Managed Security Services

3 Ways for MSPs to Add Cybersecurity Services

The distinction between MSPs and MSSPs will be gone in a few years' time.

This is a statement I’ve heard more than once recently from MSPs, from MSSPs, and from vendors.

That’s because MSPs are building up their security stacks. Some of them are being dragged into the cybersecurity market by their customers who need to the services in order to get cybersecurity insurance.

One cyberinsurance provider told me recently that in some cases, insurance companies are going to their small and medium sized business customers with a list of insurance company recommended and approved MSPs. They are telling these end customers that if their current MSP doesn't offer a minimum set of cybersecurity services they need to get a new MSP from the approved list if they want to get insurance.

Other MSPs are more proactive and recognize that they can augment their stacks, deliver additional services, and ultimately increase pricing to build their businesses by delivering cybersecurity services to end customers.

How to Add Full Cybersecurity Services to Your MSP Stack

There are different ways MSPs can get to the point where they are offering a full set of cybersecurity services to end customers.

  • They can work with their existing MSP vendors -- many of the MSP platform provider companies such as ConnectWise, Kaseya and N-able have added security services to their own stacks and acquired security vendors to do so.
  • They can work with MSSPs. There are plenty of partnerships that have been forged between MSPs, who have the customer relationship, and MSSPs who provide the cybersecurity expertise and technology to protect the MSPs’ end customers and enable that MSPs end customers to obtain the cybersecurity insurance they need. In many cases, MSPs may find that they get the most complete stack through these partnerships.
  • They can work with cybersecurity vendors. There are a number of them who are targeting the MSP space as well as the MSSP space. Some say they have all the components that MSPs need to provide cybersecurity services to end customers

Benefits and Downsides of MSP Cybersecurity Options

Managing multiple cybersecurity vendors to get the functionality needed is probably beyond what many smaller MSPs want to do right now. There’s a lot to know – MDR, EDR, SIEM, threat hunting, incident response, compliance, and more.  MSPs are already juggling any number of vendors just to provide IT services to end customers. Do they really want to add another 6 to 10 vendors to that list? If there is a vendor can provide the full range of services, through their own stack or partnerships, that may prove to be an attractive option for smaller MSPs at the beginning of their cybersecurity stack journeys.

But what about getting cybersecurity services via your RMM/PSA platform provider. After all, ConnectWise, Kaseya, and N-able have all put stakes in the ground, acquiring cybersecurity vendors and incorporating their technology into the stack. There’s something appealing about having a one-stop-shop for the whole tech stack. It seems like an easy option in a tech area that can seem overwhelming. But is it really the best decision?

It really depends on how complete that RMM/PSA platform vendor’s stack is and how committed the RMM/PSA platform provider is to keeping the stack complete, up-to-date, and fully staffing the service.

Does that stack include a full SIEM solution? Does the MSP get threat hunting or incident response guidance? Do you have time to keep track of what your RMM/PSA platform provider is offering in terms of the security stack? If not, will you only find out about that when there’s an incident? While this could look like an attractive option, you still need to pay attention to what is offered and how it's updated. Again, it may be a good entry level option for MSPs.

The MSSP Option

Another attractive option for many MSPs is a partnership with an MSSP who specializes in the cybersecurity stack. These providers are constantly managing their stacks to provide the full breadth of services required by insurance providers and end customers. You can negotiate a partnership where you are the front line to the customer. If there’s an incident, sure, your customer will need to work with the MSSP, too. But you are the one who brought in that relationship because you are the trusted advisor.

If you are looking for a great MSSP to partner with on your cybersecurity, the first place to check is our list of MSSPs compiled by our affiliate site, MSSP Alert. Here's the page for the list of Top 250 MSSPs. Right now you will see our 2022 list at the top, but in a few weeks we will be releasing the updated 2023 list of the Top 250 MSSPs.

Got another opinion about what the best choice is? I’d love to hear about what you decided to do with your security stack. Please let me know at [email protected]

Jessica C. Davis

Jessica C. Davis is editorial director of CyberRisk Alliance’s channel brands, MSSP Alert, MSSP Alert Live, and ChannelE2E. She has spent a career as a journalist and editor covering the intersection of business and technology including chips, software, the cloud, AI, and cybersecurity. She previously served as editor in chief of Channel Insider and later of MSP Mentor where she was one of the original editors running the MSP 501.