MSP-MSSP Partnerships Paying Off in Big Ways

Written by Kris Blackmon
January 17, 2019

When the service-provider types combine forces, they create a whole stronger than its parts.

Managed service providers (MSPs) have offered security services as part of their core offerings for decades, but in today’s threat landscape, a managed firewall and antivirus isn’t going to cut it. Businesses need advanced tools and specialized management that most MSPs just aren’t equipped to provide.

Spinning up a managed security practice within an MSP’s existing business is a massive undertaking with a high price tag. The cost to bring on the necessary expertise and tools is just not within the reach of the average MSP. Some experts estimate that the capital costs, payroll, annual recurring costs, training and management can cost solution providers up to $1 million per year.

So how do you integrate managed security into your offerings without building out your own security operations center (SOC)? Increasing numbers of MSPs are partnering with managed security solution providers to fill that gap and bolster their recurring revenue streams. When done right, such a partnership allows the MSP to own the customer relationship and continue to provision core services while the security provider effectively acts as the partner’s SOC.

Beyond Computer Solutions’ Chris Noles

In 2017, Chris Noles, president of Beyond Computer Solutions, an Atlanta-based MSP and member of the 2018 Channel Futures MSP 501, got a call from a subcontractor friend asking if he could help a managed security provider with some on-site incident response work for a company called CARE USA. Ingalls Infosec is based in Louisiana and needed to partner with a local MSP to have some boots on the ground. BCS provided staff augmentation and migration help while Ingalls handled the breach response.

The partnership turned into a goldmine for BCS, which is now an extension of CARE USA’s internal IT department and leading the migration of the company’s data from on-premises servers to the cloud. When Noles found out that Ingalls was partnering with MSPs to provide managed detect and response services, he saw the benefit of being able to offer those services to his clients and agreed to a partnership.

In addition to IT infrastructure and help-desk services, BCS still offers antivirus, patching and backups. For clients with more sophisticated security and compliance needs, it rolls in an MDR bundle from Ingalls as part of its per-user pricing. The package includes SIEM log monitoring, a network sensor, AI-based endpoint protection and an Active Directory deception tool for on-premises or hosted cloud servers. While BCS doesn’t white-label Ingalls’ offerings, it does add the company’s service agreement as part of the managed-services contract so clients just get one monthly bill.

Ingalls InfoSec says based on a 200-endpoint client, an MSP can expect to spend less than six hours on remediation issues per month. Because Ingalls analysts curate all alerts, weed out false positives and low-impact events, and only escalate actionable security events for remediation, there’s little additional impact on …