This content is part of the Essential Guide: MSP security essentials for every IT service provider

Managed IT security services firms resell cloud-based offerings

Managed service providers are reselling security as a service offerings from third-party providers to expand their service portfolios in the IT security arena.

Bret Laughlin leaves little doubt that partnering with third parties has enabled BrainTrace, the managed IT security services firm he founded, to offer what he considers to be the best enterprise-level security technologies to non-enterprise companies. One of those technologies is cloud-based active breach detection from Eastwind Networks, which BrainTrace signed on with a few months ago.

While Laughlin considered acquiring technology, when he found Eastwind, "it was a perfect fit." He particularly liked that it has "very fast search capabilities and keeps lengthy logs, and we believed with its combination of machine learning and human resources using that type of data … we could provide best overall service to our clients."

Laughlin is far from alone. More and more managed service providers (MSPs) are partnering with third parties to offer security as a service to their clients -- often because existing clients are clamoring for security offerings that go beyond firewalls and antivirus software. In many cases, these partnerships are helping MSPs and others in the channel stay relevant.

There is huge opportunity for channel partners to capitalize on security services. The global managed security services market is expected to reach $29.9 billion by 2020, according to Allied Market Research. "Lack of capital and skilled IT resources needed to manage the data security are the major hindrances in protecting the information," the firm noted. "Managed security services have emerged as [a] lucrative option for delivering security asset monitoring and management, threat intelligence research, detection and remediation, and risk and compliance management solutions on shared basis to multiple clients."

The firm anticipates small and midsize businesses will lead the adoption of cloud-based managed IT security services due to cost constraints.

Help from vendors

Security vendors are helping channel companies offer managed IT security services.

Eastwind launched its MSP and managed security service provider (MSSP) program in April. CEO Paul Kraus said he's worked with partners in the past on security and other enterprise technologies and saw partner programs "either work really well or fail really well." Many MSPs, in particular, want to become MSSPs, or they see the value of adding security to their portfolio of offerings.

The goal was to provide a security service that is effective at finding the breach, cost effective and easy for partners to deploy, while showing an immediate return on their investment, Kraus said. Techniques like firewalls, intrusion detection, patch management, antivirus software and mail or web filters are not cutting it any longer, he said.

"What was thought to be impenetrable can be thwarted due to bad hygiene or outdated technologies," Kraus maintained, so now partners have the ability to offer "not just a managed firewall, but a managed security service that bolts on nicely to their current services around investigation and remediation inside their client organizations."

Eastwind now has 20 partners and doesn't require any monetary commitments. "We're new, so we're trying to be extremely partner friendly," Kraus explained. Instead, they have a reciprocal type of agreement. "If they let us train their team they'll get additional training and insight into our roadmap and product development," he said. "We wanted to make sure our partner program is easy to consume."

Kraus said he's seen various types of commitments work for large partner organizations but never for startups.

Right now the Eastwind's active breach detection service is priced at $20 per employee per month, but volume discounts are offered.

Laughlin of BrainTrace said they typically bundle Eastwind's services into their other offerings but have also charged for it as a separate service.

NetWatcher also recently launched a security as a service offering for network monitoring and has almost 50 MSPs testing the software, 15 of which are actively reselling it, said Scott Suhy, CEO. The company specializes in "everything that has to be done after an exploit occurs and warning that an exploit will occur," he said, adding that they focus on "situational awareness around security hygiene."

Suhy said he felt strongly that anything they built had to be easy to install and use because midmarket companies below 1,000 employees "don't have the temperament to both install and use things that are difficult." Another priority was making sure its offerings are accurate and affordable.

This is key for resource-strapped enterprises, especially in the midmarket, that can't afford to integrate and manage multiple point solutions.
Glenn EspositoVP of sales, Americas, Cato Networks

Like Eastwind, NetWatcher doesn't require any upfront commitments from partners. "We give them access to use our services within their own company as long as they have one customer on board," he said. "Once they reach 10 customers, we do give them a slight discount on one of our offerings, which they try to get to because that increases their profitability."

Retail pricing is $399 per month up to 1,000 employees per customer, if an MSP pays monthly; this is reduced to $299 if they pay for a yearly program, up to 1,000 employees per customer. "We find 99% of the MSPs out there have a customer base of 1,000 and below." Most MSPs get a 23% discount off the retail pricing, and most bolt in other services around their security offering, he said.

Many of their channel partners are already doing firewall management, he added. "They recognize firewalls and virus [protection] doesn't work anymore" and their customers are asking for more protection geared at the middle market.

NetWatcher has a sensor that sits inside a customer's network and looks for anomalies in its cloud-based platform, Suhy said. Partners can use a single pane of glass by logging into the NetWatcher cloud to manage all of their customers or through help desk provider ConnectWise.

NetWatcher's goal is to bring on 100 partners by the end of year, which Suhy is confident they'll reach.

Cato Networks also has a newly launched partner program geared at MSPs, value-added reseller and ISPs. It offers the Cato Cloud and Cato Network Security Services, a managed suite of cloud-based network security capabilities, including next-gen firewall with application control, global VPN and URL filtering.

The company has a dozen global partners right now, said Glenn Esposito, vice president of sales, Americas.

Managed IT security services: A path to ROI

He likened offering security as a service to what Amazon Web Services did for computing. "This is key for resource-strapped enterprises, especially in the midmarket, that can't afford to integrate and manage multiple point solutions," Esposito said.

The company is still in the process of finalizing sales volume requirements, but does require quarterly training, by partner sales and technical resources, to maintain partner-level status, he said.

Pricing is based on aggregate traffic to the Cato Cloud from customers' locations and the number of mobile users connected.

Cato's VAR partners typically charge separately for Cato's security services, whereas their MSP partners are bundling them into existing managed IT security services, he said. Most partners offering security services are relying on legacy on-premises point solutions that don't scale and aren't cost-effective for the partner or their customers, he maintained.

"Using the Cato Cloud to deliver security services requires no capital investment and reduces the friction between the service providers and the customer's IT environment, so [there is] a much faster path to ROI for our partners. And, since we're a multi-tenant cloud-based platform, it will be less complex and costly to manage for the partner."

Next Steps

Learn how security as a service factors into outsourcing

Review the findings of a CompTIA study on channel companies and IT security

Find out whether it makes sense to launch a cloud security practice

Dig Deeper on Managed security for the cloud