MSSP, AI benefits/risks, SOAR

What Our Research Reveals About how MSSPs Use Automation

Credit: Getty Images

We recently published the results of our 2024 MSSP Survey, where we heard from active professionals at MSSPs and got their perspectives on the state of the industry. The topics included where MSSPs see opportunities for growth in the coming years, the surprising types of tasks that give them the most trouble, and how they are using artificial intelligence.

You can read more about our findings on AI in our last guest article, and for a great overview of the survey, check out this article by MSSP Alert’s Jim Masters.

One of the topics we wanted to take an especially close look at was MSSPs’ use of — and feelings about — automation. What we found was very interesting. In this article, we will explore some of the findings about automation and MSSPs, as told to us by the people in the industry.

82% of MSSPs Use a Medium or High Amount of Automation

As an automation vendor, it’s hard to know if we have a skewed perception of how many MSSPs are using automation, so, in our survey we asked, “to what extent are security automation tools used by your organization?”

Thirty-one percent of respondents said their MSSP used a high amount of automation, 51% said they used a medium amount, and 18% said a low amount. Not a single respondent said the MSSP they worked for used no automation. This was an encouraging result, since we believe automation is a no-brainer for MSSPs that want to grow their customer base and improve their services.

We also asked, “which is the primary tool your organization uses for automation?” SOAR came out on top, with 33%. ITSM was named by 29%, XDR by 20%, EDR by 11%, and hyperautomation by 4%. 2% chose “other.”

Of course, we were pleased to see SOAR named as the most common primary automation tool. However, it was interesting to see ITSM as a close runner-up, since that is not a security-specific tool. This suggests that while most MSSPs are leveraging automation, it isn’t always used at the level of automating security tasks.

Automation Helps MSSPs Deliver their Core Services

In an earlier section of the survey, we asked what services MSSPs offered, giving a list of 10 services from which respondents could pick as many services as were applicable. Later, we asked, “which services does automation help your organization deliver?” and respondents had the same list to choose from.

The top five services delivered with the help of automation were 24/7 event monitoring (73%), vulnerability assessment and management (53%), penetration testing (49%), managed SIEM (42%), and MDR (42%).

Comparing those results to the earlier answers about services offered, we can get a sense of what services are most likely to be automated. 94% of the time when 24/7 event monitoring is offered, automation is used to help deliver it. Comparatively, automation is only used to deliver MDR 72% of the time and managed SIEM 70% of the time.

We were also interested to know what one thing respondents don’t yet automate but would like to. We got a wide range of written answers. 13% of responses cited incident response and 11% cited reporting, but the rest of the answers were spread across many security functions, such as vulnerability management and penetration testing. No clear favorite emerged from the data.

Automation Supports Three Key Business Outcomes

In addition to how automation factors into MSSP services, we were very interested to know the impact of automation on the business outcomes of MSSPs, as well as how automation affects their employees. We also wanted to test the validity of the idea that businesses use automation as a cheaper alternative to human workers, so we asked, “what effect has automation had on your staffing levels?”

Unsurprisingly to us, only 4% of respondents said that automation had been used to replace existing staff. The much more common answer — at 67% — was that the number of staff had not changed, but their output had increased. At least among our sample of MSSP pros, we can say that the idea that automation will push out human workers is largely a myth.

That finding helps explain how positively our respondents feel about automation. When asked, “what effect has automation had on your job satisfaction?” 87% said the effect was positive, 11% said there wasn’t much of a difference, and just 2% said it was negative.

The ultimate goal of every MSSP is to thrive as a business, so we wanted to know how automation was supporting that mission. When asked what automation has helped their organization to do, 67% said it had helped increase revenue, 64% said it had improved profit margins, and 64% said it had helped differentiate their business from competitors.

Our survey clearly illustrates the profound impact of automation on the managed services industry, but that’s just one of the topics we covered. Be sure to check out the entire 2024 MSSP Survey to get more insights.

About D3 Smart SOAR for MSSPs

D3 supports MSSPs around the world with our Smart SOAR platform. D3 provides full multi-tenancy, so you can keep client sites, data, and playbooks completely segregated. Importantly, we’re vendor-agnostic and independent, so no matter what tools your clients use, our unlimited integrations will meet their needs. D3’s Event Pipeline can automate the alert-handling capacity of dozens of analysts, while reducing alert volume by 90% or more. Watch our case study video with High Wire Networks to see how a master MSSP uses Smart SOAR.

Guest blog courtesy of D3 Security. Read more D3 Security guest blogs and news hereRegularly contributed guest blogs are part of MSSP Alert’s sponsorship program.

You can skip this ad in 5 seconds