rvlsoft - Fotolia

Managed security services make progress in SMB sector

Providing managed security services to small and medium-sized businesses has never been easier, but gaps in cybersecurity tools and customer education remain as challenges.

Small and medium-sized businesses don't have to fret when it comes to trying to protect themselves from cyber threats: More and more vendors have recognized the need to offer cost-competitive cybersecurity tools, making it easier for MSPs and MSSPs to protect their customers.

No longer is the sole focus on protecting the enterprise, said Charles Weaver, CEO of MSPAlliance, based in Chapel Hill, N.C. In the past several years "incredible advancements" have been made by the vendor community to create "some fantastic [cybersecurity] technology that's very price competitive and easy to use by MSPs, and relatively easy to use by consumers or customers," he said.

The SMB-focused security providers "are doing a very good job of simplifying for the non-tech user base what they need, and slowly but surely that message is getting across with people who haven't budgeted for IT security," Weaver said.

These firms are starting to put together some comprehensive managed services portfolios that include security offerings for customers that would have been at a very different price point five or so years ago, he said. The complexity of installing and managing cybersecurity tools has also decreased, Weaver added.

For example, there has been a growing proliferation of password management systems, Weaver said. Multifactor authentication tools are also proliferating among enterprise, midmarket and SMB firms.

"That's a democratization of what 10 years ago would have been the enterprise upper-market concept, and now [those cybersecurity tools are] everywhere,'' he said.

Gaps still exist in small business cybersecurity

Even with more managed security service offerings available to SMB customers, there are gaps, Weaver said. For example, at the SMB level, most MSPs do not have a security operations center (SOC), with people and processes to monitor a SIEM system.

"It takes a pretty good amount of time and money to develop [a SOC]," he noted. In that instance, an SMB-focused MSP would want to think about partnering or outsourcing to a firm that can deliver SOC services, he said.

However, Weaver added that "I don't necessarily know if that's something your standard SMB customer will, A, know about; B, value; and, C, pay for."

Security operations center chart
Security operations centers oversee prevention, detection and protection.

Creating managed security services for businesses of all sizes

Managed IT and security services firm NexusTek, based in Greenwood Village, Colo., has always provided security offerings to small- and medium-sized businesses, said Randy Nieves, CTO.

"Most MSPs have been providing security services to customers -- SMB or otherwise -- since their existence," Nieves said. "You don't go up to a customer and say, 'We'll help you with everything but security.'"

Randy NievesRandy Nieves

But Nieves acknowledged that it has "become more complex for the average security MSP" to offer protection "because their roots were in architecture and infrastructure and networking and app support, and security wasn't the most natural thing." So while most MSPs deployed standard antivirus tools and firewalls and configured them, it has become no longer acceptable to "do it at a level that's just good enough," because the threat landscape is evolving faster than people can keep up with, he said.

With businesses now also opting for multiple providers for cloud and security, managing them has become more challenging, he added. This has led to security becoming a specialty, with people getting CISSP certifications and starting managed security services practices, Nieves noted.

Over the past few years, NexusTek has developed deeper security offerings more in line with how threats are coming at customers, he said. "You can't just have a tool respond reactively after you've already been attacked," Nieves explained. Their approach is to create partnerships and build internal education with a customer around protecting all the attack surfaces.

The strategy has enabled NexusTek to launch security monitoring and patching, along with endpoint advanced threat protection. "We take the stance of security by default," Nieves said. "Even the most basic [managed services] package includes security components for customers at a basic tier. We believe in the firewall strategy of 'trust nothing' and you only allow what you need to allow."

Nieves believes cost isn't a big factor in a company's ability to procure security software any longer, due to the proliferation of vendors and more reasonable prices.

The most expensive component is labor, he added, and this is where AI-based security tools with analytics can be helpful because they can ferret out anomalies.

It is still cost prohibitive for SMBs to gain access to more enterprise-level security tools, Weaver noted. "But we're getting good at miniaturizing the tools that have been in the enterprise sector."

How RMM vendors are faring in the security space

Over the past couple years, the MSP software market has seen a number of acquisitions and deals, and remote monitoring and management (RMM) vendors including ConnectWise, Kaseya and Continuum have bulked up their security capabilities and integrations to compete with security vendors.

Nieves thinks the RMM vendors are typically doing a better job than they have in the past of integrating their platforms with cybersecurity tools because they are forming technology partnerships.

"It's really important for these tools to provide a single-pane-of-glass help desk so they have visibility into alerts and the security tools they're monitoring trigger alerts," since the RMM vendors are not writing the software themselves, he stressed.

If NexusTek finds a cybersecurity software product that doesn't integrate with ConnectWise, Nieves said they will go to the company and request it. "You want standard configuration management," he explained. "If I buy a piece of software, it's only as good as the method by which you configure it." In most cases, he said vendors offer standard configuration management.

Charles WeaverCharles Weaver

Weaver isn't quite as confident. Although there may be exceptions, "I would say no one RMM platform will cover 100% of what the MSP will need," he said. "That's always been the case. The RMM [vendors] may not want to hear that, but MSPs know that."

While Weaver agreed that the RMM vendors are doing a pretty good job, he said they need to continue paying attention to the security sector -- and MSPs need to learn how to implement these tools more effectively and securely.

"There have been documented scenarios where, through an MSP platform, there's been a hack. … It was just the way in which the platform was used," as opposed to an unsecure platform, Weaver said. "We need to do a better job as a profession of documenting and enforcing the best practices around how those tools are used" to make sure they are being used correctly.

Continued focus on customer security education

In the final analysis, security will only continue to be as good as the end user. "End users have to really be willing to modify their behavior," Weaver said. Additionally, "there's some really horrifically run internal IT departments that continue to do very bad things in a very bad way, despite an external MSP saying, 'You should be backing up data,' and for cost or whatever reason [the IT department says], 'Don't patch our machines or back up our data or encrypt our data.'"

While this is an ongoing issue, "MSPs have a bit more ammunition when they have conversation with customers to say, 'This isn't just about an IT outage, but a data breach.'"

Hopefully, he said, that will have an impact.

Next Steps

Read more about hackers targeting MSPs

3 tips for marketing and selling MSP cybersecurity

Dig Deeper on MSP technology services