MSSPs are springing up everywhere; good news for enterprise customers because more providers means more choice, innovation and, price competitiveness. But MSSPs that have grown used to providing a high value, premium service needs to be cautious that their offerings don’t become commoditized. New entrants need to differentiate or carve out a niche.
Some previously mature ‘managed security services’ like antivirus and anti-spam are now considered basic foundations of service because so many carriers/network operators and ISPs now offer them as standard. This blog explores how smart MSSPs are responding by turning to offerings of greater strategic value to both the SOC team and the Board of Directors, such as threat intelligence.
MSSP customers want skills, scale and to be kept safe
The key to understanding the enterprise value of security-as-a-service is to appreciate the difficulties that would otherwise result from having to cope with all this themselves. The attraction of MSSPs stems from two intractable problems of cybersecurity: employing and retaining in-house cyber experts is almost impossible amid the escalating skills crisis, while the growth in threats and compliance requirements creates a need for increasingly complex cybersecurity systems of ever-greater size and performance.
Tied up in this value is the convenience and predictability of accounting for security spend as opex, as per a subscription model. There is no more paying out for expensive infrastructure upgrades when you are downstream of a multi-tenanted platform.
However, much in the same way that MSSPs who stand still too long have fallen victim to ISPs and carriers vacuuming up their most commoditized services, there is a wider trend toward new forms of IT consumption that product vendors are actively responding to which is a direct competitive threat to MSSPs. In short, enterprises that have always found it favorable to consume – for example – managed email security, endpoint security, DDoS mitigation, two-factor authentication, and other services from their MSSP, could now find it just as easy to cut out the middleman (often a customer perception) and consume much the same services directly from the originating vendor/s.
And so, we return to the critical concept that MSSPs risk losing their value if they don’t take active steps to develop new value via expanded service portfolios.
The value of customer-relevant threat intelligence
The challenge of any one-to-many delivery model is avoiding the overheads of re-engineering the same service to suit the needs of each individual customer. Tailoring is tough when you’re in the business of mass production, but threat intelligence offers MSSPs a compelling way to disrupt these rules.
This is important because premium services are exclusively those that deliver pinpoint customer relevance. Relevant threat intelligence is a very simple concept for customers to understand. Just consider why on earth anyone would pay for intelligence that suits any other business but their own.
With the right threat intelligence platform, this process begins at the data gathering stage where the platform’s capacity to collect real-time intelligence from multiple internal and external sources (and in multiple formats) is connected directly with data processing and enrichment to produce fresh, targeted and actionable information about threats targeting that specific customer. Source selection can be highly tailored to the organization’s unique situation and/or that of its industry sector, and will include integration with its own choice of third-party systems. Underpinning all this must be a modular, rather than ‘one-size-fits-all’ approach to provisioning critical threat intelligence components on an as-needed basis.
None of this should impinge upon rapid service activations and fast time to revenue, if there is sufficient process automation within the platform and standardized cybersecurity information-sharing techniques are utilized.
True intelligence can never be a commodity
The beauty of adding threat intelligence to an MSSP service portfolio is that your internal processes can treat it as just another SKU – even though it represents significant and long term strategic value of specific customer relevance.
What’s more, threat intelligence is a logical complement to existing MSSP services and can even extend their value through API, SDK, and plug-ins. At Blueliv, this is precisely what we are seeing with global and regional MSSP partners.
It’s clear that threat intelligence is a smart, fast response to the creeping commoditization of MSSP services, but can it ever be undermined in the future? The answer depends on your definition of ‘intelligence’ because not all threat intelligence platforms share the same finely-tuned interplay between algorithm-based machine automation and the contextualized intelligence that humans are best at providing. In fact, it’s typically a lot more of one than the other.
The development of AI/ML technologies may yet blur those lines further into the future, but current best practice dictates that an optimized human-machine intelligence combo is essential to the accuracy, effectiveness, and value of outputs delivered by any threat intelligence platform. This also has an effect on pricing. Too many humans and these kinds of services can become cost-prohibitive. Too few and the margins could be huge, but with quality issues that would undermine your credibility.
All the signs are that MSSPs had better tool-up with a strategically valuable threat intelligence partner to take full advantage of their biggest adventure yet.
Blueliv works with MSSPs around the world to enhance the maturity of their service portfolios and help them and their customers better detect and respond to complex attacks – with all the heavy lifting done through our solution. With a dedicated program of structured sales, marketing, and technical support, each engagement enables our partners to develop a bespoke model that maximizes their return on investment, increases productivity and minimizes costs and risks to suit their unique business requirements.
Contact us to discuss becoming a Blueliv MSSP partner, and to discuss the opportunities and challenges of creating additional value in managed security services through threat intelligence.