Posts

Should I Become an MSSP? 13 Considerations from MSP Expo

With the cyber security skills gap being a point of contention for closing in on five years now, the managed security services provider (MSSP) industry has responded in kind.

In fact, Gartner predicted that 40 percent of all managed security services contracts will be bundled with other security services and IT outsourcing projects by 2020.

But the fact is, not every IT vendor, distributor or value-added reseller (VAR) is cut out to be an MSSP. For each MSSP that truly adds value in protecting their customers, there are others that fall short of what the cyber security industry — and prospective customers — requires.

I recently attended the MSP Expo in Las Vegas, Nev., to participate on an engaging panel of cyber security experts, including Guy Cunningham, VP of Channel Sales and Alliances at EventTracker; Jonathan Morgan, Director of Security Operations and Development at Area 1 Security; and DV Dronamraju, Managing Director at InfoSecEnforcer.com.

While we were able to collectively field and discuss many of the day’s top questions, I felt it prudent to republish these topics to help a broader audience of existing and future MSSPs.

What should business customers be most concerned about relative to cybersecurity, and why?

It’s rapidly changing threat landscape. For instance, we are seeing crypto-jacking this year as a new cyber threat. And while ransomware volume was somewhat down in 2017, new threat intelligence already shows a massive 299 percent year-to-date increase in 2018. So, the landscape continues to be agile and cybercriminals are diligent in seeking out new ways to impact organizations.

What can MSPs do to protect their customers from cyberattacks?

It’s important to consistently employ basic best practices: patching, updates, segmentation, etc. For MSP/MSSPs, the reality is that customers need help with this. So, developing services that take care of the basics is a great place to start. From there, you can scale your services and offerings to enhance their security postures.

Phishing is the root cause of data breaches and financial losses. How do anti-phishing solutions work?

They’re valuable in a variety of ways, but most email security solutions revolve around maturing the hygiene capabilities of corporate email platforms. Whether deployed on-premise or in the cloud, email security should automatically protect inboxes against links and attachments that are commonly used in phishing attacks.

More advanced offerings will use URL filtering and integrate with cloud sandboxes for protecting against known and unknown malware attacks. So, I believe strongly that we need to work to get advanced email security solutions more widely adopted in the market. Hygiene solutions, which most people think of when they hear security, just isn’t good enough anymore.

What kind of margins do email security solutions offer for MSSPs?

While there are many variables in play here, an MSSP could expect a margin of 10-15 percent for an email security product, or 30-50 percent margins if you provide email security as a service.

Since more than 89 percent of breaches have a financial or espionage motive, how are companies supposed to protect their intellectual property?

At a basic level, organizations should map their data so they know what’s most valuable and requires the most security. Depending on what’s being protected, consider using industry compliance guidelines (e.g., PCI, HIPAA, GDPR, etc.) as a baseline, but understand that compliance does not equal automatic security.

From there, layered strategies should include everything from network security firewalls, endpoint protection, secure email and even protection for remote access workers.

What do Security Information and Event Management (SIEM) solutions do, and why are they important? Aren’t they expensive to buy and difficult to operate?

Anybody who has ever used a SIEM will tell you, much like many cyber security tools, it will depend on the investment — time, staff, technology and resources – you put into it.

At the core, SIEMs help organizations correlate event logs (e.g., endpoint protection,  threat intelligence, user information, etc.) to search for patterns based on defined rules. They then provide a correlated output that flags potential risks or threats. They are extremely powerful and give organizations the ability to tune and customize rules for their specific environment(s).

But you have to know what you’re doing. And you have to have strong security engineers to get the most out of a SIEM.

Operationally, some MSSPs leverage a centralized SIEM model (i.e., all customer data flows through a single SIEM), where other MSSPs rely on a decentralized model that leverages whatever SIEM each customer already has in place. In both MSSPs and enterprises, SIEMs are typically used by Tier 1 security operations center (SOC) analysts to monitor alerts and identify events in real time.

How can MSSPs use artificial intelligence and automation to detect threats, trigger alerts, troubleshoot and address security situations?

The reality is that building your own artificial intelligence (AI) capabilities is probably not realistic unless you are a very, very large MSSP. So, ideally, you want to rely on the AI already built in to security products to help you identify and block cyberattacks to protect customers.

For example, SonicWall engineered very smart AI that we integrate into the real-time engines that power our Capture Advanced Threat Protection (ATP) sandbox capabilities. This can allow you to leverage AI without the overhead and complexity of building it yourself.  Then you can use an intelligent SIEM to help make sense of the logs and alerts.

Finding and/or developing cyber security talent can be a challenge. There seems to be a constant shortage of affordable, qualified cyber security practitioners. What do MSPs need in terms of technical, sales and support talent?

