Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
We are seeing a landslide in the cybersecurity market, with more and more Managed Security Service Providers (MSSPs) working as intermediaries between cybersecurity vendors and businesses in need of beefing up their security.
The global managed security services market was valued at approximately 23.2 billion U.S. dollars in 2021, according to Statista. Additionally, there is a growing need for MSSPs, and it is anticipated that the managed security services market would grow to 64.73 billion by 2026.
Increased enterprise use of cloud technologies and IoT devices as well as rising demand for reliable and affordable security services to monitor security incidents are some factors driving market expansion, says research by MarketsandMarkets.
The base of MSSPs’ services is formed by cybersecurity vendors. For such a business to be successful, it needs vendors that have performant technology, experts that can share knowledge, and proven methods. To deliver the finest services to their clients, MSSPs need to have a genuine relationship with their vendors.
For MSSPs to be successful, they require a strong network of cybersecurity vendors that can provide advanced, agile, reliable, and scalable technology along with expert knowledge. MSSPs that have close relationships with their vendors are able to provide better services and increase customer retention.
I will share my thoughts and experiences, as we, at Heimdal®, continue to build strong partnerships with the MSSP community.
A Managed Security Service Provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.
The Managed Security Service Providers (MSSPs) Landscape
You may remember the roots of MSSPs, in the 1990s, when Internet Service Providers (ISPs) offered firewall appliances, and also manage those security solutions if the user wished so. But since then, as cyberthreats evolved, so did the users’ need for security.
Now, MSSPs can cover the entire attack surface and shelter clients from the newest and most aggressive cyber threats.
Companies work with MSSPs for a variety of reasons:
- Filling vacant roles in the IT team without the challenge of finding and training staff (there are 3.5 million unfilled IT positions in 2023 due to the cyber skills shortage, according to Cybercrime Magazine, and the trend will remain the same through at least 2025);
- Access to security experts whenever it’s necessary (for incidents or managing security tools);
- A 24/7 SOC team that continuously detects and responds to potential cyberattacks;
- Reaching cybersecurity maturity faster with fewer resources;
- A reasonable cost for robust cybersecurity solutions compared to building and maintaining an in-house security team;
- Helping with compliance in the cybersecurity sector and following best-practice frameworks.
For the smoothest MSSP experience, I noticed service providers focus on fully understanding the clients’ security needs and appointing responsibility. Understanding a company’s operations leads to a personalized approach to cybersecurity for each customer. Furthermore, dividing clearly all roles and responsibilities between provider and client from the beginning eliminates ambiguities and delays in risk mitigation.
Type of Managed Security Service Providers (MSSPs)
The MSSP market is well-developed, and vendors fall into the following categories:
Network security service providers – they focus on managing security software for networks using services like remote monitoring. Orange is such a provider, for example.
Pure-play security service providers – they concentrate on particular industry sectors, legal needs, or analytical services. This type of MSSP offers end-to-end security services (threat detection, security monitoring, device management, and incident response management capabilities).
IT outsourcers – besides managed security services, these providers also offer basic features related to system configuration, security monitoring, and updates (Capgemini, Atos).
Security consultants – an emerging category on the market, they offer ongoing security consultation to the clients, not just project-based services. Companies like Deloitte or Ernst and Young carry out risk analyses and offer suggestions for security measures that companies should implement.
Services Offered by MSSPs
Managed Security services fall under six main types, including:
On-site consulting – an MSSP can conduct a detailed security assessment or audit of a company’s network. The goal is to identify any gaps or vulnerabilities and provide recommended actions to help the organization address them. This may even be an exercise in risk manage to uncover the risks that need to be considered.
Perimeter management – making sure that the organization’s network perimeter is adequate and that all the devices inside it are effectively protected is a crucial component of an MSSP’s role. This is super important with the trends of BYOD.
Trading items – MSSP can resell hardware, software, and services. In addition to performing security audits and penetration tests for the devices, the reseller might also offer technical assistance for them.
Security monitoring – the normal day-to-day monitoring of security events such as user logins and permission modifications, as well as the investigation of such system events across the network, are all part of managed security monitoring.
Vulnerability analysis & penetration testing – penetration testing and vulnerability assessments are both meant to discover weak spots in a company’s security system. MSSPs use them to take their clients’ security to the next level.
Compliance – the process of achieving and demonstrating compliance with policies and procedures for data security is known as compliance monitoring. Managed Security Service Providers usually do this ensuring that appropriate technical and organizational controls are in place and well documented, ready for auditors.
The Vendor – MSSP Relationship
In order to be profitable, and provide high-quality services whilst managing growth, Managed Security Service Providers (MSSPs) must make strategic judgments when selecting vendors. In other words, MSSPs should consider both the security requirements of their clients and their own commercial goals.
