Best Practices for MSPs Offering Security Services

Yellow question mark on a background of black signs, FAQ Concept. 3D Rendering

During our recent webinar “Ask Netsurion Anything,” our panel of experts addressed questions on topics ranging from meeting customer needs to business best practices. Here are the key takeaways from that session and guidance for MSPs offering security services to their customers.

Is partnering an effective way to add security services to my offering stack?

Marco Albano, vice president of Channel Sales, Netsurion

MSPs are looking toward partnerships when they don’t have the bandwidth or the expertise in-house to offer security services. Partnering with an established security services vendor is key for delivering best-of-breed services. For example, you could build your own SOC, but our research shows that it costs anywhere from $1.5 to $5 million. Alternatively, you can partner with someone already in that business and bundle it into your services stack. Partnering is definitely something we are seeing more and more of.

How do I properly align our clients’ security expectations with what we are providing?

Start with an understanding of your client’s level of risk tolerance and the level of protection they want. A gap analysis will reveal their full threat landscape and the risks they are looking at. It’s up to the MSP to determine what’s required to meet that client’s security expectations. That may be a SIEM and a SOC with Managed Detection and Response (MDR). It may be that the client needs to invest in Endpoint Detection and Response (EDR). Or the client may need a full-stack solution.

Then you can set expectations by being clear about the solution that you can offer and how it addresses their risks. Be explicit about what is included, what reports will be issued when, how alerts happen, and who is responsible for what when responding to those alerts.

What’s the best approach to getting customers to adopt advanced threat detection and response or any other more advanced offering?

One approach that we’ve seen work well is to version your security services offerings — V1, V2, V3, and so on. This allows you to bring additional services to your offering stack in phases and communicate with your customers about the new features and the benefits they convey.

When it comes time for renewals, customers are primed to move to the new version to get the new capabilities. In this approach, you also specify a window of time before retiring earlier versions to give customers a chance to plan for the transition.

If a prospect insists on retaining a legacy anti-virus product because the license is still valid, should we insist on an upgrade to modern EDR before we accept them as a customer?

The short answer is yes. The customer is looking to you for your expertise. They have anti-virus, but they need improved, next-generation protection. This is an opportunity to show your value by explaining the risks of relying solely on anti-virus for protection.

Remember that when you’re looking at a prospect, you’ll be adopting their challenges. You don’t want to put yourself or your other clients at risk. Sometimes we all need to be willing to walk away from an opportunity that is not a good fit for business or risk reasons.

When it comes to regulatory compliance, who is responsible for the data – the business owner, the MSP, or the security services vendor?

The owner of the data, unequivocally, holds the ultimate responsibility. The MSP and the vendor are responsible to their respective customers to protect the data as best as possible and to identify events that indicate an intrusion into their network. But the customer is ultimately responsible for the security of their data.

Will 24x7 monitoring of security events reduce my client’s cyber insurance premiums?

That depends on the insurance company, but it’s definitely possible that 24x7 monitoring will help reduce rates. There are some cyber insurance companies that won’t cover companies that don’t have the protection that managed detection and response offer.

How can I show a business owner the ROI from 24x7 security monitoring?

Make sure you work with a security services partner that provides detailed reports that you can share with your client to address this. For example, our weekly or monthly reports show all the priority one events we’ve seen during the reporting period, whether or not they turned out to be true positives. This demonstrates that there’s a lot of work being done by the 24/7 SOC so your customer doesn’t have to do it themselves or invest in the expertise it takes.

The customer is paying for a level of protection that will be there when that event is a positive, and they get a phone call alerting them to take action to protect their data.

How much protection do small and medium-sized businesses need? Are ransomware attackers going after small and medium-sized businesses as opposed to large ones?

Size does not matter. If your customer brings in a profit that can be stolen, they are subject to attack. No one is too small — as we say, “security by obscurity” no longer exists. Rather, it’s a question of how easy a company is to infiltrate. Ransomware attackers are targeting more businesses than before, including small and medium-sized operations. They are specializing on industries that are lagging behind in security. These industries as well as small businesses lack security maturity in general and thus are easy targets for ransomware and all kinds of attacks.


The need for security, and the consequences of going without it, are gaining visibility across businesses of all sizes, including the small and medium-sized businesses that are the sweet spot for MSPs, and more companies are looking to outsource security. Partnering with a security services provider like Netsurion to offer these services creates a new revenue stream for you without the time and cost it would take to build and run an in-house solution. Given the growing opportunity in this area, it is an exciting time to be an MSP.

Learn more about Netsurion’s Managed Open XDR solution and Partner Program to enhance your risk posture and simplify threat detection and incident response.

Author Marco Albano is vice president of Channel Sales for Netsurion. Read more Netsurion guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.