Blumira has rolled out updated endpoint detection and response (EDR) and identity threat detection and response (ITDR) capabilities, with a clear focus on helping teams act faster during active incidents. The changes bring response actions like isolating endpoints, stopping malicious processes, and locking compromised accounts into a single workflow inside the platform. For security teams juggling multiple alerts and tools, that shift is about reducing friction when time matters most.
Reducing Friction During Live Incidents
That friction is still a real issue for many IT teams and MSSPs. During an active incident, response often depends on switching between multiple tools, checking identity systems separately, and coordinating actions across teams. Each extra step adds delay, and those delays tend to stack up at the worst possible time.
Mark Romano, Partner & Alliance Program Director at Blumira, frames the problem in practical terms.
He told MSSP Alert, “Right now, responding to an active incident usually means jumping between multiple security tools and your M365 dashboard or waiting for word that someone is on it, burning time you don't have. Putting EDR and ITDR response actions in the same view means your team sees the threat context and the kill switch in one place, without hopping between platforms mid-incident.”
What this changes is not just convenience. It alters how teams operate under pressure. Instead of pausing to gather context from different systems, analysts can move directly from detection to action. That continuity becomes important when response decisions need to happen quickly and with confidence.
Tracing the Attack Across Endpoints and Identities
The update also reflects how attacks actually unfold. Ransomware and identity-based threats rarely stay isolated. A compromised endpoint can lead to credential theft, and a compromised account can open the door to lateral movement across systems.
Blumira is trying to match that reality by allowing response actions across both layers from the same place. Romano explains how that plays out during an incident: “Speed matters here. If ransomware hits, you can isolate the host and kill the malicious process, without leaving the dashboard. If it's an identity attack like business email compromise, you can disable both the local and Entra user and revoke all sessions to cut off the attacker's access immediately. These are built into the Blumira dashboard alongside a finding for fast resolution. Not ‘open a ticket and wait for the SOC to get back to you.’”
The broader implication is that response is becoming more immediate and less dependent on escalation workflows. For smaller teams especially, the ability to act directly within the investigation flow can reduce the window where attackers remain active.
Making Security Operations Easier to Scale for MSSPs
Beyond individual incidents, there’s a longer-term operational angle, particularly for MSSPs managing multiple customer environments. As providers take on more clients, the challenge shifts from handling single incidents to managing volume without increasing manual effort.
Blumira’s API enhancements are aimed at that problem. By allowing teams to assign findings, add context, query evidence, and resolve incidents programmatically, the platform can plug into existing PSA systems, RMM tools, and internal workflows.
Romano describes how that looks in practice: “The new public API endpoints let you programmatically assign owners, add comments, query evidence, and resolve findings. In practice, that means you can integrate Blumira into the other services you're already running and automate more handoffs that used to be manual. An alert fires, the API creates the ticket in your system, assigns the right tech, and they can write back what they find without juggling between open tabs. No copy-paste between dashboards, no status updates in two places.”
For MSSPs, this kind of integration helps turn response into a repeatable process. Instead of relying on individual analysts to coordinate across tools, workflows can be standardized and automated. Over time, that can make it easier to scale services while keeping response times consistent across customers.