The Products
Starting with the product market angle: MSSPs should select vendors based on their ability to deliver the services required by their clients at a standard that exceeds expectations. Service providers should understand the region they operate in, the needs of the clients, and so on. The cybersecurity vendor’s part is to deliver strong products that meet the changing needs of their clients and allow them to scale as needed
The competitive advantage is incredibly important. Vendors need to articulate why to be chosen by an MSSP – like offering multiple products under one umbrella that will lead to cost savings, consolidating technology, etc. Competitive products will also make service provider partners competitive in the market. That is why we work very closely with MSSPs like Brigantia in the U.K. to offer very tailored products so they can then attract new customers.
We partnered with Heimdal as their UK distributor in 2016 and since then both companies have grown together at a phenomenal rate. A key reason for this is that we made a joint decision to create an in-house products team here at Brigantia who specialise in the Heimdal product. This has allowed us to provide a value-added service to our MSSPs which differs from a traditional distribution model. In turn, this allowed us to succeed and grow our products team further which is in part thanks to the enablement provided by Heimdal channel team. From a product perspective, Heimdal offers a truly unified approach to security with the option to take individual modules ad hoc, this means we can offer flexibility to our clients. With the recent addition of Heimdal’s Threat Hunting and Action Centre, we have seen a drive from MSPs to consolidate their security stack under the Heimdal banner, making it easier to manage and respond to threats.
Iain Shaw, Managing Director at Brigantia Partners Ltd
Our partner understands the challenges and the opportunities for MSSPs in the market and they give us valuable feedback. In today’s technology landscape, incorporating customer feedback into the product roadmap is not just a nice-to-have, but a strategic imperative. As a CEO, I firmly believe that a customer-centric approach is the key to success in product development. By actively listening to our customers (and the MSSPs who also provide these insights) and integrating their feedback into our roadmap, we ensure that our products align with the market needs and client expectations.
This approach not only enhances customer satisfaction but also provides us with valuable insights that mitigate risks and validate our assumptions. By prioritizing customer feedback, we differentiate ourselves in the market, foster collaboration and engagement, and ultimately build products that deliver true value to our customers. It’s about putting the customer at the center of our innovation journey and creating a strong foundation for long-term success in today’s competitive landscape.
One recent example links with the moment when we launched the Threat-hunting and Action Center. We offered MSSPs the opportunity to trial the solution prior to its launch. They were able to use it, experiment with it, and provide feedback on how it can be even further enhanced. It was great validation and an extremely exciting venture for us, given the nature of the solution. Furthermore, we plan to release Mac patch features, another thing required by the MSSP market.
Synergy and Customer Service
While MSSPs frequently concentrate on technological capabilities for cybersecurity, they should keep in mind that clients also want their services, not simply their products. It’s a common mistake to see the relationship with a vendor as only a transactional exchange. The expertise of the cybersecurity provider can be included, and MSSPs can create a partnership that encourages sustained economic success.
The relationship shouldn’t end once products are purchased – in fact, this is actually just the beginning (if you are looking for a fruitful long-term relationship). The two entities have to work very closely to make sure that everything works as intended. To help MSSPs provide the best-of-breed security services to their clients, vendors should actively participate in the sales lifecycle, in technology conversations, proof-of-concept, trials, and deployment. So, customer service and synergy are very important.
Vendors become essential to all customer deployments by offering best practices and consistent security standards. MSSPs can gain confidence in purchasing from approved and accredited vendors and safely deploying technology to customers by verifying cybersecurity certifications, adhering to recognized security frameworks, and conducting risk assessments to demonstrate compliance and ensure vendor credibility.
The Business’s Revenue
On the other hand, vendors need to comprehend the MSSP equation’s services component. While security is a small component of the larger business models of MSP clients, it is the foundation of the industry for MSSPs.
Vendors need to demonstrate credible ROI because, MSSPs will want to analyze commercial benefits such as: how using a certain product or vendor saves time, as well as to look into their teams’ output and efficiency, client satisfaction, and retention levels. They will require stable services and wish to reduce downtime. That is why, in our products, at Heimdal, we integrate an auto calculator that shows how much a task would take if it’s made manually, versus our automated solution. Suppliers should coordinate their technological offerings with MSSP business and revenue goals to enable rapid business turnaround and time to revenue.
Aside from technology offerings, an all-encompassing cybersecurity program also takes knowledgeable staff and optimized processes into account. The services and products that MSSPs offer are built on the partnerships they have with vendors who provide best-in-class technologies, support, and tried-and-true processes.
