What is a Managed Security Service Provider?

How does an MSSP differ from an MSP?

What is an MSP?

First, let’s review what an MSP is, in order to better distinguish it from an MSSP. In simple terms, a managed services provider is a third-party organization contracted out by a customer to perform various (usually ongoing) IT services. As opposed to a typical value-added reseller (VAR), which traditionally operates on a transactional and short-term basis (such as around a hardware purchase and deployment), MSPs typically partner with their customers over annual, or multi-year periods, receive recurring income for continuous services.

An MSP can help a customer at any stage of their IT lifecycle, including:

  • creating policies and programs
  • scoping potential solutions
  • implementing solutions
  • monitoring performance


MSPs can also manage ongoing IT services, such as by updating systems and making configuration changes to adapt to business needs. These service line items can include help desk support, network and application management and monitoring, hardware repair, and more. These services are generally outlined and agreed upon in an SLA (service level agreement).

How does an MSSP differ from an MSP?

The extra “S” in MSSP indicates that it is more focused on security than a typical MSP. While MSPs are increasingly offering security services (some may even have an MSSP practice rolled into the larger MSP business), MSSPs are purely focused on security. 

Here are some of the technology offerings we include deploying, configuring, and/or managing the following technologies:

  • Intrusion prevention systems (IPS)
  • Web content filtering
  • Anti-virus (AV),
  • Anti-spam
  • Firewalls (UTMs, NGFWs, etc.)
  • VPN
  • Vulnerability scanning
  • Patch management
  • Data loss prevention (DLP)
  • Threat intelligence
  • Identity access management (IAM)
  • Privileged access management (PAM)
  • Risk assessments and gap analysis
  • Policy development and risk management
  • Solution scoping
  • Solution/tool research and requisition
  • Solution implementation
  • Management of security systems
  • Configuration management
  • Security updates
  • Reporting, auditing, and compliance
  • Training and education