February 22, 2024

Episode 13: Early Days in AI MRR

Listen to the Podcast

Read the Transcript

Erick and Rich discuss an intriguing effort by startup Hatz AI to help MSPs earn recurring revenue from artificial intelligence and how to plan for and profit from 2024’s calendar of IT industry conferences. Then Scott Barlow, vice president of global MSP at Sophos, shares his take on managed security, managed detection and response, and other important security topics for MSPs. And finally, one last thing: The adventures of Tidy Mouse!

Discussed in this episode:


Hatz AI Raises $2.5M to Enable MSPs to Deliver AI-as-a-Service

Mouse filmed tidying up man’s shed every night


Rich: [00:00:00] And three, two, one. Blast off, ladies and gentlemen. Welcome to another episode of the MSP Chat Podcast, your weekly visit with two talking heads, talking with you about the services, strategies, and success tips you need. To make it big in managed services. My name is Rich Freeman. I am chief content officer at Channel Master, the organization responsible for this podcast, I am joined by your other co host, our chief strategist, my friend, Erick Simpson, Erick, how goes it?

Erick: Rich, after dealing with lots of technical issues. This week that I’m sure a lot of our listeners have dealt with because of all the storms and the weather that we’re having, we have power outages. We had internet outages. I was having to do halls and zoom meetings with a little hotspot that I’ve got.

It was I think knock on wood and we had some platform outages. Some of the platforms we use a channel mastered rich. We talked about this before the show. Hopefully we’re on the other side of it, but it has cost. Some disruption for me and it’s caused me to, be more reactive than I would have normally liked to have been this week.

Like I say, I think we’re hopefully past all that stuff now, and I’m looking forward to getting, back to a normalcy around the things that we rely on, one of the other things we talked about before the, we went live today, which was the dependence that we have now on the internet or doing business used to be a primary.

Service that we, that was the mission critical service that had to always be up and available was phone service that has been completely replaced by internet. I would think, how about you, Rich? I, have you had any of this challenges that I’ve had this last week? No,

Rich: I, and I’m feeling really great.

I know people I had an interview scheduled with an analyst yesterday as we record this who had to cancel last minute because he’s up in New England and his basement flooded. They have they’ve had terrible weather up there this time of year. So a lot of people struggling with a lot of outages and weather issues, and I’m just coasting along here smoothly in Seattle.

It’s it’s pretty

Erick: good. I hope I didn’t jinx it for you.

Rich: All righty we’ll find out. But until then, let’s dive into our story of the week, and it is an interesting one. It concerns a company called Hatz AI. I’ll get into the origins of that name in a moment. I want to just set this up a little bit to help people understand why I think this is interesting.

A few months ago, I had an opportunity to interview Jay McBain, a very well known analyst from Canalyst. For my blog channelholic about the opportunity for MSPs right now in artificial intelligence and Jay had a lot of interesting things to say. We’ll link to that article in the show notes. But one of the things he said is, and I’m recurring revenue service for MSPs and AI.

Is probably something like three to five years off. There aren’t going to be a lot of SMBs in particular who are building the large language models, paying somebody to maintain those, there isn’t really some other MRR kind of opportunity in AI. So there’s short term money to be made in AI on project work.

MRR a few years down the road. Hatz AI is a company that just recently announced they’ve raised 2. 5 million dollars of seed funding and they are betting that money on the proposition that there is an MRR opportunity for managed service providers in AI. Today now Hatz. AI, Hatz is spelled H A T Z, that is short for HatzEL, as in Jimmy Hatzel a very well known, respected presence in the channel, most recently of CyberQP, a security vendor he has now with a bunch of other folks, created this new company that is trying to pioneer what they call AI as a service.

Now we’re recording this in January, Erick, in March. Right now, they’re in beta on what we’re going to be talking about here. It starts appearing in March. And in particular, the first two offerings from this company that will show up in a couple of months from now, one of them is what they’re calling an AI chat assistant.

And this is not the conventional kind of AI powered bot that an MSP might use to triage tickets or give end users Self serve capabilities. The idea here is that you using this Hatz AI tool would build an AI chat based assistant. That your customer would use day in and day out as their co pilot, to use the metaphor people like.

So if you work with a lot of attorneys and it might be handy for your attorney to have this customized version of ChatGPT just for them that they can have at the ready all day long to, [00:05:00] query files and do e discovery and hunt down emails that they can’t find and so on. Rather than this person having to either take a risk of data leakage into an open AI language model or learn all sorts of complicated skills, you can build this customized chat based assistant for them.

There’s money to be made building it and installing it and then management and maintenance. Is producing recurring revenue. Other product that it will be there out of the gate is what they’re calling the AI application builder. Now, you and me and a lot of other people, we know a lot of people in the audience have spent a lot of time in the last year working on prompts and figuring out how to perfect prompts, prompt engineering, a lot of the customers MSP is supporting, haven’t been doing that.

And a lot of, in particular, the end users. At at these companies the person who answers the phone the person who works in the maintenance department at an auto dealership they’re not teaching themselves prompt engineering, but they might benefit from something like chat GPT anyway.

So what if there was a, an application builder, a tool you could use to create a form essentially. And an end user goes to the form and they click this and that and they enable that radio button or whatever. And then, based on what they said they need, on the back end, the Hatz AI tool builds the perfect prompt for this person, runs it against chat GPT, then comes back with the answer and can adjust and follow up on that prompt.

So that the the end user really doesn’t need to know anything about AI. They can just use it and take advantage of it. Interestingly enough, so that those things show up in March, at the end of the year Hatz. AI is planning to introduce custom large language models. And this is something that Jay thinks is, not a service a lot of SMBs are going to need near term.

But Hatz. AI is betting that there are going to be enough SMBs out there concerned about security and privacy and issues like that, that they might be interested in having their very own large language model. And this is going to be a tool that’s going to enable MSPs to build and maintain something like that and make MRR there as well.

So just very interesting proposition here. We, we’ve spoken on the podcast before about AI and the revenue opportunity it presents to MSPs. This is an aggressive, accelerated take on managed services built around AI that MSPs can potentially take advantage of. two months from now.

