header_bg.png


Managed Security Providers
 

 

Reduce cost and save time

  • Flat low pricing.
  • Deploy a single technology to all your customers.
  • Reduce infrastructure overhead and maintenance using a cloud utility.
  • Elastic EDR means you always have exactly the capacity you need, at a predictible cost without complex planning.
  • Streamline operations by training analysts on a single endpoint solution across all platforms and customers.
  • Reduce onboarding time for new customers.
  • Automate advanced incident response like network isolation without needing to deploy infrastructure.
 
glass_bg.png
 

Existing Challenges

Endpoint capabilities are a problem for MSSPs and leave you with some difficult prospects:

  • You do not have endpoint capability but endpoint visibility has become a core feature which leaves you at a disadvantage when competitng for business.
  • You use your customer's capability - if they have one - but this approach leaves you managing a host of different solutions each with its own storage, retention and user interface.
  • You use a commercial product and try to pass the cost onto your customer; however, most commercial endpoint solutions are very expensive and they are not meant to scale the way you need.
  • You use a hodge-podge of open source solutions but this forces you to spend a lot of time maintaining the infrastructure needed for all of them, and making them talk to each other is difficult.
  • Capacity planning is difficult as you must optimize complex contracts and quotas to obtain better pricing from vendors.

With LimaCharlie.io

With LimaCharlie.io we understand the difficulties you face and are creating a solution catered to your needs.

Here are some highlights of how our endpoint soltuion is catered to the needs of MSSPs:

  • Our pricing is simple and scales so that you can deploy a single solution across all customers.
  • We're multi-tenant and multi-region. You can manage all your customer separately and in their own geolocation, but you can manage your capabilities in the same way across all of them.
  • Your data is your own. We know you have data lakes and solutions to store the security related data and we do not use any vendor lock-in schemes. Data goes where you want in an open format making it easy to integrate.
  • Cross-platform and real-time. Manage endpoints using one technology regarless of the platform. Automate the detection and response in real-time without the need to standup a complex architecture - we provide serverless automation.
  • You can perform any and all capabilities through our REST or Python API. From agent management and tagging all the way to responding and isolating endpoints.

No other endpoint security provider is as MSSP-friendly as we are. Drop us a line if you'd like to discuss how other MSSPs like you leverage the LimaCharlie.io platform for their service.

 

MSSP Scenario

What does an MSSP environment using LimaCharlie.io look like?

MSSPs can create an Organization per customer. This allows them to set specific quotas and better understand the cost for each.

They create an installation key per business unit for their customer. This allows them to set specific tags on agents automatically. In turn, this allows them to customize the detection and response based on the origin of agents and the risks involved.

Along with the security related detection and response rules, MSSPs will often create a simple scheduled script to synchonize the list of VIPs for their customers. It's often based on an Active Directory, but sometimes it's a manually curated list of executives.

The output rules are usually designed to provide varying tiers of service. As a baseline, many will have a rule that outputs the bulk of all events to an AWS S3 bucket which makes it easy for them to maintain a cheap archival with a clear and automated retention period.

mssp.png

Other output rules can then be created to forward detections (alerts) directly to a SIEM like Splunk, or even out to mobile phones via Slack.

Sometimes a select subset of agents will have their events streamed to top tier storage (like Splunk) using an agent tag.

If you are like most MSSPs getting introduced to us, this all may sound like months of integration work; hohwever, if you take a closer look you will discover that this nothing more than an afternoon's worth of work.

We'll be happy to show you just how well we can cater to you.