Interviews - News - Analysis: For successful growth with Managed Security Services
MSP Journey · Exploring the truth · Managed Security Services · Logo
Premium Content
learn more

Getting started with managed security services – from trust to trial and error to profitable services

Which solutions such as endpoint protection and firewall to start with? Which training courses for how many employees? Which customers to approach first? What are the most convincing arguments for SME customers? How do I recognize that I should not pursue the contact in terms of security now? When will "advanced solutions" such as XDR and MDR be added?

The start: from internal solutions to managed services

Benjamin Iheukumere, an experienced IT manager, reports from his practical experience: “It clicked for us when we realized that we could be more than just an IT system house.” The first step was to analyze internal products and consider which of them could be offered as managed services. One example of this is the managed firewall. Instead of just selling the firewall and the associated license, the company now offers a comprehensive service that includes regular updates and adjustments.

The day-to-day work of a technician in the managed services environment

For technicians, the switch to MSS means an adjustment in the way they work. Tasks are recorded in the ticket system and billing is carried out automatically against stored service contracts. Technicians can therefore concentrate fully on their tasks without having to worry about administrative processes.

Training and specialization

Another important aspect is the training and certification of employees. Benjamin emphasizes: “Employees who work on special topics are certified up to their lower lip.” This ensures that the technicians are always up to date with the latest technology and can offer the best possible security solution for customers.

The customer base as a starting point

In the initial phase, Iheukumere focused on existing customers, as they already had a trusting relationship. Familiar environments and infrastructures made it easier to introduce new solutions. The focus was on showing customers that antivirus programs are no longer sufficient and that more advanced solutions such as Endpoint Detection and Response (EDR) or even Managed Detection and Response (MDR) are necessary.

The path to higher performance

The development from simple antivirus solutions to EDR and MDR was an important step. Many customers first need to understand that these new solutions not only need to be installed, but also continuously monitored and adapted. Insurance companies are increasingly demanding the use of advanced security solutions such as XDR (Extended Detection and Response) in order to provide cyber insurance at all.

Marketing and sales: The importance of cold calling

A decisive step for success was the active marketing of the new services. As the company did not have its own sales staff, a telemarketing agency recommended by Sophos was commissioned. This campaign was successful and led to numerous new appointments and orders. “I will probably start the next campaign straight away this year, because it was fun and also achieved a good result,” reports Iheukumere.

  • Highlights in 90 Seconds

'Employees who work on special topics are also certified up to their lower lip. This is very important to us in terms of security certifications.'

ibeco-Systems GmbH
  • Our expert's main points
Olaf Kaiser:

What were the first solutions for which you said that we would now turn them into a genuine managed security offering?

It clicked for us when we realized that we could be more than just an IT system house and become a managed service provider. And then we looked at our internal products and thought about which services we could take from them and turn them into a service. Not just say, sell it and we'll talk again in a year or two when the license has expired.

We were already relatively early on in our MSP journey in the security context with the topic of managed firewalls. It used to be done like this: firewall sold, license sold and if the customer needs a change, they just open a ticket. We then set up the Managed Firewall product. It contains a firewall that is suitable for the customer, it contains the licensing, which is also somewhat more modular with many manufacturers. And we also include our service in it, as we had already gained experience of how often the customer calls and says I need a change to the firewall or something like that. And how often do the updates come out per year and then we had a good calculation and stuck a monthly price on it. And then we realized that the same thing also works for the endpoint.

The customer also needs a piece of software, a license, there is maintenance work involved, logs may need to be checked, someone may need to look over it, because... what good is a security solution that is simply installed and nobody looks at the alerts? And... just like with firewalls, they simply stick a price on it and then offer it to customers so that they can go down the MSP route.

Olaf Kaiser:

What was the approach of the technicians?

If something needs to be done, the technician enters his times into the ticket system as normal and we in the management ensure in the background that a service contract is stored, for example, against which this is automatically booked. The technician sees that task X has to be carried out and then he enters his times for the customer in the ticket system and the technician doesn't have to worry about what happens behind the scenes in the billing.

Olaf Kaiser:

How do you determine which technician works on which topics?

In regular discussions with employees, we try to find out which area you feel most comfortable in and which area you find most exciting. And just as the employees bring their personal preferences with them, we also place the respective training courses and certifications. In our company, employees who work on certain special topics are also certified up to their lower lip. This is very important to us in terms of security.

Olaf Kaiser:

Let's switch from an internal to an external perspective. What was your experience in the early phase? With whom did you first try to transform this into recurring revenues?

We first looked at existing customers. These are customers with whom you perhaps have a somewhat closer relationship. These are customers with whom you have earned their trust as a service provider and with whom you can try things out. You work in familiar environments, you know the customer's network and infrastructure inside out anyway. It's much easier to implement new solutions there.