Erick: Wow, Rich. This is a very interesting story and a very kind of a strategic crystal ball reading business strategy for Jimmy Hatzel and his team over at Hatz AI. And I think it’s probably first mover advantage news here that we’re breaking. I wonder how long it’s It’ll take for others to come behind because like you said, rich, we’re, AI is the news.

I’m doing a whole webinar series right now about how to use ai, by MSPs to help lead gen and sales and things like that. And yes, it’s tedious and time consuming to, to write these prompts and test them. I’m testing ’em in three or four different platforms and it’s very challenging in terms of.

Having to train yourself on the technology itself in order to then craft an engineer a prompt and then test the prompt and test the workflows and things like that. So I can see the value and the attractiveness of this strategy on the model that Hatz AI is developing to make it simple for the, AI for the masses, I just coined a great term for them to use, aI for the masses to sit down and say, Hey, here’s a quick little form. We’ll do all the backend stuff for you. We’re investing the time, energy, effort. And expertise to really be that middleware between, like you said, this open AI and what you need. And then, by design making that more secure for you.

So what’s also interesting to me, Rich is not only this opportunity to launch this and MSPs to introduce it to their clients and help them out. But also this other. Aspect of building their own, custom, large language models for different businesses. I’ve got to believe that is, something that is, would be attractive to, more mature, larger organizations.

And because of that, giving MSPs another, pool of prospect opportunities. to get into these larger organizations. You can imagine that’s a very strategic kind of a sale, right? So if we’re having those conversations at that level for [00:10:00] buyers in these large organizations that have budget authority and things like that, the next step is to pull through all of our other managed IT and cybersecurity services and bundle together some larger sales.

I’m just trying to think ahead. As to what these opportunities can actually deliver to MSPs.

Rich: No, that’s a great point. And I know Jimmy would basically say larger businesses and smaller businesses potentially are interested in LLMs, but this becomes a foot in the door. If you’re trying to work your way into larger accounts, this is a great way to initiate that relationship.

One quick note before we move on to your tip of the week, Erick when I was talking with Jimmy about this, he said that he believes. That in time, not like this year, next year and beyond AI will be a bigger opportunity for MSPs than security, which is a pretty bold thing to say. And I said what makes you say that?

And basically the answer was, every end user out there, every SMB out there needs security. Pretty much your total addressable market for AI is every SMB out there as well. The difference being, it’s a harder conversation around security because you’ve got to get them to understand why they need to invest money in something they hope they never need to use.

Whereas the AI conversation is all about saving money and making money and that’s going to be more. Appealing to people, so we’ll watch the, at this point, the Hatz. ai stuff isn’t out in market yet, we’ll see how it goes and like you said, we’ll see if other companies come to market with similar products, but let’s move on to your tip of the week, Erick, as we record this I’m about three weeks away from my first 2024 to a conference, but there are going to be a lot more after that, event season is upon us, and that is what you’re going to be talking about this week.

Erick: Absolutely, Rich. And yes, we, and, Rich, you know that we’ve been compiling our own calendar for Channel Master, the calendar of all the events. In the channel, which we will be publishing on our website soon because it is very comprehensive We’ve used, multiple sources to keep this, to Seed this calendar and to keep it updated.

So we’re actively refining it simply, you know for two reasons really rich right for our own use because we want to be at these events. We want to be at these conferences. We want to be engaging with vendors and MSPs and coming back and reporting on that and seeking opportunities, but also as a way to have a single location where our clients and visitors to our site can identify what’s coming up in 2024.

And so my tip of the week is around, identifying the events and the conferences. That you as an MSP want to attend or send your staff to and how to get the most out of that investment. As we know, Rich, visiting just two or three of these big events can add tens of thousands of dollars.

If you’re sending, different team members to all of these events, certainly, a few thousand dollars per event with TNE and the, the cost of registration and all the other things. And then, to try to find opportunities to grow your business. So number one, what are the events that you absolutely want to attend?

And we’re developing a scorecard ourselves to try to identify these events. Rich, we talked about it today in an earlier meeting with the team. So what are the events that you should attend? What are your criteria for identifying what those are? Number one. What is it that you want to get out of your attendance at these events?

Is it education? Is it training? Are you certifying some of your team? So you might have different requirements that can justify the budget expense in order to send different team members other than yourself or some of your leadership team. Are you looking to engage with the vendors and the sponsors that are at these events?

What is it that you’re looking to do to grow your business in 2024? And how can the event attendance and the engagement and the exposure that you’re looking to it to to benefit from help move that that strategy forward for you, so Are there specific technologies and solutions? We’re talking about AI.

We’re talking about cybersecurity. We’re talking about cloud migrations. We’re talking about all these other services and solutions that force us as MSP business owners to evaluate our existing solution stack rich to say, Hey, is this sufficient? Is this best of breed? Is this what I want to be delivering to 2024 and beyond?

Or. Have we had some of these solutions or these relationships for more than several years, and they’re getting dated. Can we consolidate some of our sprawl, right? [00:15:00] If we’re getting solutions for that, that all fit into kind of the same category, but they’re coming from different vendors.

Can we reduce that vendor sprawl and that platform sprawl and gain efficiencies with our teams and deliver better support for our clients? And then finally, how do we prepare for that event? Once we’ve identified what events we want to go to Rich, what we want to achieve, let’s take a look and some of this criteria is what does the agenda look like?

What sessions do I need to attend? How many sponsors are there? When are the, when is the vendor showcase open? And who do I want to meet with? Is it other peers? Is it vendor sponsors? Is it media? Who’s going to be there? And then I’m going to download the app rich. Once I see the agenda, I’m going to say, yep, this looks good.

I want to make sure that I attend these events. I’m going to add it to my calendar. And then I’m going to start looking at who’s attending. We’ve got to do work during the day while we’re there, of course, it’s fun because there’s lots of events at night and evening events and in the mornings before things start but really, we want to make sure that we get the R O I that we’re expecting for the budget that we’re investing.

And once we get all that stuff done, rich, and we come back, we want to evaluate the ROI from that event. And I don’t mean immediately, right? We want to execute on the things that. That we were there to achieve. We’re going to follow up with all the folks that we met with. We’re going to make decisions for the business, but let’s just look back a quarter ago and say, okay, which events did we get the most ROI from and what did we learn to apply to the next series of events, the valuation criteria, the budget justification, and hone that experience and expertise.

