2Scale or Fail: The Benefits of a Multitenant XDR Platform for MSSPs

Scale or FailThe Benefits of a

Multitenant XDR Platform for MSSPs

Whi

te P

aper

The Challenge of Scaling Security Solutions

Multitenancy: The Single Pane of Glass

Managing all aspects of cybersecurity across multiple client environments is a fundamental

responsibility and challenge for Managed Security Service Providers (MSSPs). Because

MSSPs manage multiple environments, each with a different set of solutions, along with different

configurations and support requirements, the complexity managing the solutions grows

exponentially as the number of solutions offered and client base grows.

This complexity is exacerbated when managing cybersecurity solutions that must be constantly

monitored and leveraged to protect client environments from a continuous onslaught of threats,

such as Extended Detection and Response (XDR) and Endpoint Detection and Response

(EDR) solutions. Prioritizing, investigating and responding to detected threats across a broad

client base can be particularly challenging and time consuming when solutions are deployed as

unique instances at each client.

Alerts must be collected, analyzed, prioritized, assigned and handled, while ensuring no

dangerous threats are missed and each client is fully supported. The overhead involved in

monitoring each client’s environment using multiple sets of security tools can be a significant

productivity drain. It also presents a real opportunity to overlook critical signals simply because

there are just too many “panes of glass” to monitor.

MSSPs are increasingly turning to multitenant solutions to eliminate the complexity of discrete

solution deployments. Multitenancy is typically defined as the ability to deploy multiple

independent instances of a solution that are managed in a single, shared environment.

Multitenancy essentially allows MSSPs to have full visibility and manage multiple client

environments from a single pane of glass. As an MSSP scales and manages more clients with

more diverse environments, the need for multitenant solutions becomes more critical.

3Scale or Fail: The Benefits of a Multitenant XDR Platform for MSSPs

4Scale or Fail: The Benefits of a Multitenant XDR Platform for MSSPs

Example of cross-client search capabilities and options in Forensics view

The Benefits of Multitenancy

MSSPs indicated the benefits of multitenancy fell into two broad categories:

Cynet interviewed several MSSP partners to better understand the benefits realized by

the Cynet 360 multitenant platform. According to all MSSPs interviewed, they could not

successfully and profitably scale their businesses without a multitenant XDR (or EDR) solution.

“ Before we had Cynet’s multitenant solution, we would monitor alerts by scraping emails, exporting to a database, and then importing the information into Zendesk – in batch, not real time. Then someone would find the next available analyst and open a ticket. It was so 1990s!

Now, alerts come into a single console and they’re automatically prioritized and assigned – a human could never operate as quickly. For an MSSP, it’s a godsend.

“ Without multitenancy, how can you really monitor more than a handful of clients? You’ll miss things, support will be delayed, balls can be dropped. The number of exchanges that need to happen would have been impossible to achieve without a multitenant platform.

1 Doing More with LessManaging all clients from a single console means an MSSP can serve more clients

without adding resources to manage client environments by eliminating the need to

constantly switch between solution instances. The increased efficiencies lead to

lower costs and higher margins.

Multitenancy also eliminates the constant headaches of tracking the myriad issues

that invariably follow manual processing. Using email, sticky notes, voicemail and

other communication tools to track and solve problems is greatly reduced with

centralized management capability.

2 Better Security and ResponsivenessConsolidating all alerts and related forensic data from all clients into a single pane of

glass allows the MSSP to immediately see, prioritize, investigate and respond much

faster, before damage can be done. In cybersecurity, time is always of the essence.

With all requisite information needed to investigate and respond to alerts from all

client environments in a single pane of glass, MSSPs can provide a level of service that

would otherwise be impossible without a multitenant solution.

Further, with alerts from all clients presented in a single console, MSSPs can quickly

ensure that high risk threats found in one client environment can be quickly identified

and remediated across all client environments.

