If your business is 10 years old or more, you may have founded it on providing services for a specific vertical or leveraging your expertise with a particular technology. If your history as a value-added reseller (VAR) or managed services provider (MSP) is typical, your business has felt (and, hopefully, responded to) pressure to adapt to technology disruption, increasing commoditization, and new customer and end-user demands. Your solutions portfolio is also probably different than a decade ago, with a wider range of offerings that address current needs—one of which is, indisputably, security.
Endpoint security is a critical need for any business connected to the internet (i.e., virtually all of them), and a key component of a comprehensive, layered security strategy. But do you provide it to your clients?
If you’re just getting started as an endpoint security solutions provider, or if you’re still in the fact-finding and strategy-building stage, you’ll find value in advice from Jason Norton, Product Marketing Director, VIPRE. His answers to some common questions about selling endpoint security solutions follow.
Does a VAR or MSP need training or certifications to provide endpoint security solutions?
Norton: Certification isn’t regulated but could increase credibility.
There are a handful of non-profit organizations available for cybersecurity certifications such as:
Common certifications include:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- Certified Cloud Security Professional (CCSP)
- Certified Information Systems Auditor (CISA)
In which markets can VARs and MSPs be successful selling endpoint security?
Norton: Speaking for ourselves, VIPRE Security partners and MSPs typically call on SMBs, that is, businesses with under 1,000 employees. We see a lot of deals associated with finance, healthcare, manufacturing and education—both K-12 and higher education. We also find that, often, the size of the business trumps the type of business. Having said that, I’d lead with finance and healthcare as sure bets.
Which pain points should sales reps look for that indicate a business needs an endpoint security solution?
Norton: Make sure ease of use is apparent, especially in the SMB market. A good endpoint solution doesn’t need to be difficult to manage. Also, be sure to tailor a security plan to the business that takes into account its specific needs, which vary between organizations. The end goal of a security strategy is to avoid business-threatening downtime or crippling financial loss from ransomware, business email compromise (BEC) or data theft.
Should VARs and MSPs sell endpoint security with other solutions for an effective security strategy?
Norton: Endpoint is merely one part of a comprehensive security strategy. A strong security posture will require a layered, balanced approach.
Cybersecurity should address three main attack vectors: endpoint, email and network. Implement total solutions that include a next-gen firewall, an endpoint solution with advanced active protection, machine learning and artificial intelligence to complement signature and heuristic-based detection. Finally, cloud email security with phishing and attachment sandboxing to catch zero-hour threats, exploits and ransomware is a must.
How can an MSP offer endpoint security as a managed service?
Norton: Start with the basics. Setting up and securing the network while protecting the endpoints and email gateway is the starting point. From there, common add-on security services include DNS filtering, end-user awareness and training, password management, MDM, and BUDR, to name a few.
Mature MSPs often offer most, if not all, of these services as tiers or value bundles to illustrate a good, better or best-packaged offering. 