And that is the way that I would recommend everyone. Look at where we’re going to spend our money for these conferences and events what we’re going to what we expect to get out of it And then evaluate the return on that investment.

Rich: Yeah, we both know a lot of people and in many cases, the same people who attend a fair amount of events over the course of the year, we see them at those events and they will all say two things that you just talked about there.

And one is they go into the event with a plan, so they know why they’re going to the event. I want to learn about this product. I want to meet three vendors on the expo hall that are, in this market. They have a set of objectives going in and a plan for meeting those objectives.

And then when they get back to their desk after the event, rather than just think to themselves, that, that was great, they act on what they learned, they follow up with who they met, and that’s how they really get value out of the information that they came home from that event with. The only thing I’ll add to your list, and this this is so classic to folks like ourselves who go to a lot of events is absolutely like you said, look at the agenda, download the app, flag the sessions that look like they’re going to be most valuable to you and best aligned with your goals and objectives, but leave yourself some time for those fabled hallway conversations, Erick.

Leave yourself a little bit of time to wander around a little bit. Push yourself if you are a shy and introverted person to strike up conversations maybe with folks you don’t know. I don’t know how many times I’ve spoken to MSPs who, learned about some amazing new business opportunity, met the person who acquired their business or whose business they acquired.

You would be surprised what you can accomplish serendipitously. At an event, if you’re open to that. So give yourself a little unstructured time to meet and mingle and talk with folks at the show. Yeah.

Erick: Thanks for adding that tip, Rich. Sometimes those hallway conversations are the most value that can be gleaned for some of these events.

I know that’s happened to me when I had my MSP practice, it was just. Just meeting, having, having meals with or chatting with peers that have already solved the challenge that I was struggling with at the time, or made a connection in an introduction or, greased the wheels of conversations with, the folks that you might be chasing and haven’t had.

Response from yet. So yeah, very valuable. All

Rich: With that folks, we’re going to take a break when we’re back on the other side, we’re going to be speaking with scott barlow He is the vice president of global msp at sophos and he’s going to talk to us about the security market, the security landscape.

We’re going to get into some interesting details about how to package, price, sell security services. So stick around. We’re going to be back with that in just a moment.

All right. And welcome back ladies and gentlemen to part two of this episode of the MSP chat podcast, our spotlight interview segment. This week, we are very excited to be joined by Scott Barlow, [00:20:00] VP of Global MSP at Sophos. He’s going to be talking to us a little bit about Sophos, but a lot about the security market for managed service providers right now.

Scott, welcome to the show.

Scott: Rich, thanks for having me. I’m happy to be here. And I don’t think it’s too late to say happy new year. So happy new year to you and Erick. Thank you. Yes. Happy New

Rich: Year to you too. Scott I said, you’re your VP of global MSP at Sophos, but just tell folks a little bit about you and a little bit about that role.

Scott: Yeah. So I started in the MSP space probably 20 years ago or so through a I started at a company called Reflection and Reflection did email archiving, email encryption, email security. We grew that company and in 2015, in June, almost nine years Sophos purchased the company and I took over the global MSP program.

So started a new MSP program, built it from the ground up launched it in April of 2016. And yeah, here we are. I can’t believe it’s 2024, but. Yeah, seven or eight and a half years later and thriving. That is

Rich: amazing. I remember covering the writing about the reflection purchase and the launch of your MSP program and all this stuff.

And yeah, it’s been it’s been quite a run. Scott, obviously pretty much something close to a hundred percent of our listeners are familiar with Sophos. And yet the cyber security market is, it’s a crowded one. It seems to be getting more crowded literally every week. When you’re talking to MSPs about what it is that’s unique, differentiated, special about Sophos, what do you emphasize these

Scott: days?

Yeah, there’s a lot of unique capabilities that Sophos brings to the table. When we built the MSP program, we really wanted to focus on Helping MSPs increase their revenue, lower their costs, and improve their operational efficiency. And so from a program standpoint, I feel like MSPs can join the MSP partner program, which we call Sophos MSP Connect Flex.

And they then have access to what we call Sophos Central, which is the management dashboard for all of the products and services that we have. And I think Sophos is in a really unique position, offering, not just the endpoint security and MDR and XDR. We also offer the firewall side. So the network security as well as cloud security.

But when MSPs, Join in, they can look at the whole menu of offerings, which goes way beyond those three categories to mobile security, email security server protection, and they look at it and say, Hey, I, my customer is asking for mobile security. I don’t have a mobile security vendor.

Let me go and take a look and get an NFR for Sophos. using myself, see how it works and then deploy it to my customer. So we can really expand the MSPs menu of offerings. But the other, from a technical capability perspective, I love the MDR solution. MDR is managed detection and response.

And so with MDR complete, we actually can offer the MSP full 24 by 7 active threat hunting. It also comes with full incident response. And I think that’s something where a lot of MSPs they’re, they don’t pay attention to that. A lot of the MDR providers will say, Hey, there’s a threat or there’s a ransomware on this machine.

Go contact your incident response provider to go and do the remediation. We build that into our MDR complete solution. And we also offer a breach warranty protection, which will pay a thousand dollars per machine up to a million dollars. If anything ever does happen. So we put our, really our money where our mouths are.

And then one other just really unique capability that I personally absolutely love is something that we call synchronized security. Synchronized security is if you as an MSP have the firewall and the endpoint deployed at a customer, we have a heartbeat between the two. So if anything does happen to a particular endpoint, the firewall can recognize that and isolate that endpoint.

To prevent any lateral propagation of a threat within a network. So there’s a lot of really unique capabilities like that, but really just given the MSP, the ability to reduce their vendor sprawl from 6, 7, 8, 10 different security vendors down to one, I think is really one of the most, advantageous components to the Sophos MSP

Erick: Connect program.

Yeah, I think that shows the vision and the understanding that Sophos brings to today’s environment, right? Scott, the business environment is Holy cow, we’ve never seen this amount of [00:25:00] risk as and as an MSP as a former MSP myself, my goodness it’s daunting to try to address what the current market conditions are and what we expect to happen until 2024 and beyond as these cyber criminals and these cyber terrorists get more more mature in terms of their attack strategy.