A Vendor’s Point of View on MSSPs Trends
Small and medium-sized businesses have grown increasingly conscious of the risk of cybercrime in recent years, and they have come to terms with the fact that they lack the expertise to address this issue internally. As a result, not only large corporations look for a good MSSP partner anymore, and there has been an increase in demand for the service of reputable MSSPs.
In my opinion, the MSSP market is poised to further expand and overtake other security vendor markets; therefore, we must develop our business models to serve this channel by offering integrated and integratable solutions, flexible delivery, and scalability – whilst allowing room for profitability.
As MSSPs must adapt to changing customer needs, they buy a wide variety of solutions and this brings us on to the need for unified cybersecurity solutions. This allows them to provide the same services but with fewer vendors – meaning day-to-day operations are smoother and more efficient. This shift allows them not only to accomplish their objectives of gaining new clients and broadening their reach, but they can choose to easily introduce additional services, like XDR, when customer demands change.
Integrated or unified platforms offer service providers multiple advantages: lower operational expenses per customer that result in boosted profitability, managing the relationship with just one vendor for multiple solutions, and there is no need to hire and train more people to handle all the different security solutions.
In the current environment, you can look at the success of an MSSP from a number of angles. First of all, of course, is the technical side – they must provide a robust security stack with multiple layers to protect their clients from the continued growing risk of a breach. Secondly, they need to provide a compelling commercial value to their clients on the back of that stack, they need to be communicating with the clients and ensuring they add maximum value – and trust!
Alan Case, Head of Global Channel at Heimdal
As CEO, I see so many MSPs and Distributors that are entrenched in how they were operating with IT 2-3 years ago, and then, opposite to that, I see the more visionary MSSPs that are expanding their scope of business with or without the vendor product set.
A lot of MSPs, MSSPs still rely on RMM / PSA tools for much of the operation, but that puts a limit on their ability to grow rapidly, because RMM / PSA tools provide an extremely limited and IT management centric feature set. But the world is so much more than that today. I don’t think anyone is in doubt that the Cybersecurity market offers much greater growth potential than the IT management market standalone.
Yet so many are stuck, unwilling to explore the additional commercial opportunities in cybersecurity, or afraid to. It’s almost like looking at Kodak and how they got stuck in the past. Or how Volkswagen, and BMW, struggled to keep up with Tesla. And being a proud BMW owner that really hurts…
The same example stands in the IT market. Some MSSPs are struggling to re-invent themselves others are moving at a ferocious pace, capturing new market share.
The best example is one of our great new partners SP Partners in the US. SP Partners has embraced the fact that the Heimdal suite, being the widest in the market and highly competitive in a multitude of areas, can offer loads of incremental revenue streams, that can be explored. As a result, they take technology and wrap their own services around it to create a mind-blowing and superior offering for their partners to repackage and resell.
Heimdal is really tailored to MSPs to convert them to MSSPs almost overnight or for MSSPs to integrate into their stack to transform the efficiency of their operations.
Also, in the past few years, MSSPs have been a target for cybercriminals as well. For threat actors, it’s like breaking into a bank: a breach into a service provider’s system means immediate access to numerous companies’ data. This led to a trend of upgrading security measures for MSSP, so they have robust security and measures like the Zero Trust protocol in place. Furthermore, they installed segregation measures and solutions that can protect every customer separately. All these are necessary in case of an attack so the impact will not spread from client to client.
Conclusion
In summary, businesses use MSSPs to leverage their expertise, cost-effectiveness, 24/7 security monitoring, enhanced security posture, focus on core competencies, access to advanced technologies, scalability, and flexibility.
Partnering with an MSSP allows organizations to strengthen their security capabilities, reduce risk, and effectively address the ever-evolving cybersecurity landscape.
In a competitive market, the right vendors, that can offer a competitive advantage beyond the integrated and flexible security products, can make a difference in building successful short- and long-term business strategies. This is a market that will grow over the coming years and truly shape the way security is approached.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Morten Kjaersgaard is the visionary CEO of Denmark-based Heimdal®, an AI-powered cybersecurity leader with a global reach, safeguarding 15,000 businesses from 260+ million cyberattacks. With a Corporate Marketing background, Morten bridges cybersecurity intricacies with business goals. He's a cybersecurity advocate, event speaker, and insightful blog contributor. Morten uniquely translates technicalities into actionable insights, a valuable asset in the digital landscape. His presentations blend cybersecurity expertise, real-world business engagement, and data-driven insights, inspiring innovative strategies. Morten doesn't settle for the status quo, pushing organizations to embrace bold, revolutionary approaches. Connect with him on LinkedIn for more.
