Becoming an MSSP: Tools, Services & Tips for Managed Security Services

The next few years will see a surge in channel spending. According to Jay McBain, an analyst at Forrester Research, spending on IT and telecommunications will be worth about $7 trillion by 2030. The channel is destined to land at least a third of that.

Competition is fierce. With about half a million VARs currently operating and roughly 75,000 MSPs, what opportunities exist for expansion? To many, the answer is security – there are only 10,000 MSSPs currently operating after all. And a recent Enterprise Strategy Group (ESG) study notes that cybersecurity is likely to be the top area for increased IT spending for 2022.

According to ESG, 69% of organizations plan to spend more on cybersecurity in 2022. Another 29% say cybersecurity spending will be approximately the same as in 2021. The rest – 2% – intend to pay less for cybersecurity in 2022 compared to 2021. In the survey, cybersecurity spending came out ahead of other hot areas such as the cloud and artificial intelligence (AI).

“The research shows that cyber threats like ransomware have become a top priority for business executives and boards of directors,” said Jon Oltsik, an analyst with ESG.

Between the increased attention cybersecurity received in 2021, with attention-grabbing attacks at the likes of SolarWinds and Colonial Pipeline, and the persistent cybersecurity skills shortage, many companies lack the ability to adequately defend themselves, fueling increased demand for security services.

So how can MSPs – or for that matter, any company looking to add cybersecurity services to its offerings – transition effectively into the security space and add managed security services provider (MSSP) to their repertoire? Before beginning, it is important to understand market drivers, come to terms with the great many tools out there, survey the market and pick a simple place to start – one that is in demand among your existing user base.

Also see: Best Managed Security Service Providers (MSSPs)

Buyers Driven by Threats

Security is quite different from other areas of IT. The current environment is largely one of panic, looming disaster, and desperation. 54% of ESG respondents stated that the primary drivers behind technology spending were strengthening of cybersecurity and improving resiliency against attacks. The threat of impending cyber danger, then, was far more important than other pressing business issues. 64% admitted to paying a ransom to regain access to data, applications, or systems. Not surprisingly, 46% said ransomware protection was one of their top five spending priorities.

Ransomware may be superhot, but it’s not even the most common attack vector into an organization. Phishing, general malware, and Distributed Denial of Service (DDoS) attacks are more common. Therefore, rushing to deploy ransomware protection may fit with current headlines, but may not be what users really need.

Understand the Many Facets of Security

There are a seemingly endless number of security tools used in the modern-day enterprise, chief among them antivirus and anti-malware tools, email gateways and spam filters, intrusion detection and prevention systems (IDPS), firewalls, security information and event management (SIEM), threat intelligence, security analytics, endpoint detection and response (EDR), data protection, network access control (NAC), identity and access management (IAM) and many more.

Some of these can be quite complicated – and getting more so as behavioral analytics and AI get added to more and more products. Signature-based detection just doesn’t cut it anymore. Any MSP moving into the MSSP space should pick something that doesn’t exceed existing skillsets.

In many cases, vendors will be happy to provide security services to an MSP. These can be rebranded as if the service is yours. The MSP provides initial support and can escalate tougher problems to a specialized security partner. This is perhaps the easiest business model to use when getting started. Instead of reinventing the wheel and developing your own security tools, piggyback on an experienced provider. Most IT security vendors and providers offer attractive discounts to MSPs and MSSPs to make it profitable for them to incorporate these services into their own offerings. Conditions and terms vary widely from provider to provider.

Best Cybersecurity Tools & Services for MSSPs

Here are a few potential product and services areas for would-be MSSPs to consider as the basis for their own service. Note that many of these tools branch off into several areas. MDR services, for example, often include network security services, and vice versa. The categories below are broad and many of the vendors span multiple categories.

Endpoint Detection and Response

EDR is a centralized management tool for endpoints (laptops, mobile devices, servers and even IoT devices for some products), used to manage and respond to threats on an organization’s devices. It is usually combined with endpoint protection platforms, called EPP, which are something like enterprise-class antivirus tools.

EDR is called MDR (managed detection and response) when it is provided as a service. Some providers also use the term extended detection and response (XDR), a new term that typically means bringing all of a security vendor’s offerings into a unified platform. Here are a few EDR vendors with an MSP focus:

Sophos Intercept X with XDR synchronizes endpoint, server, firewall, and email security. It provides a holistic view of an organization’s environment, with analysis for threat detection, investigation, and response.

Sophos XGS Series firewall appliances can identify and stop advanced known and potential threats – including ransomware. MSPs can install these devices at client sites to keep their other offerings more secure.

Trend Micro Managed XDR is an integrated managed service across email, endpoints, servers, cloud workloads, and networks. MSPs can pick and choose what monitoring services to offer out of a variety of email, endpoints, servers, cloud workloads, and network security solutions.

CrowdStrike Falcon Prevent combines antivirus with other prevention technologies such as EDR (Falcon Insight) for endpoint visibility and Falcon Discover to identify and eliminate malicious activity.

SentinelOne offers AI-backed endpoint protection services for MSPs. These include: automated threat prevention, detection, and response; automated remediation to terminate malicious processes, disconnect and quarantine infected devices, and rollback events to keep endpoints in a clean state; and security analytics performed on endpoint agents.

Lookout Mobile Endpoint Security addresses iOS, Android, and Chrome OS devices. It can detect and respond to known and unknown threats.

Fortinet tools cover network security, cloud security, application security, access security, and network operations center (NOC) and security operations center (SOC) functions. The company is best known for its firewalls, but it also offers one of the lowest-cost EDR products around.