Olaf Kaiser:

What was your path in terms of endpoints and the development towards more sophisticated services? And the openness of customers to say, I have understood that the antivirus is somehow no longer 'state of the art'?

For us, this is the development from a simple AV to an EDR, to an XDR and finally to an MDR. As a service provider, you have to understand that first. It's not just something that I take off the shelf and sell and then I'm done. Things also need to be configured properly. The exceptions and the exceptions that I have to pack into it should be tailored to the customer and the customer's infrastructure. And the topic of EDR and XDR is also interesting from an insurance perspective. After all, many cyber insurers are now saying, what protection solutions have you established?

If it doesn't include at least XDR functionality, we won't insure it. The final expansion stage of something like this is when you add an MDR, i.e. a managed detection and response service. As a service provider, I can do this myself if I have the expertise in-house, but very few have it and if I don't have it but still want to offer it, then I take the MDR service from the manufacturer with me. For the service provider or MSP, it's a very nice business, because it scales almost infinitely. Because the effort is no longer really mine, it's the manufacturer's if there are security incidents.

Olaf Kaiser:

You have now decided to become more active in the area of marketing and sales.
For example, you have launched a telemarketing campaign.
How have the results been for you?

We do the major components of our security portfolio with the manufacturer Sophos. Then we said we wanted to grow in this area. And cold calling is an issue, you have to be born for it. I'm not, nor are any of us here. We have good technicians, but we don't have our own sales staff. And that's why we contacted a telemarketing agency recommended by Sophos and said that we would like to have new initial appointments with interested parties who are looking for a new endpoint solution. As a result, I made a lot of appointments via Teams. It's going very well, we'll soon be at the end of the campaign and once we're through, we'll have to start working through the orders generated. And I will probably start the next campaign straight away this year, because it was fun and also achieved a good result.

  • The full video interview
  • Let's hear it
Apple Podcast
Spotify Podcast

Profile

Thanks to consistent work and a clear quality philosophy, we have continuously developed ibeco - both in terms of the range of our services and in terms of personnel. Today, almost two decades after our foundation, we are an experienced team working mainly for clients from the SME segment to the upper midmarket. We owe our growth not only to our expertise, but also to the strong team spirit that has accompanied us from the very beginning.
ibeco-Systems GmbH
August-Euler-Str. 7
50259 Pulheim

Related articles

Business Transformation

IT security in Swiss hands

Managed Security Services: From Swiss Practice – Insights from Martin Elmer Any IT service provider looking to enter the world of managed security services can learn a lot from Martin Elmer, Managing Director of Glaronia Informatik AG. His company currently supports around 3,500 clients and 1,000 servers for over 400 business customers – an impressive journey that demonstrates what is possible with courage, focus, and a clear concept. Managed Services since 2014: Not easy, but worthwhile Claronia set the course early on: The company launched its first managed services in 2014. Back then, it primarily focused on endpoint security and...

WEITERLESEN ➝
Business Transformation

“Keep IT Zen” – How a Belgian MSP is rethinking managed security

Security solutions don't sell like hot cakes. At least not as long as everything is still running smoothly for the customer. But what if IT security was not a necessary evil, but a Zen state? This is precisely the philosophy of Peter Steppe, founder of the Belgian MSP willux.be. He has been pursuing one goal since 2004: “Keep IT Zen” - i.e. calm and serenity in his customers' day-to-day IT work. What initially sounds like a slogan from a mindfulness guide quickly turns out to be a strategic lever for high-quality managed security services. From reaction to prevention Peter makes...

WEITERLESEN ➝
Business Transformation

Managed Security Services: A look behind the scenes

Why Managed Security Services? Traditional IT services are often based on project-related billing and individual measures. In today's threat landscape, this is no longer sufficient. Managed Security Services offer a strategic advantage: They enable continuous monitoring, early detection of threats and proactive defense measures. Companies benefit from predictable costs and an improved security situation, while IT service providers can strengthen their customer loyalty and generate stable income in the long term. Success factor: The right choice of services In Manuel's view, a common mistake is trying to build a comprehensive MSS portfolio immediately. A step-by-step approach is more promising. ltmemory...

WEITERLESEN ➝
Business Transformation

History and data analysis are crucial for contract design

Managed Security Services: The journey into the future of IT security We spoke to Marc Frank, department head at Steep GmbH, a company with over 800 employees and an impressive range of IT services through to defense solutions. His experience shows how IT service providers can successfully implement managed security services - even if you start from scratch. The beginning: From license sales to services with added value Marc Frank describes the starting point at Steep as follows: "When I started in 2021, the IT department was still geared towards classic license sales. Customers received software and hardware, but there...

WEITERLESEN ➝

Recommended articles

Tell a friend

LinkedIn
XING
X
WhatsApp
Email