Contents:
The last few years have seen a profound shift in the IT managed services market. Today, there is increasing customer demand for managed services providers (MSPs) and managed security services providers (MSSPs) to demonstrate their security and compliance credentials.
To stay competitive, MSPs and MSSPs of all shapes and sizes have to demonstrate that they can satisfy this market demand for more robust and compliant security solutions. But you also need to do that in a way that’s sustainable and profitable for your business.
Easier said than done, you might say. With the right technology, it doesn’t have to be – which is where the right SOC product comes in. But first, let’s take a moment to understand more about the challenge ahead for today’s IT managed services industry.
Key Takeaways
- With the increase in customer demand for cybersecurity services, many MSPs are making the transition to MSSPs. MSPs must respond to market pressure, and reassure clients they can service their security and compliance requirements.
- When not on premises, a Security Operations Center (SOC) can be outsourced by MSSPs as part of their managed security services.
- A Managed SOC tool integrates SOC technology with added services. These services typically include 24/7 remote monitoring, incident response, automated patch management, access to advanced threat intelligence, and various tools for automating reporting and compliance.
- Managing multiple security tools can create confusion, increase costs, and weaken security due to siloed information. The solution is to use consolidated SOC tools, like XDR, which bring all your data (e.g., patches, threats, access control) into one dashboard. This not only simplifies operations but also enhances security by allowing tools to work together seamlessly.
- Transitioning from an MSP to an MSSP can create the need to manage business processes (with PSA tools) and security operations (with XDR/SOC tools) separately. To avoid this, find a security platform that integrates with your existing PSA, simplifying workflows and improving efficiency.
The MSSP Market Is Changing
The continuous adoption of cloud, continuous hybrid workforce, rapid emergence and use of generative AI (GenAI), and the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their security and risk management spending.
Shailendra Upadhyay, Senior Research Principal at Gartner
In the last five years, the security and MSP market has changed more profoundly than at any point. At the risk of oversimplifying, we can sum up the developments like this:
- The widespread move to remove working in 2020 created an opportunity for hackers to target businesses as they quickly implemented new cloud-based solutions. In 2020, some 60% of organizations said that accelerated cloud adoption or migration led to an investment in managed security services.
- In the years since, cloud-first technology, work from anywhere, and even bring-your-own-device policies have increasingly become the default setting. This requires a fundamentally different approach to cybersecurity.
- At the same time, the world has undergone a data protection revolution in the last decade. According to Gartner, 75% of the world’s population will be covered by modern privacy regulations by 2025. The list of compliance obligations for organizations is only growing.
- With AI becoming more prevalent, businesses are having to prepare the ground for increasing regulatory requirements in this space as well – though many of these have yet to emerge.
Privacy remains a top organizational priority as regulations that impact the processing of personal data continue to emerge, including those related to the use of AI.
All of these factors have combined to create a perfect storm of increasing demand for cybersecurity services. And in 2024, this trend doesn’t seem to be going anywhere.
In fact, spending on IT security services is forecast to represent 42% of global security and risk management spending this year – an increase of 11% from 2023.
The increased consumer demand has created a chain reaction. Now, smaller players have started offering security services for the first time, and medium-sized MSSPs now offer technology and support that was once confined to enterprises.
Read more: Cyber Stressed! Top 3 MSP Cybersecurity Challenges [And How to Fix Them]
For MSPs, that means many are making the transition to becoming MSSPs. For more established security providers, it means continued investment in new products and services that can respond to your customer’s growing security needs.
So here’s the challenge that MSPs are facing: Respond to market pressure, reassure clients that you can service their security and compliance requirements, and do all of this in a way that’s both cost-effective and sustainable for your own business.
All Roads Lead to SOC
Whether you’re adding security services for the first time or expanding an existing offering, there’s a good chance you’re going to end up considering a SOC sooner or later.
A Security Operations Center (SOC) is an in-house or outsourced team of cybersecurity professionals that monitor non-stop the entire IT infrastructure of an organization.
They’re responsible for detecting, analyzing and responding to cybersecurity incidents in real-time.