The key here is retaining the talent that you train. Companies like SonicWall provide entire platforms to train people — both internal staff and partners — on cyber security best practices, products and emerging threat trends. We call it SonicWall University. Our SecureFirst partners can leverage this platform to train their employees, significantly improving value for their customers. It’s best to consistently use engaging tools to train people and then build a culture that makes them want to stay.

How can MSPs provide enhanced security without adding complexity and overhead?

In a way, MSSPs are supposed to take away the complexity and overhead. We talk a lot today about getting the basics right and the transition from MSP to MSSP. Complex, enterprise-class MSSPs have lots of money, but if you are making the transition from MSP, start with taking the burden of the basics off the customer.

Make sure security devices are installed correctly, patched and have good policies. Make sure good endpoint security is deployed and managed. Provide useful reporting so customers know how well they’re doing. Removing the complexity from the customers is absolutely critical to success.

How does compliance figure in to being an MSSP?

This is massively important. A lot of mid-market MSSPs focus almost exclusively on a vertical. We see healthcare-focused MSSP or others targeting financial services (e.g., PCI). Compliance regulations drive need, so focusing on a vertical is definitely an option — particularly for MSSPs that can’t quite scale to solve all security challenges across an untold number of industries.

But especially if you are just starting in the MSSP space, trying to solve all compliance needs is a tough challenge. So, pick your spots when it comes to compliance.

How can MSSPs protect themselves from financial ruin and lost reputation if their customers do experience an outage or breach?

Good question. But the short answer is you have to indemnify yourself. And also have some level of insurance. And make sure your service-level agreements (SLA) make sense.

What kind of security guarantees/SLAs should an MSSP offer?

This is a very broad topic and also very dependent on the services being offered. The key for the market is that you are selling to match up the SLAs in a way you know you can hit. Take response times for rule changes, for example. You can’t promise you’ll have them done in 30 minutes, 24/7, if you don’t have people on staff around the clock.

How can MSSPs differentiate their security offerings in the marketplace?

We touched on this a bit with the challenge of removing complexity for the customer. Strive to make the entire experience transparent and frictionless.

One of my SonicWall colleagues, Conrad Bell, actually penned an outstanding strategy, “Inside the Modern MSSP,” for MSSP Alert. It outlines how proactive MSSPs are adopting bundled, end-to-end approaches for simplifying cyber security for their customers.


Become a SonicWall MSSP Partner

Are you interested in expanding your security offerings? SonicWall offers the dedicated SecureFirst MSSP Partner Program to help you expand your portfolio to include a full range of flexible managed security services built on SonicWall’s robust security platform.

The SonicWall SecureFirst MSSP program offers training, enablement, support and financial benefits designed to help SecureFirst Partners grow their managed security business.

Build your MSSP offerings by implementing SonicWall MSS blueprints, or work with SonicWall to create customized MSS offerings leveraging your existing managed services expertise.

SonicWall Cloud GMS Launches for Managed Service Providers: Protect More. Fear Less.

On May 1, 1969, Joni Mitchell released her album, Clouds. In Both Sides Now, she penned these lyrics about the enigmatic nature of clouds:

I’ve looked at clouds from both sides now
From up and down and still somehow
It’s cloud’s illusions I recall
I really don’t know clouds at all

Exactly forty-eight years later, on May 1, 2017, SonicWall proudly launches Cloud GMS, the Global Management System for its next-generation firewalls.  Then as now, the cloud is enigmatic:  how do you know if a cloud management is right for your business?  The good news is that SonicWall gives you freedom of choice by offering both cloud and on-prem versions of GMS.  Keep reading and we will look at the cloud from both sides now.

First, cloud’s usage-based subscription model has financial advantages because of its zero upfront capital expense, which eliminates the barrier to entry for capital-constrained budgets.  Secondly, cloud’s pay-as-you-grow model enables businesses to scale painlessly because growth occurs by cloud-driven increases in cash flow with no outlays for more infrastructure.  Lastly, cloud equals simplicity, with no updates and fewer maintenance headaches for limited IT staff.

But cloud is not a clear-cut alternative to on-prem IT infrastructure for every business. There are many factors that should be considered.  First, cloud services are often geographically dispersed, whereas data privacy restrictions such as the European Union’s General Data Protection Regulation (GDPR) requires local access of data for security and compliance reasons.  Second, cloud services use shared resources with other businesses and that may cause sleepless nights for some IT managers who prefer direct control of infrastructure.  Lastly, cloud services are remote and susceptible to latency- or bandwidth-related issues.

The real value of technology is to make the business work in ways that maximize its growth and profitability. This means enabling the business to move in new directions to capture more customers, or to keep up with the market by out-competing the competition.  Whether you choose cloud or on-prem, GMS makes your business work better by enabling resellers to transform into managed service providers.  Or in the case of managed service providers who don’t yet have GMS, to increase operational efficiencies.  In both cases, businesses can increase their top line while improving their bottom line.  We invite you to learn more about the MSP practice in A Lucrative Opportunity in Managed Security Services and Cloud GMS in Integrating Global Management of Network Security.  If you are SonicWall Partner, start a free trial of Cloud GMS now by logging in to and clicking the Try button for Cloud GMS.

