Technology advisors are increasing their cybersecurity sales as vendors and customers embrace a broker model, but their opportunities may narrow as they court larger businesses.
The lion’s share of TA security sales has been through managed services providers. The enterprise market, where firms prefer point solutions they can manage, remains a challenge.
“When I run into somebody who says, 'We want to do it all; we're all inside,' that's a tough sell as an advisor,” Cloud Communications Group CISO and AI Practice Lead Mike Stute told Channel Dive.
The TA channel has a limited set of unmanaged point solutions. Legacy cybersecurity vendors historically went through resellers rather than brokers. However, the TA vendor line card is loaded with end-to-end managed security service providers for customers who want to hand over control.
TAs are left with three options: clamor for tech services distributors to sign security software providers, sign direct agreements with those providers, or wait for big logos to warm to co-managed models.
A segmentation problem
The self-management barrier is an enterprise problem, as managed and co-managed models dominate among small and even midmarket customers.
A recent Cynet survey found that 71% of SMBs use MSPs for security, with co-managed the most common strategy.
Team KC Telecom Founder Cynthia Ferrell said the firm almost exclusively recommends MSSPs to its midsize client base. Although clients in the 200- to 250-employee range often balk at MSSPs charging up to $50 per endpoint per month, they lack the staff and expertise to do it themselves.
“At best, I have a network sysadmin and an IT manager,” Ferrell said. “Sometimes I just have one person doing all of that. I tell them, 'You absolutely do not have the time to manage this when you're wearing 27 hats. If you're going to pay for managed services, please make this be the one thing, if nothing else.'”
Moreover, MSSPs are crafting their own software and tools, creating viable alternatives to the big-name OEMs. SilverSky recently spun up an SIEM product “that's kicking the butt of SentinelOne and CrowdStrike,” according to Ferrell.
“Everyone gets really hung up on tools. ‘Do I do Proofpoint? Do I do Mimecast? Do I do CrowdStrike?’ It really doesn't matter,” Ferrell said. “I would rather see my clients managed by any MSSP with a 24/7 SOC with crappy tools than for them to have the best tools on the market and try to manage themselves because that's where you still have alert fatigue and silos and stuff like that.”
Managed security services have a growing footprint upmarket. Even if midmarket and enterprise businesses don’t want fully managed solutions, they still want co-management, according to ChoiceTel CEO and Diane Smith.
“A lot of those companies don't want to handle off-hours,” Smith said. “They'll do eight to five, but they want somebody else to do off-hours and weekends and holidays. It's a wide mix.”
Enterprises also might prefer to hand off specific technologies. Firewalls, for example, require constant tweaking, according to Stute. It’s not uncommon for an enterprise to hand off everything except for compliance and threat hunting. MSSPs want the threat business and pitch the fact that they amass intelligence from multiple IT environments. Others are offering to sell their threat hunting feed while letting the customer actually do the work.
“I'm seeing some movement in the market to realize, ‘We're not going to get that [threat hunting] business, so how can we help you?’” Stute said.
Nevertheless, self-management becomes more common as an enterprise grows larger. Accelerate Partners CEO J.P. Panzica said the Fortune 500 still generally opt to keep cybersecurity in-house.
“When you start climbing into the enterprise space, they're more apt to use a point solution, and they'll have their own internal IT teams,” Panzica said. “They'll have their own IT service management ticket systems, so they're more able to deal with that solution.”
Gathering point solutions
Some TSDs, which hold the vast majority of vendor contracts that TAs use, are on the hunt for point solutions.
Akamai and Cloudflare have been working with TSDs and TAs for several years now, and Avant’s recent partnership with Arctic Wolf was a strong signal for agency momentum.
However, many security software vendors remain locked in resale motions, which most TSDs are loath to embrace.
The alternative for some TAs has been to ferret out their own supplier agreements. ChoiceTel signed direct reseller agreements, tapping into a motion it ran back when it resold ShoreTel phones. The firm examined the option of signing referral agreements but found greater protection and incentives as a reseller.
ChoiceTel is not trying to boil the ocean. The company wants up-and-coming challenger brands capable of disrupting the legacy cybersecurity stack. It is also mindful of the investment a security OEM demands.
“If all you're doing is selling point solutions like Palo Alto firewalls, then you're no longer a trusted advisor because you're 100% a salesperson,” Smith said. “They probably want you to make quotas. They probably want you to sell a certain amount.”