I am with an IT MSP or IT Managed Services Provider. We have clients who allow us to provide their IT services. We provide services for desktop support and all the way up to network administration, technical projects, and so forth.
We use Field Effect MDR for our clients as well as for ourselves, so we use it internally as well as resell it to our IT MSP clients.
Field Effect MDR is backed by experts who are constantly monitoring for attacks and risks. It is extremely important and relevant to us. Field Effect or at least the core team, comes out of offensive security with nation/state actions. That is very practical knowledge. Being able to take that and understand both from the offensive side and the defensive side is valuable. Knowing how to counter those offensive acts and how to anticipate them puts them in a great spot to understand the cyber landscape. We are able to stay on top of trends within that cyber landscape. Because they have intelligent sources or habits that they have developed from their history, it is very effective. We have a lot of trust in the leadership of Field Effect, the line managers, the SOC in charge, the forensic teams, and the incident response teams. We have very high confidence that our interests are highly regarded by them, and they are trying to protect our business, our interests, and our clients. They are also able to steer us in great directions.
Even though they have such deep industry experience, they are willing to collaborate and listen. This is something that I would not have expected from a team like Field Effect. On the partnership side, we have used other top-tier EDR or MDR products. The products are great, but the partnerships in some cases have been just average. In some cases, they have been antagonistic, so from Field Effect, I was not expecting much, particularly having learned about their background. However, when we got working with them, it was just a revelation of how open they were to our situation and our particular needs, which are very different from their own priorities. They have been willing to work with us within reason. They have a development roadmap that they have to follow, but whenever we needed critical things to make Field Effect MDR a part of our core business and a successful part of our core business, they were very willing to listen. In many cases, they also acted on the requests. It has been a fantastic and very effective partnership.
We use its tagging of security threats as actions, recommendations, or observations. It is critical. We have used a lot of platforms, We have used the second-tier ones and also the top-tier ones in Magic Quadrant. The main issue with all of those platforms is noise. How do you improve the signal-to-noise ratio so that you are not spending a lot of your senior security analyst's time triaging non-actionable tickets, events, or alerts and they can focus on those truly actionable things that might require some level of direct incident response? With other platforms, including other top-tier platforms such as SentinelOne or CrowdStrike, we would get a lot of false positive notifications, and cutting through the noise was difficult. With Field Effect, because they use the ARO system of actions, recommendations, and observations, they have severity levels within each of those bands. I am not sure, but I believe there are five bands between each of those. We use a system called ConnectWise PSA as our ticketing system, so we are able to insert workflow rules and other automation assistance so that we can do some pre-filtering of the alerts to make sure that we direct all the high-priority notifications to our SOC team. We can either auto-close lower priority or lower severity notifications because they are non-actionable or are more informative, or we can funnel them to our regular help desk. A notification about your web browser being out of date does not need to go to the SOC. That can go to the regular service team to help walk the client through an update or do the update for them and things like that, so AROs are critical. It definitely allows us to maximize our limited and expensive resources so that we are focused on truly actionable things and not waste time on false positives.
As of now, Field Effect MDR gives us a single cybersecurity product that proactively protects all our threat surfaces, but who knows what may happen in the future. Field Effect MDR is holistic. With this one product, you get the host-based stuff. You get the network appliance. You get cloud monitoring. You get the DNS firewall. It is a much simpler product to handle from a billing perspective. From an account management perspective, the full version of Field Effect MDR is effective and easy to manage. They also have other versions, but the full product version is a one-stop shop. There is an add-on that they have probably introduced over the last year or maybe six months. It is for cloud retention. Field Effect MDR in many aspects is a SIEM, but they have not exposed all the traditional capabilities of SIEM, namely the dashboarding side or the user-facing side. It also lacked the ability for a SIEM to be a generic log aggregator or a log ingestion sync of any source of log data. They have now added that capability where you can add on log retention services if you need it for compliance or insurance or just your own digital forensics requirements. By default, it retains its own telemetry for 90 days, but if an organization wants to retain logs for 360 days or longer for compliance and data retention, they have a service for that. That is an add-on, but the core platform with its 90-day retention is usually acceptable to the majority of our clients.
