I'm in the process of selecting a new Managed Service Provider (MSP) and have run into a snag. The vendors I'm considering insist that they can't support me using a third-party Endpoint Detection and Response (EDR) solution outside of their own. They're concerned about issues related to cyber insurance and the unfamiliarity with the EDR I'm interested in. I was hoping to lower their pricing by opting out of their EDR in favor of one I prefer. Has anyone experienced this before and what are your thoughts?
5 Answers
It's not just that they don’t want to support it; if their insurance policy links directly to protecting your systems, they might need to know what they're dealing with. If they veto your EDR choice, it could be less about wanting to control your options and more about liability and risk management. I did take ownership of my EDR from an MSP before, and it turned into a headache. You should figure out what's more important to you: control or effective protection.
It's understandable you see it as a small request, but it’s quite significant for them. They rely on unified management for efficiency. Having to train staff on different software products, manage additional licenses, and troubleshoot countless issues is costly and time-consuming. They might not want to take on the responsibility of managing an EDR they're unfamiliar with, particularly if it's a lesser-known brand.
As a former MSP employee, I can tell you that while they may allow you to use your own EDR, they would likely require you to sign a waiver. This would make you fully responsible for any security issues that arise because of it. The MSP generally incorporates the cost of monitoring and maintaining their EDR into their service pricing, so without that, they're not liable for malware protection with your chosen solution.
Think of it like this: if you went to a bakery and asked them to use your eggs for a cake, wouldn't that be weird? Multiple EDRs can clash with each other, which can cause problems. MSPs set their systems up to work together, and straying from that can lead to complications. They could allow you to use your EDR, but then they'd exclude it from their support, meaning you're on your own if something goes wrong.
MSPs typically thrive on standardized systems so they can maintain quick response times. If every client picked their own antivirus, supporting all those different tools would create chaos. Also, if a client wants something cheaper and it turns out to be less effective, they’re likely causing more problems for both parties in the long run. It's in your best interest to stick to their recommended solutions for peace of mind.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures