HOW-TO HUB
Boost MSP Credibility and Stand Out : Use Threat Intelligence to Win Clients
Using real-world threat insights , MSPs can help clients better understand specific cyber risks and the importance of strengthening their overall cybersecurity resilience .
You know you ’ re watching your customers ’ backs when it comes to their cybersecurity posture , but do they ? If you ’ re not using threat intelligence to not only explain the WHY behind your recommendations to customers and prospects but to show that you ’ re in the know , your competitors might be .
Threat intelligence involves the collection and analysis of data from sources such as threat feeds , dark web monitoring , industry reports , and security incidents to identify current and emerging threats , attack patterns , and vulnerabilities .
MSPs can access threat intelligence from a variety of sources , like the Global Technology Industry Association ’ s ( GTIA ) Information Sharing and Analysis Organization ( ISAO ), through vendors that have threat analysis centers , various news feeds , or industry reports .
Here Are Four Ways to Use That Knowledge to Differentiate Your MSP When You Talk With Clients About Their Cybersecurity Needs .
1 . You ’ re showing that you take your own security posture seriously
Belonging to an ISAO , for example , which is part of an MSP ’ s GTIA membership ( formerly CompTIA ), allows you to ask questions and share mitigation strategies with peers and cyber analysts . “ We want them to ask questions , because the one thing you don ’ t want is to have somebody trying to solve for something on their own and then not doing it right and getting compromised ,” says Wayne Selk , GTIA vice president of cybersecurity programs , and executive director of the ISAO . “ So not only do we want them taking information from the ISAO , but for those solution providers that are more mature , we want them actually sharing information back into the ISAO .”
In addition , ISAO members get access to the Cyber Hub , where they can get a risk rating for their own environment so they can take steps to address any vulnerabilities . By staying ahead of emerging threats , MSPs can reassure their clients that their environments remain secure , strengthening trust and demonstrating the value of their cyber vigilance .
2 . You can be proactive to mitigate threats
Threat intelligence gives MSPs “ the indicators of compromise that they need to be paying attention to inside of their environment ,” Selk explains . ” Use the actionable information to make sure you haven ’ t been compromised or your clients haven ’ t been compromised , and if you do find a vulnerability that somebody ’ s exploiting , you put a mitigation activity around that so they can ’ t exploit it and take advantage of compromising those systems .”
Threat intelligence will also identify hardware and software solutions that have been compromised , Selk says . With that knowledge , MSPs can proactively choose solutions without known vulnerabilities and be able to discuss that with clients .
3 . You need them to know they ’ re a target — even if they ’ re small
“ We ’ re starting to see more sophisticated attackers go after small businesses as well . That ’ s why security is very important for everyone ,” says Greg Linares , principal threat intelligence analyst at Huntress . “ One of the worst things you can think about yourself is , ‘ I won ’ t ever be a target .’” It may not even be your client the attacker is after but one of their business partners . But if they infiltrate your customer ’ s environment , they can “ mimic the business for a brief period of time to get access to someone else ,” he explains .
By discussing actual cyber incidents and consequences , it makes the threat real . As a result , when you recommend advanced security solutions , you come across as a trusted advisor rather than another MSP trying to upsell them .
4 . Use your knowledge as a “ wedge ” between the competition
When discussing your cybersecurity offerings with prospects and clients , use your knowledge of the latest vulnerabilities discovered or new threat actors on the scene to drive a wedge — a technique to sow doubt about a current provider and position yourself as an authority ( see pages 30-31 , “ How to Break Through Prospect Resistance and Win More MSP Sales with the Wedge Technique ,” for specifics on the sales technique ).
“ Who would you rather have , the MSP that ’ s not paying attention to threat intelligence or the MSP that is on the pulse of what ’ s happening from an overall threat landscape to better protect your business ?” asks Selk .
Be Smart About Your Messaging
Having access to threat intelligence allows you to demonstrate your knowledge about security trends , but it does not automatically make you a cybersecurity expert . Selk cautions MSPs to tread carefully with their messaging to stay out of legal hot water .
“ The best way [ for MSPs ] to market this ,” Selk says , “ is to help show [ their ] clients that they ’ re paying attention to the threats that could be impacting [ them .]”
— Colleen Frye