Episode Summary

The tech stack: It’s a constant conundrum for MSPs. From pricing to bloat to vendor relationships, there are lots of questions around the technologies you use to serve and protect your clients. As CEO of Channel Program, Kevin Lancaster vets innovative products to help MSPs with their task of choosing technologies in a crowded market. Kevin joins Mac to discuss:

  • helping MSPs cut through the noise,
  • the security technologies MSPs are adopting,
  • why MSPs need to do their due diligence, and
  • why the vendors who win will be the ones who lean in to enablement.



MacKenzie Brown: Welcome, everyone, to Return of the Mac. As you can tell, I have a little bit of congestion still. You know, it’s been a couple of weeks since Right of Boom. And I’m not going to lie, I am still feeling the Las Vegas effects clearly. But spring is in the air. Things are changing. And I’m really excited about the topic that we’re going to be covering today, specifically something that may not seem like a cyber topic, but absolutely is.

And it’s something very near and dear to every MSP’s heart, or any of our partners who are listening, which is essentially the technology stack. MSPs often struggle with their tech stacks, from pricing to bloated stack to vendor relationships, contractual obligations. There’s a lot of questions around technologies and what they need to invest in, and that doesn’t even touch the surface of where cybersecurity is threaded within that investment as well.

So I’m really excited to have our guest today. Channel Program brings together some of the most innovative technologies, getting them in front of MSPs and helping them curate this tech stack. So I’ve got the CEO of Channel Program, Kevin Lancaster. He knows a thing or two about MSP tech stacks and the questions around them.

And we are going to demystify this a little bit today. So I’m happy to welcome Kevin and to delve into the importance of this concept, being technology stacks and market trends, where you need to focus your investment. We’re going to get a little bit spicy maybe, who knows? It’s quite early for me and still a little early for him, I’m sure.

So welcome, Kevin. Thank you for joining me.

Kevin Lancaster: Well, thank you for having me. And I think you summed up a lot of the challenges perfectly. And I can relate to the Vegas funk. It seems like most of these industry events have shifted to either Florida or Vegas. I’ve been back there two or three times this year. So, yeah, it’s kind of, getting mentally prepared for the funk that comes with that.

MacKenzie Brown: I like that. I’m going to start calling it the Florida funk because I always feel that. I think the last time I left Orlando was IT Nation, I definitely had a bit of a funk from there. And Vegas is its own petri dish. So as much as I enjoy the events, this always happens, but it’s okay. It’s going to give us a little a nice little angle to the recording today, so I think it’ll be helpful.

Well, we always start most of these episodes, there’s probably a couple where we haven’t, but we start most of these episodes with a hot topic, and I wanted to do my best to find something in the news that also aligns with the topic today.

And this I found interesting for many different reasons. This is around the NSA and around the beginning of March, they released their zero trust guidance.

Coming from Microsoft, seeing all the reference architectures and roadmaps that they do and of course NIST and CISA, we see a lot of guidance out there. But this is probably the first time I’ve seen NSA release anything.

And this is definitely, from a zero trust perspective, a little bit high level, but they are defining it. And to be honest, they had me at NSA. I feel like they might know a thing or two about zero trust, which as everyone knows, is versus the traditional IT security model where you presume everything and everyone should be trusted.

And this is against that, the breach mentality where you assume breach. And in regards to MSPs, that’s kind of something that we want to start changing the culture around, of course, is that assume breach mentality that needs to be happening.

So we looked at the zero trust model that they kind of brought to light, and the MSP community specifically, the biggest thing when I was looking at this, and we’ll show the graphic too, for what they cover—they have their seven pillars of the zero trust architecture, of course. User, device, app and workload, data, network and environment, automation and orchestration, visibility and analytics. Everything we would assume.

They do thread in a lot of items around AI and machine learning, which I thought was interesting. Not quite the silver bullet there. And it felt a little “meh.” But you know, we were talking about this the other day where, I guess, is it meh? Is this something the MSP community is really ready for? How should they be considering this when it comes to zero trust?

And do you really see guidance like this and models like this being useful considering the threat landscape today? We’re still dealing with phishing, business email compromise, that’s kind of the reality of it. And this is looking at a maturity model that’s slightly advanced, and where could this maybe align too with the technology stack conversation?

Kevin Lancaster: Yeah, great questions. I think your comment on this guide is one, to start, I agree with you, it’s absolutely fantastic the NSA has put their foot forward given the complexity of the threats that they face. But then, they have to think about this in terms of their supply chain. So I think part of this is just helping to extend down to the supply chain to some of the less sophisticated contractors.

But in general, I think this is a good stab at it, I’ll use that concept of playing 2D and 3D chess. For the average practitioner, this might not look like anything new or interesting. These are things that we’ve been conditioned to think about, and we’ve been conditioned to think about the threats in 3D 4D in some cases.

But for the average MSP, they’re still on that immature to maturing side of the security spectrum. And so it took things, kind of that first stab of maybe call it a visualization, is 853. Where broadly speaking you have to identify, detect, protect, respond, what have you. Those are the actions that you have to take.

But then this zero trust guidance, I think what’s great about it, again for the average MSP, is that it takes that 2D kind of landscape and puts it in 3D and gets you to start thinking about it from a user perspective and how you layer in security. And then the same thing from a device perspective.

