RSA & Black Hat 2024: The growing ecosystem of cybersecurity services

Altman Solon is the largest global strategy consulting firm exclusively working in the TMT sectors. This insight is part of a series dissecting cybersecurity trends – including the expanding role of identity security, consolidation in and convergence across the sector, and the rise of niche cybersecurity services – from the 2024 RSA and Black Hat Conferences. Here, we look at the growing ecosystem of cybersecurity services for enterprises of all sizes.

Cyberattacks have more than doubled since the COVID-19 pandemic, affecting businesses of all sizes. While for many years the cybersecurity service ecosystem was relatively underdeveloped, this year's RSA and Black Hat conferences showcased the impressive growth of cybersecurity services. Managed detection and response (MDR) service providers are aggressively courting smaller businesses and the mid-market. On the flip side, the "outsourced CISO" service providers were less present at the conferences than in years past, as larger enterprises invest in full-time CISOs, and smaller companies seek out managed service providers. Regarding managed security and managed service providers (MSP and MSSPs), they are marketing one-time services, like security benchmarks and threat assessments, as a point-of-entry strategy. For enterprises, the growth in these offerings can ensure top-notch security services; for investors, the growth in cybersecurity services should be seen as a growth market.

Managed detection & response services are expanding

During RSA, the cybersecurity provider Expel announced an expansion of their MDR offerings, designed to tackle the needs of any company, regardless of size, cybersecurity maturity level, and budget. This expansion was characteristic of MDR providers who are actively expanding their offers and targeting small and medium businesses (SMBs). Indeed, for organizations with limited resources and difficulty recruiting cybersecurity talent, MDR services can fill a gap or, in some cases, replace an internal security operations center (SOC) altogether. Other MDR service providers, like eSentire, Arctic Wolf, and Rapid7, have also been advancing their capabilities to gain further traction in the market.

Similarly, CrowdStrike announced an extended partnership with Google Cloud to better power its Mandiant incident response (IR) and MDR services. This partnership will strengthen CrowdStrike's middle-market capabilities, making CrowdStrike's Falcon platform accessible to end users who don't have a team of security analysts. Investors should continue to pay attention to the MDR space, with vendors actively vying for space in a growing mid-market.

Outsourced CISOs are going out of style

While MDRs were everywhere at RSA, outsourced CISO services were noticeably absent from both formal sessions and the expo floor. Although over 30 sessions were devoted to CISOs, none of them made the case for outsourcing these competencies. Additionally, leading providers in the space were not marketing their services as widely as in years prior.

As CISOs become increasingly critical to company operations and strategy, enterprises with the resources and the scale to manage their own security require CISOs who are not only competent but also poised to navigate security risks with confidence. Smaller organizations with limited expertise and bandwidth seek managed security providers who can increasingly tailor their services to an appropriate scope and service level. A case in point, the edge cloud platform Fastly announced a managed cloud security service providing accelerated service level agreements (SLAs) that guarantee customers proactive notice and incident mitigation within 30 minutes of discovery.

Managed service providers experiment with one-time, low-cost services for cross-selling

We expect that MDR, and managed security providers will continue engaging customers through low-cost threat assessments, penetration testing, or vulnerability scans to demonstrate their value to customers facing security threats. For example, RSA featured MSPs and MSSPs offering one-time professional services as a point of entry for new customers. Throughout the conference, these providers promoted one-time services ranging from advisory, consulting, and offensive security testing, as opposed to the managed services which are core to their business. As an example, Critical Start, an MDR firm, announced free Quick Start Assessments to evaluate an organization’s security posture and benchmark their maturity via a 15-question guided survey.

MSPs, MDRs, and investors...

For enterprises, the growth in cybersecurity services, from MDR products to fully managed security, means that a world-class SOC team can be within reach, even for SMBs. However, companies still need to ensure that services are scoped appropriately and that an escape route is built to avoid any costly vendor lock-in.

For investors, the expanded offerings from managed security and MDR providers make these companies attractive investments in a rapidly growing market. Traditional managed service providers extending their capabilities and using security as a vector for growth may also present exposure to a growing cybersecurity market, potentially at a lower multiple than MDR and MSSP vendors. Likewise, investors should welcome the emergence of one-time services by their portfolio companies, as this can be a means to cross-sell into recurring managed services.

Submit the form to receive our in-depth report on cybersecurity trends.