Syncro and Bitdefender Expanded Partnership: MDR, XDR, and Mobile Security for MSPs

Andy Cormier: Buddy. We’re gonna just let folks funnel in here. We’re gonna get started in about one to 2 min. Everybody. If you just joined. We’re going to be getting started in about another minute. We’re just waiting for all the other folks to flow in alright. Well, hello, everybody! Today we are here to talk about Syncro’s expanded partnership with Bitdefender, which includes some new skews and brings MDR. To Syncro for the 1st time ever for those of you that don’t know me. My name is Andy Cormier. I’m the partner Development director here at Syncro, and I’m super excited to be doing this webinar with none other than famous Mike Reeves from Bitdefender Mike, you wanna give folks a quick intro.

Michael Reeves: Absolutely. Hi, everyone my name is Michael Reeves. I’m a technical director here at the defender. Been in the industry for many, many, many years, and spent most of my early career in the Fortune 50. So I’m very familiar with large scale security operations, and I found the MSP. Space and small medium business space about 15 years ago. and absolutely love it. And so hopefully, I’ll be able to give you guys some just a way of looking at security and securing your customers environments in a very simplistic way, but also a very powerful way. And as Andy mentioned, we’ve done an expanded partnership with Syncro now, which I’m very excited about. So I’m also excited to be here. So.

Andy Cormier: Yeah. Thanks. Mate.

Michael Reeves: Having Andy.

Andy Cormier: No, yeah, absolutely. I love working with you. And and before we get started, I just want to let everyone know what’s new with our expanded partnership. So first, st there’s 3 sets of new skews that we’ve made available. We now offer mobile security which can be used to secure iOS Android and chrome OS devices. Second, we have XDR which goes beyond just securing endpoints into doing things like securing identities through Microsoft 365 and things of that nature Mike’s gonna go into more detail on that in a bit. Then, lastly, we’ve added, manage detection and response, or MDR. For short as well. This is actual humans and Bitdefender security Operations Center, securing your environments. 24, 7. Now, as far as pricing goes, pricing for all of our Bitdefender skews, including these new ones, can be found on the Bitdefender app card in the app center of your Syncro instance. On top of that. We’ve got a pretty sick MDR. Bundle that we just launched as well pricing for that is also on the same app card. Now, I’m gonna answer one question here at the top, because we’ve taken a just got a ton of intake from partners asking about our MDR. Bundle price since we 1st launched it so. Yes, the pricing is as good as it seems. Yes, there’s no minimums. Yes, you don’t get locked in any type of sketchy contract, and yes, this is not promotional pricing. This is just the price going forward period so definitely check that out. And for any more. Anyone Syncro partners that are brand new to Bitdefender. You can provision yourself a trial instance right? On that very same app card I was just referring to for existing Bitdefender customers. All of these skews are now available to you. Right in your Bitdefender. GravityZone portal. And again, Mike’s gonna go go into that, and how to enable those and things like that here in a little bit. Lastly, there’s gonna be a QA. Here in the end. Please use that. You guys are free to use the chat and chat back and forth during the webinar. But for questions specifically, please use the QA. In the zoom and we’ll have a a question either answered by Mike or myself. If you’ve got a question for one of us specifically. Just call that out, and we’ll make sure it gets to the right person, and you don’t have to wait till the end and do that. It’s open now. So if you guys want to start asking questions, go ahead and do that with all that stuff being said, Mike, I’m gonna turn things over to you. It’s it’s your show, Bud.

Michael Reeves: Okay, wonderful. Let me let me share my screen here. Can you all see my screen.

Andy Cormier: Yup, we got you.

