Building a Profitable MSSP: Modern Pricing Strategies for Maximum Growth

For MSSPs and MDRs, the squeeze in 2025 does not come from any one threat. It comes from the math. Licensing fees keep rising, the security vendors you build on are forming partnerships to enter managed services themselves, and the customers you serve increasingly expect coverage that reaches well past the endpoint. Matt Bromiley, LimaCharlie's Lead Solutions Engineer, used this session to make an argument that cuts against how most providers plan their year: profitability is not something you negotiate at renewal or recover by raising rates. It is decided by whether the shape of your pricing belongs to you or to the vendor underneath you.

Bromiley frames the provider's job as two businesses running at once. One is managing customers, the detection, response, reporting, and onboarding that clients see and pay for. The other is managing cost, the licenses, ingestion, storage, and infrastructure that quietly determine margin. Most pricing conversations only address the first. His point is that for anyone past a handful of analysts, the second is where the year is won or lost, and the question worth sitting with is not how much you can raise prices but where you can lower internal cost without degrading what customers receive.

The reflexes that feel like strategy but are not

The instinctive moves all fail the same way. Raising prices to track inflation, with nothing added, invites the question every customer eventually asks: what am I actually getting for this. Hiring your way to more value runs into your most expensive lever and a finite supply of analysts good enough to justify their cost. And the renewal-season ritual of hopping between vendors to chase a better rate, Bromiley compares directly to switching insurance providers. You do real work comparing, you score a temporary discount, and you change nothing structural. None of these scale, because none of them touch the thing setting your cost floor.

That cost floor matters more now because the competitive picture is hardening. Bromiley points to the SonicWall and CrowdStrike partnership aimed at small and medium businesses as the visible edge of a broader pattern: well-capitalized product companies entering managed services through consolidation and strategic partnerships, competing on price and market reach rather than testing their hand at services alone. His warning is blunt. When your service runs on a product company's platform, it is not in their interest to give you the most competitive pricing. It is in their interest to lower their own costs and raise yours, and he says he has seen the same move too many times to call it rare: a vendor using its own managed-services customer list as a target list. The fact that it happens at all, he argues, is reason enough to scrutinize who you build on.

Tiers belong to the vendor; demand belongs to you

The structural fix Bromiley advocates is to stop pricing the way your vendors price you. Tier and band models, the familiar "ten thousand endpoints at X per endpoint," lock both you and your customer into a rigidity neither may need. He recalls selling in the MDR world a few years ago, where customers were slotted by predicted endpoint count into tiers that dictated their technology, often handing them horsepower and license commitments they would never use, along with hard caps on data, bandwidth, and telemetry ingestion they did not ask for. The deeper problem is that if your own pricing inherits a vendor's tiers, you cannot scale past the corners they painted you into. Add a new telemetry source or a new service and you are back negotiating bands with a partner instead of serving a customer.

His alternative pairs two ideas. Demand-based pricing mirrors how any cloud provider bills, you pay for what you use when you use it, which is the model LimaCharlie runs. Published pricing is a ceiling rather than a floor, with scale discounts that bring it down as volume grows, and the real payoff is forecasting: when cost tracks the telemetry and endpoints a customer actually brings, you can size a contract with confidence instead of renegotiating upstream every time you sign. Value-based pricing is the complement. The underlying stack is rarely where your value lives. Your value is your insight, your detection engineering, your response. Build on a cost-effective foundation and price for the expertise sitting on top of it.

Owning the integration layer, then cutting what does not earn its place

The other shift Bromiley sees coming is the end of the endpoint-centric service. Customers already want identity, Microsoft 365, and the full cloud footprint treated as first-class telemetry rather than bolt-ons, and covering them is an engineering problem before it is a pricing one. That makes an API-first platform table stakes, in his framing, because the integrations that do not exist yet have to be ones your team can build. His evaluation rule follows from that: ask only about capabilities your team will actually operate, and if a tool lacks something you need with no clear roadmap to add it, move on. He describes LimaCharlie customers who never touch the web UI and run entirely through API output, others operating out of GitHub repositories and Slack channels, and others who lean on it alongside two or three dashboards rather than fifteen or twenty.

Owning that layer is also what lets you take cost out without touching service quality. Drop unused licenses, and stop passing sunk costs to customers who never created them. Then, on a periodic basis rather than as a standing engagement, audit each tenant for redundancy so analysts are not paying to monitor the same data in two places. Bromiley reframes that audit as a way to deliver value before installing anything: reduce a customer's redundant tooling and you have already won. The same review surfaces the chance to push monitoring upstream, closer to where an incident actually begins, by covering Microsoft and cloud sources where an adversary often enters. That move adds value with minimal overhead, but only if the platform can scale to it without bumping you into a new pricing tier, which is precisely the trap demand-based pricing avoids.

The throughline is ownership. A partner that handles the infrastructure, the databases and cloud you should not be babysitting, frees your team to sell what is genuinely yours, while a partner that one day competes for your customers does the opposite. Bromiley is explicit that LimaCharlie is not in the managed services business and has no plans to enter it, and he closes with the kind of proof point that lands for this audience: a company that used the platform to build its own XDR offering, from napkin sketch to general availability, in roughly four to five months. The lesson he wants providers to carry into the year is not a discount or a tactic. It is that the pricing model you can defend is the one a vendor did not hand you.