ThreatDown EDR: Syncro Integration, MDR & Universal Billing

Andy Cormier: Hey everybody. For those just joining us, we are going to get started in about two minutes. We’re just letting folks trickle in.

Everybody, if you just joined us, we’re going to be getting started in about one more minute.

All right. Well, welcome everybody. My name is Andy Cormier. I’m the Channel Chief here at Syncro, and today we’re going to be talking about Syncro’s new partnership with ThreatDown. Now, part of my role here at Syncro is to find other vendors in the space to bring into our marketplace for partnerships like this one — vendors that would enhance the output of our customers by bringing more and more of your day-to-day into Syncro. Now, prior to Syncro, I owned a fairly large MSP myself, so one of the things that often attracts me to other vendors in this space, at least initially, is when they also speak MSP as well. That’s when you know they get it. And if you’ve never owned an MSP, it’s sometimes difficult to understand what that really means. But for all the MSPs in the room, ThreatDown is MSP-centric at their very core. They understand your business, and they built the product exclusively with your business in mind. That’s why I’m personally so excited about this partnership.

So earlier this month, we launched phase one of our ThreatDown integration. This allows customers to provision new ThreatDown accounts right from within their Syncro instances, and it also allows existing ThreatDown customers to migrate their instances over to Syncro to take advantage of our integration. Another cornerstone of Syncro’s marketplace is something that we launched earlier this year that we’re calling Universal Billing. When you purchase your licensing through Syncro, this allows you to take that usage data from a vendor, map it to applicable customers in Syncro, and that usage data will flow into your recurring invoices on a daily basis — so no more missed billing, no more under-billing, and no more manual billing. You literally set it once and forget it. The quantities automatically update themselves each day, and your invoices will adjust themselves accordingly. Now this functionality is coming to all of our marketplace vendors as we move forward, and it will be coming to all new marketplace vendors as well. ThreatDown is no exception. That functionality was already released for ThreatDown earlier this month, so it’s available as of today.

Now, phase two of this integration will be launching later this year or early next year, and that is bringing in policy-based deployments and alerting into Syncro. We do have script-based deployments in the meantime, and that’s been made available today.

Now, when I was talking prior about a company being able to speak MSP and the importance of that — it doesn’t mean just the product itself, it means how they do business as well. For example, many vendors out there expect you, the MSP, to contact the reseller with support issues instead of going directly to them. The reseller is then supposed to liaison that support request between you and the vendor, and as an MSP, all I hear is more time getting wasted while my customer gets frustrated waiting. So when you spin up ThreatDown through Syncro, all technical support is between you and ThreatDown directly. In fact, you are able to open and respond to tickets right inside of your ThreatDown portal.

That also means selling you the product in a clear and transparent way. There are no minimums to meet here. There are no time-based commitments to be locked into either. At the end of the month, you pay for what you use — nothing more, nothing less. Those license counts go up or down the following month — that’s what you pay. It’s that simple. Pricing can be found right inside the ThreatDown app card in the App Center of your Syncro instance. So that’s our new partnership in a nutshell.

Now I’m sure everybody’s eager to see what ThreatDown can do, and we’re just about to get to that. I did want to mention first that we are planning to save about 10 to 15 minutes at the end for some audience Q&A — but you don’t have to wait till the end to ask your question. If something comes up while we’re walking the platform, please use the Q&A in Zoom. That’s where we’ll be pulling your questions at the end.

All right, so time for some introductions. First up — and I think he is one of the few people I’ve ever met in this space that speaks MSP even better than I do — is none other than Brian Kane. Brian, you want to go ahead and introduce yourself? And then we’ll have Alan intro himself as well. And then from there, it’s your show, guys.

Brian Kane: Yeah, Brian Kane, VP of MSP Channels. You can call on me for a lot of things, but ultimately, Malwarebytes hired me to come in and do exactly what Andy just talked about — speak MSP. I’ve opened 40 MSPs in my day. I’ve been around the block a few times. I still own MSPs, so they allowed me to do that so I can stay relevant, stay in it, and purposefully steer what we’re doing toward MSPs and for MSPs. I’ll talk a little more about that as we go on, but I’ll go ahead and hand it over to Alan.

