A longtime icon in the MSP space, Puglia compares MSPs’ moves to cybersecurity to another big shift that happened a decade or more ago – the move from break/fix to managed services.

Puglia spoke to ChannelE2E at the Kaseya Connect event in Las Vegas and emphasized that the change to focus on cybersecurity has been massive over the last three years, he said.

“Cybersecurity used to be a specialty,” he said. “You only had MSSPs.” But then SMB customers could see the rate of cyberattacks happening to businesses of all sizes and they started understanding they needed cybersecurity protection, too.

A second factor behind the growth of cybersecurity for MSPs is that the technology to offer it “has come downstream, massively, in the past three years,” Puglia said. “If you look at many years ago, MDR products or EDR or XDR, all that alphabet soup – that was the realm of enterprises, and you needed a computer specialist to run it.”

That’s when Kaseya acquired RocketCyber, fortifying its own cybersecurity stack that it offers to MSPs. RocketCyber was purpose-built for MSPs and had already offered integrations across the Kaseya product line.

Puglia noted that since then, three years ago, many more MSPs have offered more sophisticated cybersecurity services. It’s not just antivirus and firewalls anymore; Puglia noted that over half of MSPs are now offering MDR. Among operationally mature MSPs, that number is higher. For instance, 94% of ChannelE2E’s 2023 Top 100 Vertical Market MSPs offer MDR services.

Another emerging category of cybersecurity services offered by MSPs is penetration testing. Just over half of ChannelE2E’s 2023 Top 100 Vertical Market MSPs offer some form of pen testing.

Puglia told ChannelE2E that after Kaseya introduced its own automated network pen testing service last year, he was surprised at the rate of adoption. In the year since the company introduced it, following the acquisition of Vonahi Security, 1,900 MSPs have signed on to offer the service to 12,000 SMBs performing a total of 27,000 pen tests.

MDR and pen testing are among the suite of cybersecurity services that Kaseya offers to MSP customers. The company’s approach to providing cybersecurity services is the same as its approach to offering IT management services. Kaseya promotes the deep integration of all its tools as providing a superior experience. Because of that, the company typically chooses to build or acquire technology rather than partnering or integrating with other vendors to fill the gaps in the MSP stack.

Puglia told ChannelE2E that Kaseya’s approach to its cybersecurity products and services is informed by the NIST Cybersecurity Framework. Kaseya’s stack includes antivirus, EDR, MDR, email security, vulnerability scanning, and automated network pen testing.

MSPs continue to grow as the front line of cybersecurity for SMBs as the threat landscape evolves and managed service providers adapt.

“There are those MSPs that are going to continue to offer IT help support, but more and more are now offering cybersecurity,” Puglia said. “They’re not just embedding it as part of their subscription. They are packaging it.”

Jessica C. Davis is Editorial Director of CyberRisk Alliance’s channel brands — MSSP Alert and ChannelE2E. She also oversees content and programming for the MSSP Alert Live event. She has spent a career as a journalist covering the business of technology including chips, software, the cloud, AI, and cybersecurity. She previously served as Editor in Chief of Channel Insider and later of MSP Mentor where she was one of the first editors to oversee the creation and vision of the MSP 501 list.