With the data security of medical clients a key concern for Auckland-headquartered managed services provider Think I.T., the company turned to Advantage for the integration of its AdvantageProtect and AdvantageMDR solutions into its service offerings. As a result, Think I.T. and its clients today benefit from security levels contributing to peace of mind, with all aspects of information security ably handled by Advantage expertise combined with software from vendors including LogRythm and SentinelOne.
Situation
With most of its clients largely reliant on what he describes as ‘standard antivirus products’, Think I.T. CEO Kerry Wilson says he sought a more comprehensive approach. “There were too many incidences of our clients being hit with infections and compromises, so we wanted to move up a couple of levels,” he relates.
Several options presented themselves, one of which was establishing its own Security Operations Centre complementing Think I.T.’s existing Network Operations Centre. “We include security in every product or solution we offer all our clients; it’s an essential component of responsible operations,” he notes. “However, a dedicated SOC is a specialist function.”
Another was partnering with ‘hyperscale’ cloud providers. “Neither of these options was particularly attractive. The first, while feasible, wasn’t practically desirable as we aren’t sufficiently large to justify the investment in infrastructure and personnel, and it would take time. The second left the risk of inadequate support – when dealing with overseas entities where you’re effectively just a number, it meant the possibility of not having anyone to speak with directly should there be an incident or an issue.”
With its preference for a local service provider, Wilson adds that Think I.T. wanted more than a toolset. “We wanted wraparound services, so the entire security component is taken care of, providing peace of mind not just to us as a service provider, but by extension to every one of our customers.”
Solution
A test of the market brought Think I.T. to Advantage, and several years ago, the managed services provider applied the very same value proposition it takes to market for its own clients, to cyber security. “We’ve effectively partnered with a specialist in Advantage leveraging their SOC, expertise and vendor relationships to…well, to our advantage, and that of our clients,” explains Wilson.
He says those vendor relationships are important, but the service and availability of support are more important than product. For example, “When we started the relationship, our preference was for SentinelOne for endpoint protection – but at that stage, Advantage was using a different vendor. That didn’t change the quality of the service supplied.”
When Advantage subsequently partnered with SentinelOne, Wilson welcomed the news – particularly when Advantage quickly went on to become the first regional partner combining the vendor’s solutions with NCSC Malware Free Networks threat intelligence, and current SentinelOne APJ partner of the year.
The AdvantageProtect service incorporates a team of trained, certified, and experienced incident response engineers, combined with SentinelOne AI-powered endpoint monitoring detection, response, and prevention. Included in the service is a ‘one-click ransomware rollback’, guided remediation, and compliance assurance. The service also includes 24/7 Security Information and Event Management (SIEM) and Advantage’s Security Operations Centre (SOC).
“Partnering with Advantage now means we manage the endpoints, but the back end security is handled by their SOC,” says Wilson. “When a breach notification comes in, we are notified, and they take care of those alerts – so, for example, if a user is logging on with the wrong password multiple times, which could be a brute force attack, they’ll immediately let us know. We know they’re watching and handling it, so our guys don’t have to deal with it directly, beyond knowing it’s being handled.”
Results
Wilson has already stressed that Think I.T. believes firmly in incorporating rigorous cyber security into all the products and services offered by the company, and he says this is a key aspect of the value derived from the Advantage relationship. “Basically, we know we’re now offering some of the best security available anywhere. Along with that is the control and contactability which is part and parcel of effective support: we know the people behind it, and if something happens, we have real people working on it rather than a ticket logged in the hope of an eventual response.”
Beyond a significant reduction in the number of infections and attacks, there have been real-world incidences where Advantage has identified potential attacks and provided early warning. Recalling one such incident, Wilson says it took just 9 minutes in the early hours of a Saturday morning after Advantage detected an anomaly, to Think I.T. receiving a notification of the action being taken.
“The vigilance is impressive; we know dwell times correlate with the damage hackers can do, so this was a reassurance that if anything happens, Advantage is straight on to it.”
Generally, he says the reduction in security workload and incidences means Think I.T. has become a more efficient MSP. “We aren’t fighting fires with breaches and malware; the recent 3CX hack is another example where our clients just weren’t affected, because Advantage caught it straight away, even though it wasn’t yet a known issue; SentinelOne blocked any of our clients who clicked on the ‘update’ because the behaviour was anomalous. The fact that it did its job saved us a huge amount of work, as we didn’t have to clean up what was a serious problem for many others.”
Ultimately, Wilson says it comes down to Return on Investment. “From a business point of view, the relationship is invaluable. It takes away the risk factor, so we can sleep better at night. And so can our customers,” he concludes.
