4 things MSPs should know about offering a managed security service

In early 2022, global analyst firm Aite-Novarica Group interviewed five MSPs across North America to get a first-hand look at the MSP market. Field Effect commissioned the study to explore the MSP space today and how small and mid-sized providers can grow their business by adding the right managed detection and response (MDR) service.

About the white paper

Hands-Free Cybersecurity: A Roadmap to MSP Growth seeks to assess the type of security services MSPs serving the SME market want and their expectations of a partner. Aite-Novarica spoke directly with MSPs who offer Covalence MDR—Field Effect’s cyber security solution—to their customers to determine how adding the service to their portfolio impacted overall business.

Want a closer look at the data and results? Download your copy of the white paper.

Download now

Tari Schreider, Strategic Advisor for Aite-Novarica Group, carried out extensive primary research for this report, including:

• Anonymous partner interviews
• Service documentation reviews
• Several in-depth Covalence demonstrations
• An independent exploration of Covalence

Aite-Novarica conducted all interviews anonymously to ensure that MSPs felt comfortable being completely transparent about their experiences and thoughts. The Field Effect team has no further knowledge of the interviews beyond what’s written in the white paper.

The report uses secondary research to elaborate on the MDR market size and the different MDR solutions available today.

About Aite-Novarica Group

Aite-Novarica Group is an advisory firm that offers insight on technology, regulations, strategy, and operations to banks, insurers, payments providers, and investment firms, plus the technology and service providers that support those organizations.

The firm is made up of experienced researchers and former senior technology, strategy, and operations executives who deliver actionable advice to Aite-Novarica’s client base.

Field Effect commissioned Aite-Novarica to conduct this study to gain objective, third-party insights into the state of the MSP, MDR, and managed security service markets.

About the featured MSPs

While conducting research for the report, Tari Schreider interviewed five North American MSPs serving organizations with 20–500 employees.

All the company information below was collected in early 2020 and may have changed:

• Arrowhead Technologies (Fortworth, TX): Founded in 2008 and Field Effect partner since 2021, Arrowhead Technologies has seven employees and four Covalence customers.
• C.D.’s IT Consulting, Inc. (Indianapolis, IND): Founded in 1994 and Field Effect partner since 2021, C.D.’s has five employees and three Covalence customers.
• GAM (Colts Neck, NJ): Founded in 1992 and Field Effect partner since 2021, GAM has 85 employees and 13 Covalence customers.
• OT Group (Belleville, ON): Founded in 1988 and Field Effect partner since 2019, OT Group has 151 employees and 22 Covalence customers.
• WW Works (Burlington, ON): Founded in 1990 and Field Effect partner since 2019, WW Works has 100 employees and 12 Covalence customers.

After conducting the research and interviews, Aite-Novarica published an official white paper in May 2022 detailing the results. Below are four key takeaways from the report that MSPs should know.

1. The managed services market is vibrant

SMEs have struggled to manage their IT infrastructure, let alone secure their information assets from cyber attackers. They’ve relied on basic cyber security products, such as antivirus software, to keep them safe—which worked fine for a while. However, cyber attackers have increased their focus on smaller businesses and now launch sophisticated attacks that older approaches to cyber security cannot defend against.

Due to this, SMEs are turning to managed service providers to handle their security. Today, the market for managed security services is target-rich and full of opportunities. The Aite-Novarica report states there are over 667,000 SMEs with 20–500 employees operating in the United States and Canada, yet only 3,800 MSPs operating within the same geographical location.

What’s more, the average SME customer spends US$13,000 per year on MSP services, and about half of that goes toward cybersecurity—including MDR. With these figures in mind, Aite-Novarica estimates the North American MDR market will reach US$3.1 billion by the end of 2022 and exceed US$5 billion in 2025.

Figure 1: Five-Year North American MDR Annual Market Estimate (US$ Billions)

2. MSPs struggle to manage cyber security

MSPs want to offer a robust managed security service, and there is a lot of room for growth by offering it. However, the report notes that adding a new service takes time and expertise that not all providers have. Their existing resources are focused on core business operations, and finding the specialized skills needed to deliver managed security is tough—not to mention costly.

Most MSPs would benefit from partnering with a cyber security provider. Choosing the right one can be tricky as options are plentiful—but far from equal. MSPs will see accelerated growth if they partner with a provider that offers support for marketing and delivering the managed security service.

MSPs have one chance to make a positive impression and prove they can secure their client’s business. A cyber attack on one of their customers could be embarrassing at least and catastrophic at most. The MSP may face financial and reputational damage, making it harder to attract and retain clients. To avoid this, MSPs should choose a partner that is reliable, experienced, and capable of keeping their customers safe.

3. Few security solutions are right for MSPs

One recurring theme throughout the report is the volume and complexity of cyber security solutions and providers available.

It’s hard enough to differentiate between endpoint detection and response (EDR) solutions, network detection and response (NDR) solutions, security information and event management (SIEM) solutions, and various other acronyms. Then, factor in that MDR can be broken down into different classes (with their own distinct acronyms):

• MEDR, managed endpoint detection and response, is an endpoint security service that detects and responds to cyber threats that elude antivirus technologies.
• MNDR, managed network detection and response, detects and responds to network-based attacks on network infrastructure, servers, and email.
• MXDR, managed extended detection and response, is an endpoint and network security service that detects and responds to threats across an enterprise network.

The main differentiator between these security solutions is what part of the threat surface they protect. Each solution secures different components of the IT ecosystem, meaning MSPs are forced to stitch together several tools to create the comprehensive protection their clients want. This is time-consuming, complex, and can have financial repercussions. After all, every additional tool raises customer costs or thins MSP margins.

4. Hybrid MDR ideal for MSPs and their clients

In the report, Aite-Novarica cautions buyers to avoid older technologies that may not provide the intended defence against zero-day attacks and ransomware. Legacy technology is at risk of displacement from a new cyber security solution: hybrid MDR.

Hybrid MDR brings the best of cyber security technology—protecting the entirety of a company’s IT environment—but is sized and priced specifically for the SME market. This new approach far exceeds the capabilities of antivirus solutions, providing advanced protection for endpoints, networks, cloud-based services, and more.

The report concludes that MSPs torn between which class of MDR is best for their go-to-market strategy should adopt a hybrid MDR solution.

Hands-Free Cybersecurity: A Roadmap to MSP Growth

The days of simply offering a firewall are gone. Smaller businesses and managed service providers alike understand that robust protection and always-on support are becoming necessities, not luxuries. They also understand how difficult it is to find cyber security expertise and room in their budget to support another priority.

Hands-Free Cybersecurity: A Roadmap to MSP Growth is a critical read for all MSPs serving the SME market. Download the white paper here to get a closer look at hybrid MDR, its features, and how it can help your MSP business stand out in a crowded market.

Watch the on-demand webinar to hear first-hand accounts from two MSPs interviewed in the report. OT Group and Arrowhead Technologies executives reflect on the biggest barriers they faced while adding a managed security service and why picking a cyber security partner—not a vendor—was vital to their success.