When Managed Services Providers (MSPs) decide to get into the managed security business it is a big leap. However, for most MSPs it is a necessary step because it was likely your company that setup the customer’s network and it’s likely your company will have to remediate the issues. If you don’t get into the managed security business your customer will end up bringing some other company in and you may eventually be nudged out of the account. Managed security is also a great new revenue stream for your MSP company.
2017 Kaseya MSP Global Pricing Survey — …when asked what the top service MSPs believe will be the most sought after by clients, security was #1
Without a more advanced security stack your customer may not realize that they have lingering command and control malware on corporate assets stealing data for months without knowing they have been exploited. All it takes is an employee losing their login credentials or clicking on the wrong website or clicking on the wrong link in an email and they may get “owned” and then a bad actor has the access they need to begin to steal data. The commodity stack never recognizes the issue.
However, with an advanced security stack (like http://netwatcher3.wpengine.com) you would see an automated Alarm that recognized that the Network Intrusion Detection System (NIDS) flagged a command and control beacon, the Host Intrusion Detection System (HIDS) flagged that there has been a strange registry change on a laptop & the Netflow reported data going back to a foreign country. This type of activity wouldn’t be caught by the standard commodity security stack. This is why every Fortune 5000 account has been using this more advanced stack for over 10 years. The key however is that someone/something needs to be reviewing the data coming off this more advanced stack. The Fortune 5000 companies have armies of people reviewing this data however an SMB account cannot afford this type of investment. Therefore, they need a third party, and a lot of automation, to review events for them and alert when something unfortunate occurs or if one of their staff is doing something that is going to lead to the company being exploited in the future. NetWatcher brings the Secure Operations Center (SOC), the service and the tools to enable you to turn your MSP into a Managed Security Services Provider immediatly utilizing your current helpdesk infrastructure.
Most SMB executives hear about hacking but they don’t understand the issues and they don’t understand the risk to their businesses. It’s your responsibility as the MSP to educate them on the risk. If you don’t, I guarantee you someone else will. Also, many SMBs are under some sort of compliance regime such as HIPAA, PCIDSS, GLBA, NIST 800-171, NYCRR 500 etc. and if this is the case they must be using a more advanced stack and it’s your responsibility to help them understand how to meet some of these demands (again, if you don’t someone else will…)
So, you decide you want to be in this business but you are not sure how to take the next steps… First and foremost, you need to understand that managing a company’s network and asset security is different than managing their network, email, backups etc.. Managing security is about managing risk – your customers and your own. The first thing you need to do is get a good contract in place that minimizes your liabilities however this is where you may want to involve your lawyer. There are several contracts available on the internet that are good Managed Security starter contracts. The second thing you need to realize is selling security require good business acumen – help the customer understand what they have to lose…. Or help the customer understand security compliance based on one of the regime’s mentioned above and what happens if they do not meet those regulations. But you also should realize your customers will ask hard technical questions – “explain what this IDS thing does…”, “explain what this file integrity monitoring is…” etc. so, you also must have technical people that support your sales people that can answer those questions.
Then you (the MSP) will ask how much additional work will be put on your helpdesk engineering and remediation staff… You will ask how much you can I make ($) doing this more advanced security work. We’ve created an 11-step spreadsheet to help you model your business and assumptions to help you get to those answers.
Now that you have your advanced offering in place you can think of offerings that you can add on to this as well such as Security Forensics, Penetration Testing, Helping customers with Policy documents or Incident Response Plans etc..