https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Shutterstock

Security Operations Center (SOC)

3 Keys To ‘SOC Away’ Money as an MSSP

  • Written by Russell Poole
  • May 9, 2018
There are three methods to get a security operations center up and running. That's the easy part. Scaling and maintaining profitability? Tougher to do.

There’s no doubt customers are running scared: Gartner expects the global security market to be worth $93 billion by the end of this year. MSPs are naturally looking to grab some of that business.

To become a true managed security service provider, however, you need a 24/7 security operations center, or SOC. That’s an expensive proposition — the capex and staffing issues are enough to stop some MSPs from adding that extra “S” to their acronyms.

MSPs typically have three options to establish a SOC: DIY their own branded service, partner with an established player with a turnkey service, or resell a vendor’s white-label offerings. Each of these brings challenges when it comes to profitability.

Let’s look at the overall management complexities of operating as an MSSP, whichever SOC model you go with. To serve customers properly, you will need to:

  • Analyze a steady stream of threat data flowing into the SOC in real time;
  • Select and provision a variety of security capabilities per customer via technologies like SIEM, firewall, detection and response, endpoint monitoring and a seemingly endless list of other, specialty products;
  • Figure out the best way to triage a hailstorm of network alerts and provide analysis to sift real threats from hundreds to thousands of false positives;
  • Decide whether to specialize or figure out how to serve customers with bespoke SLA requirements across diverse sectors and verticals;
  • Understand complex regulatory and compliance rules, all with their own privacy and reporting requirements;
  • Find, hire and retain highly skilled, and highly paid, SOC staff and security analysts.

Much has been written about these. Let’s dig into what I see as the key to MSSP profitability: simplifying SOC operations wherever possible while ensuring that your services are scalable. MSPs always need to flex their business models in order to add new specialties; increase the number of users supported; and ramp-up the volume of data, processing and network resources consumed.

They also need to be able to scale down and avoid wasting money by paying for more resources than business volume demands. That’s an issue across managed IT services, and it affects security as well. 

Data costs can also be a drag on SOC profitability. With the annual boom in data volume continuing unabated, monitoring and analyzing all the information moving in and out of corporate networks has become a huge money-maker for traditional vendors that supply SOC infrastructure. With pricing for core SOC technologies typically based on data volume, vendors basically have embedded steadily rising costs into the managed-security services business model.

Have I made you think twice about making the leap to manged security? Good, because this isn’t a business to enter into lightly. Customers trust MSSPs with their business reputations. But if you’re still reading, there are ways to overcome these challenges and benefit from the surging demand for cybersecurity:

  1. Focus on technologies and minimize dependence on staff: A SOC should be built around systems rather than people. Technology can be reconfigured, replaced, augmented or upgraded when you need to scale. Staffing your SOC and ensuring the right skill sets are in place can be difficult and very expensive due to the demand for cybersecurity experts. Don’t hire someone to do a task that a tool can do. That said, highly skilled people will always be an important part of a managed-security services business, and technology can’t fully replace the human element. Ensuring that the latest technologies are in place will make the people more effective and help ensure that threat detection and remediation happen faster.
  2. Automate wherever possible: Along the same lines, if core SOC capabilities like real-time monitoring and analysis of security alerts generated by all customers’ applications and network hardware are automated, it is much easier to scale clients’ requirements quickly. If you can automate something, do. Machine learning is becoming a real enabler for MSSPs, and AI is on its way. Automation can also make the SOC a source of intelligence that clients rely on to make better decisions. The latest tools can recommend approaches for defending against threats while helping improve workflow to make the SOC faster and more effective.
  3. Demand pricing that ensures visibility of SOC costs: MSSPs need predictability of costs. Pricing around core SOC infrastructure technologies like threat intelligence, monitoring and SIEM should be based on, for example, the number of network nodes in need of protection, not the amount of data moving through them. 

Making the leap from MSP to MSSP means operating scalably and efficiently. Clients demand detection and response to attacks in real-time with zero tolerance for error. MSPs that add security services to their portfolios but don’t optimize their SOC operations will struggle to sustain profitability in a lucrative but increasingly crowded market.

Russell Poole is managing director, U.K. and Ireland, for LogPoint. Having been at the forefront of the cybersecurity industry for well over 10 years, Russell is using his experience to expand LogPoint’s presence in the United Kingdom and Ireland. After spending more than two decades working in IT for some of the leading brands in the U.K., Russell’s focus is working with organizations to not only ensure IT security is aligned to business goals, but also to ensure secure working practices can be leveraged as a growth driver and key differentiator.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Business Models Security Specialty Practices Strategy Technologies

Related


  • Woman Thumbs Up
    Industry Experts Laud Biden Proposal for Increased Federal Cybersecurity Spending
    The plan includes increasing Cyber Security and Information Security Agency (CISA) funding.
  • Cloud Roundup
    Judge: AWS Does Not Have to Reinstate Parler
    Plus, this cloud news roundup includes a new board member at SADA, and certifications for Ensono and Navisite.
  • security centric
    The Importance of Being Security-Centric
    Why security-centric MSPs will find success in 2021.
  • Artificial intelligence
    Why Partners Should Prioritize AI in 2021
    Using AIOps will help enterprises better manage user connectivity.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Citrix to Acquire Wrike for $2.25 Billion, Expand SaaS Portfolio
  • The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis
  • Cloud-Based CRM: What SMBs Need to Know about Backup and Recovery
  • With SolarWinds Breach, ‘The Hackers Aren’t the Problem’

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@exabeam, @VulcanCyber, @ntti3, @Vectra_AI, @Lookout and @valtixinc give high marks to @POTUS' federal… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Judge sides with @AWScloud against #Parler; @SADAsystems gets AI-centric board member; @EnsonoIT, @navisite get… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

2021 may be the year of the #security-centric #MSP @BarracudaMSP #remoteworking #ITsecurity #dataprotection #RMM… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Adding #AIOps and #AI-driven WANs will help IT administrators move forward, says @MistSystems.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Microsoft taps @tybryson as corporate VP @msuspartner group @julwhite heading to SAP, @anderson to @Qualtrics.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

#MSPs can inject predictability into #threathunting @Sophos #cybersecurity #ransomware dlvr.it/Rr4ffV https://t.co/Bztc2Yxwvc

January 22, 2021
ChannelFutures

.@RiskBased report shows decrease in #databreaches, jump in exposed records in 2020. dlvr.it/Rr4fcW https://t.co/PYiDMiJFbt

January 22, 2021
ChannelFutures

Legal experts say @VMware's #lawsuit against @nutanix's new CEO holds little weight. dlvr.it/Rr48FJ https://t.co/oLxPhgvgAt

January 21, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X