Creating an MSP security stack from scratch is a daunting task with so many aspects of security to consider. Here we suggest an approach to make the process more straightforward.
Managed security services are in demand. While it used to be possible for small- and medium-sized enterprises to implement a few cybersecurity solutions such as antivirus software, firewalls, DNS filters, and spam filters and be adequately protected from the majority of cyber threats, cybercriminals are developing more sophisticated tactics, techniques, and procedures to bypass these traditional defenses. More time, money, and resources need to be invested in security to counter the threat, and most SMEs struggle to find the staff and the time to effectively manage security themselves. SMEs are increasingly turning to managed service providers (MSPs) to manage security, and MSPs are responding by offering a range of managed security services to their clients.
There are many advantages for MSPs that come from providing managed security services; however, getting started can be costly and difficult. MSPs often struggle with staff shortages and need to continue to ensure they maintain their core business functions. Adding additional managed services requires new staff and training, and that will initially require investment. For this reason, rather than provide managed security services themselves, many MSPs partner with a managed security services provider (MSSP). That way they can meet the needs of their clients, although they will be missing out on the opportunity to significantly grow their business and reap the financial rewards from providing managed security services.
Many MSPs have realized the profit potential and are starting to create an MSP security stack. One approach is to start by providing a package of core cybersecurity solutions that will help their clients achieve a minimum standard for cybersecurity; however, while this used to be straightforward when the majority of companies operated on-premises infrastructure – and therefore had a perimeter to defend – this approach is now more difficult.
An MSP security stack is required that caters for all clients, whether they have on-premises infrastructure, operate entirely in the cloud, or have a combination of the two. An MSP security stack needs to be developed that covers all the bases and will protect against common attack methods including phishing, malware, ransomware, brute force attacks, DDoS attacks, web-based attacks, and the exploitation of vulnerabilities. A package of cybersecurity solutions and services should therefore be developed to offer to clients to protect against all these threats.
Many MSPs are often laser-focused on protection, but that is only part of the story. A good security posture is not only about implementing solutions to block attacks. If an attacker is able to bypass those defenses, an MSP needs to ensure that the threat is detected and remediated.
When developing an MSP security stack, a good approach to take is to base your services on the core functions of the NIST Cybersecurity Framework: Identify, Protect, Detect, Respond, & Recover. Many MSPs adequately address the Identify and Protect functions, and implement solutions that can detect threats, yet fail to adequately address the last two functions: Respond and Recover. The MSP security stack should cover all five of these functions.
When it comes to cybersecurity, layered defenses are essential. There is no single cybersecurity solution that can detect and block all threats, and within each of the NIST Cybersecurity Framework core functions, multiple solutions and services are likely to be required. Finding the right solutions can be a challenge, especially as many cybersecurity solutions on the market are not ideally suited for MSP use, and some of the most accomplished products that would be of great benefit to clients may prove to be too expensive.
One approach to take is to develop core security services that provide the minimum level of security and develop additional packages that provide more advanced protection. You can try to sell the best package to clients but can drop down a level or two if clients balk at the cost. These packages could involve different cybersecurity solutions and/or different service levels.
For all packages, you should start with the Identify function – you need to know what the critical functions are before you can determine the best way to protect them. A security assessment let you and your clients know exactly where they currently stand and where the security gaps lie.
Solutions you should consider for protection will depend on the environment of your clients and the specific risk and vulnerabilities that need to be addressed. You will need to obtain products and develop security services in the following areas: firewalls, spam filters, DNS filters, endpoint security, identity, and access management, data protection, device management, mobile security, and vulnerability scanning. You should offer detection, response, and recovery services, which should include a robust backup strategy, and disaster recovery and incident response planning.
Finding the right solutions for an MSP software security stack in each of those areas can be a time-consuming process, as there are many vendors and a huge range of products to choose from. Consult business software review sites, MSP resources, forums, and other MSPs for advice on the best solutions to use that balance protection, ease of implementation, ease of use, and cost.
Copyright © 2023 ComplianceHome