How an MSP can offer Managed Security Services

Category: Partner
July 23, 2017

Let’s face it, up to now enterprise security has been expensive.   Small and Medium Businesses (SMB’s) tend not to deploy enterprise security platforms given the investment required.   In the past, Managed Services Providers (MSPs), who support the SMBs, did not offer more than managed anti-virus and firewalls management because investing in security talent and installing enterprise security technology (SIEM, NIDS, HIDS, Vulnerability Scanning etc…) put their price points above the market they were serving.   Some MSPs tried working with companies like SecureWorks and AlienVault, who promote MSP programs, but found out the hard way that the business model doesn’t work for their customer base.  However, Managed Detection and Response (MDR) service providers like NetWatcher are changing this dynamic and making enterprise security affordable for the SMB and easy to deploy for the MSP (with literally no upfront investment).

The Problem and the Opportunity

Most SMBs and MSPs have deployed the security stack in figure 1 — these components, combined with a Remote Management and Monitoring (RMM) platform are generally inexpensive, easy to deploy and add great value.   However, in today’s environment where the bad actors are:

  1. Using automation to scan and exploit vulnerabilities in networking gear or servers you have exposed to the internet
  2. Phishing your users constantly at both their work email, personal email and social networking sites
  3. Leveraging your stolen creds they bought on the TOR network (dark web)
  4. Posting nefarious banner ads on ad networks that engage vulnerabilities in old browsers, Flash and Java

…these commodity platforms are not enough.


This is why the Fortune 5000 enterprise accounts have been using the stack in figure 2 (on top of the stack from figure 1) for over 10 years.   This is also why most of the security mandates, such as the HIPAA Security Rule, the GLBA Safeguards Rule, PCI-DSS, FINRA, NIST 800-171, NYCRR 500 from NY State DFS etc.., all call out the need for some or all of this technology along with all the appropriate policies and proceedures necessary to secure a customer’s data.    This is also why most Fortune 5000 companies are mandating that their suppliers use an enterprise security stack–Most large corporations know that their suppliers have their data (third party law firms have contracts and patent data, accountants have tax data,  application developers have code, data entry firms have customer data etc..) and they want those suppliers to have the same protections that they have deployed.   In fact, some of the compliance requirements such as HIPAA require that healthcare providers push the liabilities down to their suppliers via Business Agreements (BAA).  The new DFARS 252.204.7012 requirement for Department of Defense contractors has similar requirements.



So, the million-dollar question is… if customers are demanding their supply chain have an enterprise security stack and industry compliance mandates an enterprise stack what are SMBs and MSPs supposed to do if they can’t afford the tools and they can’t find/afford the security talent to run enterprise security tools?

This is why we built NetWatcher!

There is a giant opportunity here for MSPs at the moment. If you look at each vertical by employee size and count up the number of companies that fit into each just in the USA the numbers are staggering.   All of these organizations are moving to a more advanced security footprint over the next several years.   You also know that they will first look to their MSP partner to provide the advanced stack and if you can’t provide it, they will find a MSP that can provide the stack and manage it for them.






How MSPs Become MSSPs — better yet, providers of MDR

We built NetWatcher to enable MSPs to easily offer their own Security Monitoring / Managed Security / Managed Detection and Response service.   We designed and built NetWatcher from the ground up for SMBs and MSPs.   We built the service to be easy to install, easy to use for SMB/MSP IT professionals (not hard to find security analysts–although, analysts tend to love it too) and affordable.  MSPs will also find the multi-tenant single pane of glass user interface where they can manage all their customers — and the ConnectWise integration very valuable.

With NetWatcher, you deploy Sensors &/or Endpoints that send indicators of compromise (events) over a secure VPN to the cloud.

  • Sensor(s) (hardware or Virtual Machine) are required for each egress/ingress point to the internet and sits on the inside of customer’s network and listens for anomalies… (IDS, Netflow, SIEM, Scanner)
  • Endpoint agent (HIDS, Logs, Sensor-in-Cloud VPN/IDS)

Automated (cloud) “hunting” is used for creating Actionable Threat Intelligence Alarms about poor security hygiene, vulnerabilities, active exploits and malware. The service is delivered as a multi-tenant service to MSP partners & customers and is backstopped by a team of SOC analysts that become your Secure Operations Center (SOC)!

…by 2020, 80% of MSSPs will offer MDR services Gartner MDR May 2017

Here is a quick video on how NetWatcher works.  (other videos can be found here)

How Does an MSP Build a Security Monitoring / MSSP / MDR Business Model

There are 11 easy steps to figuring out what you should charge and how to best prepare your organization to offer Managed Security Services (MSSP).  You can find a more detailed article here but it comes down to the following steps:

  • Step 1: Estimate the number of issues you will need to remediate (we give you some worse case defaults to help you)
  • Step 2: Estimate the number of hours each issue will take to fix
  • Step 3: Estimate your efficiency over time
  • Step 4: Forecast how many customers you can close
  • Step 5: Budget for the remediation hours
  • Step 6: Budget your remediation services costs
  • Step 7: Budget your remediation services revenue
  • Step 8: Budget the cost of NetWatcher
  • Step 9: Forecast revenues
  • Step 10: Determine your profit
  • Step 11: Determine your pricing

You can download the forecasting template here: Partner Profitability Model_v1

How To Work With NetWatcher

  • Step 1: Sign reseller agreement – no cost
  • Step 2: Schedule free sales and tech training
  • Step 3: Configure NetWatcher – ConnectWise integration (10 min)
  • Step 4: Install a VM sensor in your company – yes, service is free for you!
  • Step 5: Begin talking to customers–Fill out Deal Registration Form
  • Step 6: Fill out Order Fulfillment Form
  • Step 7: Install Sensor(s), endpoints, configure SIEM/Scanner (15 min)
  • Step 8: Work to remediate issues
  • Step 9: Invoice customer

With NetWatcher, your MSP can easily start offering Security Monitoring, MSSP and MDR services with no upfront investment.   The platform is built to be understood by the IT professionals that you already have on staff.   NetWatcher is built as a SaaS service so the only thing you have to install are endpoints and a sensor and this should take no more than 15 minutes (how to install).

You can also add many other offerings to your new managed security business.  You can help customers with security related policies (all compliance mandates require organizations to have policies such as these).  You can help customers with new proceedures such as an incident response plan.  Your MPS can also offer white hat pen-testing and phishing services, as well as, cyber security training.


Become a NetWatcher MSP–Click here to join!