And then I did appreciate the fact that they’re now thinking in terms of visibility and analytics, kind of that seventh pillar, layering in AI and ML. So I think that’s new, right? That’s newer over the last couple of years. And it’s great that they included that in the framework.

But I think the visual is oftentimes more important for the average MSP because it helps them understand it and it helps them to take these complex challenges and break them down and translate it to their customers and getting them to understand why they need to be thinking about zero trust as a security practice.

MacKenzie Brown: I completely agree, that does make sense, especially on the maturity side. And they talk about on the user side, monitoring user behavior or activity and then incorporating the automation for security response through technical policies mixed with AI for automated blocking actions. And then they mention AI and ML from the analytics and visibility side. So you’re completely right. These are things that we need to do now, especially on the AI/ML.

Do you think this is going to influence, then, how people invest in their technologies, in their overall stack, especially if they see things like AI and ML, that’s something that every vendor out there is leveraging or branding themselves with to ensure it.

But you know, I mean that could be, probably I digress, it could be a longer conversation. But do you think that this is going to influence them to purchase certain technologies over others? Because they mentioned little things like behavior analytics and machine learning and things that feel shiny and fancy?

Kevin Lancaster: Yeah, look, again, kind of following that maturity model, I think, semi mature to mature? Absolutely, the buzzwords are going to are going to be impactful. Everybody likes the shiny new object. Marketing loves to take these words and weave them in, whether the fluff is real or not. That’s always debatable.

But yeah, I think that’s just the nature of just technology in general as things evolve. Everyone’s got this mentality, they’ve got to keep up with the Joneses. You know, you got to stay out in front. And there is just such intense emphasis on AI and kind of being the new threat vector. But yeah, I think folks are going to lean into it.

But again, kind of going back to these pillars. It’ll still be interesting to see the overall adoption, because typically you go back and you think, you know, items like SOAR and XDR. There’s still that mentality that it’s reserved for organizations that have greater exposure risk. So your regulated organizations, financial, healthcare, what have you. I think it’s a great framework and it’ll be interesting to see how MSPs adopt it, but you’ll definitely see that mid-level sophistication up to the sophisticated jumping on AI and trying to use that as a differentiator for sure.

MacKenzie Brown: Yeah, I’ve definitely seen, especially after Right of Boom and being on the showroom and doing one-on-one conversations with partners where, I don’t know, say probably 50% of the time they’re starting to, especially the more mature ones, are starting to incorporate terms like AI when they talk about the service offerings and the technology offerings and the things that they’re bringing to their customers.

And so I never poke a little bit at it just to see them like, Well, what do you actually mean by that? Like, how are you actually incorporating that? But I could I could see this being beneficial, especially as the community in itself is so engaged and they take precedent on frameworks specifically like CIS.

I would like to see something where zero trust isn’t something we just throw out when we’re doing a presentation or talking about something to the MSSP space. But specifically we have concepts of zero trust that we delineate and explain as it relates to how MSPs do their work.

I would love to see actually a version of this framework that’s specific for MSPs in that multi-tenant or multi co-managed service type of model, because this would look a little bit different in my opinion as it relates if it was for an MSP’s zero trust model for their downstream clients and customers.

Well, I hope we can break that down in the future. We start talking about this a little bit more.

Kevin, let’s just start from the beginning, because when I learned that you graciously accepted to be my sacrificial lamb and come on this podcast, which is great, I want to know about the beginning, right? I’ve heard a lot about ID Agent. Let’s start there, about kind of the fruition of ID Agent, the success of it, and then we’ll move into Channel Program and how did you start there? What did that roadmap look like and the path to Channel Program and what Channel Program is bringing to the space and the community.

Kevin Lancaster: A lot to unpack, but I’ll try to be pretty concise. The origin story of ID Agent was that it kind of goes back to 2015. We were just hired by the Office of Personnel Management, OPM, right after the first of the two salacious nation state compromises of the US government. I think it’s generally accepted it was China that compromised OPM and got into the HR records.

MacKenzie Brown: I remember that. I worked for the state during that time. It was a fun alert where I was like, okay, great. And? But yes, that OPM was a big one.

Kevin Lancaster: Maybe one day I’ll write a book. I’ve threatened to write a book about this, the whole experience with OPM and the White House, what have you. But no, so we were brought in to help with the identity restoration remediation post-breach. At that point, when we started to spin up that remediation, we started to look at the government employee—that program covered roughly 4 million individuals, that was current employees and retirees—and we started looking at the data that was already out on tour.

Again, this is nation-state, so China’s not necessarily going to drop that data out there. Maybe at some point they will for some reason or another. But you start looking out there to see if there’s any other data that might relate to that population that’s been impacted.

And when we did, we saw that immediately we had records on virtually 800,000 government employees that were out on tour in some form or fashion, various degrees of PII. Email addresses, passwords, Social Security numbers, what have you. And I think for us, that really that really brought into focus how much of a risk identity is in general to any organization, whether it’s government or even kind of the small mom and pop shop down the street.

So as we as we came out of that, we started to look at ways to take that data and provide value back to customers. And so we started with enterprise customers. We ran kind of a proactive monitoring service for large states, homes, large sports leagues, law firms, really early days of dark web, and thinking about compromising these paradigms.

The frustrating element of this is that again, in the early days and in your CISOs of Fortune 500 companies and large government agencies, they were still really defensive about the fact that data was out there. So they almost were like, you know-

MacKenzie Brown: Compared to today, too.

