Shifts in the current cybersecurity service provider market somewhat resemble an episode of the infamous game show Wheel of Fortune, where contestants purchase letters to capitalize and prosper on the show.
We’ve seen Managed Service Providers (MSPs) “buy an S”, or invest heavily in their businesses in order to become a Managed Security Service Provider (MSSP). Similarly, current MSSPs are seeking to deliver more Managed Detection and Response (MDR) type services, or they want to “buy an R”. The goal here is a paradigm shift away from deliverables consisting primarily of alerts and the standard services of log monitoring and log management to more differentiated, proactive services focused on a defensive strategy with an actual Response to threats.
These shifts are driven by customer demand and is a consistent trend across all industries. Whether it be public or private sector, regardless of size, security teams are seeking to enlist the support of some sort of service provider. There are a couple of root causes behind this trend. First, they are challenged to actually apply their threat intelligence to defense tactics. Secondly, the inability to keep up with the logging and alerts that come from skyrocketing volumes of global IP traffic.
The stakes are high. Customers seem willing to pay increasing monthly fees for differentiated services that deliver results and add measurable value. They stand to benefit greatly from increasing the overall cybersecurity posture and the chance to avoid hiring costly analyst resources. On the other side of the equation, in order for service providers to provide these services profitably and ensure the new service revenues are sticky, there is a real need for enabling technologies to support deploying these services at scale.
Challenges facing MSPs buying an “S”
The MSP wishing to move to MSSP needs to build client trust and demonstrate real value with a client that may not want to turn over complete control of the tools in the traditional security stack (firewall, IDS/IPS, SIEM). Furthermore, the MSP now shifting to MSSP needs to be aware of the increasing demand for response related services. So, they may be actually seeking to buy both an “S” and an “R”. The MSP that shifts to MSSP just to get into the business of delivering alerts and standard services may not see the desired results in security related revenues. That time has come and gone.
Why should MSSPs look to buy the “R” of MDR?
Historically, the suite of security services provided by a MSSP can be generalized as 24/7 monitoring services or “looking for anomalies”. This presents a challenge when an overwhelming number of the findings are turned over for the client to enact upon. One of the reasons the client hired the MSSP in the first place was most likely because they were understaffed and unable to keep up. MSSPs need to be able to respond to threats for their clients, alleviating some of their client’s challenge.
The Answer: Buy a “P” (a service enabling Platform)
Service providers seeking to build or enhance cybersecurity capabilities in a manner that scales, builds client trust, and maintains a reasonable profit margin requires an enabling technology platform. Leveraging a uniform approach powered by a platform that provides differentiated services across the entire client base strengthens the overall cybersecurity posture of clients. It also delivers the response-oriented, differentiated deliverables customers have come to expect and solidifies partner positioning as the trusted partner of choice.
The PacketViper Threat Defense Platform for MSSPs
PacketViper provides a threat defense platform featuring deception, intelligence and defense that allows MSSPs to build client trust. It addresses the complexity of proactive cybersecurity with practical, affordable solutions that quickly demonstrate measurable value. PacketViper helps MSSPs demonstrate value quickly with the following high-value, differentiated cybersecurity capabilities:
- Geo-targeted deception
- Masking of perimeter firewalls
- Organic threat intelligence
- Dynamic defensive perimeter which automatically applies and recycles intelligence
- Reduction of IP traffic, logs, alerts and costs per account
- Advanced analytics reporting
- Competitive pricing and superior services