Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
2Scale or Fail: The Benefits of a Multitenant XDR Platform for MSSPs
Scale or FailThe Benefits of a
Multitenant XDR Platform for MSSPs
Whi
te P
aper
The Challenge of Scaling Security Solutions
Multitenancy: The Single Pane of Glass
Managing all aspects of cybersecurity across multiple client environments is a fundamental
responsibility and challenge for Managed Security Service Providers (MSSPs). Because
MSSPs manage multiple environments, each with a different set of solutions, along with different
configurations and support requirements, the complexity managing the solutions grows
exponentially as the number of solutions offered and client base grows.
This complexity is exacerbated when managing cybersecurity solutions that must be constantly
monitored and leveraged to protect client environments from a continuous onslaught of threats,
such as Extended Detection and Response (XDR) and Endpoint Detection and Response
(EDR) solutions. Prioritizing, investigating and responding to detected threats across a broad
client base can be particularly challenging and time consuming when solutions are deployed as
unique instances at each client.
Alerts must be collected, analyzed, prioritized, assigned and handled, while ensuring no
dangerous threats are missed and each client is fully supported. The overhead involved in
monitoring each client’s environment using multiple sets of security tools can be a significant
productivity drain. It also presents a real opportunity to overlook critical signals simply because
there are just too many “panes of glass” to monitor.
MSSPs are increasingly turning to multitenant solutions to eliminate the complexity of discrete
solution deployments. Multitenancy is typically defined as the ability to deploy multiple
independent instances of a solution that are managed in a single, shared environment.
Multitenancy essentially allows MSSPs to have full visibility and manage multiple client
environments from a single pane of glass. As an MSSP scales and manages more clients with
more diverse environments, the need for multitenant solutions becomes more critical.
3Scale or Fail: The Benefits of a Multitenant XDR Platform for MSSPs
4Scale or Fail: The Benefits of a Multitenant XDR Platform for MSSPs
Example of cross-client search capabilities and options in Forensics view
The Benefits of Multitenancy
MSSPs indicated the benefits of multitenancy fell into two broad categories:
Cynet interviewed several MSSP partners to better understand the benefits realized by
the Cynet 360 multitenant platform. According to all MSSPs interviewed, they could not
successfully and profitably scale their businesses without a multitenant XDR (or EDR) solution.
“ Before we had Cynet’s multitenant solution, we would monitor alerts by scraping emails, exporting to a database, and then importing the information into Zendesk – in batch, not real time. Then someone would find the next available analyst and open a ticket. It was so 1990s!
Now, alerts come into a single console and they’re automatically prioritized and assigned – a human could never operate as quickly. For an MSSP, it’s a godsend.
“ Without multitenancy, how can you really monitor more than a handful of clients? You’ll miss things, support will be delayed, balls can be dropped. The number of exchanges that need to happen would have been impossible to achieve without a multitenant platform.
1 Doing More with LessManaging all clients from a single console means an MSSP can serve more clients
without adding resources to manage client environments by eliminating the need to
constantly switch between solution instances. The increased efficiencies lead to
lower costs and higher margins.
Multitenancy also eliminates the constant headaches of tracking the myriad issues
that invariably follow manual processing. Using email, sticky notes, voicemail and
other communication tools to track and solve problems is greatly reduced with
centralized management capability.
2 Better Security and ResponsivenessConsolidating all alerts and related forensic data from all clients into a single pane of
glass allows the MSSP to immediately see, prioritize, investigate and respond much
faster, before damage can be done. In cybersecurity, time is always of the essence.
With all requisite information needed to investigate and respond to alerts from all
client environments in a single pane of glass, MSSPs can provide a level of service that
would otherwise be impossible without a multitenant solution.
Further, with alerts from all clients presented in a single console, MSSPs can quickly
ensure that high risk threats found in one client environment can be quickly identified
and remediated across all client environments.