Alan Radomski: Hi guys. Alan Radomski here. I’m the VP of Solution Engineering at ThreatDown. To be honest with you, I think the partnership that my team has with Brian’s team and with Andy is very relevant. We bring the technical aspects of the solution to you as MSPs, and hopefully to other customers as well. Today I’ll take you through the OneView console, showing you how easy it is to use and what benefits it has for you as an MSP.

Brian Kane: Thanks, Alan. All right, so I will be one of the first people to say that I hate PowerPoint slides, so I’m literally going to walk you guys through three or four things just to give you a high level on ThreatDown, and then those are going to go away. Let me share my screen really quick.

Can everybody see my screen? All right. So I’m just going to give a quick high level here. Everyone in this room has probably heard of Malwarebytes. I’m not saying a new word that none of you have heard. You’ve probably leveraged our free tool. You’ve leveraged our IR. You’ve probably used TechBench. Most MSPs, break-fix orgs, and everyone back in the day have all used TechBench over the years. Everyone comes up to me like, “Hey, that’s that tool that I used when I got infected and nothing else cleaned it off.” So that’s really where it came from.

So what we decided to do was take this great software. We built Malwarebytes for Business, which is awesome. And we asked: how can we evolve this and truly separate out and build a focus on the B2B side of the business? And we took that a step further — we have a truly separate platform. One we use for what I’d call reseller customers, and then one that is truly purpose-built and designed for MSPs: multi-tenancy from the ground up, from the reports to the dashboard to how it manages our products. That’s what ThreatDown is — the evolution of the B2B business.

So why does this matter? As I watch the MSP business continue to skyrocket — businesses aren’t hiring sysadmins anymore. And if they did hire a sysadmin, they’d still have to hire three or four other people just to try to cover the spread. This is why MSPs are valuable. 13% year-over-year increase in ransomware attacks — it’s the worst driver, and it continues to get worse. Threats happen when everyone is sleeping. They happen 24/7. Threats don’t wait for the five o’clock bell. And as antiquated as it sounds, people are still using Windows XP. We’re still seeing RDP attacks. This stuff still exists.

Why is this hard? AI is making things much harder. AI makes attackers smarter and more dangerous. You don’t have to be Neo from The Matrix to know how to hack. Anyone can jump into ChatGPT and figure stuff out. Ransomware moves fast. Living-off-the-land attacks still dominate.

As an MSP owner, speaking from experience — the expectation for what we do keeps rising. There’s a lot of pressure to keep costs down. And most importantly, our technicians are absolutely overloaded. They’re trying to balance tier one help desk, escalations, and managing six or seven different dashboards. Working with Syncro is truly built to help you guys with that. So we’re going to talk about how we make this easier.

Alan’s going to walk you through the platform. You’ll see that OneView is truly designed to bring these tools together — not just a bunch of plug-ins. They actually come together to create a simplified approach. Our endpoint detection and response is one single agent. Very low system resources and absolutely a strong layer of protection.

We’ve got our AV, our EDR, a bunch of different add-ons — all in the same place, tied into our Security Advisor. And then we’ll shift focus to our MDR and how that really works to support MSPs dealing with the 24/7 challenge. We’re here to help — and to make it easy, efficient, and affordable.

With that, Alan, I’ll hand this over to you.

Alan Radomski: Perfect. Let me share my screen. Can you see my screen?

Great. Before I start, I just wanted to touch on why we put the solution together. We put the solution together to help MSPs manage multiple customers in one platform with clear multi-tenancy, while still having the ability to work at a top level. If I’m an MSP managing multiple customers, I don’t need to focus on one customer at a time. I need to see the state of my entire operation and manage it properly — whether that’s dealing with an outbreak or specific tasks. That’s what our OneView platform does.

