In many SaaS categories “good enough” can be good enough. We believe that cybersecurity is not one of them. Cybersecurity is a critical business decision and unfortunately “good enough” security platforms are not working well enough to prevent and stop data breaches. We think that compared to the best-in-class next-gen cybersecurity platforms the real-life breach protection difference is massive. Therefore we resell only best-in-class cybersecurity platforms that are tried, tested, and proven to work.

For example “good enough” endpoint security solutions still rely on 25-year-old legacy antivirus signature technology that can not detect modern threats such as zero-day and fileless attacks. This is a huge risk for many customers using these solutions because today fileless malware is used in 71% of all cyber attacks and legacy endpoint security vendors still have 45% market share.

Another example is “good enough” email security solutions which are proven to miss a lot of modern email threats such as QR code scams, URL phishing, malware, and business email compromise (BEC). Customers that rely on these solutions are taking a massive risk as phishing is the unquestionable #1 threat vector i.e. the #1 cause for data breaches.

“Good enough” security platforms also lack many critical modern security capabilities such as identity threat protection which has become quickly crucial in stopping data breaches. In 2023 80% of cyber attacks involve stolen or misused credentials and adversaries are doubling down on identity-based attacks. For example, Kerberoasting attacks (a technique adversaries use to obtain valid credentials for Active Directory service accounts) have increased by 583% in a year and access broker advertisements have increased by 147% in a year.

On top of these security failings, “good enough” security platforms are also way more complicated to deploy, maintain, and use.

The top attack vectors, mean time to detect (MTTD) and mean time to remediate (MTTR) below prove that widely used “good enough” security platforms are not working. They provide insufficient protection against modern threats in the most critical areas of enterprise risk. In addition, they are complicated and slow to deploy, use, and respond with.

The top attack vectors are:

1.) Phishing is responsible for 16% of data breaches

2.) Stolen or compromised credentials is 15%

3.) Unknown (zero-day) vulnerability is 11%

4.) Cloud misconfiguration is 11%

5.) Business email compromise is 9%

MTTD and MTTR are:

1.) It takes organisations on average 204 days to identify a data breach (MTTD)

2.) and an extra 73 days to contain it (MTTR)

Source: Cost of a Data Breach Report 2023 by Ponemon Institute and IBM Security

We believe that modern and effective endpoint security is the foundation of cybersecurity strategy for organisations of all sizes and types. Modern and effective endpoint security program requires a strong next-gen endpoint protection platform, the right people, and modern processes.

We also believe that XDR is the future of preventing breaches - but only if you have the right EDR. CrowdStrike pioneered in EDR and now CrowdStrike pioneers in successful XDR.

Simply put we focus on CrowdStrike’s next-gen cybersecurity platform because it just works.

In a little over 10 years CrowdStrike has become the undisputed global #1 NGAV, EDR, Threat Intelligence, Endpoint Protection Platform, and MDR. In addition, CrowdStrike is the #1 MDR in Europe and CrowdStrike technology is used by 88% of the global top 25 MDR vendors.

It takes organisations on average 204 days to identify a data breach and an additional 73 to contain it (Cost of a Data Breach Report 2023 by Ponemon Institute and IBM Security). We think that this is because mediocre and “good enough” cybersecurity platforms are missing attacks and not because in-house security teams or MDR/SOCaaS service providers are slow to react.

Therefore we believe that all organisations should first invest in cybersecurity platforms and products that work and detect cyber attacks before investing in 24/7 monitoring and response service. Of course, if you can invest in both that is ideal but most SMBs especially need to make a compromise because their security budgets are limited.

We think that investing in the best technology + 8/5 MDR is always a better idea than investing in mediocre/”good enough” technology + 24/7 MDR because if technology misses attacks the human monitoring on the night shift does not make a big difference. Also, important and needed 24/7 capabilities can be automated with a security orchestration, automation, and response (SOAR) tool which minimizes the need for human intervention.

It is a common misconception that only large enterprises need the best cybrecurity tehcnology and mediocre/”good enough” cheap security tools are enough for SMBs.

We think the opposite. We think that large enterprises have more resources to operate and survive with cybersecurity tools that are complex and hard to use and that offer only mediocre protection. Also large enterprises will not go out of business because of a data breach.

SMBs - on the contrary - can go out of business because of data breach. And it is not even that unlikely. Also adversaries are targeting SMBs as much or even more than large enterprises because of their weaker security posture. In addition, SMBs do not have the resources to implement, maintain, and manage cybersecurity tools that are complex and costly to implement and use and offer only mediocre protection capabilities.

Therefore we believe that the relative business benefit of using best-in-class cyberscurity platforms is even bigger for SMBs than for large enterprises.

1.) Inferior protection against top attack vectors

2.) Higher risk of a data breach

3.) Worse UX for analysts, admins, and end users

4.) higher TCO