Considerations when selecting a multitenant XDR/EDR solutionMultitenant capabilities offered by XDR/EDR solution providers vary widely. Several MSSP partnered with Cynet after experiencing multitenant platforms that were “very cumbersome and not very user friendly.” Based on discussions with several MSSP partners, the following capabilities should be considered when evaluating a multitenant platform provider.

Tenant and Subtenant ManagementThe platform should provide a global view and be able to easily access any tenant view. Better

platforms will allow for each tenant to be further subdivided into subtenants. For example, an

MSSP may have multiple MSP clients as tenants on the solution. Then, each of the MSPs can

provision clients onto the solution as subtenants. The MSPs will be able to see all subtenants

and the MSSP will be able to see all tenants (MSPs) and all subtenants (MSP clients). The MSSP

and MSP can enable subtenants to have full dashboard access and relevant privileges in their

environments, while still operating with master administrative privileges.

Role Based ManagementThe platform should provide role-based controls to modify access permissions per defined role.

For example, the MSSP can create a tenant for the MSP and make the MSP the admin for that

tenant. The MSP can then generate sub-tenants for its clients with various role based permissions.

Data SeparationData privacy is an essential element of a multitenant platform. The platform architecture should

ensure full separation of client data so no clients can mistakenly (or purposely attempt to) access

others’ private data.

Remote Deployment The entire solution, including the endpoint agent and management console can be fully deployed

and managed remotely. The solution should have full auto-deployment capabilities with minimal

need for additional third-party deployment tools. After initial deployment, the solution should then

recognize new endpoints and initiate auto-deployment to those endpoints.

Remote ManagementThe multitenant platform should have a full arsenal of management and response capabilities

that can be fully implemented remotely. Remote management is not only critical for response

speed in general, but a fundamental requirement in today’s post-Covid 19 world. The multitenant

platform should first present all needed data so that local client system access is unnecessary

to perform all required analysis and actions.

Second, the platform should support the full breadth of response actions required to fully

investigate and remediate any threat remotely. This means the solution can fully investigate and

remediate client assets at the endpoint, network and user levels, again, without direct access to

client resources. And, the more automated the response workflow is, the better.

Scalability The platform should have the ability to quickly scale with minimal effort as the client, tenants

and subtenants grow.

Deployment SupportThe solutions should seamlessly support on-premise, SaaS, VPC and hybrid environments.

In addition, multitenancy needs to support various OS on the client side from the single

management console, such as Mac, Unix, Windows and Linux.

The Road Ahead MSSPs are under increasing pressure to provide stellar service at reasonable prices.

Competition is fierce and any client misstep in the cybersecurity space can lead to

devastating consequences for MSSPs and their clients. Multitenant XDR/EDR solutions

enable MSSPs to deliver world-class cybersecurity solutions without the need for significant

resource overhead.

Multitenant solutions can improve the MSSPs bottom line while ensuring maximum

protection for client environments.

To learn more about Cynet Multitenant XDR platform for Managed Service Providers

The platform should have the ability to change settings on a global, per tenant and per sub-

tenant basis based on the nature of the change required. The solution should allow you to

click on a single event from the main dashboard and be automatically diverted to the specific

event within the tenant or subtenant environment. This saves considerable time accessing the

appropriate environment and then searching for the event.

Example of alerts from different clients (sites) aggregated in the Alert View

Example of tenant and subtenant structure in a multitenant environment

Example of tenant and subtenant structure in a multitenant environment

Example of permission provisioning

Example of host map that illustrates results of remote deployment

Example of Incident View that automates all investigation and remediation response actions

Single Management ConsoleWhile this is essentially the point of multitenancy, remember that the more useful and usable

information that can be accessed in a single dashboard, the better. Unified visibility across

all customers enables security teams to manage multiple customers efficiently and reduce

response time. Look for solutions that provide a broad and deep set of data to facilitate

investigations without the need for jumping between multiple systems.

MSSPMSPTenant

MSPTenant

MSPTenant

MSPTenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

Client Subtenant

5Scale or Fail: The Benefits of a Multitenant XDR Platform for MSSPs

Click Here