So starting from when you log on — you’ve got your dashboard. The most important thing is the amount of information available to you, from vulnerabilities to operating systems to unprotected machines and active detections. But the thing I love most is this section here, which I call my Action Center. We make it as easy as possible for you to log in, see exactly what needs to be actioned, take those actions, and move on. We don’t want you spending hours in a console trying to find problems.

For example, I see one machine that needs a restart on one site. I click on it, it filters to that one machine, I action a restart, done. Or I might see 12 machines that haven’t had a scan done across four different sites. I can select all, go to Actions, and run a scan and quarantine in a few simple clicks. And we keep that Action Center visible across different pages so you always know what to do next.

We also give you all the licensing information you want to see across your sites — which solutions you’re running, which sites are deployed, which trials are still running — all from one single dashboard.

Brian Kane: Alan, can I jump in for one second? I want to highlight something you just showed. Something that our MSPs really love is the ability to create a new site and spin up a trial for your customer within that site, so you don’t start paying on those trial licenses. You can truly run a trial right there, manage it in one spot, turn it on, turn it off, or convert it to paid when you’re done. Our conversion rate on trials for MSPs is in the high 70s to low 80s. The trials make it easy to create that experience, get it onboarded, and move forward without having to pay upfront or during any overlap with another product.

Andy Cormier: Yeah, and that’s another really good example of selling and building a product the way an MSP would expect to consume it. It’s not a 30-day trial on the whole account. You can be using the account for years — and if you have a new customer, there’s a trial just for that customer. Honestly, it’s the way it should be. I don’t understand why most platforms don’t do it that way.

Alan Radomski: Right, exactly. Which leads me into what I was going to talk about next — Sites. This is where you go to create your different sites, which are essentially your customers. And another thing Brian forgot to mention alongside the trials: as an MSP, you also have an NFR license — your own site that you can use for demonstrations to your customers and for testing our tools within your environment. Setting up a site is just a few simple steps: company name, first name, last name, email address. You can also set an end date for your contract with a customer so that you get reminded when it’s time to renew.

When you go into the subscriptions, you have the ability to give your customer a 15-day trial, a 30-day trial, or create your NFR site for deployment and testing. We’ve got coverage for workstations, servers, and even mobile. You choose what you’re applying to that site, choose your core protection level — EDR or endpoint protection — and specify how many licenses of each.

Here’s something really important: we have one single agent. When you deploy this one agent, it doesn’t matter what solutions you’ve decided to use — you deploy the exact same lightweight agent. If you want to add MDR services or add-ons like vulnerability assessment or app block, you just switch them on via policy. No redeployment. No new software on the endpoint. It’s already there.

So you choose your services and add-ons — DNS filtering, whatever you want — and then click through to finish your setup, and you’ve got a site built.

Now let me show you a site that’s already been running. Here we’ve got this fantastic Security Advisor. From Security Advisor, it tells you what your security score is for that site. Mine is at 81%, which is quite good, but you can see areas where improvement is needed — for example, policies are at 77% because I’ve disabled tamper protection in a testing environment. If there are detections that haven’t been dealt with, that will bring down the score as well. The idea is to give you a clear overview for each customer so you can prioritize where to focus.

You can also manage subscriptions from here. For example, if a customer decides they want DNS filtering, I can go in, manage their subscription, and add it. And as Andy mentioned earlier, whatever you deploy and whatever you’re using is what you pay for. Even if you create a site with 10 licenses, you only start paying once you deploy that first machine and it’s talking back to the console.

Moving on to deployment — we give you flexibility in how you want to deploy. In the Download Center, I can select the site — for example, a new one I just created called Unicorn Factory — and it will build a unique deployment agent for that specific site. From there, I can choose the platform: Mac, Windows, iOS, Chrome, Android, Linux, whatever you want. You can also share a link via email so a customer can click and install the agent themselves. For third-party tools, we provide setup command lines under Advanced Tools that you can copy and paste into Group Policy, SCCM, or whatever deployment method you’re using.

