from hackers and other malicious actors .
But hold on : It ’ s not as simple as changing your marketing language . It takes time and money .
How To Transition From An MSP To An MSSP
You may already be an MSSP and just not know it . Are you already offering MSSP-like services , and do you have a SOC offering ? If so , congratulations ! You have the easiest path forward . Focus on rebranding and expanding your products and resources to deliver a full suite of MSSP services to an even larger group of clients .
If you aren ’ t already in this category , you can build an MSSP from your MSP by hiring the right people , like security analysts and cybersecurity consults , and investing in integrated , topof-the-line technologies . To be considered an MSSP , you will need to set up ( or outsource ) high-availability SOCs to provide round-the-clock security for your clients ’ IT devices , systems , and infrastructure .
A SOC is a combination of people , processes , and technologies that handle the task of protecting clients ’ networks , data centers , servers , databases , applications , websites , endpoints , and other technologies .
Other tools and resources you ’ ll need include the following :
• Security information and event management ( SIEM ) tool
• Intrusion detection and prevention systems
• Threat remediation processes Other business-related factors to consider include : How strong is your current business ? If you are struggling to deliver your basic managed services , now is probably not the time to expand . Go back to the basics of what you do best .
Are your processes and documentation up to par ? MSSPs need to have rock solid processes , so get those in line before you expand .
Security Operations Centers Explained
If the price tag of setting up your own SOC is a deterrent , as it very well may be when you factor in the on-prem costs of staffing it 24 / 7 , dozens of vendors have introduced cloud-based SOCaaS ( security operations center as a service ) for MSPs . According to Markets to Markets , the SOCaaS is projected to grow from $ 471 million in 2020 to $ 1.7 billion by 2025 , at a compound annual growth rate of 28.6 % during the forecast period ( 2020 – 2025 ).
This is a huge opportunity for many smaller MSPs to position themselves as MSSPs and scale their cybersecurity business . Even larger MSPs prefer to outsource their SOC operations given the complexity and cost of operating their own .
When evaluating SOCaaS vendors , first consider if there are any integrations with your existing tool set — then , of course , consider pricing and reputation . Additional topics to ask about include :
1 . Staffing : Ask to see staff bios . Look for security veterans who have experience with major cyberattacks . People matter as much , if not more , than the technology .
2 . Location : Are offices spread out to follow the sun , or does the vendor focus on a certain geographic region ? If you do business mainly in the U . S ., it doesn ’ t make sense to hire a firm out of Central Europe . As you grow , can they grow with you ?
3 . Tech Stack : Ask about their tech stack and how it was developed . Find out how many legacy SIEMs and service desk systems are supported . Do you need specific hardware , or is the service delivered ?
4 . White Labeling : Does the vendor have a reseller or direct sales model ? What marketing services do they provide to help you ?
5 . Compliance : Some vendors provide audits as part of the package , some charge extra , and still others will refer you to a third party . Find out which model the SOCaaS provides ( brownie points if the compliance audits are integrated with other tools you already use ).
Here Are Some Of The Key Components You Need To Create An MSSP Offering :
• Advanced endpoint security or endpoint detection and response
• Backup disaster recovery ( BDR ) device management
• Breach detection
• Dark web monitoring
• Enforced security policies
• Patch management , including third-party applications
• Remote monitoring and management ( RMM )
• Security awareness training ( SAT )
• Security operations center ( SOC )
• Security information event management ( SIEM )
• Two-factor authentication ( 2FA )
Another way to grow your MSP is to partner with an established managed SOC platform . As with any business relationship , take care in vetting the solution to make sure it can integrate with your offerings and fit in your environment .
Go Forth And Prosper
For MSPs who meet the above criteria and are ready to take on building or white labeling a SOC , there isn ’ t a better time to take on the mantle of an MSSP . The tools , processes , and demand are here to stay .
Becoming an MSSP , however , is not without added risk , nor is it for the faint of heart . As an MSSP , you are responsible for meeting any legal obligations , along with your clients ’ expectations . In addition , you must be willing to invest in acquiring the right tools and people and in standardizing your operations and procedures . If done right , however , the ROI can be huge . n
VOLUME 2 ISSUE 1 • MSPSUCCESSMAGAZINE . COM | 7