When not on premises, a SOC can be outsourced by an MSSP as part of its managed security services. The main benefit of it? It unified and coordinates the entire security system of an organization, including its security tools.
For a SOC to be effective, it also needs to be equipped with tools tailored to support them in achieving their objective.
Here are some of the main features you can expect to find in a SOC tool:
- Threat detection and intelligence;
- Incident response;
- Collection and real-time analysis of .log files;
- Compliance reporting;
- Automated policies, responses, and reporting processes;
Together, these tools let MSSPs offer a wide suite of security services to your own customers, while making it easier for you to run your own vital business processes.
One important thing to note: You may sometimes see SOC products referred to as ‘XDR’, or extended detection and response, like we do at Heimdal®.
This generally occurs when the standard SOC feature-set is integrated into a wider security platform, including additional features like privileged access management, endpoint detection and response, DNS monitoring, and vulnerability management. More on this below.
Read more: What Is XDR (Extended Detection and Response)? Features, Benefits, and Beyond
Managed SOC vs. SOC: Which Is the Best Choice for Your Business?
If you’re an MSP or MSSP looking to build a SOC, there are essentially two options available to you:
- Managed SOC: This combines the underlying technology of a SOC with an additional managed service component. This generally includes services like 24/7 remote monitoring and incident response, automated patch management, access to advanced threat intelligence, and a range of tools to help automate reporting and compliance. Managed SOC services are often included within wider MDR or MXDR packages.
- SOC-only: As the name suggests, this involves buying licenses for SOC software without an additional managed service. This is generally better suited to larger MSSPs who have the experience and resources to provide 24/7 monitoring and response.
One of the first choices you’ll have to make is whether you need a managed component. While the SOC-only option is better for some businesses, it’s generally easier and more cost-effective to go for the managed approach. Here are the main reasons why:
- Less upfront investment – Building your own team comes with a significant upfront cost. This includes the recruitment costs of the various security experts involved, as well as the time and cost of implementing the technology and infrastructure they’ll be using.
- Scalability – Managed customers are generally charged based on the number of devices or users being supported. This means your costs can grow in line with your customer base. Crucially, it also means you can onboard new clients quicker and offer more predictable pricing, since your own costs are equally spread out.
- 24/7 coverage – MSOC services come with 24/7 monitoring and support. This can significantly reduce costs for your organization, since you’d need a full in-house team working shifts to get the same level of coverage.
- Expertise – Assembling a team of skilled security specialists can be difficult, time-consuming, and expensive. With a managed service, you get access to this same quality of support without having to build the team yourself.
Of course, there are occasions where it’s more sensible to build your own in-house managed SOC team. Generally, this is going to be reserved for the biggest MSSPs in the market. Building your own team lets you decide which tools, processes, and methodologies you’re going to use to manage and respond to threats.
This can be useful if your clients have particularly complex or specialized IT environments. If you’re targeting large businesses or enterprises, you may also find that an in-house managed team is a non-negotiable requirement.
That being said, if these factors apply to you, there’s a good chance you already know about it. Otherwise, the managed option is almost certainly more sensible, for the reasons I outlined above.
3 Key Considerations When Choosing Your Managed SOC Provider
While there are many great SOC products on the market, not every option is the same. In fact, there are a number of important considerations you’ll need to make in order to choose a product that both services your clients and delivers a sustainable business model for you.
Here are three of the most important points to bear in mind:
1. Consolidation Is Key
Most security products are designed to do one thing well. Very few can claim to offer a complete cybersecurity suite in one product. This often leads MSPs and MSSPs to combine multiple products and subscriptions together to offer a wider suite of services to customers.
This is an issue for several reasons. First, the most obvious: more products create more confusion and costs for you and your customers. It also makes it difficult to expand your services, since every time you try to do so, you’ll have to add another product to the list.
This limits your upsell opportunities and ties you into a self-defeating spiral of ever-increasing complexity.
But it’s not just about making things easier – it’s also about better security, because hackers don’t operate in silos. If you’re using separate tools to manage (e.g. privileged access and endpoint threat detection) you’re going to have a weaker response if those tools can’t share information with each other.