And just to show you — when you download this agent, the file size is 79 megabytes. I’ve seen agents that are 250 megabytes. And once installed, the maximum number of services running — even with all of our products — is three. Those services run at very low resource usage on the endpoint. So you won’t get complaints from customers saying it’s slowing down their machines.

When it comes to managing across multiple customers — exclusions, policies, notifications, and reporting — we give you global or per-site options. A global exclusion applies everywhere. A site-specific exclusion applies only to that customer. Same with policies. You can see which policies are applied where, so if you change a global policy, you know exactly how it will affect your entire customer base.

Reporting is huge too. We’ve got the ability to run reports, schedule them, and have them automatically emailed to you — daily, weekly, monthly — with all the information you need to run your business efficiently. Same with notifications — you can set broad alerts or very specific ones based on the type of suspicious activity.

Before I go to the last section, let me talk about endpoints. You can see all endpoints across all your sites, or filter by a specific site. And we give you real depth on each endpoint — free disk space, memory, installed software, detection logs, blocked apps, all of it — if you want to dig in. But we make it easy to manage everything in a much more efficient way.

Brian Kane: Alan, if I could chime in — this is something that came up a lot when we were designing the UX. I said: MSPs think site to site, but when you’re troubleshooting, managing tickets, and doing overall maintenance, you’re thinking about your entire group. The ability to come to one place and say, “I have 15 computers that need scanned across all sites” and action them all at once is absolutely huge. With a lot of other platforms, you have visibility in the dashboard but you still have to drill down into each site to take action. We really wanted that capability to be right on the surface.

And I’ll also say — a lot of these features and UX decisions came directly from MSP feedback. We don’t have a closed-door policy. If you have recommendations, if there’s something you’d like to see, reach out. A lot of what you see in the portal today came from MSPs saying, “Hey, we’d love this report to work this way.” If you want it, there’s a good chance someone else wants it too.

Alan Radomski: Yeah, that’s true. We’re learning from MSPs and putting in what they actually want — not just randomly adding features for the fun of it.

So the next thing I want to talk about is ransomware, because Brian touched on it in his slides. Ransomware is a massive threat right now. And it’s not just ransomware — it’s the volume of attacks and the complexity. AI is changing the way attackers work, and they’re finding more and more ways to get around normal protection mechanisms.

I’d be lying to you if I said our protection is going to stop all malware from entering your environment. There is new-age malware that gets through. The most important thing is: if it does get through, how do I deal with it — quickly and effectively? I’ve seen organizations brought down for hours by ransomware, scrambling for backups that are 24 to 48 hours old, reimaging machines, losing data.

What we call this is suspicious activity. We’ve seen certain suspicious behaviors that we believe warrant investigation, even if we haven’t confirmed it as malicious. We give you all the information you need to make that determination.

Here’s a live example. At the top, we give you a summary, and then a timeline of exactly what’s happening — defense evasion, command and control, all mapped to MITRE tactics and techniques. We give you the raw code behind the activity — for example, Tor activity we’ve detected, a file masquerading as vacation.jpeg.exe, registry keys being changed (disabling Excel protection, Word protection, desktop settings). We give you every piece of evidence.

And if you scroll down to the path graph, you can see the full process tree from the start of the attack. One thing I can show you is files that were originally named movie.mp4 — they’ve now had extensions added to them. That’s encryption. That’s ransomware activity.

Now here’s the good part. You don’t have to panic. Because what we have built into our EDR is ransomware rollback. Before those files got encrypted, we took a secure backup of them on the endpoint — compressed and protected so ransomware can’t get to them. We hold those backups for up to seven days. When you go to remediate, we delete the encrypted files, pull the backed-up originals back into place, and you’re up and running again — maybe a couple of hours of downtime instead of days. Infection deleted, rollback done, no encrypted files.

