Forward-looking MSPs understand that adding a security services element to their portfolio is both an opportunity for growth and a necessity for survival. A Ponemon Institute study found that 68% of businesses between 100 and 1,000 employees reported a cyberattack on their company, while 58% reported a successful breach. Those figures represent an increase of 6 and 4 percentage points, respectively, from the previous year’s survey, pointing to an acceleration of attacks on small businesses by threat actors.
Increases in attacks on SMBs are unsurprising, since although cybercriminals may be devoid of morality, they’re certainly shrewd. SMBs represent much softer targets, lacking the resources of larger enterprises to fortify their cyberdefenses and hire critical expertise. Indeed, in that same study, 47% of the SMBs surveyed said they “have no understanding of how to protect their companies against cyberattacks.”
Yet comprehensive security solutions for small businesses are typically expensive—and are often watered-down versions of enterprise solutions that were not purpose-built for SMB needs. MSPs now have an opportunity to offer SMBs an automated threat detection solution they can afford.
Threat Detection Is Foundational to Cybersecurity
As the recent SolarWinds breach shows, myriad cyberthreats are aimed at companies of all sizes in today’s volatile and still evolving post-pandemic economy. But with the exception of a malicious insider who might physically carry sensitive data out the front door in a backpack, successful attackers have one thing in common: They need to establish a connection with the network via an originating IP address. They need that originating computer to probe the network or launch a phishing attack. They need it to execute the attack—move horizontally, for example—once they’ve penetrated the network. They need that originating IP address to exfiltrate data or establish command and control over ransomware or other malware. Therefore, the seminal defense against modern threat actors is the identification of high-risk, malicious IP addresses that are either connected to, or are attempting to connect to, the end user’s network. These IPs are typically responsible for relentlessly repetitive cyberattacks.
Through algorithms, threat intelligence feeds, and other methods, automated threat detection services identify and assign risk factors to IP locations that attempt to access the network, allowing companies to block those questionable addresses. This typically covers a great majority of attempted network compromises (highly sophisticated attacks that use custom infrastructure to launch attacks are more challenging to identify). Of all the elements that make up a strong cybersecurity program, if an MSP had to choose a top item to deploy, threat detection/blocking should be it.
Traditional Security Programs Are Prohibitively Expensive
There have traditionally been two primary options for organizations wishing to establish a threat detection program, if they choose to do so on their own. They can purchase next-generation firewalls, which often include a threat detection option. Yet these can be high-priced, complex to configure, and typically include only two or three threat feeds with no supplemental threat intelligence or analysis.
An even more labor-intensive and costly option for a typical small or medium-size business is to build their own in-house threat detection capability. This requires:
- The purchase of a threat intelligence feed, an IP look-up, and IP geolocation service, all of which can run between $1,500 and $3,000 annually
- Licensing a security and information event management (SIEM) system, with annual subscription or licensing fees in the $50,000 range
- Hiring a security analyst for an average annual salary of $60,000, no small feat given the current shortage of security analysts to fill open jobs