How to Start a Managed Detection & Response (MDR) Business

The security sector is a vast area of confusion and upset for many small and mid-sized businesses (SMBs). Having implemented backup and antivirus (AV), they quickly found out that was not enough. They added another layer of security and then another: firewalls, anti-malware, patch management, intrusion detection, and more.

Having implemented all that at great time and expense, they were then told they needed to deploy even more tools. The list stretched far out towards the IT horizon: encryption, threat detection, threat hunting, Security Information and Event Management (SIEM), access controls, and now zero trust. Those that could implemented those systems. But the journey to a secure business didn’t end there. Every few months, there was another urgent security technology to evaluate, purchase, install, and maintain.

This trend is at least somewhat understandable: it’s a security arms race, and the bad guys aren’t standing still. For example, ransomware has developed some scary offline encryption and evasion techniques just in recent weeks. Security tools need to adapt to stop those threats, and it’s not just security that’s getting affected. Thanks to ransomware, we now all need multiple immutable backups to keep our backup data safe.

Security, then, is extremely difficult for large enterprises replete with highly skilled security personnel and large security budgets. But it is a nightmare for SMBs. If they can afford the tools they require, they don’t have the personnel to implement and manage them. They need all the help they can get.

And this is where the opportunity is for managed service providers (MSPs).

How MSPs Can Play a Role in Security

MSPs have been steadily taking on more and more of the burden of IT management from SMEs. In recent times, security has loomed large as a sector in serious need of MSP assistance. Yet security is often far from the comfort zone of many MSPs.

Here are five tips on how to start a successful managed detection and response (MDR) security business. These tips are primarily intended for existing MSPs who wish to augment their services with security offerings. But they can also apply to startups, too.

There are other cybersecurity areas MSPs can get into if they want to become managed security service providers (MSSPs) but MDR is a good place to start because of the ubiquitous need for endpoint protection and potential to add other services as needed.

1. Be Ready to Talk Security

At first glance, it would appear that an MSP has no business moving into the security or MDR space. How do you go about developing your own security tools? How can you compete with the McAfees, Trend Micros, and Symantecs of this world who have been at the security game for decades? And how about going head to head with the likes of IBM, AT&T, or Accenture? These companies are already very active in the managed service space. From a technical standpoint, it’s strictly a no contest.

However, there is no getting away from the fact that most existing and new customers will ask about security. They either want to know what you are doing to protect their systems, or they are keen to find out what additional security services you may offer. Be ready to answer.

If they have had a long-term relationship with you, the chances are they would much prefer to have you provide additional security services than farm them out to another provider. Failure to have a good answer to security inquiries could result in a lot of lost business. Therefore, don’t back off from this area of IT just because it isn’t your bread and butter.

2. Focus on Your Strengths

Big IT and security vendors are experts at developing software and systems and selling them to customers. Providing managed services is rarely one of their strengths, hence the birth of the channel! The whole MSP business model is based upon being good at dealing with customer service, IT support, and looking after the needs of clientele.

One of the reasons the MSP market has grown up so fast is because tech and security vendors are often poor at service provision. They are all about creating, marketing, and selling hardware and software. The servicing aspect isn’t their primary business avenue. A look at vendors’ support ratings alone suggests market opportunity here.

The result in the marketplace can be that companies find themselves loaded up with tools that they don’t know how to operate. Once the tools were sold and delivered, the vendor moved on to new pastures. That’s why studies consistently show poor utilization rates for on-premises software, as well as the fact that users only take advantage of relatively few of the features at their disposal.

MSPs, on the other hand, sink or swim based on how well they look after customers and satisfy their needs. The MSP knows that the sale is only the initial part of the relationship. It is up to them to deliver consistently superlative service and to demonstrate real return on investment if they want to keep their customer retention rates high.

Another area of strength for MSPs is that they often gravitate towards a specific vertical or size of business. Take the case of desktop and server management. I recall one guy who thrived on being the remote IT rep for dozens of SMBs. These were companies of 20, 50, and up to 200 staff who didn’t have the time or resources to manage their endpoints. Bigger providers weren’t interested in the business. They preferred to serve 1,000, 5,000, or 50,000-user businesses. Thus, an MSP business evolved by filling this niche in his local area. Eventually, he became their security consultant, too. The last time I saw him, he took a malware removal tool on a USB drive everywhere with him. It had become a necessary part of his day-to-day operations. And another valuable service to charge for.

Therefore, understand that good service, responsive support, and a caring attitude for the needs of small and mid-sized businesses immediately separates an MSP delivering MDR from tech vendors and mega-service providers.

3. Wheels Don’t Need Reinvention

The good news is that MSPs don’t have to reinvent the wheel to enter the MDR market. There is an abundance of services available that MSPs can utilize to fit a variety of market niches (see Best Endpoint Security and EDR Tools for MSPs). IT and security vendors provide these tools and services at a big enough discount to MSP partners to make it profitable to deliver them to others. Instead of building the service, you could just rebrand a security service from an established IT security firm. Thus, an MSP in the communication sector can add MDR protection as an additional service. The MSP could also cherry pick specific services as its focus such as the overall MDR suite, or combinations of individual security elements such as ransomware protection, backup, AV, and patch management, for example. Patch management in particular is a crying need – unapplied patches are at the heart of many cyber attacks and breaches.

4. Managed SERVICE

The watchword at all times for an MSP is service. It is important to realize that having technology tools to sell does not mean they will be deployed correctly and properly utilized. The MSP is there to ensure that the needs of the client are taken care of. Once the security service is there as a technology, it is up to the MSP to do what MSPs do best – make sure that the customer gets real value from the service and that any help desk or support issues are taken care of promptly.

“Your competitive advantage will be your relationship with your customers and your unique insight into their environments,” said Seth Geftic, Director at Sophos. If you don’t build that bond with the customer and don’t establish yourself as an insider that is essential to their organizational need, you will struggle to stand out.

This is where MSPs can really outshine bigger rivals with deeper pockets. Those that tend to focus on a niche such as schools, law offices, or other verticals often flourish due to excellent word of mouth.

5. Don’t Oversell Your Capabilities

MSPs moving into MDR should not pretend to be the planetary authority over all things related to detection and response of endpoints. There are plenty of experts around and a great many big firms who retain the top talent. Therefore, start small and simply.

Geftic explained that building a comprehensive MDR offering is not easy. He suggests that MSPs work with existing MDR providers to provide the technology behind those services, including endpoint protection with extended detection and response (XDR), network monitoring (firewall), and email.

“A solid model would be to offer Tier 1 MDR services (everyday incidents) and partner with an existing MDR to provide Tier 3 MDR services (more complex and critical cases),” said Geftic. “Additionally, MSPs can supplement MDR by offering advisory services that leverage the MSP’s expertise, such as health checks, cyber risk assessments, and virtual CISO services.”

Further reading:

Best Endpoint Security and EDR Tools for MSPs

Managed Service Security Providers (MSSPs): Making the MSP Switch

Starting an MSP Backup and Recovery Service: IT Partner Options

Data Protection Business Model Requires Nuanced Approach for MSPs

Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including eSecurity Planet, ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

RELATED ARTICLES

Must Read