Kevin Lancaster: Yeah, I mean, there’s still some defensiveness, but I think it’s generally accepted that this is the primary threat vector. So long story short, we were playing an enterprise, and we’d work with our enterprise customers and we’d show them the string of data that we were finding. So the command and control server, the language that we’re finding it in, and then obviously the data.

But as we looked at broadening our approach to the market, we looked at the MSP space and said, is there something there, is it too immature of a marketplace? So we did a couple of MSP events. I think we had an article written on us at the time it was called MSP Metro Magazine. And overnight, really to much of my surprise, the industry really picked up on it.

We realized we had to kind of scale back the complexity of what we were showing, and said let’s just focus on the fact that we have your password, your password’s out here in clear text. And so we started doing that at events, we’re saying you know, you have to understand what dark web monitoring is. At that point, again, early days of compromised credentials, business email compromise, what have you. But MSPs, I think, right away understood that if they saw their email address and password, that helped them really understand the complexity of threats that they face.

But it also really teed up the MSP and gave them the ability to actually go to their customers now, and say all that stuff I’ve been telling you about security and you haven’t bought it, right? Here’s your password. It’s been found 17 times out on these different forums. This is why you need to start investing in security.

So I think kind of looking back and the rise of ID Agent and kind of the acceleration, why we grew so fast that we took something that is ridiculously complex, as we mentioned, and we boiled it down to the most basic common denominator, like your password is out there, right? And if you’re not doing these seven, eight, ten, 14 things depending on again, the complexity of the organization, you’re going to be hosed.

So looking back, I think we’re most proud of the fact that we’ve had such an impact on this industry in their ability to break down this very complicated topic, security, and again break it down to these really most common denominators, least common denominators. Get the greater marketplace to understand that it is a new world and you have to start with these concepts like zero trust, because you have to assume breach, because of just the volume of attacks, of volume of data, the volume of just different ways to infiltrate and extract.

MacKenzie Brown: You were really on the frontier then of security conversations relating to the MSP space, too, it sounds like, given when all of this was going down.

Kevin Lancaster: Yeah, we were fortunate, right? It was just around, obviously OPM was a catalyst, and then the initial LinkedIn breach, and then Heartland. So it was just becoming a thing.

I always say, Look, I have a history degree, by education. So if I can understand this stuff and I can break it down to the most basic descriptors, then there’s a shot.

And so again, I think that was what’s cool about the rise of ID Agent and the impact that we had. I mean, we went from essentially overnight 0 to 2000 MSPs. And I think we got up to roughly 5000 by the time I had departed. So it was a great ride.

MacKenzie Brown: Good ride. And then you wrapped up ID Agent and you moved on to Channel Program. What is Channel Program? What is this? Because you showed me a little bit. We talked about it a little bit, but I was amazed just at the first sight of it. And especially as we dug into the data, so I felt a little blessed for that.

But tell me about this. Like what inspired you to go this direction? Because it feels a little different from the rhyme and reason purpose of ID Agent, to go from that to the Channel Program.

Kevin Lancaster: Yeah, well, truth be told, after I’d exited the organization that had acquired ID Agent I kind of had a couple of your cooling period not to get directly back into security. So I think that was one of the reasons why I didn’t jump with both feet back directly into security.

But to answer your question, Channel Program is essentially an amalgamation of my background. I’ve been fortunate to be on four sides of this marketplace. I’ve scaled and exited a large VAR IT Services MSP consulting firm called Winvale. I scaled arguably the fastest growing security company in the market. I ran go-to-market at one of the largest platforms in the marketplace and I’ve been invested in in technology.

So I’ve had a pretty unique experience over the last 25 years and seeing this marketplace, this channel, from different angles, from being the IT Services company to the vendor and to the investor. So the idea behind Channel Program is that there are every day dozens and dozens of emerging technologies that are just absolutely killer technologies.

And if you know any you know a little bit about this marketplace, you go to some of the bigger tradeshows, those emerging vendors have a really hard time getting attention, getting mindshare and traction, because the larger vendors, just kind of basic economics, the larger vendors have the ability to take mainstage presentations and get out in the marketplace and kind of control the narrative.

MacKenzie Brown: Take Gartner out to lunch.

Kevin Lancaster: Exactly. So the thought process, and we launched and said, look, let’s start with this concept of pitch where we get seven vendors, I don’t care if they’re Microsoft or if they’re the upstart down the street. Everybody gets the same 7 minutes. The MSPs can log into the platform anonymously and they can evaluate those presentations by those vendors.

So again, kind of with this security of privacy in mind, we started with that concept and that’s still core to what we are today. And MSPs can come in to the platform, they can start looking at technologies. And what was interesting about the platform over the last six months is that we launched really the first visualization tool, stack visualization tool for MSPs. So now they can come in and they can start looking at their stack.

And we start with this premise that there are roughly 29 core products that an MSP would use. But we found over the last six, seven months is that there’s roughly 72 different products that an MSP would use, whether it’s to manage their organization, or whether it’s part of service delivery to their customer.

So that was pretty interesting.

So we took that next step of, of helping the MSP to visualize their stack. And then start to see what the gaps are, or maybe even like the overlap in their stack. We’ll kind get to what the stack looks like and some of these tools. But I think that needed to be done, because when you talk to MSPs, 98, 99% of MSPs, when it comes to vendor management, they manage their vendors via Excel spreadsheets. And they don’t have a way to really visualize effectively their stack.