Michael Reeves: Awesome. Well, great! Well again! Thanks. Everyone for joining whether it’s morning, afternoon, or evening, wherever you are in the globe. Really appreciate your time. I’m gonna talk a little bit about how you secure, how one goes about thinking about the architecture, the high, level architecture of securing your customers environments. and then we’ll dive into specifically what areas Bitdefender addresses in that particular architecture. And then we’ll talk about if you don’t want to actually manage any of this, especially your security operations, which is really a 24 by 7, by 3, 65. architecture. How do you go about? Enabling Bitdefender to take over that security operation center for you and really defend your customer on your behalf. So those that’s kind of our roadmap of where we’re gonna go. But I’ll I’ll start with a little bit about my history. So because I think it it applies to the topic today. So I started out my career actually in the fortune 50. So I spent most of my career managing and helping 3 large scale security operations centers for some very famous global customers. And I noticed that what they were doing 20 to 25 years ago is exactly what you and your customers need to do today to be able to defend your environment back when I started in the industry criminal organizations did not have the automation that they have nowadays. So what they did was they focus their resources into high value targets and those high value targets had to defend themselves against organized units that were. we’re trying to wreak havoc in their environment. And so a lot of the industry was focused in those very large customers, most of them financial health care insurance. Those type of customers that had lots of assets that they needed to pre protect will fast forward about, I would say about 15 years to that stint automation came to the industry, you know, much like the automation that Syncro provides that same type of automation that Syncro provides to you is also that type of automation is available to criminal organizations nowadays. Not that criminal organizations use Syncro, but they use other platforms that can help them automate their malicious activities, and they can do it at global scale. So now, any business, regardless of its size that is connected to the Internet in some way is now a target, a primary target for criminal organizations. And so when you think about your security architecture and what you need to do. You basically need to have the same type of architecture that let’s say, an American express or a chase or some large scale government organization. You’ve gotta do some key components and deliver those 3 key components in your architecture to be able to defend yourself. So I’m gonna talk about those. And then we’re gonna delve right into Bitdefender. And what we’re what we bring to market and how we can help you to satisfy these particular areas. So when I think about security. And by the way, the security industry is famous for complicating security, and I’m here to actually simplify it for you. So I’m gonna simplify your security architecture in basically 3 easy steps. And I use a pretty typical analogy for this. So I want you to think about security in this type of architecture. So I want you to think about the last time you took your car your vehicle to a store. Okay? So I want you to think about you leaving your garage. You’ve got you or your wife or your kids, or maybe it’s just you you’re heading out to the store. You drive into the parking lot and and you get out of your car. I want you to think about what you do 1st from a security perspective. When you think about your vehicle there parked right next to you. I would suggest that you do not leave your car doors open like the vehicle that you see here. No one does this. In fact, we would think you were a little bit crazy if you left your car with your car doors wide open. Now I want you to think about this from a security perspective. Why do you close your doors? Why do you roll up your windows? Why do you lock your doors? I would suggest you are doing this because you are practicing the 1st piece of a great security architecture for your customer environment you’re doing to your own vehicle. And we’re gonna talk a little bit about that. So the 1st thing that you do when you leave your vehicle, you close the doors, you lock them, you roll up your windows. I want you to think about why you do that. I’m gonna come back to this in a minute. But the second thing you do, especially if you have a nice car like the one on your screen is you’re gonna do the second piece of a good security architecture. Next, the next thing that you’re gonna do, I want you to think about what you’re what you do next before you go into the store. I would suggest that you enable your alarm system. Now I want you to think about why you enable your alarm system. If you’ve locked your doors, you’ve rolled up your windows and you’ve closed your doors. Why do you need an alarm system? That is the second component of a really good security architecture. And we’re gonna talk about why, you would do that. Now let’s say both of these fail. And now someone is actually getting into your vehicle, and that someone is not your wife or not your kids. I want you to think about now what you need to ha! What needs to happen if someone is actually breaking into your car. this area is the 3rd area of a good security architecture for you and your customers. So think about this scenario. And we’re gonna talk now, security for a second. So a good security architecture does these 3 things. The 1st thing that it does. And I want you to think about why you close your doors. I would suggest that we do this automatically. but, digitally speaking, we are not very good at this 1st Peter piece of the architecture, which is. how do I analyze the attack surface in my customers environment? And then how do I systematically harden it? You see, we all notice when our doors are wide open. We’ve got a really big attack surface. In fact, if you were a criminal and you saw a parking lot full of cars. and 99% of them had all of their doors locked and closed. and there was a couple of cars that had their doors wide open. you would go to those particular cars. Now, why would you do that? Because they are susceptible. Their attack surface is very large and very open, and I can get into that car and get out of that car really quickly. The same principle is to, digitally speaking. So I want you to think about how, what processes do I have in place that help me to analyze the attack surface in my customer environment? And how do I systematically harden that environment. That’s the 1st key to a really good architecture. The second key it is. We enable our alarm system. What is that in security? Speak. That is what we call automated protection, detection and response. So in other words, automated security controls, we apply to our customer environment that detect criminal activity coming across the Internet, whether that’s coming across the network. They’re on our machines, they’re on our mobile devices. We need a way to detect their capabilities and their attack and then automatically respond to those that particular threat in multiple, different ways and multiple different areas. That is a really good alarm system in our customer environment. And most of the security industry for MSPs. For many, many years have been selling this type of solution, which is basically the alarm system on our car. That is our automated security control. You may think of that as anti virus, anti malware hids and hips. Those types of technologies are all automated security controls. So that’s the second piece of a good security architecture. The 3rd piece of a good security architecture is when both of those fail. what happens when our hardening. and when our automated security controls cannot prevent the threat. Now you enter the 3rd area of security which I call the human area of security. Now, those humans could be you and your staff. So if you’re a managed service provider and you’re a 24 by 7 by 3 65 shop where you’ve got human resources that are available around the clock. Then you might be able to fulfill this area of security. If you don’t, you can now look at outsourcing this particular piece of your architecture to Bitdefender or someone else. That is. But what’s critical about this area of your security is that humans are required. Now for most MSPs, they have humans that are available during normal business hours. They do not have humans that are available at, you know 2 Am. On a Saturday night. It doesn’t. It’s very difficult to staff, but if you’ve got the staff, then this area you can actually take care of as a managed service provider these 3 areas, whether you are managing small medium businesses. whether you’re managing schools, whether you’re managing government installations, whether you are managing fortune. 