How Any MSP / SI Can Increase Revenue by Becoming a Trusted IR Provider

It is the Best of Times, It is the Worst of Times

Over the course of the past 20-years, there has been massive growth in both innovative hacking techniques and their commoditization for the wide public to use. The obvious result is of course a sharp rise in successful breaches – nothing new here. The security industry countered this in two main vectors: better technology to block breaches from happening or at least detect them early enough; and IR services to contain and recover from breaches that have unfortunately occurred.

Human Attackers vs. Security Technologies: Built-in Imbalance

My experience has taught me that man beats machine. In the context of breach protection, this means that the human attacker has an inherent advantage over any security technology, however advanced.

So, the realistic approach is what is known as the ‘assumed breach’ mindset, acknowledging that a skilled and determine attacker will manage to evade to some degree, the prevention and detection technologies in place, finding their way in. Man has beaten the security machine, if you will. This is where IR services come into the picture.

IR Services vs. Attackers: The War of the Humans

Organizations engage IR services when they suspect something bad is going on in their environment. In the worst-case scenario, a breach has succeeded, and they were notified by an external party that their confidential data is streaming in-the-wild. In more favorable scenarios, the attacker made a slip that triggered some anomaly and drew their attention.

One way or the other, what they desperately need are experts they can trust - human beings that sit in front of the computer and hunt down all backdoors, malicious connections, running malware and compromised user accounts. They need to know that this third-party response team will eventually vouch that their environment is clean, that the attackers are shut out, and then explain how the hell they got inside in the first place and what should be done so it isn’t repeated. In short, they need cutting-edge expertise and here, in fact, begins a new problem.

Global Deficit of Over 1M Security Professionals

Plain and simple, there is a major shortage of pros that are skilled enough for the task. I happen to know first hand – in BugSec, my first company which provides security services such as Red Team, Blue Team and MDR, we fiercely search out the best-of-breed security professionals and trust me, it’s not easy to find them.

The direct result is that the rapidly escalating demand for IR services is not nearly matched by the supply, which leaves multiple organizations deprived of an essential building block in their breach protection stack.

Managed Security Providers and Security Integrators are the Natural Fit, but are Held Back By the Skills Shortage

Cybersecurity, for the most part, is getting increasingly outsourced. Many organizations have reached the conclusion that deployment, maintenance and operation of their security products would be better conducted by an MSP, and there are indeed many MSPs out there that do a great job on these fronts.

It would make total sense for such an MSP who are already trusted by their install base in all that regards security, to leverage this trust onwards to IR services as well. But the scarcity of available security pros prohibits these natural fits from adding such services to their portfolio.

Cynet Opens the IR Services Gate to Any MSP Who Cares to Join

Cynet now enables any MSP to become his customers’ trusted IR provider by leveraging CyOps, Cynet’s expert SOC team and Cynet 360 platform – for free. MSPs can now onboard their existing customers to the new service and if a breach occurs, CyOps will conduct the investigation, threat removal and reporting in a transparent manner – from the customer’s perspective it’s the MSP team who responds.

The CyOps team is comprised of handpicked professionals with continuous IR experience in Cynet’s 24/7 SOC, serving Cynet customers. Whenever CyOps responds to a live incident, they immediately deploy the Cynet 360 platform across the attack environment, enabling them to operate at extreme speed and efficiency, until the event is fully resolved.

CyOps Does the Work, the MSP Gets the Credit

I cannot think of a better deal for everyone – it’s a win for all sides. The customer gets the highest quality IR services. The MSP enriches its services cart and harvest additional profit. Cynet gets to showcase its value to the MSP and its customers.

Are you an active MSP without a response team of your own? Reach out to Cynet and start your journey as an IR provider: https://www.cynet.com/partners/free-incident-response-for-msps/