Making Money with Layered Security: Challenges and Opportunities in a Shifting Threat Landscape

A shifting cyber threat landscape is putting increased pressure on MSPs entrusted with security services. In addition to protecting clients from an ever-diversifying range of threats, it’s often falling on MSPs to explain to their customers why simple endpoint security solutions alone are no longer a sufficient cyber security stack.

User error is quickly turning into one of the most promising avenues of attack for cybercriminals, something no endpoint solution can remedy. Additionally, attacks based on outbound web traffic—preventable at the network-level and often enabled by irresponsible browsing habits—continue to endanger businesses, especially at the network level. 

Rather than viewing these shifting circumstances as a net negative, MSP owners should recognize that the increased need for effective security offers real opportunities in terms of their offerings. Layering the cyber security protection MSPs provide their clients is the way to efficient protection and increased profitability. It simply makes sense that, as threats diversify, MSPs should expect greater compensation by offering greater protection.

Making Money with Security Training  

Research conducted by IBM found that 95 percent of cybersecurity breaches were the result of user error. According to Verizon Wireless’s 2018 Data Breach Investigation Report, 93 percent of all breaches involve some sort of social engineering. The threat represented by untrained users is real, especially where phishing attacks are concerned. By addressing the root cause of these errors—user naiveté about the threats they face online—MSPs can help their customers experience less downtime and increased profitability.

That's why many MSPs now offer security awareness training as an add-on paid service. The proven value of security awareness as a layer of defense is so high it can cover itself in terms of cost by teaching a user to avoid just a single breach. Other MSPs are including end user education as a standard component of their bundled security offerings, alongside endpoint security and patching services. With this pricing model, MSPs recoup savings from addressing fewer incidents, service calls, and remediation work after customers were enrolled in training courses and phishing simulations. Even as a part of a bundle, security training actually improves the profitability of their offerings. In either model, both MSPs and their wind up more secure.

Making Money with DNS-Level Protection

DNS-layer attacks present their own security risks for MSPs and their clients. Offering protection at the DNS layer also presents an opportunity to regulate internet usage (especially important on guest Wi-Fi networks), act as a regulatory and compliance tool, and stop malware before it reaches a network by preventing access to disreputable sites.

MSPs can rely on the same tactics for selling DNS protection as a service as described above—as either a premium service or a time and money-saving addition to their basic security package—with a few additional client (and, by extension, MSP) benefits. Blocking activities like streaming media and peer-to-peer downloading sites (torrents) helps to free up bandwidth and allow a network to function more smoothly. Preventing productivity-sapping online activities like social media and gaming sites can lead to more efficient staff. And blocking access to inappropriate or harmful content can prevent human resources issues that would otherwise be expensive, time consuming, and damaging to a client’s reputation. Network-level protection allows MSPs to save even more hours on infection-related support, while business hours realize the benefits of saving numerous hours through uninterrupted productivity.


The online threat landscape is changing. Protecting endpoints from inbound malware alone is no longer a sensible or effective way prevent costly infections. Vulnerabilities at the user and network levels are being exploited everyday by cybercriminals. But it’s not all doom and gloom for MSPs. As the task of providing operational cyber security grows in both complexity and importance, so too do the opportunities to grow revenue by providing these essential services.