MSSP automation amps managed service delivery, opens markets
MSSPs are updating and broadening their technology stacks, emphasizing automation to break security service price barriers and reach new clients in a competitive market.
Times are changing for managed security service providers.
The arrival of new technologies, evolving customer demand and increasing competition compels MSSPs to rethink their managed service delivery strategy. Indeed, service providers are upgrading and broadening their technology stacks, emphasizing automation and reaching out to new customer segments.
This latest phase of MSSP evolution follows the sector's maturation in the 2010s and a dramatic uptick in security outsourcing that began during the COVID-19 pandemic. Prospects for continued growth appear favorable amid double-digit growth in the broader cybersecurity market.
Canalys, part of Informa TechTarget's Omdia market research division, reported earlier this month that its Cybersecurity Titans Index increased 16% year-over-year in the first quarter of 2025. Based on the revenue performance of 16 public cybersecurity vendors, that benchmark is dramatically outperforming the overall IT spending growth rate, which Canalys downwardly revised to 7% from its previous estimate of 8.3%.
In written commentary, Jay McBain, chief analyst for channels, partnerships and ecosystems at Canalys, said the benchmark results reflected "continued prioritization of cybersecurity budgets amid growing macro-economic uncertainty and wider disruption." He noted that nearly all the index companies have partner-first go-to-market strategies.
Modernizing the MSSP stack
MSSPs have traditionally relied on a mix of human expertise, hands-on-keyboard services and automation to deliver security services. However, the general trend among service providers is to emphasize the latter component. Accordingly, MSSPs are modernizing and extending their service platforms to provide more comprehensive automation and address emerging threats.
DirectDefense, an information security services company based in Denver, spent much of 2024 building out its security operations center (SOC) and bolstering its ThreatAdvisor platform, which provides security orchestration and response capabilities. Charly Bun, senior director of MSSP operations at DirectDefense, said the modernization task continues. The company is focused on balancing cost and service quality as it develops midmarket security services offerings, which it plans to launch in the third quarter.
Bun said MSSPs have tended to underserve smaller organizations. Part of the problem is a high price barrier that can put managed detection and response (MDR) and virtual chief information security officer (vCISO) services beyond the reach of midsize organizations, he added. Automating a wider array of security functions is central to achieving a more favorable price point.
DirectDefense's approach is to offer customers a set number of vCISO hours to develop a security strategy and then "drive everything else through the technology," Bun said. Automation lets the company reduce the cost of providing services and offer high-value ones for customers, he noted. For example, without widespread automation, an MSSP like DirectDefense might need to limit its vCISO services to occasional consultations to make them cost-effective to deliver.
You are starting to see some MSSPs take that technology-enabled delivery approach.
Charly BunSenior director, MSSP, DirectDefense
"You are starting to see some MSSPs take that technology-enabled delivery approach," Bun said. "The economics don't make sense unless you leverage technology."
Quorum Cyber, an MSSP based in Edinburgh, Scotland, isn't modernizing its core platform, a cloud-native offering built on Microsoft's security technology. But the company, which has offices in the United Kingdom, Canada and the U.S., continues to augment its cybersecurity foundation.
"Things move all the time," said Federico Charosky, CEO and founder of Quorum Cyber. "I define my focus based on where the threat actors, the bad guys, are putting their focus on."
The cybersecurity company launched in 2016 and initially emphasized MDR and extended detection and response (XDR) services. Over time, it has added data security, identity threat detection and response, and operational technology security. Now Quorum Cyber is extending its reach into AI.
"The biggest risk of AI is the large language models our customers are building," Charosky said. "They are huge coffers of data that have no security boundaries around them. We are developing our platform to make sure we can observe data injection and data exfiltration attacks."
Software vendors offer MSSP automation
MSSPs both develop their own tools to deliver security services and partner with cloud and software companies that have built security platforms. Regarding the latter, vendors such as Conifers.ai and Stellar Cyber recently launched MSSP channel initiatives to get their platforms in front of service providers. Those vendors said their technology can help MSSPs improve profitability and offer their services to a broader customer base.
Conifers.ai, a Dallas-based company that offers a security operations (SecOps) platform, launched its channel program in May. The company's CognitiveSOC product uses agentic AI to automate security incident investigations. MSSPs can deploy the software to offer managed SOC and MDR services.
