Q: We are finding it harder than ever to protect our customers with the security solutions we currently offer. Not only are they generating a lot of alerts, many of which turn out to be false positives once my team investigates, but when a threat is uncovered, we often find it’s been in the customer’s environment for days, which results in us needing to backtrack to ensure it hasn’t caused any damage or proliferated to other machines or moved beyond our perimeter.
This is taking up too much of my team’s time, and we must expand our security service offering to include detection and response. What is the best way for us to do this?
A: We have been hearing this more and more from our partners. You’re not alone in feeling as though you are playing a game of security whack-a-mole. For every threat patched or blocked, two more seem to pop up in its place. Our research shows that over the last 12 months, 74 percent of organizations suffered a ransomware attack at least once with 91 percent of cyberattacks stemming from an email attack. Offering preventive security service alone is no longer enough to protect businesses from today’s sophisticated cyber threats, detection and response services must be included for MSPs to be effective and efficient.
Partners have options
There are different options available for you to expand your services to include around-the-clock threat detection and response services. Some mature MSPs have crossed the line to become an MSSP. This means the addition of a Security Operations Center (SOC). However, setting a SOC is no easy feat. From acquiring tools such as Security Information and Event Management (SIEM) that can collect large amounts of event data, to building a team of security analysts and technicians 24/7/365 to identify, detect, triage, and respond to security threats. Additionally, MSPs will need to create procedures and processes, and gain a deep understanding of industry regulations and compliance.
This option is likely the costliest of the available options. Suppose a SOC analyst’s annual salary is approximately $100,000 a year. To fuel 24/7 SOC coverage, at least six employees are required. That’s $600,000/year just for staffing. Adding the cost of on-going training and tools they need to run a SOC such as SIEM, agents to collect data, and more, the annual cost to run a SOC is roughly $1 million/year.
The second is to outsource the 24/7/365 detection and response to a local MSSP. This option can be very helpful for MSPs looking to expand their security service offerings. However, MSPs must ensure they are still adding value on top of what the MSSP can offer. The last thing anyone wants is for the customer to reach out to the MSSP directly, bypassing the MSP.
Finally, MSPs can also partner with a trusted vendor with managed SIEM or managed eXtended detection and response (XDR) services that is backed by a team of SOC experts 24/7/365. By partnering with trusted vendor partners, MSPs can easily expand their security service offering, without burdening their existing resources, investing into costly infrastructure, or staffing for 24×7 coverage, tremendously reducing their TCO, while their customers will benefit from receiving a value-rich comprehensive security service offering.
Security is a journey and in order to secure and provide real value for customers in a volatile cyberthreat-landscape, today’s MSPs must expand their security service offering to include prevention, detection, and response. With the various options, it is important for MSPs to weigh which would work best for the health of your business and customers. While there’s no one-size fits all, by partnering with trusted vendor partners, MSPs can add this needed security services without having to expand their in-house resources to do it.
Photo: Jirsak / Shutterstock