The Cybersecurity services opportunity for MSPs continues to be a hot topic at all of the community events I’ve attended this year. The most common question I get from channel partners is how to build a modern cybersecurity stack. Here are the core elements of a modern MSP security stack:

Basic Security Offering

Cybersecurity controls

Data Loss Prevention

  • Device control

Beyond the Essentials

Beyond these essentials, the rest is up to how you run your MSP business. If your clients have , you could tailor bundles for that audience, who are required to conduct regular pen tests and vulnerability scans. You may also need to create bundles that address individual client risk factors such as email security and web filtering. For more tech-savvy prospects or clients, offer service packages where they can select and build a custom service offering that works for both your business and theirs.

A more common approach is to create two to three distinct bundles that provide comprehensive coverage to the types of organizations you support. Some MSPs offer ‘good’, ‘better’, and ‘best’ security bundles. Your sales team should always aim high with cybersecurity, but having a couple of cost-effective plans in your back pocket may help close the deal.

You should always look toward upgrading your clients. The ‘good’ package may have closed the deal, but might not be the best option for your client; so be prepared to explain how the ‘better’ and ‘best’ bundles can offer better protections in future conversations. Essential services and solutions that providers typically add to their enhanced packages include:

Third-party tools

  • Network monitoring/remote remediation
  • Managed network firewall
  • Managed wireless access point
  • Microsoft 365 Basic
  • Microsoft 365 Business Standard
  • Microsoft 365 Business Premium
  • Password management
  • Multifactor authentication
  • Mobile device management
  • End-user security awareness training
  • DNS protection

Virtual CISO services

  • Compliance reporting
  • Managed SIEM
  • Managed SOC
  • Penetration testing
  • Security incident response and remediation
  • Intrusion detection monitoring and management
  • Security assessment/PII scanning and encryption
  • Dark Web Scanning

Advanced security offerings

  • Antivirus and anti-malware protection: local signature-based file detection
  • URL filtering
  • Forensic backup, scan backups for malware, safe recovery, corporate whitelist
  • Smart protection plans (integration with CPOC alerts)

Advanced backup solutions

  • Microsoft SQL Server and Microsoft Exchange clusters
  • Oracle DB
  • Continuous data protection backup
  • Data protection map

Advanced management options

  • Patch management
  • HDD health
  • Software inventory
  • Failsafe patching
  • Cyber scripting
  • AI-based monitoring
  • Software deployment

Advanced disaster recovery solutions

  • Runbooks
  • Production and test failover
  • Cloud only and site-to-site VPN Connection
  • Multiple templates
  • Cyber Protected Disaster Recovery (automatically launches in the event of an attack)

Additional services

  • Fortified email defenses: anti-malware and anti-phishing protection, impersonation
  • EDR (Endpoint Detection and Response): events collection, automated response, security incident management)
  • Protection, attachment scanning, content disarm and reconstruction, graph of trust, anti-spam protection, URL filtering
  • Advanced Data Loss Prevention: network control, user activity monitoring, content control, and discovery
  • Sales and billing automation for service desk and time tracking

Know Your Audience

Talking to your customers is a great place to start researching which bundles you should offer. Get to know your clients’ industries and related security challenges including infrastructure, internal systems and users. Define a portfolio of services that you would feel confident deploying for data security at your own MSP.

How Much Should You Charge?

Are your customers cost conscious? How many clients would pay for your ‘best’ or most expensive bundle? The evaluation process may require some time and experimentation, but engaging in meaningful cybersecurity-related discussions with your clients can shorten the learning curve.

Many MSPs may find that building out their “less than optimal” bundles is counterintuitive when providing the client with optional services that you deem essential. Can you assemble “low coverage” cybersecurity bundles that address the needs risk-tolerant clients without keeping your team in a constant state of concern?

Finding the right balance is never easy for an MSP. Cyberthreats and the tools that address them are in a constant state of change, so designing a framework of bundles that is both flexible and profitable can be challenging.

Final thought

Modern MSP is here to help. We collaborate with industry experts from around the world to deliver information and educational resources to foster the success of the entire MSP ecosystem.

Making a Modern MSP program pairs experts in MSP finance, operations, sales and marketing, and cybersecurity with a service provider each month to solve a business problem in one of the aforementioned areas. Watch this webinar with Erick Simpson and Cramer Snuggs, Founder, Cascade Technologies. Erick went through his Masterclass program with Cramer and defined Cascade’s security stack, priced bundles, and set Cramer up with tools for pricing and selling his new security services. Watch the webinar here.