50 accounts. These 3 areas of security are critical, no matter what the customer size is. And I would suggest that this, if you do, all 3 of these things. Well, you’ve got a really good security architecture for you and your customer environment. So let’s talk a little bit about what Bitdefender does in each of these areas. Because one of the unique aspects of the Bitdefender solution is, we actually have solutions in each of these areas that are all integrated in one multi tenant solution. So let’s look at each of these areas. So the 1st area is the analyze and harden. How do I go about as a managed service provider analyzing the attack surface in my customers environment. And how do I go about hardening the environment? In other words, how do I roll up the windows to my customer environment? How do I lock the doors? How do I close the doors? Well, let me show you what Bitdefender does in this area in Bitdefender. This is Bill. This capability is built into every Bitdefender endpoint deployed in your customers environments. We call this risk analytics or risk management, you enable it in a policy, and what you do when you enable this in the policy is Bitdefender, will look at 1,800, 1,800 different areas of risk, and we will classify those risks into 3 different areas. We classify them into misconfigurations. I’ll show you what those are. We look at vulnerable applications that are posing risk to your environment. And we also look at user behaviors, and we stack, rank them into high medium and low level risk, and then we help you to harden your environment by telling you what to do with each of these particular risks. So let me show you. If you drill into this area, I’ll drill into the area of misconfigurations. What we’re doing is we again look at all of these areas of risk. We associate a severity score with those, and if you drill into these we will tell you how to remediate them. So, for example, change a group policy setting some of these we can automatically fix. So you’ll see a button over on the right hand side when you drill into a particular risk where it’ll say, fix the risk, and we will make the change in your environment. What are you doing when you systematically use this area of GravityZone. You’re helping to close the doors to the car, lock those doors and roll up the windows. That’s what you’re doing when you’re using this part of GravityZone. So you can actually operationalize analyzing the attack surface in your customers, environment, digitally speaking, and then reducing that attack service over time. I usually present this as kind of an operational process. So over the next 12 months. we’re going to reduce the attack surface in my customer environment systematically. So that’s the 1st area of GravityZone. The second area that I’m gonna highlight is the automated protection. The automated security controls that Bitdefender has available. And this is kind of Bitdefenders. History. As an organization. This is your anti virus anti malware. There’s nobody better than Bitdefender in this particular area. Now, why is that? It’s not a secret, and it’s not some magic that we’re doing behind the scenes. What matters in this part of your security? Architecture is what we call defense in depth. In other words, the more automated security controls that you have active in your environment. whether those are web based threats or network based threats or process based threats or script based threats or files based threats. All of these types of threats in your environment is the more security controls that you have active at any given time, the better your alarm system. Imagine having 10 security controls in a particular solution versus 30 plus security controls. The 30 plus security control solution is just going to be better. Why? Because you have more threats and more threat. Vectors that are covered by that detection and automated response than a solution that has only 10 of them. That’s what Bitdefender does. There’s lots that I can talk about here. But this is your automation layer. Think about this as your alarm system in your car. You wanna be able to have an alarm system that can detect threats. while at the same time being able to determine whether someone is authorized to get into your car or not. And so that is what Bitdefender does really well. Both of these areas of Bitdefender are interrelated with each other and integrated again into a single multi-tenant platform that we call GravityZone. Now, what happens if these fail? So you’ve hardened your environment. You’ve got all of these automated security controls that are active. You’ve got them all turned on. They’re all working as they should. And yet there is a criminal that is now getting into your customer environment. Now you get to the 3rd area of your defensive architecture, which is the human area. So what does Bitdefender do in this particular part of the architecture? Now, we’re gonna talk about the detection, response, capabilities of Bitdefender, GravityZone. And the industry calls this EDR. XDR. And MDR. I’m Gonna explain what each one of those means in great detail, and then we’ll close up with some questions and things like that. But this is the area that is really critical. And really think about the fact that this is the human area of security. I get really frustrated with the industry. When we sell this like a product, it’s really not. It’s a, it’s a solution or a product or a a value that is being brought to humans. But actually, the humans are going to be doing the work. The automation layer has been bypassed. Once you get to this part of your security architecture. So now you need people resources to take action on the threat in your customer environment, and that threat could take place at any time of the day, any day of the year, and so on and so forth. So what does Bitdefender do in this area? So the 1st thing that we do is we help the humans in your environment? Or if you’re outsourcing that in the outsource layer of this particular area of your security architecture. We overlay our telemetry and our correlation with artificial intelligence. So what you are looking at on the screen is actually produced by artificial intelligence. This has been in production with Bitdefender for many years. and this is produced by our AI engine that overlays our data lake. So we bring in telemetry from your customer endpoints. We correlate that activity out of the box on our platform, and then an AI engine overlays that telemetry and basically in human readable form. If you notice on your screen here, we tell the humans that are responsible to respond to this particular incident. What Bitdefender believes is happening in your customer environment in a human, readable form. Again, taking out all of the complexity of this particular incident. So I noticed that if you’re reading on your screen there, it says a potential network breach originating from 2 users, notice, that’s the link. So if you want to click on, that, 2 users will show you the users, and it’s part of 9 alerts in most solutions in this particular area of the architecture. You will see 9 incidents for those 9 alerts with Bitdefender. You see one incident for 9 alerts because we correlated out of the box. I’m going to show you that here in a minute. And each step of the way we’re telling you, we think this is what is happening, and you need to protect the following assets. Notice that we also show you in the middle of the screen the organizational impact, and notice that some of those are not endpoints. That is what we call XDR in the industry. So they could be identities that is being pulled in. That telemetry is being pulled in it could be exfiltrated files that you noticed there. There’s 89 potentially exfiltrated files that are going on right now. You’ve got 6 emails that are involved in this particular attack. etc, etc. This is XDR telemetry that is being pulled in. And now you’re able to respond so much so that over on the right hand side. Notice that our AI engine is going to guide the humans as to what Bitdefender thinks you should do in response to this particular incident. So we recommend that you isolate 3 endpoints. If you click, view details right, there will list out the 3 endpoints. You can click a box to select all 3. Click a button that says isolate, and we will isolate those endpoints for you again. It’ll take you less than 2 seconds to respond to this particular incident. Or and or we recommend that you delete 2 emails because they’re being associated with this particular incident as well. So again, you can click view details will show you the 2 emails. You can click a button, select both of them, click email to delete and we will delete them right out of the platform that they are associated with. Whether that’s office 3, 65, or G suite, etc. So we will not only show you telemetry, but we will give you the ability to respond to that telemetry as well. Now, if you’re a graphical kind of person like I am, I like, if you select on the screen there at the top where it says graph. we’ll show you the the incident in graphical format. So in this particular case. Notice that we show you where the incident starts, which is up at the top. There. What was the next objects that were involved in this particular incident, and we correlate the entire incident, and as you move through the incident, when you’re clicking on different objects, notice over on the right hand side. You have various remediation actions that you can take right from this screen. So in this particular case, hey, is Alice? Alice is being used as a a user id in this particular incident. What do I need to do with Alice? Well, I may need to disable her. I may need to force a credentials reset her. Her credentials have been compromised by criminals. I can basically take action very, very quickly right from this same screen. and I can do that on endpoint objects. I can do that on objects beyond the endpoint. So, for example, I can disable users. I can delete emails, etc, etc. That is what the industry calls XDR. And what’s unique about Bitdefender in the this part of the architecture is, it is all integrated. That’s number one number 2, we have read, write access to these external sources, and we do it beyond the windows platform. So when you look at XDR and you look at Bitdefenders, capabilities. We cover lots of telemetry. So we cover Office 3, 65, we cover azure. We cover the network we cover. Aws, we just released mobile security as well that I’m about to talk about. So we have a mobile XDR telemetry source as well. We can correlate all that activity. And then, from a response perspective, we can respond across the threat to be able to mitigate that threat very easily with other types of solutions in this area. You kind of have to piecemeal a solution together to get the same capabilities that you get into one multi-tenant platform known as GravityZone.

