SOC, Content, Small business

Do Small Business MSPs Require Security Operations Centers (SOCs)?


Throughout this week's Continuum Navigate 2018 conference in Boston, CEO Michael George and his lieutenants emphasized an urgent need for MSPs to take action and scale the next mountain -- namely, MSPs need to embrace managed security services.

Continuum Navigate 2018: MSSP Alert Editor Joe Panettieri, Continuum CEO Michael George, Webroot CEO Mike Potts & Thoma Bravo Senior Operating Partner  David Murphy.

On the one hand, the message isn't all that shocking. Continuum and its core rivals see security as the key requirement for MSPs serving small business customers going forward. But on the other hand, Continuum is taking a unique approach in its efforts to assist MSPs with managed security services.

Indeed, Continuum has essentially built its own SOC (Security Operations Center) services -- working closely with such companies as Sentinel One, EventTracker and Webroot. The company now employs roughly 70 SOC engineers -- which allows Continuum to offer 24x7 security services to MSPs worldwide, George says.

Help Desk Plus NOC Plus SOC?

The twist? The SOC is part of a bigger strategy -- a "connective tissue" effort that will connect the SOC with Continuum's other core services (help desk and network operations center) and related technologies (remote monitoring and management, and backup and disaster recovery), according to VP Product Fielder Hiss.

Fielder Hiss
Continuum CEO Michael George

Continuum believes most MSPs can't afford to build SOC services on their own. Quick math suggests such a journey requires an MSP to:

  • hire, train and retain at least a dozen security experts (annual talent budget: $1.2 million or more)
  • select, deploy and master a range of related security tools like SIEM (annual budget: perhaps $1 million or more).

Instead of coughing up all that cash for hard-to-find talent and complex tools, MSPs should simply plug into Continuum's SOC for threat prevention, detection, remediation and more, George asserts.

The business model sounds promising. But we'll be watching to see if the financial math ultimately works for both Continuum and the MSPs that embrace and attempt to monetize the SOC services.  We'll also be watching to see how Continuum builds that "connective tissue" between its SOC capabilities and, for instance, the company's RMM platform. During a Navigate keynote today, Hiss hinted that more and more of the SOC intelligence will surface in the RMM platform -- spotting and eliminating threats before they can harm customer systems.

MSP Business Models and Profit Margins

Again, the Continuum SOC strategy sounds promising. But many MSPs need to get their own houses in order before leaping into security services.

Webroot CEO Mike Potts reminded Navigate attendees to focus first on their business models, operations and associated profit margins. Best-in-class MSPs typically generate 20 percent or higher profit margins, though the vast majority of the MSP market tracks closer to about 9 percent margins, and the bottom quartile are barely profitable and/or losing money, according to Service Leadership Inc.

Thoma Bravo’s David Murphy
Webroot CEO Mike Potts

In some ways, those figures are concerning to MSSP Alert. After all, we're in a booming economy. MSPs with single-digit profit margins could face a serious reality check when an economic correction -- or worse -- comes along.

In addition to optimizing their businesses for higher profit margins, MSPs must master good hygiene -- patch management, endpoint security, data protection, etc. -- before embarking on more ambitious security efforts.

At the Continuum conference, Thoma Bravo Senior Operating Partner David Murphy reminded MSPs that you can't "dabble" in security. His opinion is backed by strong experience across the security market. Murphy currently holds boardroom seats at Continuum, Barracuda Networks and LogRhythm. Earlier, he was president of Blue Coat, which Symantec acquired for $4.6 billion in 2016.

Once you get your profit margins and basic hygiene in good working order, it might be time to get serious about a SOC strategy. And in that case, George is telling MSPs that the smart path forward involves partnering with Continuum rather than building such a service on your own.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.