← Back to Blog

January 30th, 2023

How MSSPs can consolidate security tools, reduce costs, and increase revenue.

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist
Christopher Luft
How MSSPs can consolidate security tools, reduce costs, and increase revenue

The Managed Security Services Provider (MSSP) market is poised for exponential growth. Researchers estimate that the global managed security services market will generate revenue of approximately $53.2 billion by the end of 2031, a 264% growth rate for 2021 with a 14.2% compound annual growth rate (CAGR). 

Simultaneously, research also found that in 2021, generating project services gross margin was the leading difference between best-in-class (BIC) Managed Service Providers (MSPs) and firms in the bottom 25%. This research also pointed out that BIC MSPs had a higher share of the total revenue coming from managed security when compared to median firms and those in the bottom 25%. Top performers rolled managed security into their overarching offerings, ensuring consistent management of their customers’ environment. 

As the MSP and MSSP market becomes increasingly crowded, firms need to find a way to reduce the cost of goods sold (COGS) while providing unique, differentiated offerings so that they can respond to customers’ needs and demands. 

The Evolving MSP/MSSP Market

Over the last few years, IT and security have become increasingly intertwined, evolving how firms deliver technologies and services. 

The key drivers evolving the MSP/MSSP market are:

  • Rise in cybercrime, especially ransomware

  • Network and system complexity, including expanded attack surface arising from rapid digital transformation

  • Remote work and bring your own device (BYOD) security

  • Cybersecurity talent shortage

While small and mid-sized businesses (SMBs) choose managed services as a lower-cost security solution, large enterprise organizations work with MSPs/MSSPs to augment their internal teams. 

In response to diverse customer needs and use cases, MSPs and MSSPs often struggle to:

  • Provide a broad technology portfolio without increasing customer acquisition costs

  • Gain visibility into customers’ expanded attack surfaces

  • Detect, investigate, contain, and eradicate adversaries with as little business disruption as possible

  • Offer diverse delivery models including outsourced Security Operations Center (SOC), managed Security Incident and Event Management (SIEM), Managed Detection and Response (MDR), and staff augmentation

As the market continues to evolve, MSPs and MSSPs need to rethink their business models so that they can reduce their own costs to optimize their profit margins. 

The Costs of Traditional MSP/MSSP Business Models

The traditional managed services business model focuses on channel partners and aggregated technology solutions. While MSPs build out new security offerings, MSSPs need to provide new offerings that meet their customers’ needs. 

Historically, the managed services business model focused on aggregating vendors who provided security tooling like:

  • Anti-virus software

  • Network devices, like SD-WAN 

  • Endpoint security technologies 

  • SIEM or analytics driven log management 

The MSP/MSSP purchases the technologies from channel partners, then focuses on providing customers the monitoring, detection, and response services. 

Problematically, this means that MSPs and MSSPs suffer from the same challenges that their customers do - on a larger scale. For example, the proliferation of point solutions creates the following challenges:

  • Incompatibility between technologies 

  • Inability to gain holistic view in a single console

  • Securing the integrations between business IT and security tooling

  • Coordinating and normalizing security telemetry across divergent tools

This managed services business model increases a firm's costs both through various subscriptions and the talent needed to integrate everything. 

Rethinking the Managed Services Business Model

To gain a competitive market advantage, MSPs and MSSPs need to rethink their business model. Most MSPs and MSSPs need to decide how to position themselves within a given niche, whether it be a geographic region or industry vertical. To truly distinguish yourself in an increasingly crowded market, you need to understand your customers’ needs and provide them solutions to their problems, not the problems that your vendors think they have. 

Rethinking the managed services business model means looking at it through a different lens. When viewing your offerings through the lens of cloud-native development, you can reduce costs, provide better services, and increase revenue margins. 

Start with core security components, not products

Every security tool responds to a core security component. However, often, you’re confined to the vendor’s analytics or forced into a multi-year subscription. Once you’re locked in, switching out is expensive and can disrupt service to your customers. 

Instead of focusing on what a product can give you, you should focus on the core security component you need. For example, most cybersecurity platforms combine: 

  • Network security, like software-defined wide area networking (SD-WAN)

  • Anti-virus and malware monitoring for endpoints

  • Detection and response rulesets

By focusing on the core security components, MSPs and MSSPs can build out the services that their customers want without relying on what vendors think their customers want. 

Become API-driven

The core of any managed services offering is the ability to run analytics that detect incidents and reduce key metrics like Mean Time To Investigate (MTTI) and Mean Time to Respond (MTTR). Fundamentally, these require you to collect, store, and aggregate vast amounts of data. 

If you start thinking about your managed services as an API-driven product, you can focus on the telemetry you need and build unique offerings that reduce COGS. With an API-driven solution you can:

  • Choose the telemetry you want to ingest

  • Configure your own rules

  • Control where you send your data

With an API-based approach, you can pull telemetry from Office 365 or use an open-source adapter for a less-well-known piece of hardware.  With this technological flexibility, you can develop the services and connections that make the most sense for your customers.  

Leverage cloud scalability

When you start with security’s core components and build out an API-based security hub that gives you the capabilities you need, you can effectively leverage the cloud’s cost savings and scalability. 

With a cloud-based solution, you can store all the data you ingest at a reduced cost. Further, you can completely isolate each customer’s data, reducing concerns about lateral movement or overlapping data. With an API-first cloud-native technology, you can store all this data more cost-effectively and for a longer period of time. 

For example, speed and historical data are critical elements of incident investigation. Storing event data becomes cost prohibitive with most technologies, so you end up archiving it. The retrieval process slows down the investigation. However, by rethinking your business model and focusing on security components, you can implement the same pay-as-you-go cloud storage model for your security data that you use for your business data. 

LimaCharlie for MSPs/MSSPs: Reduce COGS and Increase Revenue

Designed with developers in mind, LimaCharlie provides the flexible tools that MSPs and MSSPs need to build customized products and capabilities. LimaCharlie provides cybersecurity tools and supporting infrastructure, including EDR, data routing at the event level, artifact ingestion, Windows Event Log monitoring, and a wide range of adjacent capabilities. 

Customers have access to these components via an open API, so that they can use them on a self-serve, on-demand basis. With this flexibility, you can collect data but focus your usage only on what you need and only when you need it. 

With LimaCharlie, you can build custom detection and response rulesets that allow you to customize security to your customers’ needs for an evidence-based approach to know exactly what threats you are protected against. With our scalable solution, you can eliminate costs associated with expensive tools and build revenue with differentiated offerings. 

Read the case study to see how Soteria uses LimaCharlie as part of its managed detection and response offerings. 

If you’d like to try using LimaCharlie, get started for free or book a demo today. 

You can also drop by and chat on our community Slack channel or during our regular weekly office hours.

Copyright © LimaCharlie 2024