How MSSPs have evolved and why they're not created equal

July 23, 2021
 - Created by 
Charles Ho

Looking back 20 years, the security industry was vastly different. With so few entry points, organizations needed a two-tier firewall and an intrusion protection system to secure the perimeter of their network. Small and mid-sized businesses (SMBs) could outsource their IT needs to a managed service provider (MSP), and they would receive an alert anytime an issue was detected. Managing security was a breeze.

Then came the cloud, smart phones and IoT devices and the threat landscape expanded—enormously. The move to a data-driven world meant the perimeter evaporated and data became exponentially more valuable. This not only increased the sophistication of attackers but also the number of attacks—it is estimated that cyberattacks will cause $6 trillion USD in damages in 2021. Companies are not just fending off a handful of individuals with time on their hands, they are fighting organized professionals using advanced techniques and even nation states trying to maliciously enter their organization.

In response to growing threats, more and more vendors started popping up, offering protection for specific points in the kill chain. Now, there are 3,500+ security vendors that companies can choose from when piecing together a comprehensive defense system. So how do companies piece these solutions together and operationalize them to become cyber resilient? They often work with an MSSP.

What is an MSSP?

With so many tools to maintain and operate, many companies look to managed security service providers (MSSPs) to monitor their security tech stack. There are companies old and new, large and small, delivering MSSP services. So, before you start working with a so called “MSSP,” it is important to know what to expect from a security partner.

Types of security providers

MSSPs can be grouped into three camps: MSPs, traditional MSSPs and vendor MSSPs. To add to the confusion, you may run into several three-letter acronyms associated with MSSPs such as EDR, MDR and XDR. But which one is right for you? Here, we’ll break down the difference between three key types of security partners and where each provides value.

  • MSP
    Traditionally, MSPs manage a business’ IT infrastructure. However, IT and security have become inseparable, almost synonymous, and some MSPs have begun adding basic security as a value-add. Many SMBs take that convenient option because they already have an established relationship with their MSP partner who knows their environment well. It also simplifies things from a billing perspective.

    The difficulty is that MSPs are not natively security experts and may even be outsourcing the work to an MSSP and marking up the service. They also don’t typically provide 24x7 monitoring, which is problematic when you are dealing with 24x7 attacks. A few years ago, it was possible that SMBs could get by outsourcing their security to an MSP. It didn’t require an elevated level of security expertise to protect against yesterday’s “smash-and-grab” attacks. Today, however, hackers don’t discriminate. And they are using the same sophisticated techniques to break into organizations of all sizes. Which means organizations of all sizes, need the same coverage and expertise.

  • Traditional MSSP
    MSSPs are far more security savvy than MSPs. They will take over your existing security stack, alert you when there is an incident and work with you to respond to confirmed threats. Beyond securing your perimeter, these providers become an extension of your security operations, running advanced correlations and analytics on your systems. These talented security experts have deep experience in security and can offer highly customizable services to meet your organization’s needs. 

    While MSSPs excel at offering effective monitoring services, they don’t provide the products they are monitoring—those come from their clients. So, prior to contracting an MSSP, an organization first must familiarize themselves with the kill chain, research the 3,500 security vendors and piece together an effective security tech stack. But many companies don’t have the time or expertise to accurately assess their risk profile and choose the right tools to address it. So when a tech stack proves to be inefficient, who’s to blame? Because MSSPs need to familiarize themselves with whichever security tools their clients arrive with, they are a Jack of all trades, master of none.

    MSSPs also provide a tiered pricing structure, asking clients to choose the level of coverage they need. This is extremely problematic. Attacks are binary—you’re breached or you’re not—so your security should be too. You’re either protected or you’re not. By setting various levels of service, it begs the question: “Is the basic coverage insufficient and is the top tier overkill?”

    This tiered pricing structure also forces customers to not only choose the tools they need but also the level of coverage required to enhance their security posture. Something they may not be equipped to do. And since MSSPs are the security experts, wouldn’t it be helpful if they came with recommendations?
  • Vendor MSSP
    Vendor MSSPs provide an integrated detection and response capability based on their own tech stack. Because the tech stack is built in-house, it can be effective and efficient, sharing intelligence across tools and automating various processes. Moreover, the analysts and engineers only deal with their own tools, so they are intimately familiar with them and skilled at optimizing them.

    While this might seem like the perfect convergence of MSPs and MSSPs, the tech coverage is quite restrictive and leaves several gaps that need to be filled. Does the XDR provide email coverage? What about visibility into active directory abuse? Do you need an additional MSSP to cover the gaps? 

    And finally, because this business model is fairly new, it is also volatile with some of the big players already selling off pieces of their business

Filling the gaping hole in the industry

While MSPs, MSSPs and vendor MSSPs each have a place in today’s cybersecurity market, all three fail to give SMBs the coverage they deserve. Small businesses don’t have the time or expertise to weed through numerous security vendors and select the appropriate tools to build a tech stack that provides comprehensive coverage. They also can’t afford the gold- and platinum-level coverage many MSSPs are offering Fortune 100 companies.

The security market is missing an easy-to-understand, comprehensive solution that addresses the current risks at an affordable price. And that’s where SolCyber comes in. Learn more about what makes SolCyber a different kind of MSSP and how you can get the protection you deserve. 

Share this post

Subscribe to our blog!

To receive the latest articles from our team, provide us with your email address.
Why security frameworks don’t work for SMEs

For those of you who are just joining […]

Scot Hutton
Find out more
What is "enough" security?

‘Hi Scott, nice talking with you. We’ve got […]

Scott McCrady
Find out more
3 questions to ask when selecting the right MSSP

Today’s threat landscape is advancing dramatically, putting more […]

Charles Ho
Find out more
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram