As if the rise in cyber crime wasn’t worrisome enough, managed service providers (MSPs) are straining under the weight of bloated cyber security stacks. Cyber security has evolved at an unbelievable rate over the past several years. Remote work led to threat surfaces exploding in size. Naturally, the volume of cyber security tools followed suit. Every business, MSPs included, has just been trying to keep up.
However, the biggest challenge for MSPs is that they never expected (nor were they ready) to take on their clients’ cyber security efforts. To many businesses, cyber security and IT are interchangeable, so MSP clients thought cyber security was within their provider’s wheelhouse. Almost overnight, MSPs were on the hook for finding and managing the tools needed to protect their clients against cyber attacks.
All of this has caused many MSP security stacks to become unmanageable, unaffordable, and unsustainable.
What MSP security stacks look like today
MSPs are frequently understaffed, making it hard to assess the tools available on the market, let alone evaluate what they already use. Many tools are point solutions, meaning they’re designed to address one specific problem. So, as each new problem arises, another tool is built to solve it.
As a result, the average security stack is a sea of acronyms: EDR, MDR, XDR, NDR, AV, SIEM, SOC, SOAR, IDS, DLP—the list goes on. Considering that every tool has its own data, dashboards, notifications and alerts, costs, processes, vendor support teams, and dedicated training sessions, it’s easy to see why MSPs struggle to keep up. They’re stuck with up to a dozen disparate security tools that fail to integrate and all demand their team’s time, attention, and energy.
Let’s dive deeper into five reasons why these cyber security stacks simply don’t work, and what MSPs can do instead to lighten the load and mitigate some of this complexity.
Why most security stacks aren’t effective
1. A patchwork defence puts clients at risk
Complex tech stacks create a false sense of security. With numerous tools working to keep threats out, it is easy to assume that your clients are fully protected. All the alerts these tools generate, and the data they collect, will imply that there’s no cause for concern.
On the contrary, layering software, hardware, applications, and tooling creates excessive noise that makes it difficult to effectively detect and respond to attacks. The likelihood that your team misses something in the chaos increases greatly with every added tool.
Besides, tools are rarely built with the intention to integrate seamlessly with other technologies. They speak different “languages,” often resulting in major communication issues and inefficiencies.
2. Complexity overwhelms MSP teams
More tooling leads to more work and more room for error. Your team may struggle to navigate between multiple dashboards. If there are redundancies among the tools in the MSP security stack, they’ll collect too much data and generate too many alerts.
It’s challenging to stay on top of the false positive or duplicate alerts that arise from poorly integrated technology. In the end, this unchecked layering of tools is the best-case scenario for an attacker as they can hide safely in the noise.
What’s more, it’s not getting any easier to find the help you need. MSPs often struggle to find IT administrators, let alone cyber security experts with the knowledge and skills to manage all these tools. The labour shortage is acute, and every business is feeling the effects.
3. Unnecessary costs thin MSP margins
MSPs are depending on more and more software to protect their clients. Each added tool in the MSP security stack raises expenses—not just in the form of monthly or annual fees to the vendors, but also the cost to market, sell, and manage.
Unfortunately, your target market doesn’t have a lot of budget room for price increases. Asking customers to pay more for what they may perceive as the same level of service is a particularly difficult sell. So, to serve this market, MSPs may lessen their margins to put their services within reach. This tactic negatively impacts the return on investment.
4. Takes time away from other services
Your clients rely on you for a wide range of services. You might offer general help desk services, disaster recovery, compliance management, server configuration, and cyber security. The problem with many modern security stacks is they take manpower away from the MSP’s other money-making services.
Offering managed security services represents a major business opportunity for MSPs. However, if your cyber security stack takes too much time or resources to run, you will struggle to deliver the other services in your portfolio.
In turn, you may negatively impact your relationships with existing clients who depend on you for these other services.
5. Not sustainable in the long term
The final problem is that complicated tech stacks are just not sustainable. By adding another point solution each time a cyber attack technique emerges, regulations are enacted, or your clients’ threat surfaces change, you’re stuck in an exhausting game of catch-up that may eventually lead to burnout.
Burnout is rampant within the cyber security industry and, more generally, across IT workers. The State of Burnout in Tech [2022 Edition] surveyed 32,644 IT professionals across 33 countries and found that 40% were at high risk of burnout. More specifically, 62% of those surveyed reported feeling physically and emotionally drained.
Because cyber security is such a fast-paced space, the point solution approach is unsustainable. Going forward, MSPs will need an entirely new strategy for building their cyber security stack.
Building a better MSP security stack
There’s a natural impulse to resist change, even if the stack you’ve put together doesn’t work anymore (or never did). You’ve already invested in each tool, trained your team, deployed it in your customers’ networks, and potentially gained significant hands-on experience.
However, it’s critical to assess and refresh your cyber security stack regularly. Introducing new tools so frequently inevitably leads to redundancies or functionality overlaps. Long-established MSPs may find tools in their security stack not in use. There may even be an opportunity to replace a significant portion of your stack with a comprehensive, integrated cyber security solution.
Our flagship product, Covalence, is designed to displace and outperform most of the tools in a cyber security stack—all in one integrated solution. That means fewer dashboards, less complexity, and more time in your team’s day to support your other managed services. Read more about the Field Effect Partner Momentum Program or get the conversation started today with one of our experts.