Managed services software maker SolarWinds MSP has introduced a program aimed at helping MSPs deliver security operations center (SOC) services without making the substantial investments required to become a full-fledged managed security service provider.
The new SolarWinds Threat Monitoring Service Program connects users of the Durham, N.C.-based vendor’s Threat Monitor solution with authorized Threat Monitoring Service Providers capable of operating that system on an outsourced basis.
SolarWinds MSP unveiled the new offering on the opening day of its Empower MSP partner conference in Scottsdale, Ariz.
First released in July, Threat Monitor is a threat detection, response, and reporting solution based on technology that SolarWinds MSP acquired along with security vendor Trusted Metrics Inc., of Raleigh, N.C., for an undisclosed sum. Though it’s engineered for ease of use, buyers must have some knowledge of security to operate the system.
“We acquired a product that we knew was really simple and I think any of these MSPs could use it, but you still have to know how to interpret the data,” says Denny LeCompte, who is senior vice president of product marketing for SolarWinds.
The Threat Monitoring Service Program is designed to help MSPs lacking those skills partner with an approved SOC services provider rather than hire expensive security specialists.†”If I want a partner, I could in theory just go look for one myself but how do I know if they’re any good?” LeCompte asks. “SolarWinds can give that stamp of approval [and] be the matchmaker.”
Beyond promoting adoption of Threat Monitor by enabling a wider population of MSPs to use it, the new program won’t benefit SolarWinds MSP financially.†”We’re not taking a cut of this,” LeCompte says. “We just want to match two groups of people we know well.”
At present, there are two official SolarWinds Threat Monitoring Service Providers: Secuvant LLC, an SMB-focused MSSP headquartered in Salt Lake City, and Falanx Group, a provider of security and SOC services based in the U.K.†SolarWinds MSP vetted both firms thoroughly on the basis of 10 different evaluation criteria, including their size, skills, experience, and ability to provide 24/7 support.
Affordability was an important consideration as well, according to LeCompte, who notes that enterprise-grade threat detection and response software is priced beyond the reach of most MSPs.†”It’s meant to be used by a very large security team with a big bag of money that they can just throw at the problem, and that’s just not who our partners are,” he says. “They need to do this at a reasonable cost.”
Beyond that broad guideline, however, service providers in the new program are free to set prices on their own. They’re banned, however, from stealing an MSP’s customers or inserting themselves into client relationships without invitation, according to Tim Brown, SolarWinds MSP’s vice president of security.†”In general, the client will never see the MSSP at all,” he says. “For general day-to-day activity, the MSSP will simply provide alerts to the MSP.”
Few MSSPs wish to provide the kind of network management services that MSPs deliver in any event, Brown continues. “They don’t want that business,” he says. “They’re purely in the security business.”
John Pagliuca, general manager of SolarWinds MSP, expects many partners to funnel penetration testing, vulnerability assessment, and other security-related projects to their designated threat monitoring provider.†”We’ll give them the tools to do what they need to do really well, but will step back and let that relationship kind of develop as it needs to,” he says.
SolarWinds MSP’s matchmaker approach to managed security stands in contrast to the path chosen by Boston-based competitor Continuum, which provides security services directly to MSPs through its own SOC.†”We have no interest in being a service provider ourselves,” LeCompte says. “We’re just going to provide the tool and then make both of those partners successful.”
Propelled by an increasingly complex and treacherous threat landscape, global spending on managed security services will rise at a 14.7 CAGR through 2021, according to IDC.