And beyond the rollback, our remediation is thorough — if a registry key was changed, we change it back. If a file was deleted, we put it back. If a file was dumped, we delete it. This is what Malwarebytes was always known for: clean, good remediation.

From an MSP perspective, it just puts your mind at rest. If one of your customers gets hit by ransomware, you don’t have to panic. Give us a couple of hours and you’re over it.

Now, for MSPs that don’t have a lot of resource to go through all of these alerts and make those determinations themselves, that’s where our MDR service comes in. We have a team of MDR analysts across the globe working 24/7, monitoring alerts, identifying whether they are malicious, and reacting — whether it’s midnight or 2am — by isolating endpoints or fully remediating and getting machines back to normal. You might wake up in the morning and it’s all handled. It’s a really great thing for MSPs.

Brian Kane: Awesome. Thank you so much, Alan. This is great. And again, if you guys ever want to see a closer demo of this or spend some time with our SEs, we’re more than happy to sit down with you, talk through your business, and walk you through the specifics. Andy, I’ll hand it back over to you.

Andy Cormier: Yeah, well, thank you guys — that was awesome. And we actually have a couple of follow-up questions from the audience, specifically about the EDR rollbacks, which seems to be a big hit.

So like I said, we’re going to do some audience Q&A next. But Brian, I figured I would ask you a couple of questions on everybody’s behalf while I have you.

I talked a lot earlier about the importance of being an MSP-first product and an MSP-first business. And in some cases, it’s super easy to spot the differences. For example, if you go on Syncro’s pricing page, you actually see pricing — which is super rare in this space for RMMs and PSAs. So it’s kind of like the difference between operating in the space versus just existing in it.

I know you guys have seen rapid growth over the past couple of years. How much of it do you attribute to adopting that MSP-first mentality — really operating at every level with MSPs in mind?

Brian Kane: I truly believe it’s a huge part of it. Because “the channel” has typically been thought of as VARs, resellers, distributors — selling into customers. But over the last few years, the MSP channel is really growing. I was at MSP Summit, and I remember walking 20 feet and having five different people come up to the person I was walking with. And I thought — this is the MSP channel.

It’s vendors coming together with partners, working with the tools that exist out there — RMM platforms, marketplaces, all of it — especially those who’ve brought transparency and a real place for everyone to transact together. It’s taken some time. No one’s perfect at it. But for us, the focus on MSP, the right partners, and building toward what they want and expect — that’s what’s made the change.

Andy Cormier: Yeah, 100%. One of the things I hear from customers daily — and I literally feel this question every day — is how confused a lot of them are about operating within today’s security landscape. Like, I could put a security system on my house — that’s a logical form of protection. But if you talk to some security vendors, it sounds like you and I have already been hacked 25 times over by the time we’re off this webinar. It’s all gloom and doom.

So does that mean I should contract out Navy SEALs to patrol the perimeter of my home 24/7? No one’s really sure how much is enough — and more importantly, how much is enough for my specific customers and their specific needs. My MSP didn’t have Fortune 100 customers, so what those folks are doing didn’t necessarily apply.

How is ThreatDown helping simplify that landscape for MSPs while also staying ahead of this crazy, evolving security environment?

Brian Kane: That’s a great question. I think there’s a balance — it doesn’t fully sway one way or the other. Here’s an example: about a year ago at IT Nation, I was talking to an MSP owner who was struggling and just wanted some help. He said, “There are 215 vendors here. Should all of them say they can help me? Who do I work with? How do I build my tech stack?”

The short answer is: number one, if any one of those vendors says they solve everything for you — run away. It takes a layered approach. And as an MSP, you’re thinking about what is the least amount of layers I can apply to still accomplish as much as possible.

I typically point people toward CIS controls. There are really three levels: IG1, IG2, IG3. Use IG1 as your baseline. If you’re covering those things and you’ve built your stack around that, you’re doing pretty good. Now, if you have customers that are medical, for example, you might need to step it up — line up with compliance requirements. But for the most part, create your baseline.

