MSPs: How to Add Value to SMBs with Managed Security Services
2016 has already been a banner year for malware, and for ransomware in particular. The first quarter alone saw a 3500% increase in new ransomware domains. And while in 2015, a whopping $325 million was paid out to ransomware attackers, experts say that number will be even higher this year. Ransomware is now officially the biggest money-maker for cybercriminals in history. The bottom line: these types of attacks are real threats we’re dealing with today, and they’re becoming an increasingly large problem for small businesses in particular. Managed security services are a big way MSPs can help them fight back.
When it comes to defense, many small businesses (especially those with less than 100 employees) are highly vulnerable. That’s because they don’t have the big bucks to shell out on protection software or in-house expertise to deal with these threats. Businesses with just a few employees are often largely left open to attacks, which is why they’ve become such a hot target.
In light of all this, more and more small businesses are turning to managed service providers to get help preventing, addressing, and cleaning up after cyberattacks.
But herein lies the problem: As an MSP, you already have a lot on your plate. You need to figure out how to drive margins for your business by choosing the right products and services to offer your customers. And for managed service providers who don’t already specialize in security, adding a security solution to the mix can be daunting. You may feel like you need a team of security experts, or to have a deep understanding of the cyberthreat landscape, in order to fight back. But that’s really not the case. To help you avoid being overwhelmed, we created a quick guide of things for MSPs to consider when adding security offerings to your portfolio.
Understanding the Malware Landscape
When it comes to protecting your customers, it’s important to understand the threat landscape at a basic level. Often the most common failsafes that are put into place are antivirus and firewalls. These are a good start, but you must realize these are often not enough to stop malware, one of the most pervasive cyberthreats. Why? There are many strains of malware that can evade them. For example, malware that is delivered via email (very common) can easily slip right past firewalls. Cybercriminals have also designed other malware that can “shape-shift” to sneak around antivirus software. Malware delivered within encrypted messages is also a common way to evade perimeter devices as well.
How MSPs Should Select Managed Security Services to Offer
The key thing to understand here is that there’s no need for you to build any sort of security offering from the ground up. It’s too time- and resource-intensive, plus there are tons of them on the market today, and they already address a wide range of security challenges your customers may be facing. So how can you evaluate the many solutions that are out there on the market? Here are 5 tips:
1. Go for Comprehensive (Not Close Enough)
Like we mentioned, there are many security solutions on the market, and you’ll need to select a few to make sure that you can offer comprehensive protection to your customers. In doing your due diligence, ask questions about what types of malware and other cyberattacks can get past the services you are considering. For example, phishing attacks have no problem sneaking past a firewall, so you’ll need something like Strongarm that can catch the malicious malware even after it has gotten into your customers’ systems.
2. Remember: It Doesn’t Have to Be Expensive to Be Good
Not every business can afford high-pricetag solutions. But that doesn’t mean that they shouldn’t get powerful security defenses. At Strongarm, we set out to build a malware protection solution that is enterprise-grade but with an SMB pricetag. As an MSP, that means you can offer it to your customers in a way that maximizes your bottom line without being a burden to customers.
3. Don’t Fall for Block & Drop Solutions
A lot of cybersecurity products on the market look to block threats. That’s a noble goal, but it’s often not realistic. In the case of malware, we see a lot of “block and drop” solutions that may be able to stop one aspect of an attack, but then “drop” the connection and make it impossible to gather intel on what the full attack looked like… making it easier for the bad guys to come back through another door or skirt around the attempted protections. Worse, losing the intel makes it more expensive and time-consuming to triage infections and do incident response and remediation. Instead, look for products that help give context to attacks and speed up incident response. Because customers will see far more value from these types of solutions, you can reasonably expect to charge more.
4. Remember: Noisy Doesn’t Mean Effective
Some cyber protection products will generate tons of alerts. At first, this might feel comforting: look at all the potential threats they’re catching! But after a while it will become clear that most of these alerts are false positives, which won’t do you any good and will lead to burnout and missed signals. Instead, look for solutions that only notify you when there is a real problem (and that can help you take immediate action to resolve the problem). That way you won’t have a boy who cried wolf situation on your hands. Even better, look for products that use automation to reduce busywork for you and save valuable time. This will save you money, and you can pass those savings on to your customers.
5. Leverage the Cloud
Customers don’t want more agents or appliances. Not only are they expensive, but they’re also hard to manage and maintain. Instead, be on the lookout for solutions that are cloud-based and that can scale as you and your customers grow.
The Managed Security Services Responsibility for MSPs: How Far Does it Go?
MSPs should seek to offer a security solution to businesses who do not have the ability to do so on their own. Small businesses in particular often turn to their MSPs for just about everything from a technological standpoint, so not offering security services can put you at a disadvantage compared to your competitors. Be a one-stop shop, and you will add value and cement your status as a go-to provider for the company.
Want to learn more about how Strongarm can help you offer managed security services to your customers, while simultaneously benefiting your bottom line?