IT and Business Insights for SMB Solution Providers

Partnering with Security Partners

Outsourcing security provides MSPs access to valuable expertise and technology, but it is still a shared responsibility. By Colleen Frye
Reader ROI: 
FOR MSPs, partnering with a security provider can offer access to expertise, SOPs, and tech that wouldn't be feasible otherwise.
IDENTIFY GAPS in your expertise and seek security partners aligned with your core values and capable of supporting your stack.
VET PARTNERS thoroughly, trust their onboarding process, and establish lines of responsibility and good communication.

This article is based on a panel discussion at ChannelPro’s August 2021 Cybersecurity Online Summit.

WHEN IT COMES to cybersecurity, it's increasingly difficult for an MSP to go it alone. Partnering with a managed security provider is a viable way to shore up protection for customers without investing in expensive solutions or personnel.

“We're past the question of, should we be doing this?” says Joshua Liberman, president and founder of Net Sciences, an MSP in Albuquerque, N.M. “You need to be doing this for sure, unless you have confidence that you can build out a SOC, and that is a bigger challenge than ever.”

According to Robert Boles, founder and president of BLOKWORX, a managed security service provider (MSSP) in Larkspur, Calif., the rationale for MSPs outsourcing security is similar to why SMBs outsource IT. MSPs can “leverage a partner who has those standard operating procedures and all of that expertise already in house, as well as not having to make the significant financial investment in operating and maintaining tools like SIEM and SOAR and a 24/7 security operations center.” That allows MSPs to focus on what they do best, he notes.

For successful relationships, MSPs need to choose their cybersecurity partners wisely, however, and then follow best practices for working with them.

What to Outsource?

To determine what to outsource, Boles says to identify gaps in your expertise and then find solutions to fill those gaps.

Liberman says he made some “practical choices,” recognizing that he didn’t have the resources to run a 24/7 NOC or SOC. Net Sciences uses one partner to manage log reading and response services through the firewalls. “They alert, they do auto blocking. Once they detect a real persistent threat of some sort, any kind of APT, we get reports, but they actually interact and do this in near real time, 24/7.” He uses a different MSSP for endpoint log reading and response services. “We really wouldn't be able to identify the true issues or respond quickly enough. They can also do things like lockdown traffic flow from that endpoint to their SOC, so they can remediate it at the endpoint or just keep it off the network entirely.”

MSPs also must decide whether to partner with a single provider or take a best-of-breed approach like Liberman. “The downside to that is that’s two different vendors, not one, two different consoles, two different things to manage,” he acknowledges.

Boles cautions against partnering with multiple SOC providers because no one provider will have complete visibility.

Liberman doesn’t disagree, but argues that some overlap in security tools and services not only safeguards against missing a critical event but also provides a safety net should a security partner get acquired.

About the Author

Colleen Frye's picture

Colleen Frye is ChannelPro's managing editor.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.