RFA, MSSP, Uses Reco to For Managed Threat Detection and Response

RFA is a global, managed IT company and we’ve been in business for over 30 years. We help clients in the financial services and alternative investment industries outsource their IT and cybersecurity needs so that they can focus internal resources on things that make their business unique.

‍

My role is CIO, and I’m responsible for our cybersecurity and compliance program, various research and development, as well as the Security Operations Center (SOC). Hundreds of clients rely on our SOC to provide 24/7 monitoring of their most critical assets and infrastructure.

‍

Our SaaS security journey started several years ago. In response to client demand, we released a SaaS security offering for Microsoft365. We used Microsoft native tools and some third-party tools to deliver the service. While we saw some adoption of the service, there were some to fill to make the service more appealing.

‍

Before Reco

‍

I can say anecdotally that Microsoft is one of the most widely attacked platforms in the world. And the numbers support that. Last year, Microsoft reported 600 Million attacks daily around the globe. And there’s no sign of slowing down. Microsoft is attractive to threat actors because of its large landscape and the abundance of business critical data that lives on it. For our clients, Microsoft356 security was top of mind and so it was top of mind for us.

‍

Evolving Client Needs

‍

The post-Covid world made remote work a permanent reality for many. As a result, lots of companies began to operate 100% by way of SaaS applications, especially M365. This made our SaaS security offering more relevant and important, but it also meant clients were demanding more out of the service. We support a particular market niche that doesn’t want to buy a SIEM or staff their own SOC, but they still need security. Our clients were asking for broader support for their M365 instances, which meant being able to bring the security through the 24/7 monitoring of our SOC.

‍

Limited Capabilities for SaaS

‍

With the stack we had at the time, our SaaS security offering was limited to configuration management. Clients wanted more. They wanted Managed Detection and Response (MDR) services that could look at unusual behavior, insider threats, and signs of active attacks. 

‍

The problem was, to do that with the tools we had would’ve been prohibitively complex, requiring expensive licensing, establishing a DLP, and time-consuming data classification cycles. It would also be a headache to maintain. Additionally, the native Microsoft tools don’t scale well for MSP services delivery. 

‍

Market Opportunities

‍

When we spoke to clients about the offering, they would often say, “I have a Microsoft E5 license that comes with all types of security functionality, why do I need your services?” The value was difficult to explain. Since Microsoft is always releasing new capabilities, our services were at risk of falling behind. I’ve been in the MSSP game long enough to know that you can’t sell services by competing with Microsoft. You have to offer something that's complementary but adds additional value.

‍

We looked at the market and found that it was very rare to find an MSSP that offered both configuration management and MDR services for Microsoft365, and did both well. We realized there was an opportunity for us to lead that category.

‍

Bringing on Reco

‍

We found Reco through a trusted partner and after a successful evaluation period we signed up. We were impressed with the platform capabilities and also with the team’s ability to respond to our requests. Initially, we requested a couple of features that would enable us to deliver services to multiple tenants through our SOC and Reco developed those features in a matter of days.

‍

Multi-Tenant Support for MSPs

‍

The Reco platform allows us to integrate customers through multiple tenants where we can manage environments. Our Security and Compliance Department owns the management of Reco, and our SOC team sees Reco alerts coming through our SIEM where they can triage, remediate, and recover.

‍

The Results

‍

Now that we use Reco, we’re able to provide better support for our clients and also increase our competitiveness in the market.

‍

Drive More Revenue

‍

We’ve expanded our SaaS security offering and now we’re able to provide MDR services for M365 environments, giving clients that 24/7, 360 degree coverage they were asking for. We’re able to rapidly detect, triage, and remediate issues all through the automation of our SOC. 

‍

We white-label Reco under the name “Microsoft Guardian” and the service is much easier to sell than our previous services. Customers no longer question if we are trying to replace or duplicate their existing Microsoft solutions. They understand the value, and the service adds an additional layer of comfort for them.

‍

Provide More Comprehensive Security Services

‍

When you’re just doing configuration management you can’t spot insider threats, which is a huge issue for companies. Malicious insiders can expose data, delete data, or even implement malicious software. With Reco, we can discover potential insider threats through pre-built threat detections and send the alerts to our SOC through our SIEM for swift action.

‍

Another big issue for companies is phishing. With our service, powered by Reco, if an employee were to get phished we would know about this right away. We would be able to shut down any activity that would be sequential to the phishing before something bad happened.

‍

Another value add is enhanced compliance services. A lot of our clients are heavily regulated. Especially our European clients, where the reporting requirements are particularly taxing. With the advent of DORA, a lot of our clients were wanting more compliance reporting ease. The Reco platform enables us to support them, making maintaining compliance, as well as reporting on compliance, much easier.

‍

Simplify Service Delivery, Save Clients Money

‍

If we had kept going down the path of building out the services with Microsoft native tools, it would’ve been more costly and difficult to maintain. Reco allows us to be more cost efficient and more resource efficient. We can provide the service for 20-30% less, and the ongoing management is also easier for our team. We can offer more value to clients at a lower price, and we can do this with less overhead for our team.

‍

Interestingly, when we compare our clients who have this service versus the ones who don’t, we see 50% fewer security incidents for the Reco customers. That’s because of the context Reco provides that filters out noisy alerts and also because of the proactive posture management that keeps risks to a minimum. For the customer, that means tighter security and for our Security team that means more focus on tasks that matter. It’s a win for both sides.

‍

Supporting MSSP Client Needs with Reco

‍

Reco has helped us meet our clients needs for M365 security, and allowed us to make service delivery seamless and simple. SaaS security is a big and complex problem for businesses. There’s a lot of configuration options that can potentially expose data. And there’s limitations with the native tools. 

‍

I recommend Reco to any business that needs comprehensive SaaS security and 24/7 monitoring. And to any MSP that wants to offer more value to clients on the SaaS side.

‍

To learn more about RFA and how we can help with M365 security, visit our site. Or connect with me on LinkedIn.

‍

Read the full customer story here.