MSPs To MSSPs: Putting Their Own Stamp On Security Services

Logically is among a number of MSPs that are transitioning to MSSPs as cyberthreats grow more sophisticated and MSPs continue to look for ways to differentiate themselves.

Digital gears on future tech background. Productivity evolution. Futuristic gears and digital chart in world of technological progress and innovation. CGI 3D render

To meet the growing demand for cybersecurity expertise in the market, Joshua Skeens, CEO of Logically, has completely transformed the MSP into an MSSP since taking the helm two years ago.

“I wanted to take our recurring revenue and make it a 50/50 split between MSSP and MSP services, and that’s where we are today,” Skeens told CRN. “I’m happy with that and foresee this split growing, with a likely 60/40 shift toward cybersecurity in the near future.”

The growth Logically has seen over the past two years reflects the increasing importance of cybersecurity in an age where traditional IT services are becoming commoditized. It also explains why Dublin, Ohio-based Logically is among a number of MSPs that are transitioning to MSSPs as cyberthreats grow more sophisticated and MSPs continue to look for ways to differentiate themselves.

As Logically continued its evolution into MSSP territory, it expanded its offerings to include extended detection and response (XDR) and now offers an in-house Security Operations Center.

The transition also brought a focus on proactive cybersecurity planning. Skeens said Logically now takes a consultative approach to cybersecurity with its customers, guiding them to understand where their business is headed and creating a tailored road map to ensure they are prepared.

“We don’t just sell products. We work with customers to understand their business and security needs, helping them create a road map to success,” he said.

This shift to become an MSSP brings both opportunities and challenges. One of the challenges Logically has seen is a shortage of cybersecurity talent, which Skeens said can be addressed through the use of AI tools.

“When you’re dealing with thousands of customers and billions of log events each day, time really adds up,” he said. “Automation allows us to do more with fewer people.”

Matt Hastings, vice president of product management at Austin, Texas-based MSP platform vendor NinjaOne, said the transition from MSP to MSSP is not an immediate or conscious decision, but rather a natural progression.

“It’s not like you wake up and say, ‘Today, I’m going to become an MSSP,’” he told CRN. “It’s more about expanding your knowledge and scope of services, particularly in the risk and security space.”

This includes the ability to act swiftly to mitigate risks, such as applying patches or configuring systems, according to Hastings.

“The first fundamental thing an MSP needs to understand is how to evaluate risks, prioritize them and then take action to remediate those risks,” he said. “In many cases, MSSPs are focused on identifying and escalating risks, then executing remediation plans.”

And as cyberattacks evolve with new tactics such as whaling—a phishing attack where high-level executives are targeted—and spear-phishing—a phishing attack where cybercriminals send personalized emails to specific individuals within an organization—the role of MSSPs is also changing. While AI tools can help detect some of these attacks, Hastings emphasized the importance of human expertise in understanding and responding to security incidents.

“AI might help with detection, but you still need to understand what’s happening at a fundamental level,” he said. “A whaling attack, for example, requires an understanding of the scope of the breach, its impact and how to respond quickly.”

As customer budgets tighten and businesses look for efficiencies, there’s a growing incentive for MSPs to bring detection and remediation together under one roof.

“The question is why hire two providers when you can get both detection and remediation from a single source? This can not only save time but also reduce the mean time to resolution,” Hastings said.

Different Ways To Offer Cybersecurity Services

Novacoast made the transition to become an MSSP about 10 years ago after being born as a VAR in 1996.

“Security wasn’t really a thing back then,” Paul Anderson, CEO of the Wichita, Kan.-based MSSP, told CRN. “We were a big Novell partner, and if you want to call some of their portfolio security, you can. But it was just in its infancy.”

What initially began as providing staff for specific security tasks gradually morphed into a full-fledged MSSP model. Today, Novacoast operates five Security Operations Centers globally with plans to expand further, eyeing Australia as its next major market.

As the company expands its footprint, Anderson attributes much of this growth to a combination of market demand and strategic flexibility. He said that many MSPs are transitioning into MSSPs to capture more revenue and meet the evolving needs of their customers. However, he cautioned that the transition is not without its challenges, particularly for smaller MSPs.

“The bigger you get up the scale, the harder it becomes to provide both MSP and MSSP services,” he said. “It’s just too many eggs in one basket for some of these high-profile, highly-regulated clients.”

For Novacoast the shift wasn’t just about adding a new service line, it was about completely restructuring the company’s approach and employee base.

“It’s a wildly different employee base,” he said. “We hire SOC analysts with no experience and train them from the ground up. On the other hand, engineers from our VAR days were highly specialized and had years of experience.”

But even in an era where security operations are becoming increasingly automated, the demand for skilled analysts remains high.

“AI is going to automate a lot of the Level One analyst work in the next 12 months,” he said, adding that automation allows the company to remain cost-competitive while freeing up analysts to handle more complex tasks.

But those that don’t have the budget or resources can still differentiate themselves when it comes to cybersecurity offerings.

MSP BalanceLogic has expanded its services while not diving into the “high-risk” MSSP sector, said Bill Campbell, CEO of the Waldorf, Md.-based company.

“We’re not a full MSSP,” Campbell told CRN. “We are an evolving MSP. The days of an MSP just handling desktops, servers and password resets are over. We’re growing, adding more services, but our focus is on providing a broad range of technology services for our clients. We want to be their technology expert, not just an IT provider.”

While the company does not position itself as a true MSSP, it still offers several advanced cybersecurity services.

“We split our services into two agreements,” Campbell said. “One for standard managed services and one for advanced security services. This lets us adjust pricing as vendor costs change without springing surprises on clients halfway through an agreement. If security prices go up or we switch providers, we update our clients accordingly.”

Among the cybersecurity services the company provides are XDR, managed detection and response (MDR), penetration testing, vulnerability assessments and Cybersecurity Maturity

Model Certification (CMMC) consulting.

“We’re the police officers who handle everyday issues,” he said. “We’re there to provide regular protection: firewalls, backups, basic security. But when it comes to a specific crisis, like a ransomware attack, that’s when you need a specialized security team.”

Meanwhile, Irvine, Calif.-based Alvaka offers another type of security service: ransomware remediation. The MSP primarily works on ransomware restoration and provides comprehensive services that go beyond simply getting systems back online.

“We don’t just focus on the recovery of a few servers after an attack,” Kevin McDonald, COO and CISO at Alvaka, told CRN.

“We’re dealing with large-scale incidents, often involving extensive systems and complex environments.”

The business model has been effective, and as the threat landscape grows more sophisticated, especially with the rise of AI-driven attacks, Alvaka is finding new ways to protect its customers.

“AI can now develop custom malware on the fly,” he said. “This means defenders need to be faster and smarter than ever before to stay ahead of the threat.”

And as the industry matures, he predicts more consolidation in the MSP and MSSP sector as businesses pool their resources and expertise to combat increasingly sophisticated threats.

“Talent is going to become even more critical,” he said. “We need experts who understand the nuances of cybersecurity, not just general IT workers trying to cover all bases.”