scale security you really need to invest heavily in automation and orchestration and that’s where we’re focusing.

“We’ve been doubling in size every year since we’ve been trading for the past five years,” he said.

For National IT Solutions technical director Paul Maranzano, the biggest hurdle for SMBs was the resourcing and costing that comes with securing their business environment.

“It comes as a bit of a shock to them,” Maranzano said.

Taking stock of the CrowdStrike Falcon Complete platform, Maranzano said it was always seen as an enterprise product, out of reach for its clients, until recently.

 “CrowdStrike has MSP and an MSSP offering, which was actually quite affordable for us to sell to our clients and something that clients could digest. We’ve reached the point of bringing enterprise solutions into our clients,” Maranzano said. “We’re investing in utilising the CrowdStrike platform to demonstrate the threats that are being detected and what else can be done to prevent them.

“We have an obligation to lead by example and take our own cyber security training very seriously.”

CrowdStrike Asia Pacific vice president of channels and alliances Jon Fox said most of its business has been heavily focused on the enterprise side of the market but it has started to scale down into the SMB segment.

This has also filtered into its partner ecosystem: while it’s traditional focus has been fully on MSSPs, the vendor is turning its attention towards smaller MSPs on the Falcon platform.

“MSPs are trying to decrease their cost of sale so they can provide a more comprehensive and cost-effective solution to customers because SMBs aren’t exactly rolling in money and don’t have multi-million dollar budgets to spend on security,” Fox said.

CrowdStrike launched Falcon Complete for Service Providers in September last year, aiming to reward MSSPs, MSPs and system integrators to help them expand their security portfolios, close skills gaps and strengthen internal teams. Partners can tap onto Falcon Complete’s existing team and offerings to create co-branded or white-labelled managed security services.

Fox pointed out that SMBs typically do not have the resources, funds or skills to address cyber security properly within their own organisation.

“Equally, the MSPs who are doing the traditional break-fix, they’re doing a lot of infrastructure, services and they don’t necessarily have a huge depth skill set around security either, and to go and build that themselves is incredibly expensive. Especially if you can even find the people to be able to do that to begin with,” Fox said.

“This is where we can let our MSPs leverage our Falcon Complete service, and then white label that to their customers, and they also then can wrap other services around that.”

“Falcon Complete is a great service, but it’s not all things to everything. It’s not designed to be that and there’s an opportunity for partners to wrap additional services around Falcon Complete and white label that to SMBs.”

Fox explained its focus was not just giving the MSPs an endpoint solution, but the chance to bolt services such as identity, cloud, vulnerability management, and so on.

“All these additional modules help the MSP protect the SMB, but also as an MSP, you’re your profitability comes from the efficiency that you have in your business,” Fox said.

Fox said the vendor currently has more than 500 integrations into its alliances ecosystem and it will continue to expand that.

“We’ll continue to build more automation around billing and provisioning, all those kinds of things that MSPs need day-to-day,” he said.