Andy Cormier: Mike, really quick. I gotta.

Michael Reeves: Yeah.

Andy Cormier: Question for you. Somebody was asking about the the human readable Incident Advisor, and they’re wondering what skew that’s attached to like. So what do they have to get as an MSP. To have that function.

Michael Reeves: Oh, great question. So that is part of the EDR XDR. Skew. So it depends on what you want in the telemetry that you want. But that is, that is all part of the detection response family of skews. So EDR. XDR. And we’re about to, I’m gonna about to show you, MDR. But that’s where that particular part of GravityZone is unlocked. Great question.

Andy Cormier: Cool, good question.

Michael Reeves: Alright. So now you’re thinking. wait a minute. I only have a couple of engineers. We are not a 24 by 7 shop. This is a huge undertaking. That we may have to do a very heavy lift to be able to staff a 24 by 7 operation, for now Bitdefender will make it easy for those humans to be able to take action in your environment. But there, we just don’t have the capability to hire that many people. What if you don’t? What if you want to outsource that? That is what Bitdefender calls manage detection and response, or from a licensing perspective. It is MDR foundations for Msp, so what is this particular solution? Well, this is basically turning over your security operations to a team at Bitdefender. So Bitdefender has a 24 by 7 by 3 65 sock, we actually have 3 of them globally. So if you’re here in the us. It’s hosted out of San Antonio, Texas, which is where a lot of us cyber command is. There’s a lot of cyber security professionals that are based in our military organizations that are based in San Antonio. That’s where we bring in a lot of our threat analyst and and security operation folks. That’s why we put it in San Antonio, Texas. So you combine the best in class security solution known as GravityZone with these humans. And now you’ve got a really powerful solution to bring to your customers, which is true. 24 by 7 by 3 65 security operations and Bitdefender will take action in your customers environments on behalf of your organization, to be able to defend them against criminal threats. So how easy it is to get started with this! There is one step that you need to do to enable this technology. So if you have Bitdefender now. and you are on what we call our EDR license. So you have detection and response. That’s basically telemetry into GravityZone turned on all you have to do to turn that telemetry over to Bitdefender so that they can respond in your behalf is to go into your customer environment and your customer account. In this particular case. It’s our demo account, called Smith Toys. And you go to licensing. You select edit licensing options. You go over down the page and you say services and you’ll see manage detection response. You click that little tick box there you click save, and in less than 5 min you are on boarded into our security operation center. There is nothing to deploy. There are no customer size minimums. You can do this on a customer with 3 endpoints or 4 endpoints or 7 endpoints. There are no size limitations as as Andy mentioned earlier, there’s no long term contracts. This is a month to month service that you can offer for your customers, and you can do it very simply. So the 1st thing that you do the 1st step is to turn on from a licensing perspective. What that does is connect your customer with our security operation center and you are automated onboarding, or you’re automatically onboarding onto the service. They have all of the history that is in GravityZone at their fingertips, because with Bitdefender, unlike other solutions where you have to deploy agents and basically the service starts when that agent is deployed. Bit defender. Our architecture is before you click, save from a licensing perspective. You have telemetry in GravityZone. You have a customer account in GravityZone when you click, save what we do is connect that customer and we to our security operation center. And now our security operation center sees your customer instantaneously. That is the architecture that we use for this particular service. So what happens is in less than 5 min. You’re gonna receive an email from the service, saying, Welcome to MDR. And we want you to log in to that portal. We call it the MDR. Portal, and it’s basically the reason why we have you log into this portal is because we need 2 pieces of information from you. Number one. We need to know who do we contact in the event that we respond in your customer to defend them. Notice that I say we have already responded Bitdefender is a responsive service. Most services in this space. When you talk about MDR. They are a glorified, alerting service for you. We are not that way. We basically take action. And then we have 30 min based upon our SLA to start calling the emergency contacts that you put into our suite or our our solution. So you basically tell us, who do we need to call after we’ve taken action. So that’s the 1st step. I recommend that you have at least 3 contacts available for us to call number 2. The second thing we want you to do is the line right underneath emergency contacts, which is pre approved actions. Notice that we spell them out, and they are pre approved. So what we’d like you to do, all of these by default, are turned on so we can we stop a process? Can we block a file? Can we isolate a host? Can we reset credentials? Can we disable a user? And can we kill an email out of office? 3, 65. You need to pre authorize us to do that, and once you do that, we will take action on your behalf. That is what pre approved actions are, for you are are for in the Ui, and we just want you to tell us which ones we are not able to do. You also have the ability to take or put in notes. So if you see the little tick box next to the let’s say, isolate host, you can click the little down Arrow, and you can say, host. you know, 10 dot one dot 49 76 is our critical business server, you know. Be put some notes in there to give us some context about when we’re defending your customers. Environment, what are the business impacts? That are being done when we’re defending that customer environment, you can put in all the notes that you want, but they are not required for us to defend your customer environment on your behalf. That is, MDR. Foundations very powerful solution. So again, I’m gonna reiterate the big ticket items here onboarding within minutes. It’s actually onboarding within milliseconds. But I’m waiting for the email so within minutes you’re gonna receive an email. Once you on board your 1st customer onto the service, there’s no minimum invoic requirements. We love small customers. There’s no long term contracts with this completely month to month solution. We’re integrated with XDR. including responsive actions which I’ve shown you, and we are not an alerting service. We are an action oriented, defending your customers, environments on your particular behalf. Now I mentioned mobile

Andy Cormier: Hey, Mike, really, really quick. Sorry. Before we hit mobile. We have a question about response. Sla, is there like an official SLA that that customers should expect from the MDR. Service.

