Editor’s note: This is the first part of a series of articles laying out how MSPs can expand their cybersecurity portfolios with MDR services. Read the second part here.
As the cyber threat landscape evolves, many small and midsize businesses (SMBs) struggle to deal with increasingly complex security risks. This has led to high demand and rapid growth for MSPs that help organizations meet their security requirements.
In fact, a recent report from Kroll found that 98% of businesses that do not outsource their cybersecurity services plan to do so, with 51% intending to outsource their cybersecurity in the next 12 months. Additionally, Market and Markets projected the global managed security services market will grow by 11.5% per year from 2023 onward, reaching $52.9 billion by 2028.
Iratxe Vázquez Rodríguez
Making the Case for MDR
A pressing security requirement for MSPs is outsourced security operations centers (SOCs) that can deliver critical managed detection and response (MDR) services. MDR is a fast-growing security service category that provides organizations with continuous security monitoring, proactive threat hunting, and immediate response services to deal with the latest threats.
In some cases, MDR also focuses on proactively reducing the attack surface to prevent threats from entering the organization’s network. This elevates a company’s security posture and enhances their cyber resilience.
Demand for MDR is soaring, driven, in part, by industry challenges that include an ongoing shortage of skilled security professionals and stringent cybersecurity regulations, compliance, and cyber insurance requirements. The global MDR market is expected to grow from $3.3 billion in 2023 to $9.5 billion by 2028.
Incorporating MDR services into their security offerings can position MSPs to increase their value and recurring revenue, as well as strengthen their customer relationships. However, SOCs require considerable investment and staffing resources, which can present daunting obstacles for MSPs looking to break into the MDR space.
Options to Deploy MDR Services
There are several MDR service deployment models that MSPs can consider to broaden their portfolios. Let’s walk through three primary types.
- In-house SOC: MSPs will need to invest in and build the security infrastructure, technologies, processes, and team. The heavy capital expenditure and time involved in bringing it to market are two major hurdles. This is by far the most costly and time-consuming option.
- Outsourced SOC: The SOC-as-a-service (SOCaaS) model leverages a SOC owned and operated by a third-party organization — often another MSP or a security vendor. This route can dramatically reduce the upfront time and cost requirements for MSPs versus building an in-house SOC. However, higher operational expenditure can make margins less attractive. Additionally, the advancement of the MSP’s MDR services will depend heavily on the provider they choose. And since their SOC provider will have access to their customers, there’s a risk of losing business.
- Hybrid SOC: On this path, an MSP will engage with a SOC vendor, benefit from outsourced SOCaaS, and share in the delivery of its MDR offering but remain the primary contact with end customers. This model will involve less operational expenditure and preserve higher margins. Although the MSP initially will need to invest in a vendor, it will be much lower than building an in-house SOC. The hybrid SOC model is ideal for MSPs looking to quickly grow their managed security services offerings, prevent the SOC vendor from accessing customers, and advance the maturity of their MDR services with the guidance of the vendor’s strategic and operational experience.
Ideally, there would be a deployment option for any MSP looking to offer MDR services. However, MSPs run businesses of varying sizes. So, not all of them are ready or able to establish the SOC capabilities required to offer comprehensive MDR services to customers.
Iratxe Vázquez Rodríguez is a senior product marketing manager at WatchGuard Technologies. She has nearly two decades of experience in cloud-native solutions, cybersecurity, and data analytics.
Image: iStock
