SOAR Offerings Need to Adapt to the MSSP Business Model -

Across the world and in every vertical, companies are turning to MSSP and MDR providers for help. MSSP leaders have an incredible opportunity to grow their companies. But facilitating growth isn’t easy. New customer onboarding, technology integrations, SOC processes, and deployment issues slow MSSPs down.

The challenge for MSSPs is that their business relies heavily on security vendors—and these vendors aren’t focused enough on the needs of their MSSP customers, especially mid-sized or smaller players. Vendors are focused on developing features and support for enterprise clients.

But there is good news. Great news, if you’re an MSSP. Vendors, like us at D3 Security, have tailored our SOAR offering to fit the needs of MSSPs. This includes product capabilities—like full multi-tenancy and codeless automation in our NextGen SOAR Platform—as well as things like pricing and guaranteed business outcomes, made with MSSPs in mind.

MSSPs Need Monthly Payments

If you're like most MSSPs, you receive payments on a monthly basis from your clients. Yet, SOAR vendors usually require a large up-front payment and lengthy contract. Such contracts impose an economic burden on MSSPs who prefer to make smaller, manageable payments throughout the service tenure. Further, a significant up-front cost for MSSPs leads to a longer waiting period before they see any ROI, which can discourage them from investing in SOAR.

There’s no question that when it comes to pricing, many SOAR vendors have far from a precise science.
Some follow usage-based pricing models, which end up penalizing MSSPs for fully utilizing SOAR’s automation capabilities. Just like that, your new superpowers turn into a complicated mess. Unpredictable bills add another layer of chaos to your budget planning.

Another pricing model for SOAR is a variable-cost approach, where the vendor prices the solution on the number of tenants or the size of your operations. This model can be intimidating for MSSPs expecting to onboard new clients without scaling up technology spending. The headache from all that math might drive you over the edge.

Next Generation SOAR helps you avoid the risk of major capital expenditures with a flexible payment schedule that fits your revenue cycle and budget. MSSPs can pay monthly, or on a custom schedule that suits your business. Furthermore, it doesn’t vary its pricing based on usage. Put simply, we’ve evolved our pricing model, just like our technology.

MSSPs Need Fast and Easy SOAR Deployment

Most SOAR vendors have not built out their platforms in a way that makes them easy for MSSPs to deploy and use effectively. They often require extensive customization by your development team, which can take time away from other projects and add costs to the deployment process. For MSSPs that don’t have in-house development resources, hiring an external resource to set up and configure integrations can be another unwelcome expenditure and further lengthen the implementation cycle. In a competitive market, this can be a death sentence for an MSSP.

MSSPs can quickly see a return on investment (ROI) with Next Generation SOAR by automating key processes such as triage, alert enrichment, correlation, and analysis. By focusing on these quick wins, MSSPs can maximize billable time and increase capacity 10-fold without adding new personnel.

Next Generation SOAR allows MSSPs to easily tie together cloud, on-premise, or hybrid environments so that data only needs to be sent to one place for analysis. Not only is this more efficient, but it also speeds up onboarding for clients who want to take advantage of a wide range of cybersecurity services. MSSP can leverage hundreds of integrations to quickly ingest data from their client's tools, speeding up onboarding to enable the offering of a wide range of cybersecurity services faster.

Next-Generation SOAR’s playbook library perfectly complements these integrations, helping speed up day-to-day security operations. These playbooks are independent of the underlying tech stack and give you flexibility and scalability when it comes to onboarding new clients.MSSPs Need to Scale Up MDR Services

MSSPs need to offer their customers new, premium services in order to stay competitive. Next-Generation SOAR can help them do just that. Notable ones include:

MITRE ATT&CK TTP Monitoring: Adversarial behavior is constantly changing and evolving. To stay ahead of the curve, you need to operationalize the world’s most comprehensive threat intelligence framework. Connect the dots, spot anomalies, and uncover APT attack campaigns.

Threat Hunting Based on IOCs Found in Incidents: Support analysts and threat hunting teams with playbooks for incident remediation, proactive threat hunting, and vulnerability management. Save time by automating the most time-consuming aspects of each activity.

Full-lifecycle Incident Response: Security teams are always looking for ways to improve their investigation methods. Next-Generation SOAR’s case management provides robust features to improve collaboration among security teams. Additionally, fully configurable forms generate time-stamped records that can be used as evidence in legal proceedings.

10X Your Capacity in 2 Weeks with D3 Chronos

Chronos is our new platform for MSSPs. It comes with all the features businesses love about D3’s SOAR platform, such as full multi-tenancy to keep your client sites, data, and playbooks segregated. Event Pipeline, our global playbook can reduce SOC alert volume by 90% or more. Businesses can have Chronos up and running within weeks —and start showing fast ROI at every tier. As an independent SOAR platform, we connect with over 500 leading vendors in SIEM, EDR, firewall, threat intelligence, ITSM tools. No matter what tools your clients use, we’ve got you covered.

Blog courtesy of D3 Security. Read more D3 Security guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.