Growing profits with layered cybersecurity

George Anderson
Director, Product Marketing, Webroot
George has spent the past 18 years in the IT Security industry, currently serving as Webroot's Product Marketing Director for endpoint, web, and mobile security solutions. Prior to this, he founded the Wasey Campbell-Ewald Direct Marketing Agency and held senior executive roles at Ogilvy & Mather Direct and McCann-Erickson Direct.

A few years ago, endpoint protection and firewall management were all a managed service provider (MSP) needed to offer clients in terms of cybersecurity services. Oh, how times have changed. As criminals evolve their attacks to become more dangerous and targeted, they use a growing number of vectors and tactics to increase the likelihood that their attacks will be successful. So, basic endpoint security solutions alone are no longer a sufficient cybersecurity stack—you need a layered solution.

Did you know that user error is becoming one of the most promising avenues of attack for cybercriminals? In fact, 93% of successful attacks on businesses in the last year started with an old classic: phishing.1 No matter how effective your endpoint security is, it can’t prevent an unsuspecting end user from accidentally leaving your network wide open.

Attacks based on outbound web traffic—often enabled by irresponsible browsing habits and preventable at the network level—continue to endanger businesses. Faced with today’s increasingly sophisticated cyberattacks, along with trends in modern technology, your clients now have more to lose and more to defend against than ever before. The growing demand for high-quality protection means managed security layers can be a major profit driver for MSPs.

Layers to consider

There’s no doubt that endpoint protection is a necessity. But what kinds of protection should you add? Below are some key protection layers to consider when building out your security stack.

Security awareness training for end users

When you see the high success rates of social engineering attacks, it’s clear that untrained, inattentive employees are a huge security risk. By addressing the root cause of these errors—user ignorance about the threats they face online—MSPs can help their customers experience fewer threats and less infection-related downtime. And, given the growing costs associated with a data breach, security awareness training pays for itself in terms of the fines avoided when users successfully dodge an attack.

As such, many MSPs are offering security awareness training as an add-on paid service, while others now include end-user education as a standard component of their security offerings, alongside endpoint security and patching services. No matter how the service is offered, MSPs recoup savings from addressing fewer incidents, service calls, and remediation work after clients are enrolled in training courses and phishing simulations.

DNS-layer security

Domain Name System (DNS) attacks present unique security risks for MSPs and their clients. But, by placing protection directly at the DNS layer, businesses and the MSPs who serve them can control internet usage on corporate LAN, as well as regular and guest WiFi networks, ensure regulatory and HR compliance, and stop malware before it reaches the network.

MSPs can rely on the same strategies for selling DNS protection as they used for training courses—either as a premium service or time and money-saving addition to their basic security package. DNS protection also allows you to block access to certain parts of the internet to free up bandwidth so networks function more smoothly, increase clients’ staff productivity, and limit inappropriate or harmful content sneaking onto their networks. DNS-layer protection allows MSPs to save even more hours on infection-related support, while businesses become safer and more productive.

The online threat landscape will continue to change. Protecting endpoints from inbound malware alone just isn’t enough anymore to prevent costly infections. Vulnerabilities at the user and network levels are being exploited daily, making it more important than ever for MSPs to offer effective security layers. And as the task of providing operational cybersecurity grows in importance, so do the opportunities to grow revenue by providing these essential services.

1 Verizon. “2018 Verizon Data Breach Investigations Report.” (April 2018)

ConnectWise has an ever-evolving ecosystem that extends from the roots of our core platform. Our ecosystem consists of 160+ solutions you can purchase through us plus even more integrations available in our Marketplace. Learn how you can connect into the ecosystem in your own unique way.