Creating a Path to Security Service Profitability with Fortinet’s SOC Lifecycle Strategy

As networks grow in complexity, and cyber threats become more sophisticated, many customers are turning to MSSPs to help them manage their cybersecurity. For Service Providers looking to expand their business opportunities, transitioning to an MSSP presents an opportunity to further support customer digital transformation initiatives.

Stephan Tallent, Senior Director MSSP & Service Enablement, Fortinet.
Author: Stephan Tallent, senior director, MSSP & Service Enablement, Fortinet.

A vital component of this transition is setting up a comprehensive Security Operations Center (SOC) that enables Service Providers to offer specialized security services and incident response to customers. However, Service Providers need to understand that running a SOC is a resource-intensive task that requires partners to provide security services on a 24/7 basis. On top of a substantial initial investment, SOCs typically cost upwards of $1 million a year to operate, presenting a barrier to entry for most Service Providers. Additionally, partners do not always have access to the expertise needed to operate a combination of SOC technologies, such as SIEM, ITSM, and centralized management tools.

Addressing these and similar challenges are why Fortinet created the SOC Lifecycle Strategy. The SOC Lifecycle assists partners in their journey to becoming visionary MSSPs by providing them with the resources they need to establish their SOC and offer scalable and profitable customer-focused services. Depending on their size and maturity level, partners can enter the SOC lifecycle at different phases to ensure they receive the necessary programs, support and training based on their capabilities and service expansion goals. The goal is to eliminate barriers to entry, ensuring partners can accelerate their business offerings regardless of their current scope of operations without exceeding their internal capabilities.

The Phases of the SOC Lifecycle

The SOC Lifecycle consists of four phases that partners can follow to evolve their practice into a mature and profitable MSSP:

MSS 1.0 - Aspiring MSSP

In order to be competitive in the MSSP space, partners must be able to offer security-as-a-service (SECaaS) for customers to consume on a monthly subscription basis. Phase one of the SOC Lifecycle helps partners establish the offerings needed to include SECaaS solutions in their service portfolio. With Fortinet offerings, such as FortiCloud Multi-Tenant, and exclusive programs like hardware-as-a-service, Partners can build out OpEx services and manage deployments from a centralized cloud platform. In this first stage, Partners can also begin training their sales teams through the use of on-demand managed security service sales training videos so they can deliver value to customers while driving services revenue.

MSS 2.0 - Outsourced SOC

Once service offerings have been established, the next step is to begin providing Security Information and Event Management (SIEM) and SOC services to customers. Partners often have limited resources at this point in the SOC lifecycle, so they must look to outsource their SOC capabilities. Fortinet streamlines this process with the help of SOC Authorized Partners. These partners provide SIEM and SOC services on behalf of Service Providers so that they can offer SOC functions even without having an established Security Operations Center in place. Having an outsourced SOC program also enables a greater level of refinement and functionality in partner services, helping pave the way for automation and large-scale deployments down the road.

MSS 3.0 - Mature MSSP

At this point in the SOC Lifecycle, partners have become mature MSSPs that provide a variety of security services across multiple customer networks bringing SOC functions in-house. The focus will now shift to increasing the service portfolio and improving endpoint protection and response capabilities to drive more service revenue. Due to the scale of customer deployments, automation will have become a necessity as well. Here our engineering team helps build out your Managed Detection and Response offering and assists with its integration into your back office with pre-defined labs, fast track training and the FortiToolKit. Fortinet’s FortiToolKit provides partners with API tools that can be used to automate mundane functions, thereby increasing efficiency and reducing costs.

SIEM becomes increasingly essential in this phase as customer attack surfaces expand with the addition of IoT devices and cloud workloads. Partners can rely on FortiSIEM to ensure they maintain visibility as their customers scale their deployments. During this phase, partners also begin to grow their internal SOC capabilities with training offered through the Network Security Academy. And to assist with SOC team recruitment, partners can draw on talent from Fortinet’s FortiVet Program, which provides advanced cybersecurity skills training to help veterans transition from military service into the cybersecurity field.

MSS 4.0 - Visionary MSSP

With an established SOC and DevOps team in place, partners are evolving into visionary MSSPs that deliver business outcomes to customers. In this phase, MSSP partners are engaged in threat lifecycle management and responsible for the defending of IoT devices and cloud workloads against threat actors operating at machine speeds. To address the challenges that come with protecting networks against sophisticated cyberattacks, partners at this phase are leveraging the security automation, orchestration, and response (SOAR) capabilities of FortiSOAR. Through the use of playbooks and network baselining, FortiSOAR enables rapid threat response, mitigation and case management. At this stage, our engineering team helps partners incorporate SOAR, Incident Response and DevSecOps into their service delivery. MSSP partners also have access to the Fortinet Developer Network to help them adapt and improve their DevSecOps capabilities.

Final Thoughts

The increase in digital transformation, combined with the growing cybersecurity skills gap, means that organizations will increasingly to rely on MSSPs to manage their cybersecurity. Fortinet’s SOC Lifecycle Strategy prepares partners to take advantage of this opportunity, regardless of their entry point, by significantly lowering the barriers to service profitability through a scalable, four-phase SOC Lifecycle approach. Partners have access to Fortinet’s full catalog of security solutions, allowing them to facilitate SOC operations and deliver comprehensive security services to their customers. With SOC Authorized Partners, Service Providers can offer SOC functionalities without the investment to stand up a SOC. Through programs like SOC Authorized Partners and Hardware-as-a-service, partners can rapidly increase the sophistication of their service offerings, adapting to changing security dynamics, with minimal capital investment.

By joining the Fortinet MSSP Partner program, service oriented partners receive business development assistance so they can align their sales processes and identify new revenue streams. Fortinet MSSP Partners have access to specialized service creation support and MSSP engineers who can offer guidance on strategy and deployments so they can build a profitable security services practice, regardless of their size or maturity level. Now is the time to take that next step toward becoming a visionary MSSP.

By Stephan Tallent, CISSP, senior director MSSP & service enablement, Fortinet. Read more Fortinet blogs here.