Easy ways to

DOMINATE the
Security-as-a-Service Game
GROWING OPPORTUNITIES AND THREATS

Cybercrime
is expected to cost companies

$6 TRILLION
worldwide by 2021.
*

This means managed service providers (MSPs) have an opportunity

to proactively thwart attacks—and build monthly recurring revenue
(MRR)—by delivering comprehensive security solutions.

Among those at risk of being targeted by cybercriminals, small

and medium businesses (SMBs) are particularly vulnerable. In
40% of organizations that fall victim to data
fact,
breaches are small businesses.**

1
Hackerpocalypse: A Cybercrime Revelation, Steve Morgan, Cybersecurity Ventures, 2016.
43 Percent of Cyber Attacks Target Small Business, Joshua Sophy, Small Business Trends, April 28, 2016.
**

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 2

OVERVIEW

Identifying the

BIGGEST
Security Threat
Most MSPs deliver anti-malware as part of a standard
security offering. Doing so is generally acknowledged
to be a best practice among industry professionals.
However, this type of solution fails to take into account
one big variable: your customer’s employees.

Did you know

INTERNAL VULNERABILITIES
70 % of all data breaches in SMBs?*
are responsible for

The Costs and Risks of a Security Breach for Small Businesses, Oscar Marquez, Security Magazine, July 26, 2016
*

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 3

OVERVIEW

Take Action
Consider making internal network security part of
your comprehensive security-as-a-service offering.
Adding this service is affordable and easy when
you use a tool like Network Detector.

Up Next:
Discover the state
of SMB security

What are some known issues?

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 4

STATE OF SMB SECURITY

Known Issues
The state of SMB security is poor, with 86% of SMBs
reporting that their ability to manage security risks is not
highly effective.*

50% of SMBs
Even more astonishing is the fact that
have experienced a data breach within
the past 12 months, and 22% of SMBs surveyed
by the Ponemon Institute in 2016 admitted to having no
intrusion-detection system in place.**

These security gaps present an opportunity for MSPs to

expand their security-as-a-service offerings and include
more comprehensive support—especially against internal
vulnerabilities.

*2016 State of Cybersecurity in Small

and Medium-Sized Businesses (SMB),
Ponemon Institute, June 2016.
**Ponemon Institute

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 5

STATE OF SMB SECURITY

Misconceptions
While most SMBs understand the need for, and are willing to
invest in, basic security solutions to minimize external security
vulnerabilities, few feel the same way about investing in solutions
to reduce internal security gaps.

Educating your customers about the risks surrounding internal

vulnerabilities is, therefore, an important first-step when trying to
upgrade existing customers to a more comprehensive plan that
includes additional internal threat-prevention measures.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 6

STATE OF SMB SECURITY

Take Action
Get resources you can brand as your own, and use them
to educate your customers about the need to protect
against internal vulnerabilities.

Up Next:
SMB security
blind spots

Know your blind spots

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 7

STATE OF SMB SECURITY

BLIND SPOTS
It’s known that employee and third-party negligence is responsible
for most data breaches, but the root cause of many breaches
One-third of companies admitted
remains a mystery.
they were unable to identify a root cause
following a data breach.*

Meaning, the vulnerability responsible for the

breach is never identified and corrected 33% of
the time, so it can likely be used to exploit your
customer’s network again.

By helping SMBs minimize security blind

spots like this one, MSPs can increase
their MRR while also simultaneously
building their trusted-advisor status
and improving customer loyalty.

* Ponemon Institute

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 8

 STEERING THE SECURITY CONVERSATION WITH SMBS

The
Formula for
SUCCESS
While marketing and advertising professionals have been using
this formula for years, it can easily be cross-purposed for your SMB
security-as-a-service rollout. The formula, referred to as AIDA,
includes the following steps:

1. Capture Attention
2. Create Interest
3. Nurture Desire
4. Drive Action

When applied correctly, the AIDA formula can

even improve conversion rates.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 9

STEERING THE SECURITY CONVERSATION WITH SMBS

Capture Their
ATTENTION
Even compelling sales pitches fall flat if listeners
fail to pay attention. Thus, the first step in
starting a productive conversation around a more
comprehensive security solution involves capturing
your SMB customer’s attention.

Keep in mind that the attention-grabbers you use

may vary depending on the vertical, industry,
or job title being targeted. Make sure your
attention-grabber(s) clearly address the
biggest business-related security fears your
target audience is likely to face.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 10

STEERING THE SECURITY CONVERSATION WITH SMBS

Take Action
3 Attention-Grabbing SMB Security Statistics:

1. A single security breach typically costs SMBs around $36,000*

2. Half of SMBs reported experiencing at least one data breach in 2016**

3. 50% of small businesses fail within six months of experiencing a data breach***

Bonus Tip:
Timely messages that acknowledge recent security incidents
can also help you grab your audience’s attention. For a list of
the most recent data breaches, click here.

Up Next:
Create Interest

*The Costs and Risks of a Security Breach for Small Businesses, Oscar Marquez, Security Magazine, July 26, 2016.
**Ponemon Institute
***The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses, Louis
A. Aguilar, The U.S. Securities and Exchange Commission, October 19, 2015.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 11

STEERING THE SECURITY CONVERSATION WITH SMBS

Create
INTEREST
Once you have the attention of your audience, it’s time to
go from gaining their attention—which might only span a
few seconds—to building long-term interest.

