MSSP Benefits from the Small Menu Model: Repeatability and Next-Generation Firewalls

May 03, 2017
4 minutes

Cybersecurity is highly dynamic and increasingly complex. For a managed security service provider (MSSP), selling cybersecurity goes well beyond buying or selling a yearly mobile plan, internet bandwidth or cloud storage. New attack vectors and protections keep cycling like a game of Whac-a-Mole®. Maybe it’s ransomware today and botnets tomorrow. Phrases like phishing campaign, malware distribution, endpoint exploitation and command and control create a new, more sophisticated lexicon.

The challenge for the MSSP is to take this complexity, make it simpler and more cost-effective, and provide preventative security to a broader and less-knowledgeable customer base. Doing this enables MSSPs to offer a transactional sales model to a larger number of customers alongside heavy, consultative engagements with select customers.

How to accomplish this? Enter the concept of repeatability. Repeatability allows MSSPs to scale the sales and post-sales processes to capture more sales and serve a larger portion of the market in a cost-effective manner.

Using the below customer engagement framework for security solutions, what can be done here to introduce repeatability?


Borrowing from the restaurant world, the easy answer is: a small menu. Instead of a long list of a la carte options, the MSSP presents their customer with a few selections based on preset, best-practice options. The model is now “Do you want option A or option B?” instead of “What kind of security do you want?” It’s a subtle change, but one that can have tremendous go-to-market benefits, such as easing sales complexity and cost.

Let’s use the Next-Generation Security Platform as a basis to detail the benefits of this model. The blend of preventative security subscriptions, a single operating system, and an array of underlying platform options creates a simple set of building blocks that can be readily mapped into the MSSP customer engagement framework model:

  1. Sell
    With a small, fixed menu of choices, it becomes easier to train the sales teams on key value points for the service. It also becomes easier for less technical customers to understand the value of the service and pricing.
  1. Deploy
    A modest offering with small, medium and large platforms can be readily installed or instantiated with well-understood performance and scaling criteria. Selecting the platform becomes independent of the posture choices: You get “the same security everywhere,” regardless of the capacity or physical/virtual form factor.
  1. Posture
    At the time of deployment, security configurations are immediately applied to the firewall without prolonged customization efforts. Subscription license cost is known in advance to ensure reliable pricing models.
  1. SOC
    As customers cluster to similar sets of security configurations, logging establishment and threat monitoring become more consistent. As issues arise, security best practices, including cross-customer updates and communications, are simplified as compared to expansive one-off situations.
  1. Support
    Similar to sales and SOC stages, it becomes easier to target training requirements and best practices for customers using preset and common configurations. Trouble resolution, even prescriptive measures, is more predictable across a large set of deployments.

An action plan checklist begins to form detailing not only the service offering definition but also key items needed for service readiness. These can include marketing materials, sales/support training, pricing models, SOC logging and support alerts. All of these items are captured and completed before the service goes live.

Notice that even if a key focus for the MSSP and repeatability is getting each customer up and running in the fastest and most efficient way possible, the MSSP is still providing preventative security based on the selected service tier.

MSSP customers can now proudly claim that they are preventing a successful phishing campaign from distributing malware to exploited endpoints that would attempt to establish command and control channels to attackers. All of this with a rapid deployment model that doesn’t require extensive consultations.

To learn more about Palo Alto Networks Managed Security Service Provider Program, please visit the NextWave MSSP Partner page.

Register for Ignite ’17 Security Conference
Vancouver, BC June 12–15, 2017

Ignite ’17 Security Conference is a live, four-day conference designed for today’s security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the Ignite website for more information on tracks, workshops and marquee sessions.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.