One of the hardest lessons I learned as an MSP was learning to say no. I was that guy trying to get whatever I could. Customers would come in saying, “We have this installed, and this, and this — can you just manage all of it?” And I had to say: I have five technicians who are not trained in 70 different products. Here are the products I use. This is my setup. You came to me because you want help. Let me show you how we do this.

Andy Cormier: No, that’s a good point. And I always say the first thing every MSP needs to scale is the ability to sell, and the second is the ability to say no. You can’t do one without the other.

All right, last question from me, and then we’ll do some audience Q&A. I want to talk for a minute about MDR. Thinking back to when I was running my MSP — I had to bring on people with serious security chops at a much higher rate than my technicians. I’m not a security expert, so I had to acquire that knowledge by putting those people on my payroll. And that was expensive. By the time I sold my MSP, MDR and SOC services were really just starting to emerge for MSPs. That would have been absolutely game-changing for my business. If I could have reallocated those security resources to more technicians, I could have landed more contracts, generated more revenue.

What I’m seeing lately is a lot of MSPs who are hitting that level of scale and really defining their stack — security is top of mind, but they see the higher per-endpoint price point of MDR and still view it as a cost, not a means to scale. Because they’re not paying for a security staff yet.

What would you say to those folks who are still in that mindset?

Brian Kane: Speaking from experience — someone who has gone through and built out a SOC — it is insanely expensive and incredibly difficult. The people you need to do it right work for three-letter agencies. You’re not going to find them on LinkedIn. They’re not sending their resumes to Indeed. So it is very difficult to find them, and when you do, they are incredibly expensive.

Here’s the chicken-and-the-egg scenario we talk about all the time. Most MSPs have point-in-time contracts. I brought customer A on in February, and they have my essentials package. Now I’m thinking, MDR is an extra two or three bucks a month per endpoint — how do I convince my customer to spend more? That’s a hard conversation, especially when, let’s be honest, the customer probably thinks we’re already doing that 24/7 anyway.

Andy Cormier: Yeah, they don’t care if you’re paying for it — they just assume it’s done.

Brian Kane: Exactly — unless you’ve given them a contract that says “after five o’clock we shut off,” it’s a hard conversation. So here’s what I’ll say: think about it from an investment standpoint. Think about the staffing angle. What does it take to hire people to manage 100 endpoints, 300 endpoints, 500 endpoints? I promise you, the cost of MDR is cheaper any day of the week, and the quality of people you get is much higher. And you pass some of that liability over. You can sleep at night knowing that if ransomware hits at 3am, someone else is going to remediate it.

And when your customer contracts come up for renewal, the approach isn’t, “Remember that thing I said I was doing before that I kind of wasn’t fully doing 24/7?” The approach is: “We’ve advanced our stack. Here are some of the cool new things we’re doing around technology as it evolves — and because of that, we’ve brought our rates up a little, but here’s the additional protection you’re getting.” It’s all in how you position it. MSP sales is difficult, and positioning is everything.

Andy Cormier: Yeah, no — thanks, Brian, that’s a good point. Okay, guys, if you have questions, I’m pulling them from the Q&A, so please don’t put them in the chat because we tend to miss those. A couple of questions came in around the EDR backup piece — everyone’s asking basically the same thing: where is it being backed up?

Alan Radomski: Sure. I’ll get a little technical here. We have our own database that runs on the endpoint itself. Within that database, we back up to the local machine. We go through making sure the backup is secure and encrypted so it can’t itself get encrypted — the last thing we want is to have our backup ransomed. And no, it’s definitely not shadow copy. We don’t use shadow copy or any other third-party tool to back things up. We’ve built our own technology that backs up the files, and it’s all compressed to minimize disk space. It’s also configurable — you can specify, for example, that you want to use 30% of free disk space, and you can set how long you want to keep backups — three days, four days, up to seven days. But it’s our own secure backup in a database format on the endpoint itself.

