Q: When we bring new customers on board at my MSP, we give them an all-inclusive service, which includes a free basic firewall that we integrate into our offering. Some of my techs have been pushing for us to move to a next-generation firewall instead to help minimize risks. We would probably have to increase the cost of the packages for our current customers if we did this though. Is it really a change we need to make? What are the benefits of switching, and how can I explain the transition to our current customers?
We’ve talked to quite a few MSPs that have taken a similar approach. They’re offering a basic level of security to their customers, but they’re realizing they need to start offering a more robust solution. While a basic firewall can offer some protection, the reality is advanced threats can still sneak through. We know that conversations with your customers about increasing the price might not be easy, but in the long run a more robust solution could save them from having to pay hefty ransoms down the road or deal with costly downtime that could be caused by a breach.
To help you decide if this is the best option for your MSP, we talked to one of our Systems Engineers, Kyle Marsan. Kyle shared his advice on why MSPs should consider moving their customers to a next-generation firewall and what you should focus on when you’re trying to convince current customers to move to a more advanced solution.
How next-generation firewalls can help SMBs
At the very least, your customers should have a firewall. Even in this day and age, there are companies out there that don’t, but it’s silly not to. A free or low-cost firewall like you’re offering now will protect your customers — but not the same way a next-generation firewall can. Here are the reasons why you should consider offering your customers’ a robust firewall offering:
Increased security. To qualify as a next-generation firewall, it must have antivirus and intrusion detection and prevention systems (IPS/IDS) on the box, and combat zero-day attacks. Most usually also have a sandboxing feature that checks all incoming links and attachments to make sure they aren’t malicious. Some next-generation firewalls do this right on the box, but others use a dedicated server for sandboxing to allow the firewall to run at full capacity while the links are being tested.
When legacy firewalls were first introduced, they were really there to stop your basic virus and web directors, which were simply annoying, not necessarily harmful. The thing that made next-generation firewalls a necessity are the more sophisticated types of malware attacks like ransomware, which started with CryptoWall and CryptoLocker and has become increasingly common. These threats really showed the IT channel that we need to take security seriously and do more to protect ourselves and our customers.
With new, nasty threats consistently emerging, it amazes me to see how many people still fall victim to attack. This usually happens for one of three reasons:
A. People aren’t taking security seriously or educating employees about it.
B. There are too many variants for basic security solutions to keep up.
C. Threats are constantly being changed to bypass security features.
Increased support and better reporting. If your customers are on a basic firewall, there is often little or no support available to you. While customers may have you to turn to, with a more advanced solution there is often dedicated teams constantly incorporating updates to mitigate the most recent attacks. With a next-generation firewall, not only are your customers getting more advance protection, but you’re getting all the support and resources behind it as well.
Next-generation firewalls also have a better reporting system, which will make your life easier. Better reporting can also help you demonstrate the value of a more advanced solution. If you can show a customer that their new firewall has blocked three attacks in the first month, that’s a powerful way to highlight the overall value of the solution. Not only will a more robust solution help you save time and money by not having to recover data as often, but it can help show customers all the potential threats they’re safeguarded against.
Navigating the conversation with customers
Having a conversation with your customers about increasing the price of their services isn’t always easy. In fact, it can be very awkward. However, having this conversation with your customers is the next step to ensuring that their business is safe from ransomware attacks.
It is key to focus on the security benefits. Moving away from a free basic firewall might cost your SMB customers a bit more per month to implement, but it will protect their business more. Most SMBs are very focused on how much money they’re spending, but if they’ve ever experienced an attack, a next-generation firewall can give them an extra layer of protection to prevent it from happening again. Try to provide statistics to back up your points or a case study about another business saved by a next-generation firewall. Highlighting important data and examples like this can help them understand the value in increasing their security.
Most businesses have some sort of regulations they need to follow. Whether it’s HIPAA, FINRA, PCI, or simply employee privacy protection, every business has data worth protecting. Making smart choices about security keeps the information you want to keep internal, internal, and keeps threats out. An advanced firewall can help businesses protect the integrity of that confidential information.
While it might seem like a no-brainer to switch your customers to a more robust solution, look into the solution and do your homework. Try out a solution if you can, and put it through the paces. Every firewall does things a little differently, so find out what they can and can’t do before you choose one to implement.
Ask Intronis is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between. Submit your questions by emailing AskIntronis@intronis.com.