Regardless of What You Think: IT Support Companies Do Not Automatically Include Managed Security Services in Their Package

A recent survey shows most small and medium-sized businesses believe their IT support company is actively managing their security. Yet, in reality, managed security services are a separate offering.  Unfortunately, what IT support providers actually provide is the basic block and tackle. If you want to ensure your data is safe, you need to know the difference and know the right questions to ask.

What is Basic Block and Tackle?

Basic Block and Tackle Security is the process of locking down the most obvious hacker entry points. This is similar to putting locks and a warning alarm on your house.  However, it does not provide analysis, context, or guidance on what to do next.  Examples of basic Block and Tackle Security includes:

  • Firewalls can do content and web filtering as long as the employee is working inside the network.
  • Antivirus software must consistently be updated for new malicious viruses.
  • Updates and patches are critical and are usually performed on server operating systems, not the applications.
  • Backups are the final defense for ransomware and allow the IT support provider to set the system back to a time before the breach took place.

Unfortunately, basic Block and Tackle security measures have a very limited impact on the overall cybersecurity health of your system.  In fact, cyber-investigators have determined that hackers typically occupy the network for 9 months before they are discovered.  Clearly, a hacker can steal and do a lot of damage to the network in a 9-month period.  Therefore, your security should be taken very seriously.

True Managed Security Services

In contrast, Managed Security Service firms monitor your network for breaches, hacks, and risks every second of the day. It is a full line of protection similar to motion detectors, security guards, infrared scanning, and biometric locks on your house.  Furthermore, Managed Security companies actively monitor and analyze known and new security threats.  Most importantly, they know exactly what to look for and how to respond.

Interestingly, there are two motivations for businesses to address cybersecurity: compliance and risk.

Regulations and Managed Security Services

Regulatory compliance has been the major driver until recent events. Popular examples include HIPAA, PCI, and Sarbanes- Oxley.  However, cybersecurity is such a well-known risk that supply chains are now insisting their contractors meet certain standards.

Unfortunately, regulatory compliance often entices companies to take the cheapest route in an effort to check off boxes and move on. Consequently, doing the “bare minimum” will get you the lowest result.  Therefore, I encourage you to take this opportunity to lock down your systems as much as possible to avoid breaches, fines, and public scandal.  After all, you do not want to be that company that is known for causing a major breach on their client’s network.

Risk Protection and Managed Security

On the other hand, the companies who want to avoid risk take a completely different approach. Typically, these companies have had a cyber-attack or have reason to believe they will be attacked.  In this instance, they want to monitor, analyze, and respond to attacks as quickly as possible.

Find Out if Your MSP is Doing Basic Block and Tackle or Managed Security Services for Your Company

Unfortunately, most small- and medium-sized businesses believe they are completely protected by their MSP.  Consequently, that assumption has cost a lot of businesses hundreds to thousands of dollars.  In fact, Appriver, a well-known spam and encryption company, states that the average cost of a data breach is $149,000!  Yikes!

Questions to Ask Your MSP

So, how do you know if your MSP is providing complete protection?  Ask these three questions.

  1. Do they have a Security Operations Center (SOC)?
  2. How many security analysts do they employ? To operate a true 24/7 SOC will require a minimum of 12 full-time security analysts.  Not network engineers, but security analysts.
  3. Ask them about their service level agreements and how they respond to alerts. For example, ask them about their incident response practice. Interestingly, the majority of IT Support companies act as human alert routers. In other words, when an alert occurs, they simply email it to their clients. Unfortunately, they do not provide analysis, context, or guidance on how to respond.  Clearly, you want to make sure they provide the analysis, solution, and a pathway to resolve the issue.

Why INSI Chose Cybriant!

At INSI, we always want to do what is best for the client, and for Managed Security Services we chose Cybriant. Fortunately, Cybriant not only reduces the probability of a breach, but they also limit the damage if an event occurs. In fact, they operate a fully staffed SOC 24x7x365.  When an event does occur, they inform us and our clients of the breach.  Most importantly, Cybriant analyzes the alert, grades how critical it is, and provides you guidance on what to do next.  In some cases, they have already performed the remediation.  It’s a great partnership!


INSI is an Atlanta based IT support provider and channel re-seller of Cybriant Managed Security Services. We can help you determine the best services that are specific to your managed security needs. If you have regulation or are concerned about security threats, please call INSI at 770-387-2424 to speak with one of our experienced consultants today.