bluebay2014 - stock.adobe.com
Validating security effectiveness: The secret to upselling in tough times
Ryan Kunker, Picus Security, senior director of channels and alliances, shares advice on how to upsell during an economic downturn
Being a cyber security reseller or provider of managed security services in today’s market means balancing the contradictions of client requirements and client restrictions. Businesses are torn between wanting to invest more in security and also wanting to spend less.
The challenge for channel partners is navigating these contradictions - helping clients enhance their defense against ever more sophisticated adversaries while simultaneously proving the need for security spending to address critical gaps.
Why security teams want to invest more
There are several immediate and significant reasons why security teams want to invest more in security. Most teams struggle to keep pace with the latest threats, leading to security fatigue.
There are business factors too. Regulators and cyber-insurance firms have much stricter requirements than they did in the 2010s. Organizations must be able to demonstrate a high level of security maturity to prove compliance and qualify for policies.
Why business leaders want to spend less
While an appetite for new solutions to help reduce the load may sound like an ideal backdrop for resellers and service providers, upselling new security tools and services to customers can prove difficult in the current climate.
New investments can be challenging to justify, and ROI is rigorously scrutinized by business leaders under pressure from boards to be more efficient. Indeed, many organizations are now actively seeking to rationalize investments and reduce the number of security controls they use.
The importance of measuring effectiveness
To help clients balance the need to do more with less, resellers and MSSPs need to adapt their approach. Simply pitching the latest technologies without first assisting clients to quantify and optimize the performance of their existing ones is a strategy doomed to fail. A better approach is to work with clients to help them measure their current security posture more accurately and obtain the evidence they need to make decisions and the case for new investments.
The benefits of automated security validation
Using automated security validation tools that simulate cyber threats is an ideal way for security resellers and MSSPs to help organizations understand their readiness to prevent and detect the latest threats as well as make more informed choices about where to invest their time and resources.
By simulating malware, ransomware, and attack techniques used by the latest adversaries, the latest security validation solutions tools go far beyond the scope of vulnerability scanning to help partners proactively identify their clients’ threat coverage and visibility gaps. Partners can then work with clients to address these gaps through consultancy or by upselling new products and services.
Suppose a simulation finds that a client’s existing tools do not prevent, detect, or generate alerts for specific attack techniques used by the latest ransomware gangs. With automated validation, MSSPs have the capability to demonstrate to the client that its existing tooling needs to be reconfigured, or new tools are required to broaden coverage.
Depending on a client’s maturity, security validation assessments can be offered as occasional health checks or frequent assessments that generate recurring revenues.
Another considerable benefit of automated security validation tools is the significant time and efficiency savings they afford compared to manual pen testing and red teaming assessments. Automated tools deliver outcomes in hours, not days. They are also a force multiplier, enabling those partners that offer services to increase the capacity of testing without a need to add headcount.
Today, more than ever, channel partners must help clients make data-driven security decisions – and demonstrate where security investments may be essential or optional.
By taking advantage of the latest security validation technology, resellers and MSSPs can help clients get the best from their existing controls, be more efficient, and make a stronger case for new products and services that can enhance resilience.
Only by supplying quantifiable evidence will partners increase customer trust and be able to demonstrate their value more effectively in today’s tough economic climate.