So that was one of the biggest contributions of this platform so far is that we’ve had tremendous velocity because MSPs have come in, they’ve added over 21,000, I think we’re close to 22,000 products to the stacks. And so that’s giving us a really interesting peek into what the average stack looks like, but the average stack of a smaller MSP, maybe a million-dollar MSP versus the stack and the complexity of the stack of a $50 million MSP.

So at the fundamental level, that’s what we wanted to do with Channel Program is help the MSPs make better decisions by visualizing their technology better, more proactively managing their vendors and then having access to all these emerging vendors that are coming out, again, daily. I mean, every week I probably talk to a dozen, dozen and a half interesting new takes on technology.

MacKenzie Brown: That’s exhausting.

Kevin Lancaster: It’s exhausting. And I say that I think one of the benefits on the other side of this platform for the vendors—and this kind of gets into just this just how fragmented and how complex and just how murky this marketplace can be—but that’s probably one of the benefits of working with so many vendors, is that you can cut through the noise pretty darn quick.

And going back to when MSPs come in and they watch these vendor presentations, I typically sit down with them and say, don’t tell me about the color of the buttons, don’t tell me how great your team is. Really, tell me, how are you going to solve the problem? How are you different? How you’re going to help me reduce my my CapEx, or my OpEx, or how am I going to make my technicians more efficient, really get down to the core.

And so we can start with the vendors on the other side of this platform and help them make their value proposition more clear and concise, because this market is just so overwhelming.

And you take a category like security, I mean, to the average MSP, good luck, right? I’ll get up on my horse in a minute, but you think about going back to the days of antivirus and then you know, SIEM comes on, and then you got this kind of next-gen SIEM, and then you got EDR comes on, and then you’ve got XDR and MDR, MDR and XDR and then SOAR.

And the overlap up and down, just that segment of security is insane. So if we can bring a greater level of transparency, organization, and help MSPs make better decisions, and help vendors put a better forward, then that’s really the goal of this platform at this point. Long answer.

MacKenzie Brown: I love that. No, that’s okay, that’s what this is for. It sounds like you made sort of an even playing field to start, which is extremely helpful given the industry.

And I talk about that a lot too. Coming from the enterprise world and then comparing it to the MSP space, there isn’t that versatility. It’s not universally the same playing field. There’s a lot of money in cyber and so it feels like people get sidelined a lot more, and it’s more difficult to sell then, cyber, to the average mom and pop shop, let alone to an MSP who has to make a choice.

And then you throw in buzzword bingo of every year there’s something new coming out. But then we have no definitions for what is considered—between EDR and MDR and XDR and SOAR and MXDR and what is defined, like what does that actually do, and what does that mean? And so I like that you’re kind of building that visualization, or you’re providing contextualization a little bit more to MSPs, because that can create a lot of indecisiveness.

And then also, it feels like we’re in this time where you’re comparing a bottle that’s a multivitamin in some cases, I’m sure with your vendors, like you said, like what are they actually selling becoming a little bit murky in the water. So like, do I want to buy this multivitamin that has zinc in it, or do I want to just buy zinc? You know, and knowing the efficacy of it, I imagine, also gets a little bit more blurry.

How do you guys ensure when you are bringing on new vendors and new products, how do you really figure out is this a multivitamin or is this actually going to be a supplement that is helpful and direct?

Kevin Lancaster: Yeah, great question. So with every vendor that we work with, there is that understanding where you belong. And we talked about the new buzzwords, right? Almost everybody today wants their own unique AI category. But then when you break it down, you’re like, well, all right, you are XDR. Or you are a SOAR that has AI capabilities, or what have you.

So that’s always an interesting exercise as we’re working with these organizations, And I’ll be honest, I mean, I’ve been in the space for a long time, but I get stumped every once in a while. Sometimes it’s like you almost have to play Cluezo and ask the most obvious questions four or five times to get them to say, all right, well, yeah, we are really you know.

MacKenzie Brown: You know, I was going to ask, have you played Stump the Chump with vendors before, where they come in and you have to ask them the same question over and over again until they’re like, okay, yes, I am the problem. This is what we do. To filter out all the marketing jargon that tends to go into this.

Kevin Lancaster: Well, especially in the quote unquote “SOC” space, you know. I spent time a couple of years ago looking at kind of the traditional SOC vendors, the ones that led with their foot forward saying “I am a SOC,” and we have this unique approach. And you cut through it and you know, 80% were using FortiSIEM, building additional reporting or alerting on top of that or trying to quell it.

So I spent a lot of time with a lot of companies in this space just to find out that they’re all doing the same thing. And so I’ve seen that kind of story over and over and over. But yeah, you have to ask those basic questions multiple times. Often you get multiple answers.

But here’s what’s really interesting, right? One of the things we do with Channel Program is every week we put out a thing, I think every Saturday, we put out a stack visualization. We’ll take a different product category we’ll say, based on the product reviews that we have in the platform, here are the quote unquote “market leaders.”

And so we can put data out based on the product reviews. But then as I mentioned, we’ve had 21, 22,000 products added to the stack. And so we can actually see how the MSP thinks about the technology. So when we started launch with NaviStack, we said, All right, if you are a EDR, then you go in the EDR category and the MSP can only put you in the EDR category.

And we had MSPs calling us and saying, Well, I want to put this in my SOC because we use it as part of our internal SOC. And so we actually opened up the platform for the MSP to identify how they use the technology. And so you see really interesting and creative ways that the MSPs actually categorize the technologies that they use. So you could take a category like SOC and inside a SOC, you could have all of the layered applications up and down the stack inside the SOC, or you could have just a pure SOC as a service provider in SOC.

So a lot of times we’re dissecting that data really to try to figure out how the MSPs are thinking about it and then taking some of that data back to the vendors and saying, well, this is why you might not be getting market traction, because the market thinks that you’re this or they’re using it, you’re they’re using you in this capacity.

So you might need to clean up your messaging a little bit. So that’s been a really fun exercise to go through with some of these vendors over the last couple of months is seeing how the the MSP is using their technology, but then going back to their site and seeing how they’re actually talking about themselves oftentimes they’re worlds apart.

And so again, this is a fast moving marketplace. It’s complex, it’s dynamic. And the market’s maturing, the MSP’s maturing, but you still have just a wild, I mean, that spectrum of maturity from a security standpoint is, it’s broader than it’s ever been. But it’s data that is really interesting when you start peeling into it.

MacKenzie Brown: So relating to some of the things that you see, you’re obviously seeing a wide spectrum of maturity as it relates to MSPs, a significant safari playground of categories, and then, of course, the creative uses or uses or definitions of those categories, now that we’re seeing the introduction of security as a category in itself.

A lot of what I’ve been having on these one-on-one conversations over the past year have been around bloated technology stacks, a lot of redundancy in technologies, vendor relationships impacting—technology taken out of it completely—and coming down to vendor relationships, contractual service level agreement obligations and concerns. And then, of course, the check-box mentality, depending on the industry that they predominantly serve, perhaps it’s health care, education.

Where do you see, especially in the data, because you guys have this pulse, are able to take this pulse of the market. Where do you see the primary pain points sit for an MSP as it relates to them choosing their technology stack? And maybe you can start with defining what a technology stack is, especially for an MSP, and what the biggest struggle is, what those pain points look like when it comes to choosing what that stack looks like.

Kevin Lancaster: Yeah, another great question. So let’s go back to the MSP marketplace and how the MSPs have been conditioned over the last 15 years since they really started embracing these recurring revenue models.

You know, MSPs would go out to these industry events, could be kind of the smaller bootcamp style or some of the larger tradeshows. And they were conditioned to buy point products. And think about the average kind of break-fix MSP that’s just getting started. They get 1 to 3 clients. They say, All right, well, now we need a security awareness training tool, or need we need our first RMM and PSA to manage multiple customers effectively. So MSPs have historically had been conditioned, and as are most organizations, but they’ve been conditioned over the years to buy point products.

So they go out and buy their antivirus and then they buy email security and then they buy dark web monitoring. And at some point, after three or four or five years of going to these shows, they can start on their spreadsheet and they say, damn, I got I now have 29 different technologies. And as the market has matured or evolved, some of these technology vendors have gone to becoming multiple product vendors, right?

Blackpoint is obviously a great example of that, right? Where they’re now layering in different capabilities, acquiring solutions, building solutions to make a more of a holistic security platform. So what has happened? Again, because a lot of this is muddy. There’s a lot of overlap, again, particularly on the security side of it that. The MSPs are looking at their stacks and they’re saying, again, we have so many solutions.

And one of challenges on the other side of this is that these vendors are moving fast, they’re iterating fast, they’re scaling fast. That often leads to friction, you know, relating back to your customers. So it’s about scale, it’s about ARR, about MRR, and growth and growth and growth. But you know, if the vendor’s not taking time to really enable their partners and build that relationship, ultimately it becomes noise in and noise out. Because that MSP is again working with, I think in our data set now I think the average MSP has something like 27 different products.

So the market, as it’s progressed, it’s built even more and more friction. So I think that’s where there is a really interesting opportunity for some of these platform plays to help these MSPs, and one of the things we’ve done is help them to visualize it. But then as these platforms mature and they layer in different products they can go back to the MSP and say, well, this is how we can enable you better, this is how we can help you become more profitable, more efficient because we’ve got multiple products integrated effectively and we can better support you.

But I think really we’re at this point now in this marketplace where the vendors, whether they’re a single product or a multiple product or platform, they have to embrace enablement. You know, enablement in the past has often been seen kind of as an expense. It’s always seen as an expense until their churn numbers start to go up, and then they start to panic.

And then we’ve got to go back and do a better job of enabling, and shoring up our partnerships. And so I think that’s kind of where we are with this marketplace. You still have this single point product mentality. You have multiple entrants in in certain categories.

You have in some categories you’ve got 40, 50, 60 different options to choose from. And I think what’s going to separate the wheat from the chaff from a vendor standpoint, are the ones that have really lean into supporting the MSPs. And when you do that, then you avoid having your name thrown out all over on Reddit and all these fun boards that are out there.

MacKenzie Brown: It is a spicy community for sure, I notice, on the MSP Reddit side. A little bit too, that makes sense on the vendor relationships. And do you think that when an MSP is trying to make a decision and they’ve got 20 options in front of them, and it becomes overwhelming, that they just choose something based on feasibility for pricing and packaging, and then they get pissed off later on, because they realize they signed up for a contract or something that’s absolutely ridiculous. And then the efficacy of the product or the service in itself, that vendor relationship goes to sh*t, eventually.

I feel like that’s something I’ve had conversations on, but I didn’t know how common it was of what we’re seeing today. As we’re overwhelmed, so we just pick one like it’s The Bachelor and we’re just picking one and going with it. And then we realize like, my God, this was a really bad choice. This is not going to last more than a month. But I’ve signed up for three years, contractually.

Kevin Lancaster: Yeah, that happens increasingly. Again, because technology is evolving so fast, and particularly with security, right? It’s fear, uncertainty and doubt. And the MSPs are susceptible to that, but it just it is what it is. So I think it’s as much on the MSP as it is the vendor.

I mean, set aside the fact that our platform’s got thousands of product reviews. And we’ve categorized things and tried to make things easier. The MSPs need to be doing their due diligence, right? I mean, it’s no different than in the consumer world, right, when you’re when you’re buying a vehicle. I forget the exact statistic, but it’s like 80% of the buying process occurs online. You know, the individual’s researching and they kind of know what they want going into it. And then, hopefully at that point, it’s a relatively smooth buying experience. I think the MSPs need to do the same thing with these technologies.

And I will say, though, the challenge is that in a lot of cases it’s square peg round hole. Not every vendor is the same. You get into kind of the marketing spin, do they really do what they say they do? Do they offer a trial, and it’s bandwidth. So it’s always going to be a challenge.

But I think it is as much an MSP due diligence, taking their time and understanding the technologies that they’re working with versus just jumping in and then signing up for something that they may not use or they’re unhappy with. And so maybe it’s just basic buying behavior, but both sides have to really lean in to make it easy.

MacKenzie Brown: The car purchase side, that totally makes sense. You spend a lot more time doing independent research in those real-life situations. So why wouldn’t you when it comes to your business, of course.

And I think you talked about enablement a lot. And I think the core component of enablement is teaching our partners to ask the right questions on these disparate technologies, like what are the real questions you need to ask so that you don’t get caught in some sort of logic loop that is not actually telling you if this is going to be the right product for you?

And so we’re going to focus on culturally what people are saying and the vendor relationship that we’ve established or haven’t established, or it’s going to come down to what’s cheapest. And then, like you said, we’re going to end up purchasing maybe not a lemon, but we’re going to get something that’s going to have ten recalls in a year as a vehicle versus something that’s going to be long term, like a Toyota Corolla that still you can hand down to four of your children.

They tend to be handed down a lot easier.

Kevin Lancaster: Right. So not to be a plug for Channel Program, but that’s one of the reasons we went down the path of adding product reviews to the platform. We said, this can’t be like Reddit. You can’t create a fake avatar and just you know, vent about a vendor.

That’s what Reddit’s for. And have at it, fire away. So with the product reviews, you have to be a real person. And it can’t be just a hit piece. Sure, there’s a time and a place for that. And when we have a product review submitted, we look at it, we approve it, and then the vendor gets notice.

We say hey, you had a product review, and they can say, Yeah, this really is a customer or this is not a customer. So there’s kind of that check and balance, but it’s a way to ensure the quality. And it doesn’t matter if it’s a two-star or a five-star or one-star review, we’re going to publish it. The idea is that the MSP’s not hiding, they can’t hide and create these kind of fake reviews, if you will, like they do out on Reddit.

So I think there’s no excuse not to use a platform like ours as you’re looking at these technologies, as part of your buying criteria decision. So it’s hard, because the market’s moving fast. You want to keep up with the MSP down the street when they’re using this particular vendor. And so oftentimes it’s a very hasty decision or whatever.

But yeah, this is a marketplace where both sides have to lean in and do right by each other. We can’t just, because we signed up for a three-year deal, can’t just go out there and complain about it. There might be a very valid reason to do it-

MacKenzie Brown: Especially when it comes to cybersecurity. We want, I think, our vendors to evolve in a positive direction. So if they’re failing and we have uncut, real, non-anonymized product reviews on what’s working, what’s not, then vendors can evolve. And we’re going to continue this, I don’t know, disservice to the whole purpose of cybersecurity and making it more accessible, defeating that sidelining concept from the commercial cyber side to the mom-and-pop shop.

So we’re doing a disservice to our downstream clients and customers if we’re sitting there and making lackluster decisions or decisions that, even on the vendor side, that aren’t enabling the MSP, and then vice versa. We need MSPs to enable the vendors to be better and make sure that we are evolving in a positive direction.

Kevin Lancaster: This is a team sport. And I’ll just say real quick, one of the things I’ve always admired about Jon, your CEO, that he’s leaned in to that concept. He’s been very public, very accessible to the industry and been very educational over the years. So I think maybe that’s a tip to every vendor.

You might not have to have the outgoing personality like Jon or what have you. But I think the ones that really embrace this team sport mentality and connect with the customers, those are the vendors that end up scaling to have higher CSATs and churns lower, and could be even an inferior product. But if their MSP feels like there’s engagement and there’s support at the C-level, in my opinion, those are the ones that really excel in this marketplace.

MacKenzie Brown: Yep. Yeah, a good feedback loop for sure, to actually listen to the community.

Okay, so cyber, obviously I like to talk about cybersecurity. That’s what I enjoy. It’s what I get paid to do. So cybersecurity isn’t really cheap. And you know, from what I’ve seen in the space specifically, again, there’s a huge disconnect or divide between selling cyber and then checking a box or making decisions with that checkbox mentality.