They’re leveraging AI now, which, I’m getting the same phishing emails that everybody else is getting. And, they’re much different from the, I’ve got a relative in, a third world country that needs to get money out of the bank, kind of an email where you could immediately say, Oh my goodness, this is horrible.

They’re getting really good at what they’re doing. So what, what are you talking to your MSP partners about in terms of kind of forecasting the market conditions and the threat landscape as it continues to increase? How do you, what kind of conversations are you having with your partners?

Scott: Yeah. We always start, almost every presentation. With a quote from I think it’s from Gardner that states that cybersecurity is so complex, so difficult, and it moves so fast. That most organizations simply can’t manage it effectively on their own. And I think when you look at the cyber security challenge and the threat landscape that’s out there today there’s really three main challenges that MSPs and really businesses overall have.

The first is that the threats are so complex and sophisticated that, it’s very hard to keep up with the advancements of these threats. The second is the tools that are out there are so complicated to manage and configure and deploy. And then the third is the, the talent pool, right?

You look at CompTIA stats talking about, how low the unemployment rate is in IT. And then if you create a subset of that from security it’s almost down to zero. And so MSPs really have this challenge that You know, how do you do this on your own? Or can you do it on your own?

If you cannot do it on your own and you want to outsource that, make sure that the vendor that you’re working with have the capabilities and the compatibilities with all of your needs. Do you need incident response? Do you need to ingest third party telemetry? So you might be using one vendor for email and another vendor for firewall and a different vendor for MDR.

Does that MDR provider ingest the telemetry from email and from firewall into their data lake? So that they can normalize all of the threats and the signals to see if there are any indicators of compromise and then go and take immediate action. And I think with the advent of AI, it is very complicated.

Humans in general are able to quickly identify misspellings and grammatical errors. But when you look at AI on the phishing attacks, they do get much more complicated, but also more persistent as well. You might have a, a threat actor pinging, an RDP port on your firewall to see when it opens so that you can, you’re trying to do something and you allow a configuration or, remote monitoring and management, they can be persistent now and monitor that ongoing and leverage AI to be more intelligent so that they can pinpoint a specific customer or even an MSP themselves to launch an attack.

I also think ransomware, it’s still, top of mind across the board. When you look at, what the threats are out there. But we did a study, and that study, we it was a state of ransomware in last year, 2023. And it was amazing to me that there was some statistics. And the quote that really resonated was, adversaries are not breaking in, they’re logging in.

And this study showed that a lot of the ransomware attacks that were out there, 39 percent were from exploited vulnerabilities. So fundamentally, MSPs hatch your systems. 29 percent were from compromised credentials, used two factor authentication, and 18 percent were from malicious email. So MSPs obviously need to implement a very effective email security offering.

When you look at the brute force attack, that was only 3%. So get back to fundamentals and then implement advanced security, like an MDR solution.

Erick: Yeah. Appreciate that perspective, Scott. I have maybe two quick questions follow up. So one is. Do you see, so you mentioned this [00:30:00] gap, right? We know that there’s the technology skills gap.

We know that when we’re talking about, folks to, to lead the charge from a cybersecurity perspective, there’s a huge deficit, for those positions. Are you seeing, the first question is, are you seeing partners thinking about or actually shifting their focus from being the.

All you can eat, MSP to, Hey, we’re going to go all in on cybersecurity and focus on that because it’s because of this opportunity, number one, and because we then can shift our role and responsibility from having to manage all of this hardware and truck rolls and things like that, and really become good at delivering this type of services, increasing our.

Our profit margins are efficiencies. All the things that you’ve talked about a minute ago.

Scott: Yeah, it’s a great question. I’m smirking a little bit because we talk about this nonstop. We talk about how to sell cybersecurity as a service, right? We provide this training in our partner portal and what we see a lot of MSP striving for some achieving it.

And those that achieve it will definitely increase their EBITDA margins and their, valuation overall of their organization. But, you have the base managed services agreement and used to put a V checkbox in there to, simply check a checkbox. And nowadays that is not enough. We’ve seen MSPs over the years using free tools, a free V product and get hit by ransomware and then make a decision to upgrade.

It depends on the customer. Do you respond better to pain or gain if you’re patient? Pain, something bad needs to happen for you to make a decision. But what we see is a lot, there’s two trades of thought here. One is to keep maintain that base MSP agreement and then remove that checkbox and then add a advanced or a standard security offering.

I don’t like to, one is, is one less secure than the advanced. And, you get into some of those. Questions with the customer, but adding that security package above and we see MSPs doubling their MRR from a customer. 200, 300, 400 per user per month. Obviously, it depends on location, on vertical.

But I think that’s the first train of thought. The second is, how do integrating everything, right? Leave that AV checkbox in, but change it to MDR. Implement, secure switches, wireless access points, firewalls, mobile security. If you have anything in the public cloud, AWS, Azure, GCP, You need a solution to make sure that your workloads in the public cloud are also secure, whether it’s, securing the actual EC two instance or the S three bucket or whatever, or securing the, a whole bunch of those behind a, virtual firewall and then looking at the topology of what your public cloud environment looks like.

There’s a lot of organizations, there’s a couple of things. A lot of organizations don’t know what they have in the public cloud. Similarly to a lot of organizations don’t know that there’s a decommissioned server that is still online that isn’t secured and that is the perfect entry point for a hacker to get into your organization.

I think when you implement, the bundle one single package, this is what you’re going to get. And if you don’t like it, then you’re not a good customer for me. That is probably the best solution. But I understand the need for a base package with a security addition or an addendum on top of it.

Erick: Boy, so many excellent nuggets that you just shared there, Scott. And I’ll agree firmly about developing bundles of services. And, my approach is always like good, better, best. But your minimum requirement that you require every client to subscribe to, excuse me, has to at least.

Align with whatever their cyber liability insurance policies, minimum requirements are, right? So we can have that conversation for days, right? So yes there’s definitely a strong encouragement to say to partners, go through your client list, A, B, A and B clients, and then C customers and, have that difficult conversation with them that says, By this date, you need to pick a side, don’t ask permission first.

