Over two decades ago, the IT industry began to shift from break-fix to managed services. Savvy business owners on both sides of the equation recognized that it made a lot more sense to have predictable expenses dedicated to IT services rather than wait for something to break and rack up unknown costs fixing the issue. Now, it appears that the industry is primed to shift again toward Incident Response as a Service (IRaaS). Is this a step forward for the channel?
The Problem with the Break-Fix Model
When customers asked why they should pay for something before it happened, MSP owners explained that the break-fix model put the business and the IT provider at odds with each other. A recurring monthly agreement, on the other hand, kept everyone on the same team.
Think about it. When something broke, it was more lucrative for the IT provider to maximize the time fixing the issue to increase revenue and profitability. The business owner was beholden to the rates demanded because they were in dire straits with systems down. Moving to managed services meant that it was behoove of the provider to keep systems running in pristine condition to avoid spending their time and materials fixing issues. A quiet network was a happy network for all involved.
Now, some industry experts suggest that the next iteration of the MSP should include IRaaS. In fact, some go so far as to say that rather than build a full-service MSP, new MSP owners should focus all of their efforts on IRaaS. While fully acknowledging that cybersecurity threats abound, we don’t prescribe to this way of thinking. In all reality, this type of model is just like maintaining break-fix agreements. Providers generate more revenue for every breach and benefit from bad actors attacking their clients.
IRaaS is Simply Ambulance Chasing
Under an IRaaS model, you capitalize on another organization’s pain. Very much like lawyers’ ambulance chasing, you’re running in to save the day at a point where the client is the most vulnerable, able to extort significant money just to get a floundering client back on their feet. At the end of the day, this methodology is very short-sighted. You’re the hero for the day, but then you’re just waiting around for the next attack. Every time you have to come in to remediate a problem, the client trusts you less and less. In reality, they begin wondering why they keep running into bad actors in the first place.
Doesn’t it make more sense to stop a threat before it happens? Cultivate a preventative cybersecurity posture. Just like managed services agreements put clients and IT providers on the same page, cybersecurity prevention ensures you work in your clients’ best interest. Instead of waiting around to see what will go wrong, you prove your value day in and day out by preventing attacks before they start.
How? Utilize tools that stop threats pre-execution or pre-inbox, rather than fix it once damage is done. BLOKWORX’ suite of tools deal with endpoint and cloud-based threats. They bookend your network to provide the highest level of protection.
What does Pre-Execution Mean?
Traditional EDR waits until a file is read, then begins observing behavior before blocking the execution. Prevention-first cybersecurity intercepts the file write process and determines whether it is malicious at that point. Then it will release the file for use or quarantine it as malicious. Deep Learning allows this to happen by acting just like the human brain, observing erratic behaviors and reacting accordingly.
What does Pre-Inbox Mean?
Traditional email protection scans files after delivery to the inbox, meaning an email can dwell in the inbox for up to two hours. If you’re like most workers, you’re carrying an inbox around in your pocket and checking it a lot more often than every two hours. Pre-Inbox scans emails before they ever get to your inbox quarantining potential malicious attacks or phishing attempts.
Forget IRaaS – Be on the Right Side of the Industry
You’ve probably heard industry experts say, “it’s not a matter of if, but when you’ll be attacked”. This “assume breach” mentality has driven the growth of EDR, XDR, MDR over the years. However, it hasn’t reduced the number of attacks we’re seeing across the landscape. EDR, XDR, and MDR alone are not sufficient cybersecurity protection mechanisms (although they are helpful for visibility when paired with a prevention platform). Assume breach mentality has contributed to the FUD (fear, uncertainty, and doubt) encircling cybersecurity. In addition, it has done nothing to improve the actual security of organizations’ networks.
Prescribing to the theory that IRaaS is the next best iteration of managed services will only perpetuate this thinking. Instead, adopt the prevention mindset. At the end of the day, prevention is entirely possible (pre-execution and pre-inbox technologies exist today). It is also more profitable and scalable than dedicating large teams to investigate and remediate issues at all hours of the day and night.