Can MSPs add on Security?

MSPs add on Security

More companies than ever are looking into means to secure their IT infrastructure. A recent PWC survey noted that two thirds of the 1,409 CEOs the company surveyed see more threats overall today than three years ago. As a result, the world is also seeing an emergence in Managed Security Service Providers (MSSP) to help shepherd these companies to improve their security posture .

A question to ponder is if the emergence of MSSPs is eating into MSP’s share of the business. Are MSSPs a threat to MSP business models? Is there opportunity for MSPs to add managed security services to their portfolio? The answer is most definitively ‘yes’. MSPs can make the shift and become MSSPs. But first, let’s define what an MSSP is.


According to Gartner an MSSP is defined as the provider of outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.

And to some extent, MSPs provide a version of the MSSP service when they give their clients endpoint, wireless networking, gateway and NOC services. However, MSSPs also offer clients additional capabilities such as:

  • Security Analytics – MSSPs provide the analytics which ensure the integrity of a business’s data. These analytics create security measures of a company and determine how effective each process is. Furthermore, most SOC’s have multiple CISSP’s (Certified Information Security Systems Professional) as most are staffed 24/7/365.
  • Remediation Services – Once you have put the above pieces together, it is necessary to offer solutions for whatever issues may arise from the SOC, SIEM and/or analysts. Not only should your MSSP be alerting you of network security concerns, but also taking responsibility for remediation to allow you to continue to mitigate risk and take due diligence.
  • Constant Process Evolution – While the above bullets discuss the components and offerings of a MSSP, another key aspect of this entire offering is to keep up your systems and process, facilitating you to always stay as close to the mark as possible. These days the malware created by the Black Hats is more advanced than any prevention system, so it is critical to be able to detect when and if you’ve been compromised

Bridging the Security Gap

Some of the MSPs we have spoken to already offer a select subset of services offered by MSSPs, making them equipped to handle their clients’ security needs. And in some ways the issues of bridging the gap have a lot to do with branding. You could be offering your clients all the services that are currently being offered by MSSPs but you still might be calling yourself an MSP or a TSP without focusing on the Managed Security aspect of your business. If this is the case, a simple re branding effort might be in play.

If you do not offer some of these services, some changes to the products you use and the services you offer can assure your clients that your MSP can effectively handle their security needs. These changes can be a heavy investment based on the services and human capital you bring in. For example if you don’t have Security Analysts on your team then you might what to bring one on board. You might even think of brining on a consultant instead of a full team. Similarly setting up a SOC might require you to subscribe to technologies that aid you to monitor your client’s infrastructure.

The right tools are key to MSPs

A lot of MSPs are willing to invest in updating their services but still stick to traditional means of receiving their alerts rather than differentiating their MSP. This can lead to workflow bottlenecks and confusion. Many of the MSPs we spoke to mentioned how irked they were with their alerting. Some of the issues they faced were as follows:

  • High priority clients who had high expectation and needed issues resolved in a timely manner. These customers’ SLAs were often ignored and issues were dealt with a delay in response.
  • MSPs that used answering services to inform their team of a client’s critical incident ended up being frustrated at the answering service for delays on their end. Sometimes the answering service missed important alerts all together.
  • MSPs that had teams in multiple location often found their home-grown solutions lacking. Email and SMS primarily used to communicate with each other failed them if no one was monitoring their inbox. Collaborating on incidents were becoming next to impossible.

However, by having proper alerting engine and  tools, MSPs can take the important first steps towards transforming themselves into MSSPs.


MSPS can transform themselves into MSSPs. Moreover, MSPs should transform themselves given the growing need for what MSSPs provide. The addition of tools and human capital will be an investment but it will propel your business forward as there is a real demand for MSPs who can swiftly and efficiently handle security concerns. When making the transition to being an MSSP, updating your critical alerting is imperative.

Download our White Paper From MSP to MSSP to learn more.