AMONG THE CERTAINTIES OF LIFE such as death and taxes, we can add the need to provide more and more security services to our SMB customers. Advanced security services not only provide deeper protection for your clients, they also afford the opportunity to enhance your monthly recurring revenue (MRR). You can offer these services, which include security information and event management (SIEM), a security operations center (SOC), internal and external vulnerability scans, incident response and security plans, and dark web monitoring, “a la carte” or as a bundle. Moreover, you can sell advanced security services to existing clients or use them as a foot in the door to new customers.
IT security providers know that carefully layered security services, including state-of-the-art perimeter protection, are vital. No matter how well you configure your firewall(s), though, if nobody is reviewing the firewall (and other) logs, parsing entries, and responding to threats, your clients remain vulnerable to breach. On the other hand, anyone who has ever tried to do this manually knows that you cannot possibly expect to review, much less wisely act upon, these logs on your own. It takes a full-time, well-trained employee—for every site—just to make sense of these logs. For most of us, that means enlisting the help of a SIEM or SOC provider.
Just a few years ago, these services were priced in the hundreds to thousands of dollars a month. Today you can find good offerings backed by U.S.-based companies such as SOCSoter and Vijilan (SOC pictured above) starting at under $100 monthly. These services vary widely, so take the time to learn what is included, how pricing works (some models are simpler than others), and what steps you may need to take yourself. For example, will your SIEM/SOC provider merely alert you, or will it take actions on your behalf? If so, how are those actions triggered and defined? And will its reporting be client facing? Finally, how do the SIEM/SOC solutions work (agent or appliance based) and how do they integrate with your existing tool set?
Internal Vulnerability Scanning
Just as we can provide customers with layered security services at the perimeter and endpoints, we can now provide layered vulnerability scanning as well. This is a relatively new capability, with offerings from RapidFire Tools (Network Detective Inspector Appliance), Infinite Software Group (Nodeware, pictured below left), and SOCSoter (Vulnerability Monitoring Service) leading the way. These appliance-based solutions offer scheduled scanning inside the network, detailing everything from the addition of new devices on the local-area network to Active Directory issues, to reporting on common vulnerabilities from NIST, SANS, and proprietary sources. While analyzing these products and services and weaving them into a compelling offering can be challenging, they can be a key differentiator for your MSP business.
External Vulnerability Scanning
Once you’ve made sure your customers’ networks are protected at the perimeter, it’s time to check your work. Nothing does that better than an external vulnerability scan, delivered by a certified third party. “Third party” is important here, as nobody should proofread their own work (just ask a writer). Once again, the costs for these services have dropped greatly and the reports provided are more readable nowadays. Regularly scheduled external vulnerability scans are a great way to enhance your security and provide increased revenue; some industries have regulations mandating these scans. (Note that there are SIEM/SOC plans and some appliance-based services that include limited external scans as well.)