Field Effect MDR most certainly helps our security team save time. It does that passively via ARO classification. The Field Effect SOC is doing its job through machine learning, human analysts, and other heuristics to make sure that events are categorized as best as they can. We can leverage their deep experience, which makes it much easier for my team. When we get an alert via Field Effect MDR, it is already packaged as an action, a recommendation, or an observation. When we get an action of medium or higher severity, that automatically goes to my company's SOC for some triaging and analysis to determine whether we need to spin up an incident response or what the proper response is to that notification. Lower-scored items, such as observations, recommendations, and low severity or priority actions, go to a SOC coordination team, which will also do some less technical triage to classify them, or it will be handled by some of our automations. The fact that AROs are being so effectively and correctly targeted allows us to focus our most senior, most expensive, and most skilled resources on things that actually matter.
We also gain efficiencies because the Field Effect SOC is collaborative. We do not just get an ARO. We are also able to initiate communication. If we have an action or event that we want to follow up on, be it an action, recommendation, or observation, we can request help. If my company SOC needs some guidance because we are not quite sure, or it is on the bubble of being actionable versus non-actionable and we want a second opinion before we close a ticket or spin up an incident for the response team, we can request help from the Field Effect SOC. They collaborate with us and explain the logic behind why they classified something like this. They listen to our points, perspectives, and considerations. They work with us to figure out whether it is something that we need to worry about, or it is something that we can defer or ignore. That is extremely helpful. With some of our other partnerships on technology products, including security products, it has been very difficult to get this level of effective collaboration from the vendor. That has been fantastic. That has allowed us to accelerate our plans. Initially, we were thinking about using Field Effect MDR only for certain clients who have purchased a higher tier or premium security service, like an MSSP service specific to security and compliance. However, given how scalable Field Effect MDR is through those efficiencies built into the platform, into their classification system of events, and indirect staff augmentation via their Field Effect SOC, we have now made Field Effect MDR the standard security platform for all of our clients, even the ones who are only on core IT support plans.
Field Effect MDR informs us of the threats that matter and how to address them. AROs are very detailed. A lot of security platforms provide that detail, so I do not know if that is especially unique in the Field Effect's case, but it is certainly effective. AROs are very well-detailed, and they describe which event triggered the alert. They explain why it is of interest but not an actual problem. They also detail the steps to remediate, mitigate, or dismiss a particular alert. They are very effective from that perspective.
They also provide us with bulletins. We have been lucky so far. None of our clients have been subject to any sort of rising threat. However, we would not necessarily know about it unless we are paying attention to security forms and other information sources. Field Effect is one of those sources. When they start to see a negative trend, they alert their community. As a channel partner of Field Effect, we get alerts, warnings, or notifications on those emerging threats. We can then alert our SOC and pay attention to some of the indicators of compromise that might not be flourishing into a full attack but are indicative of attack precursors. Those advanced alerts of emerging threats are key. Field Effect is attempting to keep us informed as a channel partner. I do not know how true that would be for a direct customer of Field Effect.
As a channel partner, we also get visibility into their development roadmap. We have influence over that roadmap. Understanding what is coming down the line in terms of feature enhancements, feature improvements, new features, new capabilities, and new services is great for us. We are a decently sized IT MSP with a growing set of MSSP services. We cannot always turn on a dime, so advanced notice, particularly in terms of forthcoming items, is very key. It allows us to help make sure that our various teams—technical teams on the SOC or the service delivery side, client-facing teams such as our account management teams, our VCIOs, our VCSOs, and marketing team—are working in a highly synchronized or collaborative manner. They can make our new services and offerings as successful as possible with minimal friction in our particular marketplace.