Relying more on software boosts efficiency, opening opportunities for service providers to cultivate new revenue sources and improve margins, said Tom Findling, co-founder and CEO of Conifers.ai. Cost-saving automation also lets providers offer services to markets they couldn't previously reach from a pricing standpoint, he said. "It allows [MSSPs] to go down-market to places that were previously not accessible just because of their operational model."
Those places include businesses in the 300- to 3,000-employee range, where Findling said he sees a lot of demand. Organizations in the upper end of that range, those with 1,000 to 3,000 employees, are a bit more mature than smaller companies and have an appetite for security investment, he noted. Companies that fall below that threshold have historically been sensitive to price but are now more willing than in previous years to invest in security services.
"Businesses that have never had anything around detection and response are raising their hands, saying, 'We want to find a service provider,'" Findling said.
Stellar Cyber, which launched its MSSP partner program in April, also focuses on SOC automation. The company's Open XDR SecOps platform uses machine learning to detect threats and find correlations among alerts. It also uses generative AI to speed up threat analysis.
Such automation streamlines repetitive SOC tasks, said Andrew Homer, vice president of strategic alliances at Stellar Cyber, which is based in San Jose, Calif. As a result, MSSPs can offer cost-effective security coverage -- along with more advanced services -- without linearly scaling headcount, he added. Greater efficiency, in turn, opens new SMB markets.
"This absolutely helps MSSPs extend their services to smaller clients," Homer said.
Increasing competition among MSSPs
Platform upgrades and the resulting efficiency gains also help MSSPs deal with heightened competition. A flood of new service providers entered the market in 2020 and 2021, after the start of the COVID-19 pandemic. The pandemic sparked a rise in remote work and accelerated digital transformation, both of which increased organizations' attack surfaces. But other forces were also at play, including a persistent ransomware epidemic and an extended period of economic uncertainty.
In this environment, the need for wider security coverage overwhelmed in-house technology teams. Businesses once reluctant to outsource security became more amenable to hiring external service providers, Bun said, noting a sudden spending shift from Capex to Opex. The cybersecurity company he worked for prior to DirectDefense experienced a 250% year-over-year increase in revenue in 2021.
"This weird flip happened where companies were looking to outsource a lot more of their services and their [security] programs," Bun said. "Going into 2022, you saw a lot of MSPs trying to get into the security game, because, obviously, there's an opportunity."
New business applications data from the U.S. Census Bureau reinforces the anecdotal evidence of an expanding MSSP population. Census data on professional, scientific and technical services, an industry sector that includes MSSPs and other IT service providers, shows a spike in business applications in 2020 and 2021. In those years, the average monthly application volume expanded to 47,775 from 35,731 during the 2015-2019 period -- a 33.7% increase.
New business applications in the professional services sector, which includes MSSPs, grew rapidly in 2020 and 2021 before leveling off in subsequent years.
Dealing with friction
The MSSP influx has resulted in quality issues, as market entrants might lack the experience and expertise to take on complex security challenges.
"Some of the folks delve into the market but don't necessarily understand the nuance of what it takes to run a proper security program," Bun said. "It's leading to some friction points."
Charosky has also encountered that issue, citing value-added resellers trying to become MSPs and MSPs trying to rebrand as MSSPs.
"Everybody was trying to capture higher-quality revenue," he said. "That caused a lot of the problems we are seeing. A lot of people were promising security outcomes they weren't geared up to deliver."
However, the movement into the MSSP market might have already peaked, Charosky noted.
"That curve where everybody wanted to be a security player seems to start to recede a little now," he said.
Customers, meanwhile, face their own experience deficit. Many potential buyers have never worked with an MSSP or believe the scope of services offered by service providers is limited to patch management, Bun said. The task is to talk prospective customers through a broader approach to security. DirectDefense's Security Essentials suite, for example, includes identity threat protection, vulnerability management and vCISO services for SMBs.
"These customers are often used to someone just logging into their machine and patching it for them," Bun noted. "We have to help the customer understand that this is a different problem set that we are trying to solve for here."
John Moore is a writer for Informa TechTarget covering the CIO role, economic trends and the IT services industry.