So when it comes to cybersecurity in the technology stack, where do MSPs need to focus? So based on the threat landscape, realistic needs, because that’s where we’re at. Business email compromise. Phishing, like this is still—ransomware. These threats haven’t gone away. They’re still very real and probably more predominantly seen anyways. And through the investment in satisfying security controls versus ensuring we are meeting or reducing that attack surface and meeting where the threats lie.

Where do you see MSPs need to focus on their cybersecurity investment? Or what is your guys’ data showing as it relates to MSPs’ investment in cyber?

Kevin Lancaster: Yeah, another great question. So as I mentioned, I think there still is that kind of point product mentality. But what’s great about it is if you look at the overall expenditure, MSPs’ expenditure on their technology stack now, security is now 38% of their overall expenditure, and that goes across all the tools that an MSP will use, again, whether it’s service delivery or it’s internal management of the MSP. So I think where this is going is as this marketplace is maturing.

Well, let me let me provide a little bit more context, especially as relates to today. So what we saw over the last three years since…global challenges, you’ve seen this crazy explosion of devices. Especially devices outside of the traditional network. You know, there’s this absolute explosion of endpoints. So I think one of the things that’s interesting in this data is the real sharp focus on endpoint and on solutions like EDR because it’s just it’s now so pervasive and it and it’s fundamental to any MSPs practice.

Now it’s not just, hey you going to install on-prem firewall, like everybody is distributed, so I think what’s great is that MSPs are embracing it. They understand that that’s the future. They also understand that the traditional, the primary threat vectors of the individual, the email security and then layering in tools like security awareness training is not going to go away.

It’s going to accelerate for better or worse. You’d hope that humans would evolve. But the data suggests that they’re evolving at that rate. We’d like to see them evolve. But I think in general, there’s still going to be this mindset emerging in the marketplace of “I got to buy this to solve this specific problem.”

But the good news is that the market’s maturing. And as the market’s maturing, vendors like Blackpoint are maturing, right? And they’re layering in multiple products. And I think the platforms that layer in the multiple products that can help create very consistent and digestible messaging around each one of the products, I think that’s going to be extremely beneficial to the MSPs because you know that the premise is that if you start with one product with the vendor, and then you layer in the second and third and fourth, ultimately your stack cost is reduced because you’re not—you should get economies, right?

You’re offsetting it. And so I think that will be a huge message moving forward, right? Because again, looking forward, what I might be slightly concerned with is that, yeah, there was a massive explosion of endpoints and massive explosion of technologies, but that explosion of endpoints is normalizing. I hate to say the COVID word, but that COVID bounce is normalizing at this point.

And I think it’s going to force—you know, there’s still going to be growth, and there’s still going to be MSPs that are going from “I’m working with a small business now, I’m going into hybrid IT, moving up to mid-market and enterprise.” But I think there’s going to be downward pressure on the MSPs to really get their stack costs in line.

And I think that’s where they should be looking at the platforms. And again, they should do their due diligence. And it’s not like you’re going to swap out a very capable product for something that’s just checking the box. So I think the mentality has to kind of, we could do away with that mentality.

MacKenzie Brown: But you’re looking for maybe the multivitamin at that point, too. You’re looking for more solutions in one and hoping the efficacy actually is there with those too.

So categorically, because you guys do have a unique view on the data. I mean, you have real data, so categorically, where do you see trends for MSPs? Like what are these security-based technologies that are at the top of the list that they’re investing in?

Kevin Lancaster: Yeah, you mentioned, I mean, it’s what, ten years now since we’ve been talking about business email security and business email compromise. Those numbers are trending, as you would expect, just because that that threat vector is moving pretty steadily up and to the right.

So you’re seeing email security, you’re seeing security awareness training, anti-phishing technologies still toward the top. You can look at the dark web tools now, whether they’re an assessment tool or they’re using in practice as an alerting tool, you’re seeing those. And again, those are more kind of individualized products. Some are being now integrated into platforms. But I think where you’re seeing mass acceleration, finally, is in MDR, right?

Well, you’re seeing it moreso in EDR, but you’re starting to see MDR pick it up. And honestly, it’s a testament to some of the folks like Jon who had the ability to educate the market over the last five, six years. I mean, you brought up EDR five years ago, four years ago, and you’d get blank stares back from MSPs.

Now they understand it and they understand, again, because of this just disparate nature of the marketplace, they’re understanding why they have to start with EDR. And it’s surpassed SIEM significantly. It’s even passed kind of basic antivirus, firewall applications, and EDR in that space is even moving faster than the uptake of the traditional RMM, which has been table stakes for an MSP.

So I think this marketplace is going to, as much as single-product-oriented companies don’t want to hear it, I think the marketplace is moving toward more platform-oriented. And I think EDR combined with MDR and then if you want to put it in a separate category, kind of this outsourced SOC.

Those are the areas that are starting to really see acceleration in terms of products added to stacks with the NaviStack, and then certainly we see that with number of product reviews on the platform. So we’ve got two different data sets to look at and rationalize or normalize those numbers. And that’s what we’re seeing are the trends.

MacKenzie Brown: Right. And I think that was the biggest thing too, working primarily with enterprise level and Fortune 100 and 500, and moving into the MSP space, that we’re still working on the adoption of EDR in general and that it’s increased.

