As cybersecurity has become a top priority for businesses of all sizes, many MSPs and VARs have added security offerings to their product portfolio. As the importance of security increases and MSPs see their security services become more critical to their bottom line, the idea of becoming a managed security service provider (MSSP) is increasingly appealing.
While there are plenty of opportunities in the MSSP space, the transition requires some investment, training and risk. There are also some challenges that an MSP or VAR may not be prepared to take on.
What is the difference between an MSP with security offerings and an MSSP? An MSSP is an entirely security-focused service provider, offering a mix of email security, endpoint security, perimeter security, and web and application security, with everything they do focused on a security-first approach.
Gartner has a more specific definition. According to the firm, an MSSP delivers security operation capabilities via shared services from a remote security operations center (SOC), offers 24/7 monitoring of security events and security-related data sources, and administers and manages IT security technologies.
The key differentiator is providing proactive security monitoring, detection, and response/mitigation, with the SOC playing a critical role.
The Security Operations Center
The SOC serves as a central hub or command post for monitoring threat activity across all clients. Because of the shortage of qualified cybersecurity staff available, particularly for smaller companies, MSSPs can leverage their SOC to provide a more affordable option for network monitoring to SMB clients.
A SOC is a 24-hour operation and requires the MSSP to find reliable technology partners that can provide a platform for automated monitoring across every client, preferably leveraging artificial intelligence (AI). The Barracuda SKOUT Managed XDR solution, for example, includes wraparound SOC services without the expense of cobbling together a DIY solution.
The SOC acts as a first line of defense in the case of a cyberattack or breach. It should be able to shut down servers, terminate suspicious processes, delete files, and restrict user credentials when necessary. Therefore, MSSPs will need the right technology tools and a team of security analysts and technicians equipped to respond to threats based on well-established policies and processes.
Risks and Rewards
In addition to setting up or outsourcing a SOC, transitioning from an MSP to an MSSP requires a broad investment in the right technologies and staff (analysts, consultants, and technicians) to provide robust protection for each client.
MSSPs also must have solid documentation and processes in place, as well as the ability to deliver security services confidently. (If your firm is struggling to provide basic managed services, you have work to do before even thinking about becoming an MSSP.)
There are also several costs to consider. Security-centric MSPs may already have a lot of the technology in place, but the need for 24/7 responsiveness and support puts a premium on staffing and other resources. A new MSSP also requires go-to-market help, sales training, and productization resources.
Ongoing employee training is also vital. MSPs should work with the vendor to determine the level of training and certification required upfront and establish an ongoing education program, so that employees are up-to-speed on the latest threats and technology capabilities.
Shifting from basic managed services to acting as an MSSP can help establish recurring revenue streams via higher-margin services that will only increase in value. Moreover, given the shifting nature of the threat landscape and the high cost of cybersecurity incidents, security services are not likely to be commoditized anytime soon. As a result, an MSSP has a built-in advantage in competitive differentiation and ongoing opportunities to demonstrate value – which helps improve customer retention.
Before making the move, however, MSPs should ensure they can make the right investments in people and technology, support an in-house or outsourced SOC, and are equipped to deliver the level of highly responsive security services their clients require.