Michael Reeves: Well, number one, we do respond number 2. It depends on the incident. So remember the way that security operations works is. we have telemetry that is coming in. We have to. We have to assess that telemetry, whether that is a an incident that’s benign, that we need to close that ticket, or if that telemetry is actually malicious, and we determine that it’s malicious. It’s an immediate response. And one of the Amine amazing things about Bitdefender it is. We’ve taken the the architectural approach to the service in that we do not have. The concept as most MDR services have in the industry where you have to go through multiple levels of technicians where you have, let’s say, level one and then level 2 can do some things, and then it’s gotta get escalated to level 3. All of our text can take all actions necessary to defend that environment. So there is not a passing of the incident from person A to person, B to person. C. The the tech that is responding to that incident has the full capabilities of Bitdefender at it, at his or her disposal, and they respond immediately. So the only sla’s that we have is from a a contact perspective. In other words, they respond immediately. Our escalation manager, who gets assigned to that incident needs to start calling those individuals in the contact list. They need to do that, starting at at minute number 30. But that doesn’t mean we wait 30 min to respond until we get a hold of you. We respond immediately, and then we’ve got 30 min to tell you what we’ve already done.

Andy Cormier: Got it. No, that’s great, Mike. And then one other quick question. I’m just gonna answer this one. Somebody’s asking if you can enable MDR. For a subset of endpoints within a customer, and the answer is, no.

Michael Reeves: Hmm.

Andy Cormier: And it’s not for all your customers period, but it’s you can have customer A where it’s enabled, and customer B, where it’s disabled. But reason being is that they can’t really secure half your environment. For instance, something is is perpetuating from an endpoint that they don’t have access to they. You know, the entire environment. It’s at risk, and there’s nothing they could do about it. So that’s the reason.

Michael Reeves: Correct. Yeah. So I get, that’s 1 of the common questions that we get is, I only want to secure. Let’s say, my server environment. In one of my customers. The problem is the the the workstations in that environment or the mobile devices in that environment or the email in that environment may be the source of the threat, and we’ve got to mitigate the threat. That’s why it’s an all or nothing proposition for us. We don’t want to get into a situation when we’re where we’re defending 25% of the environment or 75% of the environment from a risk perspective, it’s an all or nothing per proposition for Bitdefender. That’s a great question. I’m glad somebody asked that. That’s great. Any other questions that you have, Andy.

Andy Cormier: Just stuff will pick up in the end. But those happen to be relevant right to where.

Michael Reeves: Okay, yeah, absolutely. Okay. So let’s talk about mobile. So I mentioned that Bitdefender a couple of months ago, released a a Mobile, XDR telemetry. license so that you can pull in mobile telemetry that is coming soon to manage service providers as well. But we also have. So if you’re thinking about my architecture, okay, let’s go back to the car. What Bitdefender does in Mobile is summarized very succinctly in that we help you to harden the vehicle. So harden the mobile device. We help you close the doors, lock the doors, roll up the windows, and then we have automated security controls that we activate on that mobile device. We don’t have the detection response, the human response. Yet from mobile that requires you as an MSP. To have an Mdm. If you have an Mdm. Then we can absolutely do the human piece. But what Bitdefender does specifically with Mobile is, we do the 1st 2 areas of your security architecture for mobile devices. We harden it. And then we have automated security controls. And here’s why you need that on a mobile device number one. mobile devices, regardless of what the industry says, are vulnerable to attack. In fact, the new threat vector is mobile. Now, why is that because humans like me, like Andy like Todd, like others, we think we’re safe when we are browsing around on our mobile device. So we’re checking email on our mobile device, etc. So that device is at risk, and especially for phishing phishing emails, are now transitioning to Mobile. Why is that? Because if you think about the last time you read an email on your mobile device, most of the info, most of the important information is actually obfuscated and truncated on your mobile device. You really can’t tell who sent you that email? Any URL is truncated and obfuscated on a mobile device. So what criminals have figured out is, I will target mobile devices for phishing because users are more susceptible to click on that email on a mobile device than they are on their computers. And then I want you to think about the networks that those mobile devices are connecting to very insecure networks. I travel a lot for work I normally don’t pop onto Wi-fi’s that are around me. Why is that? Because those Wi-fi networks are totally unsecure. and they are not managed by my organization. So think about the risk associated with mobile Bitdefender basically has an agent that we can put on that particular mobile device to secure the network. That’s that those devices are associated with or associate themselves with. If that network is deemed to be risky, we can automatically start a Vp on that particular device to to encrypt traffic that we need to secure on that mobile device. We’ve got anti phishing. There’s lots of capabilities for Mobile. Again, we cover iOS android and chromebooks. So if you are dealing with schools, this is one area where you can extend protection to those chromebooks that schools usually offer. So I’m gonna close up very simply, why Bitdefender? The reason why is we do all 3 areas of security in a single solution. And if you want to outsource this, the defense of your customers environments, you can outsource that to Bitdefenders. So I’m gonna go ahead and close up with that, Andy, if you’ve got some questions that you want to fire away, I wanna thank you for your time. I really appreciate it. I know your your times valuable. So I wanna make sure we end on time today.

