How to Get Your Managed Security Game On

A panel of experts prepare to discuss what you need for an effective managed security strategy.

Edward Gately, Senior News Editor

March 6, 2019

7 Min Read
Managed Security

Managed security is red hot, with escalating demand from customers and stiff competition in the market.

So how do you stand out in the crowded managed security services field? A panel of experts are preparing to discuss everything you need to know to execute an effective managed security strategy.

They will share their advice in their presentation, “Up Your Managed Security Game Tomorrow: Tips and Tricks from Top MSSPs,” part of the technology leader track, part of the Business Success Symposium, April 9, at the Channel Partners Conference & Expo in Las Vegas.

Channel Futures spoke to the panelists: Jason Ingalls, CEO of Ingalls Information Security; Ian Richardson, founder and CEO of Doberman Technologies; and Jason Steiner, manager of risk advisory services at RSM US.


Ingalls Infosec’s Jason Ingalls

In a Q&A, the panelists gave a sneak peek of the information they plan to share during the session.

Channel Futures: What are some of the most pressing needs of managed security providers?

Jason Ingalls: Talent, with 3.5 million open jobs by 2021.

Ian Richardson: The biggest need is a partner with the talent to be able to assist an MSP in an actual breach scenario — incident response support. Very few MSPs will be able to do forensic analysis/incident response in-house, especially the first time around. Someone who can give guidance on the go-to-market strategy, and participate in the sales process for support, is useful as well. Having a proper security information and event management (SIEM)/security operations center (SOC) solution that can be translated to a per-device/per-use costing is vital for the model. An MSP will need to be able to have levels – think silver, gold, platinum – for the foreseeable future in security until this becomes table stakes.

Hear from this panel and 100+ other industry-leading speakers at the Channel Partners Conference & Expo, April 9-12, 2019, in Las Vegas. Register now!

Jason Steiner: Demonstrating compliance to and mastery of information security practices (frameworks). MSSPs should be certified in the relevant frameworks for those industries it wishes to serve. Certification will demonstrate to potential clients the MSSP’s expertise and reliability, which should be a differentiator in the marketplace. Also, being certified enhances the MSSP’s risk-management program and should have the added benefit of lowering cybersecurity insurance costs.


RSM’s Jason Steiner

Also, understanding evolving technology and how this technology creates or exacerbates vulnerabilities and threats in an MSSP or client environment. The best example of an emerging technology is IoT. The best example of an emerging threat would be ransomware. An effective MSSP should understand how to articulate threats to a client’s evolving business needs and develop solutions that mitigate these threats.

CF: What are some examples of technologies/capabilities most in demand?

JI: Social engineering awareness and training (PhishMe, KnowBe4, [and so on]).

IR: Dark web monitoring, [a] SIEM/SOC solution, multifactor authentication (MFA), auditing capabilities for compliance and a professional-services plan.

JS: While there’s a need to provide services that fall under all levels of maturity, higher maturity-level services like intrusion and detection (IDS), SIEM and incident management are in greater demand because of the higher costs and human resources required to effectively implement them. Basic functions like ticket management, help desk support, device management and log management continue to be important because …

… they feed SIEM and incident management.

CF: What are some tips for increasing your managed-security capabilities?

JI: Trust experts that have years on the job as partners, train your staff and get them certified, [and] attend security conferences to understand how fast the cybersecurity industry is moving.

IR: First, talk to peers who are doing it and listen to vendor presentations. I’m a fan of partnering with someone who can check multiple boxes, and give honest advice on the boxes they can’t check. A good partner needs to be able to say, “Hey, we fix X, Y and Z, and you need ABC as well. Here [are] the guys who know what they’re doing.'”


Doberman Technologies’ Ian Richardson

Find that key partner, then build out with their advice and partnership. Get things that will integrate with your professional services automation (PSA) to make it easy for your desk team. Implement the solutions in-house first. Find two small accounts, sell them on it, then go after your whales to start making money. Consider doing some high-end dinners with major accounts to grease the wheels.

JS: Having the ability to provide (or partner with someone who can) diagnostic services like risk assessment, vulnerability scanning and penetration testing is a great way to extend an MSSP’s reach. Also, offering security control remediation on top of diagnostic services represents the pinnacle of service offerings.

CF: Are there common mistakes to be avoided during this process?

JI: Trying to build things from scratch is a waste of time and money at this point. Paying market price for talent rather than growing it from junior staff is a bad idea.

IR: Don’t focus on cost; focus on business risk. Security is insurance. You have to let people sell themselves. No one cares about the technology; they care about the return on investment (ROI) on security, which is preventing downtime. Without a good downtime calculation/risk statement, you’ll sell nothing.

JS: Having ready solutions for multitenant and single-tenant hosting is great, but MSSPs should be aware of the compliance requirements for offering dissimilar solutions; for example, obtaining certification as a Payment Card Industry (PCI)-compliant service provider is negated if substantial changes have been made to a previously assessed environment. Also, MSSPs and clients should have a thoroughly documented responsibilities matrix that describes in detail the security tasks that each is responsible for. Failure to have these tasks documented can not only result in security incidents for the client, but also the lack of a documented matrix is a compliance violation. The matrix should describe requirements, security control ownership and implementation details.

CF: What do you hope attendees learn and can make use of from this session?

JI: The traditional four pillars of cybersecurity that MSPs have provided their clients for decades are no longer enough to defend against today’s threat landscape. Ransomware and wire transfer fraud start with a phishing email 95 percent of the time today. Backups get deleted before ransomware get deployed. Firewalls are blind to encrypted application layer traffic. Patch management only works if the patches get applied, make sure you know they got applied. Traditional antivirus is a plaything of today’s advanced malware strains.

IR: I’d hope that people get an idea of how important this is, and a few ideas on how to handle the conversation. If we get the room thinking seriously that doing nothing is not an option, we’ve won.

JS: The importance of education inside and outside the organization. For MSSPs, developing security expertise (specialists that can interact with clients) that can be shared with clients is definitely a plus. A large number of organizations today just don’t understand foundational concepts of information security. Ideally, an MSSP should assist clients in not only being secure, but also compliant. More important is understanding what the client needs and then developing a solution that meets those needs. This is especially true with small and medium-size clients. Large clients want (and can afford) complex solutions. Small and medium-size clients are often constrained by resources (budget and human) and have to be very selective with their IT budget. Understanding how to prioritize those needs creates the most value for smaller clients.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like