And my approach is like, ask forgiveness later because the risk is simply too great, not only to that end customer, but to the upstream MSP and by, Association, all of our other clients, when that one customer gets breached, that hasn’t subscribed to these enhanced cybersecurity bundles, even the minimum one.

The MSP we’re good people, right? We try to save them. And if that means that we’re not delivering service to our other clients, what does that say about our business model and our strategy? And then who’s going to pay for [00:35:00] that remediation at the end of the day? If that customer can’t get a claim approved with their insurance carrier, because they haven’t been doing these things that they were supposed to be doing, it’s just a very difficult situation, right?


Scott: that, just a couple of points on that. We we actually partnered with three different insurance providers so that if you’re using our MDR complete, you get significant discounts. There are some other requirements, obviously two factor authentication and so forth, but there’s some significant discounts.

We don’t sell insurance. Obviously, neither will the MSP, but you can offer this to your customer at a discounted rate when you’re fully deployed. I think when you look at a lot of the a lot of the insurance requirements, you also need logging, right? And so the basic or traditional, AV or endpoint security isn’t going to be enough.

You need to implement XDR or even EDR, XDR we offer XDR so that you’ll have the full logging to ensure that if anything does happen, what was the configuration at that point? Point in time. And so there’s a lot that goes around that. But several good points. And honestly, if you’re using an MDR vendor and they don’t offer incident response, it’s an hourly charge.

And I’ll tell you, it’s not 10 hours. It’s going to be, a lot more than 10 hours. We’ve been, we’ve helped so many customers. We have a rapid response service as well. So if you are in the middle of a breach you can actually pick up the phone and call us and we can help you.

It’s a service that that we offer to customers, partners, MSPs. And it takes time and it is a flat rate, but it is something that we can offer when you’re, it’s almost like a break glass type solution, but we can help get in there, eliminate the threat or isolate the threat, neutralize it, and then, provide.

The ability to clean up. And that is something else that, a lot of people don’t understand. They’re the first thing you do look at the the breach with that big company in Vegas. The first thing they did was they created a back door. So when they stopped the, the hole in the network.

They’re like, they’re still in here. How are they still in here? Obviously, the first thing you’re going to do is create a backdoor. Similarly, when, you get in, the first thing you’re going to do is shut off shadow copy on the machine so that you can’t roll it back if a ransomware attack occurs.

So the vendors that use shadow copy, it’s a little bit more risky. We have our own proprietary, but we take a snapshot and then we can actually roll that back. We call it crypto.

Erick: Yeah. Just to follow up on that. And this is a great conversation. We’re going deep today, everybody. So yes. And I think, adding those types of additional services, the rapid response and things like that.

These are things that we, when we’re looking at bundles, good, better, best, we’re trying to develop those. So these are things that. And then I think the most important thing to make sure that you know is that your services can be layered into higher value packages of services that your clients that are at the highest risk factor.

It may be suitable to introduce them to. But let me rewind a little bit, Scott. Before I forget. I had that second question that I wanted to of you. Excuse me. And it’s this. So what are you seeing in terms of MSP partners having better success today. And this is post pandemic adjacent or related question.

In selling more co managed I. T. service opportunities into organizations where they have previously been stonewalled because traditionally, MSPs. are seen as threats to an internal IT organization or an IT leader or an IT resource. Has the pandemic and the need for these organizations to reach out for external support to support the move to hybrid workforce, enhanced security, cloud migration.

Have you seen that move the needle for your partners in terms of winning more of those co managed IT opportunities?

Scott: Yeah, absolutely. I think that when you look at co managed I. T. The I. T. Department in a larger, larger S. M. B. Mid market, even an enterprise organization. They need to focus on, keeping the infrastructure up, helping the business actually grow their own revenues and, obviously, securing the environment.

We see a lot of, MSPs working with these larger organizations to do the configuration, the deployment, making sure, ’cause you have the RMM component, making sure that all of the, the holes are patched, but the configuration hasn’t changed. That the, if there is a machine that’s out there that doesn’t have protection or security, that they can quickly get that deployed to their customers.

There’s a lot of discussion around that. Very close friend, Bob Coppedge. He’s written several books on this. And, [00:40:00] one thing that stuck out to me is, when you’re prospecting for some of these co managed I. T. Look on linked in, right? Find a local business that has a job opening for an I.

T. Rep in your city or in your state. And now you can pick up the phone and call and it’s not a threat because you’re contacting the C. D. O. You’re contacting, somebody higher up as opposed to contacting an I. T. Manager. And in his book it’s how do you make that I T manager more efficient at doing their job as opposed to, introducing risk for that employment, right?

I think that’s, the key and it’s worked really well. We see a lot of MSPs, getting into that, especially with, the specialization. If you want to migrate a workload to the public cloud, there are MSPs and CSPs out there that will, focus 100 percent of their efforts on that.

And then how do you secure that? That’s where the CSP becomes more of an MSP. So yes, I, we see that day in and day out. I think it’s a great opportunity.

Rich: Scott, we’ve touched on it a few times, but I want to talk a little bit about MDR. Because it’s a topic that I’ve written about recently in my blog, Channelholic, it is one, I, you guys have been doing it for a number of years now.

It is, I believe your fastest growing, one of your fastest growing services. It is one of the fastest growing segments in the entire cybersecurity market and landscape. We’ve seen and even talked on the podcast in recent weeks about companies like WatchGuard getting into MDR and SonicWall just bought solutions granted to get into MDR.

You, you touched on, I think, on some of the reasons for this, but what do you think is driving this sudden, rapid adoption and growth of MDR, in particular, among MSPs?

Scott: Yeah, I think the that’s really driven by, the three things that I mentioned earlier, the complexity of the, threat environment, the complexity of the tools that are out there and then the shortage of I.

T. and even security talent. When we launched MDR several years ago and it’s taken, it’s morphed over the years to, really be really get more advanced. Obviously, we’re using artificial intelligence to help, hone in on what signals we need to pay attention to.

But I think when you look at, Sophos MDR really changes the way that MDR is delivered by removing a lot of those technological barriers that have historically You know, limited what managed service providers can actually do or can handle. And, adjusting the third party telemetry from, I think we offer probably 65 to 70 different vendor integrations these days.

It provides a more holistic view of what’s happening within an environment. And, when we look at it there’s two ways that MDR is actually the first is you can use the customer’s existing technology and then, look at the third party integrations and then you can also deliver services with only your own, proprietary EDR technology and we do both so we can ingest the signals from, Microsoft Defender.

We have an MDR for Defender offering. We can look at our own. We can look at third party solutions that are out there. And, we are the first to actually deliver both. We have, I think, over 18, 000 customers on the system. And it is, a 24 by 7 active threat hunting service. And when we do these studies, it’s, some of the data is just absolutely fascinating.

And I think we all know it, but, when you have an attack, it’s not going to happen at noon on a Wednesday or whatever time it is, 3. 30 on a Thursday. It’s going to happen in the most inconvenient time. So I think as a lot of these MSPs are forced to scale their business to, increase their profit margins.

And looking to acquire new customers, they need to work with this third party, MDR provider. And I think we used to call it, soc and it’s morphed quite a bit into, MDR, where MSPs they wanna sleep at night, it’s a stressful job. And having somebody, watch, follow the sun 24 by seven with the technical expertise to jump in.

And immediately, remediate a threat that’s out there. I think that is incredibly important, and it’s actually, table stakes at this stage. And we had an MSP, and I believe they were in Arizona. And when we launched MDR, he looked at his customer base, and he goes, I need this immediately. So he created this MDR opt out campaign, integrated it into his PSA tool.

And it basically said in the email that, the threats are complex, it went through a lot of the details with some statistics and, the email basically had a [00:45:00] link that said, I want to talk about it or I accept and 93 percent of his customers that I accept, which automatically went into his RMM platform, open the ticket for the tech to go and upgrade the service the 7 percent that said, I want to talk about this.

He had a fantastic conversation with them and the conversation was really around, are you security conscious, do you, this is why we’re implementing this, we need to protect our own business as well as your business and I think all but one customer ended up upgrading without any issue and, he moved on from the other customer.

So the importance of, response. I think first you got to protect, and we provide, unbelievable protection. I think it’s 99. 98 percent of the threats are immediately blocked before they, by Sophos before they, get into the environment and then the remediation time, it takes about 38 minutes, a minute to detect.

Maybe 25 minutes to investigate and then 12 minutes to actually do the remediation So 38 minutes in total if anything does happen, you know from protection to detection to remediation And time is of the essence and we operated three different modes, which I think you know msp’s absolutely love We can notify the MSP that there’s a problem.

That’s the way a lot of the MSP MDR vendors operate. We can collaborate with the MSP, meaning we’ll alert the MSP, contact them, and then work on the issue together. That’s where most MSPs start and then authorize and authorize. Once the MSP feels comfortable in collaborate mode, they can authorize us to go and take immediate action.

So we can go and respond in, 20 seconds or two minutes. When if we needed to collaborate, it could be 10 minutes or it could be longer, depending on the MSPs availability. But MDR is becoming table stakes across the board for MSPs and even for SMB and mid market customers. To protect their infrastructure and their business 24 by seven, given the sophistication of the threats that are out there today.

Rich: Precisely because MDR has become table stakes, that’s why all these vendors are getting into the market. And suddenly the MDR in particular, forget about, security in general, what MDR in particular is getting to be a crowded market. You were talking a little bit about the incident availability of incident response assistance from Sophos the volume of integrations with third party solutions you guys can provide.

Give some folks in the audience advice as they are evaluating and comparing all of these different MDR options they suddenly have. What are the things, the most important things to look at, the questions to ask before making a commitment?

Scott: Yeah. So I think the first is going to be, from a compatibility standpoint, is it compatible, with the business?

Do you, does the MDR vendor offer incident response or is that, what do you have to go out and hire a third party incident response organization? The second is, does it integrate with the other vendors that exist within your ecosystem, within your customer’s environment? You could be using my cast for email, what a net for firewall and so forth for endpoint.

We will ingest all of that telemetry. That’s going to give a more holistic viewpoint. And, there was a great example. I can’t remember the email vendor. It was, but It was an open relay. So we were able to quickly identify based on the telemetry that we had coming in that there was an open relay and we immediately were able to take action and block that outbound email from being sent.

Obviously, we all know that when you have an open relay, the IPs get blacklisted and it’s a massive disruption for days, if not weeks after that open relay. I would also look at insurance or warranty. You want to make sure that everything is configured properly. Everything is deployed across your entire environment.

And once that happens, do you have that ability to lean on the vendor if anything does happen is that’s the warranty component of it where, the vendor should stand behind their tools and products. So we put our miles, our money, where our miles are and. We’ll offer a thousand per machine up to a million dollars.

And also behind the scenes, the response capabilities. I had an MSP, I think it was maybe six months ago. He was actually in the process. of deploying Sophos to, I think it was a 600, 700 user organization. And the ransomware attack hit while he was doing the deployment. We, our team jumped in.

They were able to identify the extraction of data. So it was a dual threat. The extraction of data to a third party server in the Netherlands. We were able to stop that, [00:50:00] delete all of the data off of that server and then block the threat before the ransomware encryption. So you look at those types of scenarios.

Can your vendor do that? Do they provide that full jumping in the remediation, the cleanup? And do they provide incident response? Incident response is super important. And it’s also super, super expensive. So if it should be included within your MDR vendors

Erick: solution. Hey, Scott when I’m working with MSPs, the thing that I find, I’d like to get your thought on this is the MSPs that are, moving slower than we would like to get their customers to subscribe to these enhanced cybersecurity services for their own protection.

I find that they, I feel that they just haven’t found a way that they are comfortable in having that conversation with them. And, I I poll audiences all the time. And I say, Hey, how many of you are selling cybersecurity today or are looking to start selling cybersecurity to your clients?

We get all the responses and my immediate, I say it’s like a trick question. I say we need to stop selling cybersecurity, right? It’s not a sale at this point, it’s more of a, we need to have a conversation together, Kumbaya and talk about this. This is going to take all of us working together to address these threats.