Andy Cormier: No, thanks, Mike. That was awesome. Yeah. And before we before we get started with QAI just wanna throw up a slide here. If you wanna stop sharing there for a second.

Michael Reeves: Hmm

Andy Cormier: Just a quick reminder for folks how to get set up with the defender. Caitlin, are you able to share that? Oh, Yup! She’s on it. In fact, you know, what caitlin are you able to? Oh, there you go. Okay. Yeah. I was. Gonna ask you to hop on here for a minute. I’m just gonna put you on a spot. This is Caitlin. Good everybody. She’s our marketing program manager here at Syncro. She’s awesome. And besides, like the 50 million things that she needs to do every day, she always makes sure that these webinars are smooth. We have slides for everything like this stuff just doesn’t run without her, so I know she’s always off screen. She never gets credit, so I thought I’d put her on the spot here and just say, Thank you, cause like I said this stuff would not run without you, do you? Wanna you wanna just give a quick hello and intro yourself to everybody.

Syncro: Oh, that is too kind of you, Andy. Hello, everyone! I’m Caitlin. Good as Andy said. Marketing program manager for Syncro. I’ve been here about 3 years and it’s always a blast working with Andy and Bitdefender. And in all of you. So thanks for joining us today.

Andy Cormier: Cool. Thanks. Caitlin. So anyhow, back to the slide. All this information right inside everything that you’re gonna see is right inside the Bitdefender app card from pricing setup instruction skews that we have available. Folks brand new to Bitdefender. You can spin up a trial right from that app card. You can also convert it to a production account from the same place. And again, existing bit. Defender users can enable these skews today, right from the GravityZone portal. And then for anybody wanting us to enable the MDR bundle pricing on your account just simply reach out to us the emails, mdr@syncromsp.com, and we’ll get you set up with that. And then for anybody on this webinar. That’s not a current Syncro partner and wants to know more about the integration and what it does with Syncro. Specifically, we’ve got the landing page there that you can visit off on the right. Okay. So getting on to a QA. Mike, I got kind of a spicy one, and I kind of want to throw this out. There.

Michael Reeves: Perfect.

Andy Cormier: These ones.

Michael Reeves: Love it.

Andy Cormier: Can you explain how your MDR. Services are better, or at least different from something like sentinel? One or Crowdstrike.

Michael Reeves: Yeah. Great question. So sentinel one and crowdstrike I know crowd strike so that the the challenge in the area of MDR. Is this. in most MDR. Services they require an agent to be deployed, a separate agent to be deployed in the environment, and through that agent is how the MDR service gets access to that customer environment to be able to take action. the problem with that architecture. And this is the biggest difference between Bitdefender. And basically the rest of the industry is this. we have a single integrated agent. And what through that agent it we grant access to the environment that our security Operations Center now has access to. Because you’ve granted us read, write privileges into your customer environment. So the problem is so it’s an integrated solution. So think about this. All of your hardening. all of your automated security controls, all of the telemetry, all of the responsive actions are in a and through a single architectural component. Okay? So it’s all integrated with others that you that you just mentioned Andy, they require a second agent. Now, here’s what happens when you introduce a second agent. Your automation, your automated security controls are now decoupled from your human responsive actions. They are not the same anymore. Their capabilities are not the same anymore. Their telemetry. in other words, their detection, capabilities, and their correlation capabilities are now decoupled as well. So what happens to those particular types of services is, they face the challenge of integrating the telemetry and integrating the response capabilities. And for most of the time those response capabilities are not as capable as the integrated solution. I’ll give you just one example that I run across all the time. Let’s say that you have a a false positive. So in your security operations center the the the solution, let’s say, crowdstrike presents a a threat. That threat is now determined to be benign. Okay, in security operations. Now the question is, I need to exclude that or Whitelist the series of objects that that caused that particular threat or raised the risk level that gave us an incident. How do I go about doing that? I can’t do it through my agent that I’ve now deployed, because that’s on the other side that’s on, that’s through the other agent. I have no capability to do that. So what do I have to do I have to call the MSP. And say, Hey, Msp, can you whitelist this these series of objects in your environment? And then they’ve got to do that. That does not happen with Bitdefender, with Bitdefender, because everything’s integrated. they can click on the object or click on the series of objects, click, exclude. click, save, and I’m now done.

Andy Cormier: That’s super cool.

Michael Reeves: It’s it’s there are differences that come. So what you want to ask your provider is, do you require a separate agent in your architecture. If they do, I’d probably run. That would be my! That’s my.

Andy Cormier: Knew this was gonna be a spicy one.

Michael Reeves: That I mean, I’ll be spicy here. But that is not a great architecture, and there are other limitations. That’s just the simple one.

Andy Cormier: No, that’s a great answer, Mike. Thank you. I feel like I should know the answer to this. I know it for a Bitdefender core. But somebody’s asking all the way up through EDR. MDR. A. Ts, all that stuff, that’s all. Max supported as well, right.

Michael Reeves: Yes, so well, actually, all on. I’ll clarify. All of our solution is supported like EDR. XDR. All that stuff is Mac and Linux, including patching and all. Anyway, there’s lots of stuff but the one caveat to that is. And I get this question a lot, which is why I’m gonna talk about it is advanced. Threat. Security is not available on Mac. So it’s available on windows, etc, but not on Mac. It’s not required. And we also say, and this is a little bit confusing from a licensing perspective, we always say, and Todd’s on the on the horn. Here he’s probably laughing in the background. But we always say EDR requires ats the problem with saying that it’s kind of like a mantra, is. It? Doesn’t work on Mac. So it’s not required for Mac. So the ats, which is basically hyper detect. And the sandboxing is not available on Mac.