Andy Cormier: I think that answers it. If anybody wants to follow up on that specifically, let me know. A couple of questions came in about cost — I did see a lot of folks hop in late when we covered pricing upfront. All pricing can be found in your Syncro instance — just head to the App Center and look at the ThreatDown app card. Every SKU is broken down there.

Brian Kane: I can speak to some of this. I’m seeing a lot of questions about DNS. Here’s what I’ll say: DNS cannot be purchased à la carte by itself. It does need to be added on to the agent to function. And I’ll be fair — unlike most vendors, I’ll openly acknowledge that our DNS is on the higher end of pricing. We are working on bringing that down. Syncro has shared really great pricing with you guys, and we’re trying to be as competitive as possible. I will say the consolidation of having DNS, policies, and all of those things built into one place is definitely an advantage for an MSP. But I’ll 100% acknowledge our DNS cost is higher right now, and we’re working to bring it down. If we’re able to adjust that, we would share the update with everyone.

Andy Cormier: Yeah, and I appreciate you saying that, Brian. There’s not a day that goes by where I’m not trying to beat up Brian for better pricing — and when we get it, we’ll just pass it along. That’s how we’ll operate.

All right, I think we’ve got two more questions here. This is a really good one — kind of a probing question so folks know what to expect. They’re asking: what are the most common requests received by ThreatDown support? Because that’s one of the first things I want to know too — what kinds of problems are people running into?

Brian Kane: That’s a good question. You’d think it’s mostly navigation stuff, but I’ll say our onboarding and dashboard are pretty solid — the feedback we get is that it’s easy to navigate. A lot of the tier one stuff we see is basic: “Hey, I’m locked out of my console.” “I’m trying to reset my password.” You’d be surprised how much tier one stuff exists. Alan, any commentary on the support side?

Alan Radomski: I’ll be honest — it’s difficult to characterize broadly. There are product bugs, like with any software. For example, you’ve deployed the agent, everything’s set up, but something’s not working as expected. But when those come in, we’re on them fast. Just this morning — UK morning, so while a lot of you were probably sleeping — there was a bug where one of the buttons in the console wasn’t working. It was reported around 10am. By noon, a bug fix was released and sorted out. Those kinds of small issues do happen. But like Brian said, you’d be surprised how many support cases are things like “I can’t log into my console” — only to find out Caps Lock was on.

Andy Cormier: That’s the worst of what you’re seeing — that’s good for you guys. All right, one last question, and this might be a bit philosophical — probably better for you, Brian. They’re asking basically how MSPs would best position themselves when using ThreatDown against larger MSSPs who sometimes try to step on MSPs — either with existing customers or new prospects. How would you recommend countering that?

Brian Kane: This is actually where MDR is most relevant, because the MSSP is going to come in and say, “We have a SOC. We have security people watching you 24/7.” And sure, their price is going to be higher — they’ll sell the customer on how much better they are. But if you can go in and say, “We have next-gen enhanced detection and response, and we have people watching you 24/7 — not just in the back of our room, but globally, from a large company managing all of this” — you’ve got a real leg up. You’ll do it well, and in fairness, you’ll do it cheaper than those MSSPs.

I’ve seen the pricing. I run into it all the time. Their pricing is much higher. If you see an MSSP that says they’re running a SOC and they’re selling cheaper than you — let that customer go, and I promise you they’ll call you back in three months after they’ve been breached.

Andy Cormier: Brian, Alan — thank you guys so much for your time. This was awesome.

For folks on the call: yes, this is recorded, and everyone on the call will receive a recording after the fact. If you’re new to ThreatDown, you can spin up a new account right in the App Center. If you’re already using ThreatDown, there’s an email in the App Center to reach out about migrating your account over to us.

Phase two of the integration — the deployments and alerting — is coming late this year or early next year. And from there, we’re just going to keep building it out and strengthening our relationship with ThreatDown.

Guys, thank you very much. Really excited for this, and thanks everybody for showing up today.

Brian Kane: Our pleasure, everyone. Thank you.