The fact that an endpoint is infected with malware and behind on its patches should be a pretty important consideration when deciding if its user should be given access to sensitive files and assets. The more silos you have, the weaker the overall response.
The best SOC tools on the market, therefore, come as part of a wider package – usually called XDR. These products let you consolidate data about patches, real-time threats, privileged access, DNS threats, and more into a single dashboard.
This offers you and your customers the most straightforward business model while also providing the best security available.
Read more: Less Is More: Why MSPs Are Moving to the Cybersecurity Platform Model
2. Defaulting to Microsoft Isn’t Always Best
When MSPs first start to explore offering security services, Microsoft is often the default setting for the tech you’re going to use to support it. This is for the very sensible reason that you’re probably already using Microsoft tech, and if so, you’ve almost certainly got some basic security functionality in your existing license.
On the surface, therefore, going for a Microsoft-first approach can seem like the most straightforward choice. But for many reasons, this approach can be fraught with risk.
First and foremost, Microsoft services can be much more expensive than other options in the market. As soon as you upgrade to Business Premium, you’re going to find your costs quickly rising.
To get access to a SOC service, you’ll also need a license for Microsoft Defender.
The confusing array of different packages, licenses, and add-ons here can make it uniquely difficult to understand and predict your costs.
As well as this, Microsoft doesn’t offer a single consolidated security platform. This makes it uniquely expensive and confusing to offer the full range of services you need to stay competitive.
3. How to Make Your PSA Talk to Your XDR
If you’re an MSP that’s making (or recently made) a transition to an MSSP model, there’s a good chance you’re using a professional services automation (PSA) platform like AutoTask or ConnectWise as the basis for your business operations.
These platforms are designed to automate, scale, and manage traditional MSP business processes.
But there’s one catch: they aren’t security tools. If you’re looking to offer security monitoring and support, you’ll need a separate SOC or XDR product for all the reasons I described above.
This risks creating one platform to manage your business operations and another entirely for security.
The market is now moving to consolidate these products and many security providers now render their PSA predecessors redundant by incorporating their functionality into their own products.
But these processes take time and many MSPs will be wary of overhauling core business processes at the same time as implementing a SOC.
In this case, the best approach is to find a security platform that integrates with whichever PSA tool you’re already using.
This will avoid cumbersome processes like using your security platform to install patches and then switching to the PSA to build your automated patching reports.
Read more: Autotask PSA: Maximize Your RMM Capabilities with Heimdal’s Seamless Integration and Automated Ticketing.
Heimdal®’s Unified Security Platform: SOC Is Just the Start
As I’ve mentioned elsewhere in this piece, getting the widest possible security platform is by far the best deal for you and your customers. That’s why we built Heimdal® XDR. The goal is to create a single one-stop-shop for all of your cybersecurity needs.
That includes all of the SOC functionality I’ve described in this article, and a whole range of other cybersecurity tools and features, including:
- Network security: Protect internet and other network connections through DNS security and cloud ransomware protection.
- Endpoint security: Monitor, detect, and protect end-user devices through next-gen antivirus, firewalls, mobile device management, and ransomware encryption protection.
- Vulnerability management: Automatically install patches and build reports using our patch and asset management tools.
- Privileged access management: Manage privileged accounts and credentials through privileged elevation and delegation management (PEDM), privileged account and session management (PASM), and application control.
- Email & collaboration security: Guard against phishing attempts and other email-based threats with email security and email fraud prevention.
- Threat hunting: Monitor and respond to real-time threats through a single unified threat hunting and action center.
- Unified endpoint management: Manage remote and distributed devices via a remote desktop and BitLocker management.
The Heimdal® XDR platform is by far the widest and most comprehensive security product in the market. This makes it uniquely valuable for MSPs and MSSPs looking to upgrade their security offering while keeping costs and complexity low.
We’ve also recently announced integrations with PSA tools like AutoTask and ConnectWise. This gives you the tools to combine security monitoring with business operations to create an integrated home for all your business and technology needs. If you want to get started, request your custom pricing plan today.