So I don’t want it to come off as a sales pitch or something like that. I want to sit down and be very strategic. with a client and say, listen, this is what the situation is. This is, these are the real threats and learn how to overcome those, knee jerk, real simple objections like, Hey, nobody wants my data.

I’m too small, that kind of stuff. But I think part of the challenges for these MSPs is the data that’s being that they’re finding. About the threat is built from such a large data set of all the threats that have happened in the technology industry. And so when they, when you see a stat that says, Oh, the average cost of a ransomware attack is a million dollars, right?

There’s no way for that MSP to build any sort of connection. With a client that, that, they’re companies and worth a million dollars a year. So what are your thoughts on, what I just shared about having that conversation, positioning it in a different way?

Like we’re in this together. It involves not just you, it involves me, it involves our vendors, it involves our entire ecosystem. We’re all in this together and we have to move forward. Then how do we address this? Where do we get statistics that are more I think influential? To a small or medium business, which we know 80 percent of MSPs in North AmEricka are dealing with these SMBs.

Scott: Yeah, we have a, we, in that study that we did, the state of ransomware there’s a ton of information. There’s a lot of technical detail too. And I think when you look at the, for instance, the dwell time, how long is a threat actor in an environment before they actually execute? And it’s shrinking and it’s shrinking fast.

And, we ask ourselves why it could be due to AI, being able to outline what the environment looks like, what the topology of their infrastructure looks like, so they know what to attack. It could also be because the tools are getting a little bit better. And so we’re able to detect that there’s a threat, faster than we were previously.

I always like to advise MSPs. If you look at the pricing for. An MDR service, the price to the MSP, you’re talking dollars. And, the MSP obviously needs to maintain a certain profit margin, but if you’re talking dollars. Every year, the MSP should reevaluate pricing, have a clause to increase pricing 10, 20 percent or used to talk about that 15 years ago.

And, look at where their prices compared to the other. There’s a lot of groups as well, on Facebook on LinkedIn on, every social media platform that’s out there, some are good, some are bad, but look at some of the groups and figure out what others are doing from a pricing perspective.

If you’re concerned about how to position and price leverage your vendors. We talk about this day in and day out. And if I created this slide and it said, if you had a 25 user organization, I put the pricing for MDR for the endpoints for the servers. I put in cloud, a couple of switches, wireless access points, firewall, mobile, like I put in the entire stack and that entire stack when you normalize that on a monthly per user per month basis, it’s 15 or 17 per user per month for the entire stack, right?

You take a firewall, [00:55:00] 600 over three years, plus 10 a month, normalize that. Down to what the, per user per month fee is, and if it’s 15 and 17, even if it’s 20, you can increase that by 10 X and sell that 200 package, increase it by 100 or by five X. Right now you’re selling 100 security bundle for advanced security protection to your customers.

And I think MSPs themselves understand the need. I hope that MSPs understand the need. And I think a lot of them are thinking more gradios that they can. I’m going to transition my business from an MSP to an MSSP. There’s no need, an MSSP aggregates a bunch of disparate technologies together to go and deliver, sock services or threat response to a customer, be an MSP, leverage your vendors.

And, let’s assume that the MSP understands the need for this more advanced security and MDR. It’s the challenge of the customer and convincing the customer. And as I said before, is the customer responding better to pain or gain? If it’s pain, there’s a ton of websites that are out there that you can reference that says, every breach that has happened, that has been reported and you can go find a local 25, 50, 10 user organization in your city or your state that you can bring to your customer and say, I don’t want this to happen to you.

Therefore, I’m going to put a plan together and I’m going to implement this plan for you. The MSP, they are responsible for the configuration and the deployment of the agent. And, we’ll do a health check with the MSP to make sure everything is correct. And then the MSP just maintains the RMM and the base managed services package.

And then they have full access to the team if there’s a problem. If there’s something suspicious, pick up the phone. Call us, we’ll walk through it with you. We’ll do a screen share and we’ll figure it out. So when you break this down at the fundamental level, obviously make sure that you’re patching your vulnerabilities, you’re using two factor authentication, you have advanced email security and, cloud, cloud protection and firewall, obviously, and then look at that security package and figure out how to take that and integrate that into your, managed services offering we train MSPs.

I do this once a month or maybe twice a month now on how to sell cybersecurity as a service. I get down to the dollars and try to teach MSPs don’t create these bundles, but you could, you can create a fit anti phishing bundle where you have email phishing simulation maybe MDR, maybe not. But create that package and don’t list.

Erick, we talked about this. 15 years ago where don’t list the price. It’s not a menu of offerings that I don’t need this. I’m going to cross this line out and save this dollar value. No, it’s a hundred dollars, 200, 300, 400 per user per month. But this bundle, this is what my offering is. Take it or leave it.


Rich: interesting conversation. Scott, we thank you very much for joining us. If we had just a little bit more time, I would get a hot take Belichick stepping down. We’re recording the show weeks. Before you’re hearing it folks, that news is very fresh actually at this particular hour, but no time for that.

We’ll just have to take that offline. Scott, for folks who want to reach out to you, get in touch with you, learn more about Sophos MDR where would you point?

Scott: Yeah. Anybody is feel free to reach out to me directly. Scott. barlow at sophos. com. And if you’re interested in the MSP program, just simply sophos.

com forward slash MSP. And Rich, I will say this. If you watch that 10 minute interview, it was professional and I thought it was phenomenal how they both handled it. And that’s something that I think a lot of us can can learn from.

Rich: All right. Very good. Very, you know what? I haven’t actually seen that interview, but I’m going to go watch it now.

I’m very curious to to learn more about it. Scott, thank you again. As I said, interesting stuff, folks, we’re going to take a break right now when we come back on the other side, Erick and I are going to talk a little bit more about the conversation we just had. Maybe have a little fun, wrap things up for you.

Stick around, we’re gonna be right back.

Alright, and welcome back to the final segment of our current episode of the MSP Chat Podcast. Erick, so many different things I could follow up on there. There was, there were a lot of like you said, nuggets in in that conversation. That I we could talk about right now, but one that kind of jumped out at me is because very early on when Scott was speaking, he was talking about AI and the threat that that AI poses and it reminded me of a conversation I had almost a year ago now with a security researcher from Sophos, who at the time was telling me he wasn’t that [01:00:00] worried about AI as a security threat.

He was excited about how it could make the good guys More effective, but he said, generative AI. It’s basically mashing up and regurgitating stuff that’s already out there. And we know how to deal with that. So it can’t be too much worse than what we’ve been dealing with already. But in fact, in the year since then, we’ve seen that it can be.

And Scott was talking about that. So AI is absolutely a tool for MSPs and security vendors and security researchers to identify and diagnose and remediate security threats more quickly and effectively. But it is something that we’re seeing attackers weaponize with increasing effectiveness too.

Erick: Yeah, it’s isn’t it funny how We don’t know, the effect of something that enters, especially from a technology perspective. We think of the benefits first as human beings Oh, this is going to be great. It’s going to make it easier for us to do these things and all that.

But then, later is when we figure out, Oh here’s a risk, here’s a risk, here’s a risk. I think the big the FUD. That we’ve been hearing a lot since the inception of AI, at least from where I’m sitting, rich has been, the, it’s going to replace all of us humans.

It’s the beginning of Skynet and all this other stuff. You and I have covered this on the show before it’s one of those scenarios where we need to take advantage of this opportunity. Our opening story today with Hatz AI, this is an opportunity that we now need to take advantage of the folks I think that are going to, be at the most risk because of the advent of AI or the folks that, don’t retool.

And learn to use it and learn to take advantage of the opportunities that it presents. All of our vendors are using it. They’re integrating into the platforms that, the technology industry is using. Even SMB businesses are using platforms that, MSPs or IT providers may not even be managing for them.

There might be, they might be using these things, just signing up online and having AI built into those. Platforms and systems. So the opportunity to help with that through solutions like Hatz AI and to guard against cyber security threats that are generated through AI through, vendors like Sophos are here.

These are the things that we should be looking at to take advantage of. And one of the things that, Scott touched on and, that was a great conversation. Hey we could go days into unpacking all, all these different items that we talked about as Scott was bringing up.

But one thing that I want to just double down on was, the necessity for MSPs rich to demonstrate that they are maintaining compliance against a. clients cyber liability insurance policy. And I don’t mean regulatory compliance. Obviously MSPs have clients that are regulated, right? And a financial vertical or a healthcare vertical or retail vertical, things like that.

But there’s also the folks that are unregulated Oh we don’t, not yet anyway. We’ll have this conversation again in two years and see what happens. I’m talking about compliance against that cyber liability insurance policy, and then if there is a regulatory compliance requirement in there, that is obviously something that the MSPs, if they choose to work with these clients, need to have a solution for as well.

But at the end of the day, it’s the reporting that we deliver on a regular basis. And I like to say monthly, that says, Oh, yes we’ve, here’s your two factor authentication. Report. Here’s, the password management stuff. Everything that we do and logging and reporting to say we can demonstrate compliance against all of these five or seven or eight things that are in that policy, just so that if something bad does occur and that customer needs to file a claim against the policy, they’ll have a much higher a potential for getting that approved without any pushback.

Rich: Yeah, absolutely. Cyber insurance obviously has been a giant pain in the behind for MSPs and their clients, but it’s also had the beneficial effect of driving a lot of productive conversations with SMBs. About security solutions that they’ve maybe been reluctant to put in place and now precisely because you’ve got to have the coverage and you’ve got to be compliant with requirements associated with that coverage.

And because of that compliance requirement, we’re seeing more and more SMBs put in place the security measures they should have had in place before. So there is a silver lining to the cyber insurance story. Folks, that leaves us with time for just one last thing this week. It comes to us from the UK and Here he is to save the day, Erick.

It’s not Mighty Mouse, it’s Tidy Mouse. This story concerns a retired postman from the UK named Rodney Holbrook. He’s got a shed out back behind his house. He goes out there and putters around and [01:05:00] typically leaves corks, nuts, bolts, bits and pieces of stuff lying around on the table in there.

Goes off back to his home to eat dinner and go to sleep. He comes back in the morning. And all that stuff for a while there was suddenly magically back in the bin it should have been when he left before and he had no idea why this was happening, how it was happening, and eventually he was so curious that he put a a light sensitive camera in the shed overnight and left it there in the dark to see what was going on and it turned out that it was a mouse.

There’s a mouse in his shed that every night has been taking these nuts and bolts and corks and other items and helpfully putting them back into the bin that they came from. There, there are a number of different theories about why this might be happening, ranging from some people thinking, Just judging by what you’re seeing on the video, the mouse might actually enjoy this exercise.

There is also a thought that this might be related in one way or another to the mouse looking for environments in which to hide nuts. And so maybe if I fill this bin up with corks here, that’s something I can use later on for other purposes. But either way, talk about a symbiotic relationship. Everybody wins.

In the Tidy Mouse story,

Erick: Erick. Yes, I’d love to stay abreast of what happens here. That’s just a very industrious little helper that I, I would love to have, a little mouse that cleaned up after me, after a long day, that would be fantastic, wouldn’t it?

And I love that moniker, Tidymouse.

Scott: All right, folks, that is

Rich: all the time we’ve got for you this week. Thank you so much for joining us. We’re going to be back again next week with another episode for you. Until then, If you are listening to the audio version of this podcast, but you’d be interested in checking us out on YouTube.

We are there as well. Look for the MSP chat show listing on YouTube. If you’re watching the YouTube, but you want to listen to us in audio, wherever it is pretty much that you get podcasts, you’re going to find us there too. And wherever it is, you find us, please subscribe, rate, review, make sure other folks know.

You’re enjoying the show so they can find it a little bit more easily too. I’ve mentioned my blog earlier on in the show, Channelholic. If you’re curious to check that out, that is available at channelholic. news. This show is produced by the great Russ Johns. If you are curious to learn more about him you can at russjohns.

com. And by the way, Russ is part of Team Channel Mastered. He can produce podcasts for you. If you want to learn more about Channel Mastered, the place to go. Is www dot channel mastered. com. That is one word. So again, we thank you for joining us. We’re going to see you in a week on the next episode of MSP chat until then, please remember you can’t spell channel folks without M S P.