Learn the keys to profitability using technology tools in your managed security offering. For those in the MSP space looking to expand their service to include security, it’s important to understand that technology tools are central to an effective and profitable security practice.
Building Profitable Security Practice Leveraging Technology Tools and Strategies
In this article, you’ll read about identifying and responding to security threats with five key technology tools types used for:
- Asset Management
- Security Information & Event Management (SIEM)
- Vulnerability Assessment
- Intrusion Detection System (IDS)
- Behavioral Analysis
Overview
Many MSPs are looking to expand their businesses into the IT security space to address their existing and potential clients’ concerns. Adding a security practice to an MSP’s portfolio of services can be profitable if the right steps are taken to build the offering.
- Technology tools are central to an effective and profitable security practice.
- Small and medium-sized customers are ideal for MSPs that are just starting in the security business.
- Profit and growth come from starting slow and expanding the security offering strategically.
Context
Discussed the tools and strategies MSPs can use to add a profitable IT security offering to their business.
Key Takeaways
Technology tools are central to an effective and profitable security practice.
With the right tools in hand, MSPs can extend existing managed services offerings to include security. The five technology tool types that can be used to identify and respond to security threats, regardless of the customer type, size, need, or environment, are:
Asset Management provides information on what devices and installed software are on the network at any time. Features include:
- Scheduled asset discovery
- Software inventory
- Asset grouping, both manual and dynamic
- Passive network scanning
- Tagging
Vulnerability Assessment finds potential security holes by scanning the IT environment. Features include:
- Port scanner, such as network mapper (NMAP)
- A network vulnerability scanner, such as OpenVAS
- Network vulnerability threat (NVT) feed
- Scheduler
- Reporting, including expert vulnerability intelligence and possible remediation
- Ticketing
Intrusion Detection System (IDS) detects threats to the environment. Features include:
- Network IDS, such as Suricata, Bro, or tools built into next-generation firewalls; requires access to the network layer to offer internal real-time threat detection
- Host IDS—such as OSSEC (an open-source host IDS security tool) —provides file integrity monitoring and operating system level information, but requires client management
- Cloud IDS
- Threat intelligence
Behavioral Analysis analyzes contextual information to find potential vulnerabilities. Features include:
- Volumetric data analysis, like network flow (Netflow) and sampled flow (sFlow)
- Service availability monitoring, such as Nagios
- User and entity behavior analytics (UEBA)
- Network-based anomaly detection (NBAD)
Security Information & Event Management (SIEM) gathers, normalizes, and parses logs. Threat intelligence integrated into a SIEM, such as with AlienVault unified security management (USM), can be used with these logs to identify threats. Features include:
- Aggregation and normalization of log data
- Correlation
- Forensic analysis
- Log retention
- Alerting
- Reporting
Small and medium-sized customers are ideal for MSPs that are just starting in the security business.
Organizations of all sizes need security to protect their businesses. But unlike the enterprise market, which is saturated with both service providers and in-house security teams, businesses in the small and medium-sized space are looking for affordable, comprehensive security solutions.
Other attributes of ideal target customers for MSPs moving into security include:
- Handles personally identifiable information (PII), including payment data and personal health information.
- Adheres to regulatory compliance, such as PCI, HIPAA, and SOX regulations.
- Has limited or no security staff and cannot proactively monitor and resolve potential security problems. This can include startups, which may plan to have a comprehensive IT team and security staff in the future, but don’t have the resources to hire them at the outset.
- Maybe an MSP. Offering white-labeled services through another MSP is common in the security industry so that MSPs can offer top-of-the-line solutions to clients.
Profit and growth come from starting slow and expanding the security offering strategically.
MSPs moving into the security space should start slow and focus on their existing customers before expanding to multiple offerings and options. Begin with one or two services and add on to them to meet customer requests.
The best way to get a foot in the door with potential security clients is to offer a free or reduced-price consultation, such as penetration testing, a compliance assessment, or a health test. This allows the MSP to show the benefits it brings to the business and opens the door further to a discussion around the managed security services available.
Existing customers are also a good starting place for MSPs adding security to their offerings. These customers are usually the most open to trying new services from their existing MSP and are often the most forgiving when bugs and other bumps in implementation occur.
Because customers are different with different needs, a multi-tiered and multi-priced approach is ideal. The example below shows a basic, intermediate, and premium security offering, which enables customers to choose the right fit for their business and scale as their needs grow.
Pricing new security services are often challenging, especially since the offerings are not one-size-fits-all. MSPs should look at what others in the industry are charging, and the price at a competitive rate. They need to be careful not to undervalue the service; protection from threats can save organizations thousands and even millions of dollars, and can even prevent organizations from going out of business after a security breach.
Source: AlienVault
