What goes into a strong, modern cyber protection stack

One of the most common questions in the channel is around ways to segment cybersecurity services. What should an MSP bundle look like today? It’s usually best to begin with the basics. Here’s an example of an MSP’s core security services offering:

Security basics  

• Security posture evaluation
• Vulnerability assessments
• Anti-ransomware protection
• Antivirus and Anti-malware protection

Cyber protection controls

• Group device management
• Centralized plan management
• Dashboards and reports
• Remote desktop and remote assistance
• Hardware inventory

Data Loss Prevention    

• Device control

Beyond those essentials, things are more variable for an MSP. You may have to tailor bundles to meet specific market needs (think PCI or other compliance requirements) or address individual client risk factors. MSPs may want to section off optional packages in their services so that tech-savvy prospects can check the appropriate boxes and build their own custom offerings.

A more common approach is to create two to three distinct bundles that provide comprehensive coverage to the types of organizations you support. For example, an MSP may offer good, better, and best-level protection packages. Of course, the sales team should always aim high with cybersecurity, but having a couple of cost-effective fallback plans may help seal the deal.

MSPs should always be planning for eventual upgrades. Securing the sale with a good, though maybe not optimal, bundle will get you in the door to begin those longer-term conversations. Some of the key services and solutions that providers typically add to their enhanced packages include:       

Third-party tools

• Network Monitoring/Remote Remediation
• Managed Network Firewall
• Managed Wireless Access Point
• Microsoft 365 Basic
• Microsoft 365 Business Standard
• Microsoft 365 Business Premium
• Password Management
• Multifactor Authentication
• Mobile Device Management
• End-User Security Awareness Training
• DNS Protection

Virtual CISO services

• Compliance Reporting
• Managed SIEM
• Managed SOC
• Penetration Testing
• Security Incident Response and Remediation
• Intrusion Detection Monitoring and Management
• Security Assessment/PII Scanning and Encryption
• Dark Web Scanning

Advanced security offerings

• Antivirus and Anti-malware protection: Local signature-based file detection
• URL filtering
• Forensic backup, scan backups for malware, safe recovery, corporate whitelist
• Smart protection plans (integration with CPOC alerts)

Advanced backup solutions

• Microsoft SQL Server and Microsoft Exchange clusters
• Oracle DB
• SAP HANA
• Continuous Data Protection backup
• Data Protection Map

Advanced management options

• Patch management
• HDD health
• Software inventory
• Fail-safe patching
• Cyber scripting
• AI-based monitoring
• Software deployment

Advanced disaster recovery solutions

• Runbooks
• Production and test failover
• Cloud only and site-to-site VPN Connection
• Multiple templates
• Cyber Protected Disaster Recovery (automatically launches in the event of an attack)

Advanced file sync and share

• Notarization and e-signature
• Document templates
• On-premises content repositories (i.e., NAS, SharePoint)
• Backup of all sync and file share systems

Additional services

• Fortified email defenses: Anti-malware and anti-phishing protection, impersonation protection, attachment scanning, content disarm and reconstruction, graph of trust, anti-spam protection, URL filtering
• Advanced Data Loss Prevention: Network control, user activity monitoring, content control, and discovery
• EDR (Endpoint Detection and Response): events collection, automated response, security incident management)
• Sales and billing automation for service desk and time tracking

If you build it, will they come?

Listening is the key to designing the ultimate bundles for your prospective audience. Start by assessing the needs of various communities in your current list of clients – from their infrastructure and work environments to the people that use those systems. Which portfolio of cybersecurity services would give you, as their MSP, the most confidence?

Of course, cost is always a factor. Would a significant number of clients pay for your “ultimate bundle”? The evaluation process may require some time and experimentation, but engaging in meaningful cybersecurity-related discussions with your clients can lessen the learning curve.

The harder part for many MSPs is building out their “less than optimal” bundles. Which services could be optional? Can you assemble “lesser” cybersecurity packages that would address the needs of less risk-averse clients without keeping you or your team members up at night?

Finding the right balance is never easy for an MSP. The threats and protection technologies change daily, so designing a framework of bundles that is flexible and profitable can be a real challenge.

Final thought

Acronis is here to help. In addition to our current IT services partner resources portfolio, we are preparing to roll out several new technology options and security practice-enablement tools in 2021. You can also expect to hear much more about building “ultimate bundles” and enhancing your cybersecurity practices. It’s a valuable conversation, and we look forward to getting your feedback.