Leading cybersecurity vendors brought their latest wares to the RSA Conference 2026 last week, announcing new products and tools to help partners thrive in an AI-soaked IT environment. But the new options might not entice partners, who are dealing with rising costs and an overabundance of tools. Some are tempted to build security features in-house.
Cyber tool sprawl is a perennial channel problem that’s pushing MSPs and MSSPs to reevaluate their vendor set in a quest to simplify.
“They've added tool after tool after tool, and that's really become a major pain point in maintaining and managing those tools to be effective and then also to be able to be efficient enough to be able to drive the returns that an MSP needs to be able to keep that business flourishing,” Brian Downey, SVP of product management and product marketing at Barracuda, told Channel Dive.
Partners of all types are bombarded with product pitches, and it’s difficult to sort through all the choices.
“You end up being like a salesman who opens his suit, and he's got all those different flavors on his suit coat sides,” said Chris Ichelson, CEO of managed security services provider 360 SOC.
Customers are overwhelmed with tools, too, and they’re coming to partners for help. A 2025 Barracuda study found that the most common reason companies added an MSP was a lack of resources to manage their growing number of security tools.
360 SOC is among the partners aiming to consolidate. The reasons are myriad, but rising software prices are a major motivator.
“The vendors have put us service providers on an escalator of cost, and at some point you hit a high enough floor that you say, 'You know what? It's probably more cost effective or as cost effective for me to build this myself,’” Ichelson said.
Partners have also grown weary of vendors turning over employees and cutting back on support, Ichelson added. Upstart vendors might not actually know how to implement their own products, and those that have are likely to be acquisition targets.
360 SOC is one partner that’s trying its hand at in-house development using AI vibe coding tools.
“At some point, you just throw your hands in the air and you say, "’You know, I think it's time for me to compete,’” Ichelson said.
The company is bringing MDR, EDR and XDR in-house to own the full customer experience, according to Ichelson
Security Information and Event Management is another story. Partners acquiring a new client need to consider that the customer might already have a SIEM in place.
“Everybody has these. A lot of times you're walking into existing [platforms] and being flexible only gives you the opportunity to be able to take on customers faster,” he said.
The scope of the in-house trend is limited, Robin Ody, MSP practice leader at Channel Dive sister company Omdia, said.
“MSSPs can develop their own tools, but I have seen more of them going the other way, replacing their own built tools with vendor tools,” Ody said. “In the long run, the economics can be debated, but for now, some are seeing it as more approachable to have someone else develop and maintain the tools and focus on building on investing in vertical specializations, and sales and marketing.”
MSPs and MSSPs: a shrinking divide
The line continues to blur between MSPs and MSSPs as customers expect providers to protect their IT estates, regardless of their formal designation.
“I am sensing that the strict terminology of partner types is becoming vaguer and vaguer as customer needs ramp,” Barracuda SVP Global Channels and Alliances Michelle Hodges said.
That’s especially true for SMBs. In that segment, it doesn't matter if the MSP doesn't style itself as a security provider.
“When you're on the medium-to-small side, you're basically giving the keys to the kingdom to the MSP. Even if you got cheap in the negotiation process and decided to not elect for the platinum service with the zero trust security and things like that, you're still going to blame them as well,” Watchguard CEO Joe Smolarski said.
Smolarski said Watchguard internally debated the distinction between MSP and MSSP, and found it increasingly arbitrary.
“The word MSSP to me was very prevalent five to six years ago, but what I've lectured people is that all MSPs have a security practice at this stage,” he said.
There remain dividing lines, however. One definition of an MSSP is offering one’s own security operations center. Omdia thinks about it in terms of revenue.
“An MSSP is any partner that makes more than 50% of its revenue from managed security services, SOC or not. As vendors developed their own MDR to be sold by and integrated into MSP stacks, these MSPs have taken on more managed security capability,” Ody said. “It doesn’t necessarily make them MSSPs, as that’s still a specialist designation, but it does allow more customers to get access to managed security at a lower price point.
For Ichelson, an MSP is more likely to resell the cybersecurity vendor’s product or bill it as part of a professional automation services platform. PSA vendors have loaded up on integrations with cyber vendors to make it easy for MSPs to ingest cybersecurity vendors.
Smolarski sees the gravity of the MSP cybersecurity universe bending toward the vendors, not the PSAs. Watchgard still integrates with PSAs, but it no longer relies on them for distribution. It’s directly reaching out to MSPs and managing those relationships on its own.
“If you go back years ago, that's what was happening. The RMM was the center of the universe for an MSP, and security vendors needed an RMM provider to be part of their ecosystem and all that good stuff. Now, we have a complete cyber security platform, and we are just as important to a MSP as any RMM provider out there,” he said.
