Mergers and Acquisitions, MDR, XDR, MSSP, Managed Security Services

Cybersecurity M&A and Platforms vs. Tools: What it Means for MSSPs

(Adobe Stock)

Cybersecurity vendors and investors seem to have ramped up M&A activity recently, leading to a few important questions for MSSPs.

  • If these deals result in a consolidation of tools into platforms, is that disruptive for MSSPs? Will these vendors be going direct to customers?
  • Where is this market going and what might it look like in a few years?
  • What are the opportunities for MSSPs?

Before we get into answering these questions, here’s some quick background. M&A activity in the cybersecurity market is heating up recently with several recent deals. Since the end of April we’ve tracked four significant deals:

What Security Deals and Platform Consolidation Mean for MSSPs

So what does it mean?

First, there’s no secret that enterprises and MSPs have been complaining about tool sprawl for cybersecurity and IT tools both. There are any number of vendors providing such point tools, including those for email security, email security training, vulnerability management, endpoint security management, cloud security, SaaS security, compliance, and the list goes on.

There are also many choices when it comes to advanced security tools such as MDR (managed detection and response) and XDR (eXtended detection and response). Some MSPs work with multiple vendors for this type of advanced security in order to assure better protection for their end customers.

Will vendors creating more complete platforms to consolidate tools disrupt MSSPs? Aren't they essentially doing the same thing that MSSPs do — creating a tech stack to take to market for end customers? Canalys principal analyst Robin Ody believes it could disrupt a limited part of the market.

“The MSSPs that are really disrupted by the shift to vendor platforms are a few very specific telcos and legacy MSSPs that are still very much relevant, but yes these vendor platforms are a threat,” he said.

That said, the threat is nothing new. End customers are already pushing these MSSPs to embrace the customer’s existing stack of vendor solutions.

Ody said the differentiation for MSSPs “has always been in their knowledge of the technology, the threats, better response and remediation, and vertical and compliance capabilities… someone with 15 years of experience in threat hunting or a PhD in cybersecurity is still just as valuable, whatever tech they are using.”

How Platforms Benefit Most MSSPs

For the larger MSSP market, the rise of platforms may help rather than hurt them. Service providers no longer need to choose between going with a single vendor or a bunch of best-in-class solutions that they then have to integrate to get to work together.

On the MSP side, tools platform vendors such as ConnectWise and N-able have embraced the idea of providing a platform that other third-party tools vendors can plug into. This lets MSPs get a single platform, but allows them choose individual tools that they believe best fit the needs of their businesses and their customers’ businesses.

The same is true for some cybersecurity vendors. For instance, Stellar Cyber pitches itself as an Open XDR provider. What does “open” mean in this case? It means that Stellar Cyber is serving as a platform that works with other tools. By enabling the integration through the Stellar Cyber platform, the vendor does the integration work and the MSP or MSSP doesn’t need to do it. But they still get the benefits of it.

“Customers asked for a consolidated security stack to save time and money early in our history,” Stellar Cyber founder and CTO Aimei Wei told ChannelE2E. “Analysts looking across disparate tools and screens add latency to outcomes. This human latency is what downgrades the quality and speed of outcomes.”

By creating a platform that other vendors can plug into, Stellar Cyber streamlines that process for MSSPs.

“MSSPs tell us that unified systems not only streamline operations and reduce costs but also enhance the overall effectiveness of their threat detection and response capabilities. By tightly coupling key tools, SecOps teams can see both the forest and the trees — gaining deep insights form tools like EDRs while maintaining a comprehensive view across all tools and data feeds… this is why we built our AI-driven Open XDR platform with a single license.”

The Growth Market Ahead for MSSPs

How do we make sense of an acceleration of big M&A deals in cybersecurity on one hand but then on the other hand the rise of ecosystems and platforms? Is the industry contracting or growing? Canalys Chief Analyst Jay McBain says that the industry is growing.

“There are 6,500 vendors that will probably grow to 10,000 by 2030,” he told ChannelE2E.

“For example, the marketing platforms like Eloqua, Marketo and Hubspot didn’t reduce innovation, they grew it. There are 14,106  MarTech ISVs now in that space and growing by 1,000 per year.”

That’s the kind of growth available now to MSPs and MSSPs because of this new ecosystem evolution.

“What a platform really does is benefit a partner and customer with a rich set of horizontal functionality that can then be augmented by other companies to complete the seven-layer tech stack. Companies like Microsoft, Cisco, Palo Alto and CrowdStrike can be trusted to vet the other players and lead to more demand for niche tools,” he said. “The ecosystems of the top IaaS and SaaS players continue to grow at a phenomenal pace and the same will happen in security benefitting all participants in the network.”

Jessica C. Davis

Jessica C. Davis is editorial director of CyberRisk Alliance’s channel brands, MSSP Alert, MSSP Alert Live, and ChannelE2E. She has spent a career as a journalist and editor covering the intersection of business and technology including chips, software, the cloud, AI, and cybersecurity. She previously served as editor in chief of Channel Insider and later of MSP Mentor where she was one of the original editors running the MSP 501.