From Selling Solutions to Managing Security—Becoming a MSSP

We’ve discussed choosing the right managed security service provider (MSSP) in the past. However, understanding the inherent value of shifting to a hybrid approach to security with an MSSP is only half the battle.

The reality is that the same vendors that have sold you in-line security appliances for years are starting to become MSSPs themselves.

If you’re just starting to shop for managed security services, you should understand the path vendors are taking to transform their business models.

When you understand the details of a shift from selling solutions to managing security, you can make a more informed decision about who you’ll partner with to ensure total network protection. 

The Need for Vendors to Change Business Models

The increasingly complex threat landscape is causing a shift in the cyber security community from solutions sales to managed security services. Intel Security, in particular, has redefined its entire channel partners strategy to eliminate siloed endpoint solutions and has started offering protective services for the full threat-defense life cycle. 

As cyber attackers continue to prove they are two steps ahead of security efforts, the need for vendors to shift toward managed services will amplify. However, this shift won’t necessarily be an easy one.

Commenting on the shift from traditional solutions sales to managed services, President of Information System Architects Ken Dawson said, “My belief was that I could take any extra capacity in my professional services team and throw them at my Security Operations Center and staff if that way.” Dawson and other security vendors are running into problems throughout the transition.

The more you learn about these challenges, the more power you will have in the buying process for managed security services.

4 Challenges Vendors Face When Shifting from Selling Solutions to Managing Security

There is a stark contrast between the relationship a security vendor has with its customers and the relationship an MSSP has with its clients. Security vendors build relationships on the promise that they can prevent cyber attacks or detect them quicker than competitors. MSSPs, on the other hand, have an intimate relationship with their clients as they experience the days of crushing data breaches and the days of successful prevention. 

Aside from having to get used to a new type of relationship with customers, vendors looking to become MSSPs also face the following 4 challenges:

1. The need for new personnel: Vendor sales staff may have expertise in selling particular cyber security products, but that doesn’t mean they can make a quick transition into managed services. MSSPs require a staff of highly-trained and certified professionals to work seamlessly with customers of all sizes.  
2. Developing the tech infrastructure: In addition to filling out the security tool set with the necessary firewalls, IPSs, IDSs, forensics tools and more, a remote monitoring and management (RMM) solution is essential to successful managed services. Vendors on the journey to managed services must also determine whether or not they will have a specialty, which will likely require a separate set of tools in addition to typical solutions.
3. Adapting to a new pricing model: Monthly billing is almost ubiquitous in the MSSP world. However, vendors typically aren’t used to this kind of pricing model with their solutions sales. Before trying to find customers, MSSPs should determine the various tiers of services they will offer and the monthly pricing model that accompanies them.
4. Mastering a new business model: The costs and delivery methods for solutions sales are much different than for managed services. Vendors who want to make the shift must master the new standards if they want to make a profit.

When you’re shopping for an MSSP to partner with, consider these challenges they may have faced (or may currently be facing) if they were once a solutions vendor. The more questions you ask, the better your eventual decision will be.

Visibility Doesn’t Stop with High-Level Business Questions

While many of the points made here are focused on the business perspective of shifting from security vendor sales to managed security services, there is a deeper level of technical expertise that MSSPs must adhere to if they want to succeed in the market.

One fundamental aspect of this technical expertise is ensuring the services you’re provided with have guaranteed visibility into all network traffic. If your MSSP can’t offer visibility into every bit, byte and packet®, their higher-level business strategy won’t matter much.