Andy Cormier: Got it. Okay? So so basically, it’s just it’s just core EDR, MDR, that gets you. MDR.

Michael Reeves: Correct. Yeah, so, but but but the EDR. MDR. XDR. All that stuff we will. We will defend your environment if it’s a Mac, a windows or a Linux device, and we have all capabilities to do that.

Andy Cormier: Okay, cool. And then I’m gonna take this next one. somebody’s asking how Bitdefender integrates with the Syncro environment like our tickets created and things like that. So here’s the way it works. From a deployment perspective, you can. And it obviously, you can spin up your instance right in Syncro you can deploy the core AV agent right through Syncro. That’s policy based. So it’s right in your in your asset policies. I don’t know if if you use a recurring invoicing or not. But a nice bonus is that you can feed in your accounts per customer that are dynamic. So if they’ve got 10 endpoints this month backed up by or excuse me protected by Bitdefender. And then it’s 12 the next month, like we’ll automatically adjust your recurring invoices. It will bring in threats into Syncro as RMMm alerts. Those rmm alerts could then be tripped into tickets. Or you can. I mean, in our automated remediation system, you can do text alerts, you know. Send it into teams and slack whatever you want to do there? So yeah, it’s it’s a pretty cool integration. Now, all the heavy lifting stuff besides, like basic scans like all this stuff, you’ll find an EDR, and then, obviously, all the MDR components and mobile and things like that that Mike was talking about. That would all be handled direct in the GravityZone portal and then falsi. Yes, the mobile application, or the mobile protection that Mike was talking about. That is a separate skew. It’s not something that’s included with MDR.

Michael Reeves: Correct.

Andy Cormier: Let’s see. I use web route today. But it doesn’t seem to do a lot. Okay, how would you compare that like Bitdefender to Weber. Specifically, it sounds more generic than MDR. Specific.

Michael Reeves: Yeah. Good question. So with Web Route, the the challenge with Red, I’ll go back to my analogy. So Web Route does not have any way to help you to harden your environment. So that’s number one. number 2. With the alarm system. the web route technology just doesn’t have a lot of security controls, automated security controls. So there’s a lot of threats that are missed by the web route solution. So, in other words, it would be like having an alarm system in your car that only detects if the criminal opens your door. but it doesn’t detect if the criminal is going through the window or opening your trunk, or, you know, getting in through the front windshield. It doesn’t detect that it only detects a few threat vectors, and that’s a challenge. And then I think they’re getting better on the detection and response piece. But their capabilities and their ability to enable human response to various threats is just not as capable of Bitdefender. It’s just a a more deprecated solution in that particular area. But I but kudos to them, they’re starting to to get into that area. But it’s it’s been a long time coming for that particular solution. So.

Andy Cormier: Well, and, Mike it, it’s up to you if you have time. I know we’re at time. There’s like a million questions, and I know we’re not going to be able to get to them all. But can you? Are you good to stay on for a couple of extra.

Michael Reeves: Yeah, yeah, absolutely.

Andy Cormier: Okay, cool. Okay. So next question, we currently use various products from Bitdefender today and have been considering adding, MDR, since the announcement. 1st question, okay? So there’s 2 questions. 1st question is, what’s the best way to present this to my customers, since I intend to charge them for it. Second question is. what do you recommend? I sell the bundle for Mike, you want to take your crack at the at the best way to present it to customers, and I maybe I’ll take that second piece.

Michael Reeves: Sure. Yeah, I mean, yeah, go for it. I I mean, I have thoughts there. But but yeah.

Andy Cormier: It all. Then if you got, if you yeah.

Michael Reeves: Well, I mean I don’t do any pricing. But here, here’s the gap and here’s what I’ve noticed in the Manage Service provider industry. By the way, this is global in nature. So this is the problem. Your customer already expects you to defend their environment. 24 by 7. So the fact is that nobody does this. So it becomes a very interesting conversation that you have with your customer. What! How I would present it if I put myself in your place. Is we in in there’s, I would say, better language than this. But basically. I would like to bring a a military grade solution to you for the defense of your environment. And that’s really what this particular service is, and that’ll separate your value from the value, the extra value that you’re trying to sell them is this is now 2024 criminals have become very automated. and and it requires a militaristic response capabilities that our service just cannot provide. But I have a partner who can do that. Let’s talk. That’s how I probably bring up the conversation with them is because you’ve got to separate your capabilities from the capabilities that you’re about to sell them for that extra cost. But they already expect you to do this 24 by 7, and the problem is, most MSPs are have not been doing this at all. And now they’re required to do this, and there’s that gap of understanding in your customer. So you kind of have to be delicate. There, that’s kind of how I would approach that particular situation.

Andy Cormier: No, and you and you bring up a good point. So for for folks that don’t know me, I own my own MSP. For about 6 years we’re doing. I don’t know. Maybe around 5 million dollars of revenue before we sold it off. And a lot of people say, Oh, how much money were you making from your add ons? Don’t always tell them 0 like we included these types of services in our contract. And then, with like MDR. Specifically, it lets you qualify a better class of customer because you can actually punch above your weight class with your existing technicians your existing infrastructure. You’re effectively outsourcing security to people where this is, all they do is security. It’s not like you hired a security guy. It’s a company that this is all they do so. It was like a huge selling tool for us like, imagine if if I’m on a stack of half a dozen other contracts and we’re all bidding for the same the same client. My contract was always half the size of everybody else’s, because we weren’t delineating every little license at what it was gonna cost, and we lost very few bids because of that. So I’m not saying if I I get it, if you wanna sell it. I’ve seen plenty of people push it. If you want an endpoint cost at like 15 to $25 an endpoint. I’ve seen a pretty wide variance there. But one of the things I definitely suggest people look at is including it and just baking that into the price of your contract.

Michael Reeves: Next.

Andy Cormier: Cause, cause. It’s definitely a best practice from my perspective. Right?

Michael Reeves: Yeah. And I I think it’s a it’s a risk conversation as well for you as an MSP. Because if one of your customers gets breached like you will probably lose that customer. So it’s a it’s a i mean, it’s a it’s a very like it’s a it’s an internal risk conversation as well. And I just say, Hey, if I’m gonna onboard a customer, I’m gonna defend their customer environment and it’s not gonna be me. It’s gonna be Bitdefender and and just le just sell that class of service as a standard. I think that’s the way to go from now on.

Andy Cormier: Yeah, no, that was a good question. Okay. Another one regarding hardening steps can Bitdefender be told to always harden X. Vulnerability on future devices, like when a new device is added to the like an existing environment? Or will. I always need to manually authorize X hardening steps.

Michael Reeves: Good question. So right now, the way the architecture works is that if you bring on a new device, you’ll have to manually do that. What Bitdefender is working on. And I I I I will suffice as to say, is, we are looking at opening up this particular area of GravityZone for a couple of different purposes, where in the future there might be some architectural places where you can automate certain actions, so I’ll stop there, and there’s come some other capabilities that are coming down the pike. But I want to be very careful about talking too much about our roadmap. But that type of capability has been requested. And we are listening to that type of solution in the future. So stay tuned for that.

Andy Cormier: I’m always notorious for leak and stuff. I just so. I was curious people talking on that kind of stuff. So alright you got another one. If I lose a customer for any reason, can we repurpose their MDR. Bundled licenses? Okay? So like we were talking about at the top, this is not like a license that you buy for a year. Whatever you use is consumption based. So you’re billed every month. So if you lose a customer for any reason you don’t have to repurpose anything. They’re no longer active. So you’re not going to get billed on the next billing period. Now, if they were active at any point within an existing billing period. You are billed for that, but then they’ll fall off the next month. So yeah, you never have to worry about reallocation, or you’re just always gonna get billed for what you actually use. Nothing more.

Michael Reeves: Yeah. The way I say it is, there’s really no license management. You do. You don’t have to manage any licensing with with Bitdefender. It’s a it’s a usage based utility. So if there’s no usage, there’s no billing.

Andy Cormier: Yeah. And that’s such a I don’t wanna say anybody’s model is bad. But I really I I don’t know. I I can’t imagine how much time folks spend when they’re on like that annual model where.

Michael Reeves: Only.

Andy Cormier: Every single customer is different. You have to constantly remember when it’s up, or you accidentally renew somebody who left. That’s a nightmare. There’s this is really the model to to be with. Just for all your services, not been defender specifically. Alright. Let’s take one more, and then I I think we’ll have to chop it, or we’re going to be here all day.

Michael Reeves: Okay. I told you I told you we’re gonna get a ton of questions.

Andy Cormier: No, you are. You are right on that one. I think he’s asking. Okay? So he’s asking if Ndr can be set to block, remote access tools like Team Viewer and Whitelist, Splashtop and things like that. I don’t know if it would be MDR. But is there any element of Bitdefender that can almost like Whitelist or blacklist applications.

Michael Reeves: So good question we can whitelist applications. Blacklisting requires extra infrastructure that we don’t have in our solution. So you can get it from Bitdefender, but just not on a monthly basis. And you’ve got to deploy some extra pieces in your infrastructure and blacklisting becomes pretty problematic. Now, what you can do actually, through Ed, you can. There are some capabilities. But but this gets back into my history with with actual. There’s blacklisting. And then there’s actual blacklisting. I normally say. if you’re if you’re looking at what like this particular object is not allowed in my environment Bitdefender just does not have that capability on the monthly side of the business. That’s the way I look at blacklisting some interpret it a little bit more gray, but that’s what I call blacklisting, and we just don’t do that.

Andy Cormier: And actually then.

Michael Reeves: You do whitelisting.

Andy Cormier: Then it it makes me want to. Sorry. And I lied. Well, I’m gonna I’m gonna give a follow up for me.

Michael Reeves: Yeah, yeah.

Andy Cormier: So our MDR. Service is active, and I have a customer who they got a call. They’re like, Oh, hey! I’m on Microsoft, you know, install team viewer sign. Get onto your machine. I gotta fix something for you. And they’re like, Okay. what’s the quickest way for them to like, how are they gonna go about killing? That is it. Just remove the program. Does it kill the ports like, what? What specific action are they taking in that instance to like, take out of the text.

Michael Reeves: Our sock.

Andy Cormier: Yeah.

Michael Reeves: So it depends on it. It depends on the incident. So and it it depends on that’s where the nuance of how the security operation personnel number one identified that as a threat versus something that’s benign that is our intellectual property, and we hire really smart people from the military to figure that stuff out. So I would say, in that particular case it depends. What I will say is, they have full capabilities to block IP addresses to isolate host on the network to take care of the issue, or if it’s benign to actually whitelist that so that it doesn’t trigger alerts in the future. So there’s both capabilities both, and that’s the benefit of the of the integrated agent, and there’s only a single agent is, they have both capabilities. At their disposal.

Andy Cormier: Cool, alright. Well, thanks, Mike, this has been awesome. I appreciate your time. Thanks, everybody for joining. If anybody didn’t have a question answer. I know there’s like a million. Shoot me an email directly. It’s Andy at Syncron Spcom. And I’ll answer to the best of my ability. If I can’t, I’m gonna tag you in, Mike. Hope that’s cool with you before. Thanks, alright. Thanks for joining everybody. Thanks again, Mike. I appreciate it, Bud.

Michael Reeves: Yeah. Cheers. Everybody.

Andy Cormier: Bye everybody.

Michael Reeves: Alright, bye.