To achieve this, you could introduce a core issue. In the

case of a cybersecurity breach, the core issue could be
something as simple as a user plugging a compromised
USB drive into your customer’s network.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 12

STEERING THE SECURITY CONVERSATION WITH SMBS

Nurture
DESIRE
Now that the underlying problem has been identified, it’s time
tocreate desire by introducing the solution to the
painful problem you’ve just introduced.

In the case of SMB security, the problem is that most

companies are not taking measures to protect against internal
vulnerabilities, and the solution for these companies is to
subscribe to your comprehensive security-as-a-service offering
that minimizes internal vulnerabilities.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 13

STEERING THE SECURITY CONVERSATION WITH SMBS

Take Action
If generic facts and figures are not getting through to your customer,
consider doing the math to demonstrate how much your comprehensive
security offering could save them each year.

If the average SMB experiences at least one data breach per year that
costs $36,000 to resolve, and your company’s total security solution is
that means the customer could save
only $22,000 per year,
$14,000 per year.

$
36,000 THE ANNUAL COST
OF YOUR SECURITY PLAN

Amount Saved

Up Next:
Drive Action

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 14

STEERING THE SECURITY CONVERSATION WITH SMBS

Drive
ACTION
After capturing your audience’s attention, creating interest by
identifying a core issue, and nurturing desire by introducing a solution,
it’s time to deliver a strong call to action.

When trying to sell a security-as-a-service upgrade, delivering a free

assessment can help your customer better understand the risks internal
vulnerabilities pose to their organization.

Consider offering your prospects and customers a free

internal vulnerability risk assessment if they do not think their
organization needs additional protection.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 15

OVERCOME COMMON OBJECTIONS

Objection 1:

“I do not need it”

While the majority of SMBs acknowledge and act on the
need for anti-malware and anti-virus solutions, many do
not understand the security risks surrounding internal
vulnerabilities.*

One of the best ways to overcome this objection is to

show—by way of complimentary internal vulnerability
risk assessment—where gaps in coverage exist.

*Ponemon Institute

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 16

OVERCOME COMMON OBJECTIONS

Objection 2:

“I can’t afford it”

SMBs, especially in low-margin industries, tend to be
cautious when it comes to spending. Offering flexible
payment options, with monthly or quarterly payments,
can be an easy way around this objection.

Furthermore, you can also use the simple formula on

page 15 to demonstrate how much having your solution
in place could save the customer each year.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 17

OVERCOME COMMON OBJECTIONS

Objection 3:

“We use Macs so we

are not at risk”
While Windows systems contained more vulnerabilities
than Apple machines in 2016, the tables have
Apple
turned in 2017. According to CVE Details,
operating systems now contain far
more vulnerabilities than their Windows
counterparts.*

This is new information many SMBs are not yet aware

of. Therefore, MSPs will need to take the time to
educate their customers about the growing risk factors
surrounding Apple operating systems.

*Top 50 Products By Total Number Of “Distinct” Vulnerabilities in 2017, CVE Details: The Ultimate Security Vulnerability Data Source, 2017

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 18

OVERCOME COMMON OBJECTIONS

Essential Elements of a
Comprehensive
Security Offering
A comprehensive security solution—which detects and
protects against internal and external vulnerabilities—
should include these 11 elements:

1. Evaluation of inbound firewall configuration

2. Review of out-bound firewall configuration
3. Inspection of current patch-management tool effectiveness
4. Examination of anti-virus and anti-spyware deployment
5. Permission review
6. Physical security walk-through
7. Internal vulnerability scan
8. Anomalous login detection
9. Security policy assessment
10. IT administrator review
11. Compliance-level auditing
For a more comprehensive look at each of these elements,
along with pricing suggestions, download the Modeling a
Security Offering around Network Detective whitepaper.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 19

CONCLUSION

Next Steps
If your organization is not currently offering a solution
that identifies and remediates internal security
vulnerabilities, consider adding such a solution to your
security-as-a-service offering sooner rather than later to
capitalize on sizable monthly recurring revenue (MRR)
opportunities surrounding this service.

Network Detector is purpose-built to help MSPs create

their own, branded cybersecurity offering. To learn more
about this revolutionary tool, click here.

RapidFire Tools, Inc., makes Network Detective, the #1 non-invasive IT assessment tool
used by thousands of service providers around the world. It acquires a vast amount
of network data – including assets, users, configurations, and vulnerabilities – and
generates a wide array of professionally designed, completely brandable reports by the
MSP. Network Detective includes a series of different IT assessment and IT compliance
modules, each sold separately or in bundles through low-cost annual subscriptions.
RapidFire Tools also offers a line of software appliances that deliver deeper dive
assessments, cybersecurity alerts, and enhanced remote automation. All products sold
with a 30-days money-back guarantee. To learn more, visit www.rapidfiretools.com.

Easy Ways to Dominate the Security-as-a-Service Game | Network Detective 20