Internet of Things (IoT) Challenges Solution Providers with Security Risks

A lot has happened in the last year across SonicWall Network Security Solutions. We have implemented a complete refresh of our SonicWall TZ Wireless firewall product line from top to bottom while expanding the portfolio with the introduction of new platform form factors and performance capabilities. We’ve innovated the software as well, improving features and performance, to deliver value for every size company from small businesses to distributed enterprises. At the annual partner conference, SonicWall  Security Peak Performance 2015 – Come for Knowledge, Leave with Power, we announced best practices for securing the Internet of Things (IoT). We continue to arm our security channel partners with next-generation firewalls to fight the malware economy with the support of our threat research, our Deep Packet Inspection Engine, and, responding to the rise in encrypted traffic, we’ve dramatically increased security for our customers by enhancing our DPI SSL capabilities and overall support from top to bottom. Our partners from 21 countries attended dynamic keynote presentations and 20 technical breakout sessions with our security experts at three levels of security curriculum.

The next big trend that people are talking about is the Internet of Things. At Peak, the buzz on how this will create new vulnerabilities was widely evident. One of the discussions by our SonicWall Security experts identified five key steps to take full advantage of the evolution of IoT devices:

  1. Put Security First: Be vigilant and ensure data is secured and encrypted from the data center or the cloud to the endpoint and everything in between. SonicWall advocates a holistic approach to security that includes looking at endpoint security, network security, identity and access management, and more. Be aware of the data device vendors collect. If they are collecting data on all of their customers, this consolidated data set may be a very attractive target for hackers.
  2. Research the Devices: Evaluate the IoT devices accessing and planning to access the system. Understand what they do, what data they collect and communicate, who owns the data collected from the device, where the data is being collected, and any vulnerability assessments or certifications the devices have.
  3. Audit the Network: It is critical to understand the impact of IoT on network traffic in the current “˜as-is’ state. Do an audit to understand what is currently accessing the system, when, what it does when it sees data, and what it communicates to and where. This will enable an organization to reassess its network performance and identify any changes on an ongoing basis as additional devices are knowingly or unknowingly added or removed.
  4. Compartmentalize Traffic: Employ a “˜no-trust’ policy when it comes to IoT devices. Ensure they are on a separate network segment or virtual LAN (VLAN) so they are not able to access or interfere with critical corporate data.
  5. Educate Everyone: IoT is the “˜Wild West’ and will continue to evolve and change rapidly over the coming months and years. As such, it will be critical to ensure IT, security and network teams educate themselves about the latest devices, standards, and issues. Be prepared for consolidation and emerging standards, but understand today, little of that exists as some devices have weak or no security.

Our Security Channel partners are all Peak Performers

Getting ready for the surge of devices that come with the IoT is something partners need to consider as they chart their future. SonicWall Peak Performance is both a forum for information exchange on best practices as well as a vehicle to prepare for the IoT future. SonicWall Network Security channel partners have achieved tremendous success in the last 12 months. This underscores the value of the channel program. Some of the highlights include:

  • 12,000 partners sold SonicWall products
  • Number of deal registrations increased by 7 percent to over 4,100 per quarter, while the number of partners submitting deal registrations rose by 12 percent to 1,300 per quarter.
  • Partners who attended Peak Performance last year saw 40 percent year-over-year growth and 33 percent quarter-over-quarter growth;
  • 8,700 network security courses were taken, representing 1,700 partner companies
  • 320 partners earned the network security competency, bringing the total number of Preferred and Premier level partners to 1,500

SonicWall Security Recognizes Peak Performers

Our Premier Partner, Secure Designs, Inc. delivered peak performance with their phenomenal customer success with Time Warner Cable Wireless.

“The key takeaway of SonicWall Peak Performance 2015 would be that  SonicWall is totally committed to make things happen, we learned that already in some of the breakout sessions and really whatever you want to do, you have the ability to do. Whether it’s a specific program that they have that you can deploy, or there’s something outside of the box that you want to tell them, they’re going to be interested in helping to make it happen,” said Larry Cecchini, President and CEO of Secure Designs Inc.

Joe Gleinser, president of GCS Technologies, a premier partner, was interviewed onsite:“I have used SonicWall for nearly a decade and have 500 clients deployed across Texas and my clients learn to depend on the SonicWall brand.”

“Our partners are such an important piece of our business and we’re thrilled to be able to recognize their tremendous accomplishments over the last year. The amount of energy and excitement coming out of the Peak Performance show was contagious and we’re looking forward to seeing how our partners capitalize on this. We look forward to celebrating more successes next month at SonicWall World in Austin, TX,” said Chris Szarlacki, Director, Channel Marketing, SonicWall.