Day 1, Empower MSP Scottsdale, breakout session 2c—Aris Demosthenous, Training Content Manager at SolarWinds MSP. Empower MSP Scottsdale took place at JW Marriott Camelback Inn Resort & Spa, on September 18th and 19th 2018.
“SolarWinds purchased a Security Information Event and Management (SIEM) tool a few months ago,” started Aris. “Today, I want to uncover our thought process and how we see it fitting in with your service offerings in the short and long term.”
Aris went on to explain that the industry has shifted and MSP’s customers are expecting them to protect their network and data. “You have done a great job protecting the environment proactively but threats are still getting through undetected,” he said. “Setting up a security operations center (SOC) to detect those threats is expensive and staffing it is even more difficult. You need to be able to provide those services to your customers or risk losing them to someone who can. SolarWinds® Threat Monitoring Service Program gives you the ability to start generating a new source of recurring revenue from SOC services without the expense of the SOC.”
When looking at the customer base, and the space as a whole, Aris explained that more and more MSPs are pushing towards higher level security services as the industry has evolved. “It has become clear, that the existing protection services being delivered by MSPs, which once were a well-rounded offering have been reduced to the necessary minimum in today’s market,” he said.
More and more of the top MSPs have started to deliver MSSP services as well in order to provide their customers with the additional level of security services the market is now demanding. “As a way to quickly help meet that need for our customers, SolarWinds acquired Trusted Metrics and we are now ready to launch our new product—SolarWinds Threat Monitor™,” continued Aris.
Aris explained how there are new security service providers, new services, and new technologies focused on delivering security. The top MSPs have started providing these services, and MSSPs are filling the gap between what MSPs do for their customers and what their customers are expecting. This is all due to the fact that attack vectors are getting more and more frequent and more and more clever at the same time.
“Traditionally, MSPs protect the environment using proactive and preventative measures,” said Aris. “But the cold hard fact is that prevention isn’t enough any more. Patching, antivirus, backups… all of these are no longer just preventative security measures. Today they are the necessary minimum.”
Aris went on to explain that this has created a gap in our space… one that MSSPs have filled with their detection capabilities. “They leverage software like ours and their expertise to hunt these types of threats down and inform you about them,” he said. “But that’s it… MSSPs are not interested in doing remediation services. They traditionally support internal IT departments at the enterprise level. At the SMB level, you are the IT department, so you are who they want to work with.”
This can be a difficult conversation, but as Aris went on to outline MSPs need to explain that the market has changed and you should be responsible with your accounts and add additional services, otherwise it is far more likely that a costly breach will happen to them. You are simply being a responsible professional.
“NIST has published an updated version of their Cybersecurity Framework recently, but what hasn’t changed is the five components included in the framework,” explained Aris. “When you look at the NIST framework, our MSPs have typically only engaged three of the categories—we have always been good at assessing the environment, at protecting the environment, and recovering the environment. But with this new software and engagement, we can safely deliver the other two categories and begin detecting and responding to threats before we remediate the issue.”
Aris then set out the choice this leaves MSPs with:
1/ Do nothing and maintain the current service offering, and there is nothing wrong with that as long as you understand that this will mean you share the customer with another service provider that provides the detect services.
2/ Choose to build and staff your own SOC to provide these services in-house. This can be a difficult endeavour as there is a shortage of staff to hire, and in many cases, you may not have the knowledge required to manage that staff yourself.
3/ You can leverage an existing SolarWindsThreat Monitoring Service Provider(TMSP) to provide the services for you and maintain your customer relationship but still offer the service to your base.
“The MSP typically has a one-to-many relationship with the customer. When leveraging a TMSP, they get inserted between the MSP and the customer as it relates only to collecting log and other security information through the Threat Monitor tool,” he explained. “There will be a division of labor to deploy the software, where the MSP is responsible for some of the deployment and the TMSP is responsible for the rest. The information is then passed back to the TMSP through the tool and they work to filter down the millions of logs they receive, remove any false positives if necessary, and eventually identify issues worthy of an alert. They then pass the actionable alerts back to the MSP and the MSP provides the remediation service to their clients.” In this model, he continued to explain, the TMSP works as a silent partner and provides the SOC services on behalf of the MSP but does not interact with the customer directly.
“We’re very excited about this opportunity for our customer base,” said Aris. “Adding a new recurring revenue stream is obviously a great thing for our MSPs. Offering this program also helps to elevate your position in the market as you are providing higher end security services than most of your competition, without needing to invest and staff a SOC of their own. That removes the barrier to entry into this space and helps to put you on an even playing field with other MSSPs that might be in your backyard.”
Aris concluded that MSPs should be adding these types of services to their portfolio in order to stay relevant. “Leveraging a SolarWinds TMSP to deliver the service is a low-cost and high-quality way of delivering the service to your customers before someone else does,” he added. “We have productized the offering to help streamline service delivery but we see this program as the bare minimum that you need to get in front of your customers and when you position it to them, that is how you should be speaking. But if you need more, you have a partnership with a company that is setup to deliver it for and with you.”
The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates. All other trademarks are the property of their respective owners.