Considerations when selecting a multitenant XDR/EDR solutionMultitenant capabilities offered by XDR/EDR solution providers vary widely. Several MSSP partnered with Cynet after experiencing multitenant platforms that were “very cumbersome and not very user friendly.” Based on discussions with several MSSP partners, the following capabilities should be considered when evaluating a multitenant platform provider.
Tenant and Subtenant ManagementThe platform should provide a global view and be able to easily access any tenant view. Better
platforms will allow for each tenant to be further subdivided into subtenants. For example, an
MSSP may have multiple MSP clients as tenants on the solution. Then, each of the MSPs can
provision clients onto the solution as subtenants. The MSPs will be able to see all subtenants
and the MSSP will be able to see all tenants (MSPs) and all subtenants (MSP clients). The MSSP
and MSP can enable subtenants to have full dashboard access and relevant privileges in their
environments, while still operating with master administrative privileges.
Role Based ManagementThe platform should provide role-based controls to modify access permissions per defined role.
For example, the MSSP can create a tenant for the MSP and make the MSP the admin for that
tenant. The MSP can then generate sub-tenants for its clients with various role based permissions.
Data SeparationData privacy is an essential element of a multitenant platform. The platform architecture should
ensure full separation of client data so no clients can mistakenly (or purposely attempt to) access
others’ private data.
Remote Deployment The entire solution, including the endpoint agent and management console can be fully deployed
and managed remotely. The solution should have full auto-deployment capabilities with minimal
need for additional third-party deployment tools. After initial deployment, the solution should then
recognize new endpoints and initiate auto-deployment to those endpoints.
Remote ManagementThe multitenant platform should have a full arsenal of management and response capabilities
that can be fully implemented remotely. Remote management is not only critical for response
speed in general, but a fundamental requirement in today’s post-Covid 19 world. The multitenant
platform should first present all needed data so that local client system access is unnecessary
to perform all required analysis and actions.
Second, the platform should support the full breadth of response actions required to fully
investigate and remediate any threat remotely. This means the solution can fully investigate and
remediate client assets at the endpoint, network and user levels, again, without direct access to
client resources. And, the more automated the response workflow is, the better.
Scalability The platform should have the ability to quickly scale with minimal effort as the client, tenants
and subtenants grow.
Deployment SupportThe solutions should seamlessly support on-premise, SaaS, VPC and hybrid environments.
In addition, multitenancy needs to support various OS on the client side from the single
management console, such as Mac, Unix, Windows and Linux.
The Road Ahead MSSPs are under increasing pressure to provide stellar service at reasonable prices.
Competition is fierce and any client misstep in the cybersecurity space can lead to
devastating consequences for MSSPs and their clients. Multitenant XDR/EDR solutions
enable MSSPs to deliver world-class cybersecurity solutions without the need for significant
resource overhead.
Multitenant solutions can improve the MSSPs bottom line while ensuring maximum
protection for client environments.
To learn more about Cynet Multitenant XDR platform for Managed Service Providers
The platform should have the ability to change settings on a global, per tenant and per sub-
tenant basis based on the nature of the change required. The solution should allow you to
click on a single event from the main dashboard and be automatically diverted to the specific
event within the tenant or subtenant environment. This saves considerable time accessing the
appropriate environment and then searching for the event.
Example of alerts from different clients (sites) aggregated in the Alert View
Example of tenant and subtenant structure in a multitenant environment
Example of tenant and subtenant structure in a multitenant environment
Example of permission provisioning
Example of host map that illustrates results of remote deployment
Example of Incident View that automates all investigation and remediation response actions
Single Management ConsoleWhile this is essentially the point of multitenancy, remember that the more useful and usable
information that can be accessed in a single dashboard, the better. Unified visibility across
all customers enables security teams to manage multiple customers efficiently and reduce
response time. Look for solutions that provide a broad and deep set of data to facilitate
investigations without the need for jumping between multiple systems.
MSSPMSPTenant
MSPTenant
MSPTenant
MSPTenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
Client Subtenant
5Scale or Fail: The Benefits of a Multitenant XDR Platform for MSSPs
Click Here