And then you see these other technologies becoming more legacy, and then you see technologies where we’re trying to make sure that we’re educating the space and saying, yes, we understand in many cases, especially regulatorywise, you need to have a SIEM.

But when you look at the reality of how security operations work and how detection and incident response work, the SIEM is probably the last place nowadays that we’re really going to leverage compared to the usefulness that an EDR has.

And also, I like what you’re saying too, which I think is an interesting—we’re trying to track it a lot. And you know, I’ve been out there talking about EDR evasion and bypass techniques. So in no way am I trying to preface “don’t invest in EDR,” but also I’m interested to see this continued evolution of where RMMs are going to live for MSPs. Not talking sh*t on any RMMs or any of the vendors and they, they will exist for a while and they exist at the enterprise space, whether those enterprises realize it or not.

But I want to see like, where do these technologies start to marry each other in in their capabilities and how can we start focusing on technologies? And I know regulatorywise and regulations aren’t going to keep up with us, but how do we focus on those technologies that marriage so it’s actually making a difference when it comes to identification, detection and response, because again, those NIST pillars that you’re talking about, that’s what we need.

We need the technologies that serve those capabilities that have to be held in house in order for us to defend against threats. And making sure that the technologies we invest in aren’t also the risky ones that help enable the threats to go further, which is the RMM debate right now, too. And so how do we evolve there? So is that something that at Channel Program, too, are these trends that you try to track and then messaging wise, if you could give that advice back to the MSP space, what would that advice look like?

Kevin Lancaster: Yeah. So to your to your question, we absolutely track this. The advice back to the MSP is a couple of things. One, it’s you have to leverage the market. And by that I mean you have to participate in some of these events. It’s still surprising to me the percentage of MSPs, something like 70%, 72% of MSPs go to one event or less per year.

So a lot of them are learning online and what have you, but they’re not getting out in really engaging with the vendors, or engaging with the thought leadership or being educated like they should be. So whether it’s going to an event like Right of Boom, which is an amazing event that’s evolved over the last short two years, three years. So I think the MSPs gotta really, because everybody’s thinking security first, so they really have to lean into and get educated.

Now on the other side of the market, the other side of the coin, the vendors that can take something like SIEM, XDR, MDR, SOAR, and visualize it and make it make sense for the MSPs. I think that’s the big challenge, right? Particularly in this slice or this segment of this marketplace, vendors that can lean in and visually help the MSPs understand what this kind of new stack looks like. Those are the ones that are, I think, that are going to succeed. They’re the ones that the MSPs are going to gravitate towards.

So as much as it requires MSPs to up their game and what have you, it takes equal, if not greater investment on the vendor side to cut through the BS and not just talk about the buzzwords, but like really educate the channel, right? Because to your point, everybody is throwing in AI. And at the end of the day, what does it really mean within some of these products? I mean, is it efficiency? Is it data structure? Is it integrity? I mean, what does it really mean?

I can go on and on about this, but I really think this is where the vendors and again, credit back to Jon with the early days of making this concept of complex security that much better understood. And so because it’s accelerating, I think the vendors just have to stop and you know, almost paint by numbers.

Unfortunately, if you want scale in this marketplace—yeah, you’re going to you go after the top 15% that really get it, but if you want scale, it’s that other 85% of the marketplace that you really have to do your job of educating and maturing, and so I throw as much back on the vendors as I would on the MSPs at this point.

MacKenzie Brown: I like that. And I think that’s how should be, to be honest. You know, the biggest takeaway from this conversation is going back to enabling. I do think it’s a two-way street. I think it’s a relationship. I think in order for the vendors to be able to enable the partners and the MSPs to be able to enable the vendors, we need to be asking the right questions and we need to stop looking at security—we need to not make security more complex than it already is and muddy the waters with the marketing and the buzzwords and the things that don’t enable the MSPs to, again, ask those right questions of those vendors.

And then vendors. I don’t think we’re going to evolve until we start having those hard conversations. And it is having what you guys are providing is again, that product feedback. I think that’s really important. I think, what I’m seeing a lot on Reddit, what I’m seeing a lot on Discord and stuff, we need to start shifting the way we have our conversations. And it needs to be agnostic, a little bit vendor-agnostic in a sense, but also the vendors need to step up and say, okay, I hear you, I listen to you, we need to change the way we do things.

So Kevin, thank you so much for being on. This was really, this is a very interesting topic. I hope everyone at least took some notes on what the hell a technology stack is, especially MSPs, where we need to focus, and how we need to start asking those right questions. So I’m sure people are going to start approaching you and you had some fantastic viewpoints and I really appreciate you for joining us today.

And then maybe next time we can get even more spicier. But I appreciate what Channel Program’s doing. And yeah, especially if you can shed some light on the cybersecurity industry a little bit more down the road, I think that’s what we need. We need more of these conversations. Doesn’t need to be so complex out there. There’s especially experts like you.

So thank you so much for coming and joining us.

Kevin Lancaster: My pleasure. Thanks for having me on.

MacKenzie Brown: Of course. All right, everyone, we will catch you on the next episode of Return of the Mac.

The Blackpoint Brief

Blackpoint Brief is Blackpoint Cyber’s monthly e-newsletter to cover the latest APG research, SOC saves, sales resources, webinars, and in-person events. Stay up to date so that you can best protect your clients.