MSPs are being asked to deliver stronger security outcomes with tighter margins, leaner teams, and customers who expect confidence, not complexity. That pressure shows up clearly in day-to-day operations: how alerts are handled, how tools are managed, and how quickly teams can respond when something actually matters.In this interview with ChannelE2E, Chris Furner, Head of Partner Enablement at Blumira, shares what he is hearing from MSPs on the front lines. He talks through where security workflows tend to break down, why efficiency now outweighs feature depth for many partners, and how Blumira is shaping its product and partner program around the realities of running a growing MSP security practice without burning out teams.
ChannelE2E: You work with MSPs hands-on every day. When you look across those conversations, what’s the biggest gap between what MSPs think they need from a SIEM/EDR partner and what they actually need to build a stronger security practice?Chris Furner:More now than ever, MSPs are focused on efficiency. You see this with the endless array of AI-backed tools targeting the MSP market. Any tool that is time-consuming to buy, deploy, or manage at scale is a non-starter. And any tool that needs a specialized team is also a tough sell. Blumira is built to enable existing IT teams to be those security experts. We provide rich alerting that explains what happened and what the next steps you should follow. And if anyone is ever unsure as to what the alert means, or what the next steps are, we have a knowledgeable and experienced Security Operations team that is available to answer questions. Our CSAT score for this team is an impressive 100%, and their average first response during business hours is around 30 minutes. We also have an after-hours/weekend SLA of 1hr for urgent issues. So we are there to assist, you never have to go it alone. And yes, we do have AI in our product, in the form of a SOC Auto-Focus tool that does a deeper dive into Blumira alerts to explain more about what happens and why it matters to you.ChannelE2E: Blumira emphasizes meeting MSPs where they are. In practical terms, how does that show up in the product and in the MSP partner program, and where do you think Blumira’s approach separates from the traditional vendor playbook in the channel?Chris Furner:Blumira strongly believes in mutually beneficial partnerships that enable MSPs to protect their customers and grow their business. We do a lot to ensure that our program is as flexible for MSPs, and we are currently launching a new MSP program that gives our partners even more flexibility. While we’ve never had any per-customer minimums or commits, our new program removes commits and yearly terms at the MSP level as well. Our partners are amazing and want to do business with us year after year. We do not see value in locking them into a term. As they grow, we will continue to reward them with greater discounts, but now we will not force them to commit to a fixed dollar amount to receive those discounts.
ChannelE2E: Many MSPs are growing fast but not adding headcount at the same pace. What pain points are surfacing most because of that “do more with less” pressure, and how is Blumira helping partners absorb that load without burning out their teams?Chris Furner:We have heard from many of our partners that Blumira has enabled their existing teams to become the front-line security responders. Our rich alerting, Security Operations team, and SOC Auto-Focus tool bring a lot of meaningful data to allow your team to understand and quickly respond to Blumira alerts. Blumira has also developed tools to allow MSPs to tune and improve alerts that we generate. We know that, especially in the MSP space, there are a number of tools that can trigger our detection rules as a false positive event. By allowing easy tuning of these rules, we let them reduce the noise and trust the notifications that we sent. We also have a unique method of “matching and stacking” of Blumira alerts, so duplicate repeated activity does not cause re-alerting if the issue is already being triaged.ChannelE2E: You’ve spent years seeing how MSP workflows break down during investigations and response. What are the most common operational bottlenecks you see inside partner environments, and what guidance do you give MSPs to tighten those workflows?Chris Furner:MSPs are finding that hiring quality experienced help desk analysts is challenging. They want ways that their existing teams can be as effective and efficient as possible. Blumira brings a wealth of information when our alerts are triggered. In many cases, an MSP’s Tier 1 helpdesk techs are able to handle Blumira alerts on their own. In cases where they are not, they are given a variety of options to receive additional assistance, including opening a Security Operations ticket directly within the Blumira portal. They can also query our AI-backed SOC Auto-Focus tool to explain the issue in more detail. They can also use our Investigate feature to look more broadly at network and user activity to see the big picture. There are so many tools that an MSP’s existing team has to efficiently respond when Blumira brings actionable intelligence.ChannelE2E: Blumira recently updated its MSP partner program. What feedback or unmet needs from partners drove those enhancements, and how do they translate into real value for MSPs trying to scale?Chris Furner:As mentioned before, our partners by and large renew their commitment to us each year. Because of this, we are moving to a model where partners will not be locked into any fixed contract terms. We will reward partners with discounts if their spend reaches certain thresholds, but we will no longer require that they make a contractual commitment at a set dollar amount to get those discounts. As an MSP grows, its buying power gives it an even better value.ChannelE2E: Many partners hit a point where alert fatigue, tool sprawl, and inconsistent processes drag down their service quality. What early signs do you tell MSPs to watch for before their operations reach that tipping point?Chris Furner:It can become easy for the noise to become overwhelming and alerts to go unprocessed, or processed after the alert’s usefulness has passed. Having good metrics on your SOC/NOC board on if your internal response SLAs are being met is a good way to see if your team is falling behind. Tools that provide more noise than useful information should be examined for tuning ability, or a replacement tool that has a better signal-to-noise ratio should be identified.ChannelE2E: Looking ahead, what capabilities or enablement areas do you think MSPs will need most over the next 12–18 months as attacker behavior shifts, and AI changes the tempo of threats?Chris Furner:As AI becomes a bigger factor in attacks, response time is going to become more critical. AI is going to greatly speed up the attacker behavior and make it harder to catch the attack between the initial entry and active exploit phases. Tools that have a human-backed SOC generating alerts are going to notify the MSP after the attack is underway. Any tool that is going to generate automated, meaningful alerts in a time-sensitive manner is going to contribute towards having a better chance at stopping fast and dynamic AI-powered attacks.
Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.