The good news is that more and more companies are seeing managed security services as a solution to their security challenges. The bad news is that the managed services market is getting very competitive as a result.
The other good news is that there are probably untapped revenue streams that MSSPs could explore in 2023. Security orchestration, automation, and response (SOAR) can help you unlock these new services for your clients that can increase your revenue in the coming year.
1. Vulnerability Management
Keeping track of vulnerabilities and ensuring they are promptly remediated is time-consuming, manual, and easy-to-overlook task. That’s why it’s a great service for MSSP’s to add, and SOAR makes it easy to do. By integrating your SOAR tool with a vulnerability scanner like Tenable or Qualys, you can use a playbook to run automated vulnerability scans on a set schedule, or ad hoc based on ingested intelligence.
The SOAR tool can then parse the results of the scan and send automated notifications to the responsible parties, whether they’re on your team or the client’s.
Taking on vulnerability management frees up a ton of time for your clients, while requiring minimal manual work from your team. It should be on the mind of any MSSP looking to expand their services in 2023.
2. Identity Management
For large companies, onboarding and offboarding employees can be a time-consuming task, and when not done properly, can put their reputation and information security at risk. By integrating SOAR with tools like Active Directory, Okta, and CyberArk, MSSPs can automate user management for their clients.
Whether the trigger comes in via an emailed list of new employees, a Jira ticket, or a command from an integrated tool, an automated onboarding playbook can orchestrate adding a new user and auto-populating their fields in the identity management system. If the request came from a ticketing system, the playbook can then update the ticket and notify the relevant employees.
Deactivating a user follows a similar process, ensuring that access to sensitive systems is immediately revoked. While user management is technically an IT task, it is inseparable from a company’s security. We expect it will become much more common as a managed, automated service in the coming year.
3. MITRE ATT&CK Reporting and Gap Analysis
Companies want to incorporate MITRE ATT&CK into their security, they just don’t have the expertise or resources to do it themselves. We tested this theory a couple of years ago, in our “SOAR in the Real World” survey, and we found that around 75% of respondents saw value in using ATT&CK to assess threats, but only 25% were doing so. This gap can be filled by MSSPs who offer ATT&CK-based services like TTP trend reporting and gap analysis.
By using a SOAR tool that can map your clients’ security events to the ATT&CK Matrix, you can create reports around the frequency of specific attacker techniques in their environments, make strategic recommendations based on the attack patterns of known ATP groups, and identify the root cause of serious incidents.
Because of ATT&CK’s kill chain structure, you can report to your clients regarding what stage most attacks are reaching. This can reveal where their security is effective, as well as where it needs additional attention.
4. End-to-End Incident Response
One of the reasons the managed security services market is becoming more competitive is the incursion of MDR providers. Their services are generally built around a proprietary EDR or XDR tool that enables them to provide some level of detection and response services. However, leveraging SOAR integrations, MSSPs can offer stronger end-to-end detection and response without developing their own tools.
SOAR playbooks can orchestrate investigation and remediation playbooks via hundreds of integrations, so your clients can keep using the tools they like, instead of switching to a proprietary suite made by their MDR vendor. MSSPs can use a multitenant SOAR tool to create master playbooks, rules, and commands, which they can then deploy at scale across their client base with simple customization where necessary.
The critical capability that enables MSSPs to add response services without massively increasing headcount is effectively filtering down alerts to eliminate false positives, duplicates, and noise. If your SOAR tool can automatically filter the alerts your clients’ tools generate so that your team is only dealing with genuine incidents, you can provide significant value without overwhelming your analysts.
Unlock Revenue Streams with SOAR
D3 Security supports MSSPs in every corner of the globe and enables high-value services with our next-generation SOAR platform. D3 Security’s SOAR platform supports full multi-tenancy, so you can keep client sites, data, and playbooks completely segregated. Importantly, we’re vendor-neutral, so no matter what tools your clients use, our 500+ integrations will meet their needs. Our new offering for MSSPs, D3 Chronos, is a streamlined SOAR package that is designed to start paying for itself within two weeks while increasing your capacity 10x through automation.