Malwarebytes endpoint security includes a dashboard that lets partners centrally manage customer accounts and access policies and request support when needed.

IBM Security Managed Detection and Response Services include threat detection, fast response, threat intelligence, threat hunting, AI-powered automation, and human-led analysis across networks and endpoints in multi-cloud environments.

CrowdStrike dashboard
CrowdStrike dashboard

Also read: Top Endpoint Detection & Response (EDR) Solutions

DDoS Protection

AT&T DDoS Defense addresses vicious attacks that can take down entire networks, websites, and even countries in extreme cases.

NetScout offers a portfolio of DDoS attack protection products and services that enable organizations to customize a solution, either hosted in-cloud or on-premises. The NetScout Arbor Edge Defense, for example, is installed at a customer site to automatically detect and stop all types of DDoS attacks.

Also read: Top 8 DDoS Protection Service Providers

Network Security

AT&T’s network security offerings give MSPs what they need to help protect and connect customers as well as their users, data, and applications on premises, remotely, or in the cloud. AT&T also offers secure remote access and secure web gateway services.

Verizon Managed Security Services encompass application-level firewalls, content screening, email security gateways, endpoint security, intrusion detection/prevention, network intrusion, and unified threat management (UTM) in a package of services where MSPs can select which ones they want to deploy.

CenturyLink Unified Protection and Compliance Service utilizes a SonicWALL hardware gateway to safeguard against external attacks. This service also allows remote users to connect to the network safely through VPN. Gateway-enforced antivirus is included.

Cybereason MDR Core provides network monitoring, root cause analysis, and guided response in addition to the company’s well-regarded endpoint security. Further services add in threat detection, triage, remediation, and analysis.

Cisco Identity Services Engine enables a dynamic and automated approach to policy enforcement and simplifies the delivery of secure network access control. It also automates network segmentation.

Barracuda Web Security Gateway lets organizations benefit from online applications

and tools without exposure to web-borne threats (such as phishing). It unites spyware, malware, and virus protection with a policy and reporting engine.

ATT dashboard
AT&T MSSP dashboard

Also read: Best Enterprise Network Security Tools & Solutions

Vulnerability Scanning and Patch Management

Syxsense Active Secure offers vulnerability scanning, server and endpoint patch management, plus endpoint security. It enables IT teams to prevent cyberattacks by scanning authorization issues, security implementation, and antivirus status.

Rapid7 Managed Vulnerability Management makes it possible to hand over the operational requirements of a vulnerability scanning program to Rapid7 experts.

Automox offers patch management and endpoint hardening. It enables continuous connectivity for local, cloud-hosted, and remote endpoints with no need for on-premises infrastructure.

Also read: Top Vulnerability Management Tools

Data Protection

FalconStor Backup as a Service (BaaS) includes backup and data deduplication. A second copy of the backup is automatically transmitted offsite to the MSP’s datacenter or a public cloud for offsite protection.

Druva provides cloud data protection and management. A special program is available for MSPs to minimize the infrastructure they need to deliver data protection and backup services, with ransomware protection included.

MSP360 (formerly Cloudberry), provides solutions for MSPs to protect Windows, macOS and Linux endpoints as well as Microsoft 365 and G Suite accounts with secure data backup solutions, with the ability to quickly restore in the event of a ransomware attack.

The Barracuda Backup-MSP appliance is an all-in-one, subscription-based solution that simplifies data backup and recovery from advanced threats, disasters and human error. Also available in a virtual version, the appliance can serve customers running physical, virtual, and multi-site environments from a centralized management console.

NovaBACKUP Cloud (formerly xSP) is an all-in-one MSP backup and recovery services solution, created to make data protection easier and more reliable for service providers.

Also read: Best Backup Solutions for Ransomware Protection

Access Control

Ivanti MobileIron verifies every user, device, application, network, and threat before granting secure access to business resources. Any MSPs offering device management would do well to take advantage of such services.

Twingate replaces legacy VPNs with an identity-first networking solution that combines enterprise-grade security with a consumer-grade user experience. It can be set up in less than 15 minutes and integrates with all major cloud providers and identity providers.

Micro Focus offers a single sign-on solution where users sign-on once and have access to all their web-based applications, regardless of location. This is a good way to deliver a single sign-on experience to users who consume SaaS applications.

Incident Response

KnowBe4 PhishER is a web-based platform that serves as a phishing emergency room to identify and respond to user-reported messages. It helps prioritize and analyze what messages are legitimate and what messages are not, quickly.

Secureworks uses its threat prevention, detection, and response platform, Taegis XDR, as an incident response tool. It can detect threats and dynamically prioritize those with greatest risk to the organization.

Kaspersky Lab’s experts are available for resolution of security incidents to limit the resultant damage and to prevent the attack from spreading. These range from incident investigation to elimination of threats.

Cynet Incident Response service combines security analysis experience together with Cynet360 investigative and security technology to achieve fast, accurate results. Cynet’s 24/7 security team acts as an extended team, leading any required analysis, ensuring that nothing is overlooked.

Also read: Best Incident Response Tools and Software

Offer What Your Customers Need

The vendors and services listed above are just a sampling of the tools available that MSPs can potentially utilize to launch their own services. Many can be white labeled and sold as an MSSP’s own services. Others can be operated with little effort in partnership with the vendor. A few of them are more heavy-duty services that can be called upon in the event that security threats move above the pay grade of MSP personnel.

The choice of vendor depends on the attractiveness of the MSP partnerships on offer as well as the needs of the existing user base. The smartest approach is to find out what current customers need in terms of security and offer something to satisfy that need.

Read next: Choosing a Managed Security Service: MDR, Firewalls & SIEM

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Related articles