Cybersecurity best practices and DDoS defence strategies
As COVID-19 has opened the door for perpetrators to leverage the fears of people to serve their malicious ambitions, the rising security demands of organizations has driven many MSPs (Managed Service Providers) to seriously consider becoming MSSPs (Managed Security Service Providers). In addition, with profit margins declining from commoditized offerings, the need to provide higher-margin and value services is also a deciding factor in transitioning from MSP to MSSP.
According to ‘IDC’s Service Provider Pulse: 2Q20’, 16% of a service providers’ total revenue came from managed services, and from that, managed security services accounted for the highest percentage of revenue at 10%. With managed networks, app optimization and performance management growing year over year, it’s becoming more transparent for MSPs that developing broader areas such as security can aid their customers with their business.
But how do MSPs go about this? And is it beneficial for MSPs to become the next MSSP? To a large extent it depends on what end goal you have in mind and how much you are willing to invest. Prior to moving to a full MSSP model, there are several things to consider as transforming from MSP to MSSP is not as straightforward as adding an extra letter.
MSPs face the same challenges as any other business when it comes to security: complex solutions to manage, a shortage of talent, and increasingly sophisticated attacks. But the risk of not addressing security is considerably higher for MSPs, because the future of their business depends on it.
Everything an MSSP does is focused on a ‘security first’ approach and they often focus on integrations between their security offerings to help automate their processes, while an MSP typically focuses on commoditized services such as managing email security, firewalls and intrusion prevention systems, rather than on security needs such as a MSSP. MSSPs must also consider liability issues as regulatory and compliance requirements have to be adhered to, including data sovereignty, privacy and sensitive data protection.
Cost of technology
When deciding on the technology you want to offer, upfront investment for the necessary appliances, software licenses, as well as providing unlimited cloud-based DDoS protection for large attacks need to be taken into account.
Cost of maintenance
Maintenance agreements for appliances should also be factored into the overall costs.
Cost of operations
There is a growing requirement for 24x7x365 response and support when it comes to security, therefore an MSSP must set up an Security Operations Centre (SOC) that can provide 24x7x365 capabilities. Apart from providing specialist support for both internal and external customers, an SOC should also be equipped with a complete set of technologies that cover:
● Comprehensive suite of mitigation tools to handle DDoS attacks
● Broad-based visibility and threat detection capabilities (e.g. a portal complete with visibility and analytics capabilities, allowing customers to view service status, DDoS attack information and more)
● Networks (e.g. network-based intrusion detection, network traffic flow analysis)
● Management and Operations (e.g. a SIEM tool, incident response management solutions)
● Endpoints (e.g. endpoint detection and response)
Cost of Go-to-Market
MSPs will also have to consider building their own pool of talent. Apart from hiring skilled cybersecurity staff, whose salaries will be higher than those of other employees, the team will also require complete productization and go-to-market support, including sales enablement training, to help them sell, manage and support their products and services.
Whether you’re looking for 24x7x365 complete managed security or an on-call expert advisor, we offer a range of managed DDoS services designed to protect your organization, detect threats and react to cyber incidents on your behalf.
From a cost and risk perspective, it makes absolute sense for MSPs to join forces with established MSSPs such as Nexusguard, who not only operate a round-the-clock SOC staffed with multilingual security experts, but also has extensive experience in productizing a service and generating return of investment on technology through its Transformational Alliance Partner (TAP) program.
Furthermore, we have proven that within 90 days, it is possible for MSPs to transform into MSSPs, offering a suite of managed cybersecurity services to their customers.
For more information on becoming a partner of the TAP100 program, visit https://www.nexusguard.com/tap100
We will get back to you shortly.
Prior to switching to a full MSSP model, there are several things to consider as transforming from MSP to MSSP is not as straightforward as adding an extra letter.