The cybersecurity landscape is a complex and ever-evolving battlefield. For MSPs, navigating this terrain to protect their clients can be overwhelming, often involving a plethora of tools and the constant pressure of emerging threats. I recently had the pleasure of speaking with Manoj Srivastava, chief technology and product officer of Blackpoint Cyber , who shared his insights on the current state of cybersecurity for MSPs, the crucial need to bridge the gap between proactive and reactive security measures, and what it means for Blackpoint.
Srivastava came to Blackpoint about a year ago, bringing with him more than two decades of enterprise cybersecurity experience, including, most recently, a 14-year tenure at Tenable. He found Blackpoint's focus on the SMB and MSP market a compelling shift and noted that, while at Tenable, his exposure to MSSPs provided familiarity with the indirect sales model. At the same time, Blackpoint's emphasis on detection and response – the reactive side of cybersecurity – presented a new and intriguing challenge, which he contrasted with his background in proactive measures like cyber hygiene and vulnerability prevention.
But, he doesn’t see the two as being mutually exclusive. Rather, he sees a critical evolution in the cyberscurity space: The convergence of proactive and reactive security. That evolution represents a massive opportunity for improving the cybersecurity landscape, and for helping MSPs build deeper relationships with their customers.
Manoj Srivastava
Srivastava says the industry's alphabet soup of acronyms and terms often creates confusion for customers, when all they really want to know is if they are safe today, how to prevent future breaches, and how to recover quickly in the event of an incident. That’s where the confluence of proactive and reactive come into play.
“There's an opportunity I see here with Blackpoint where we can bring both those worlds together and really help our partners understand the overall security posture for their clients,” he said.
This vision is behind Srivastava’s mandate at Blackpoint to create a “managed security posture solution” that unifies various services and products. This includes Blackpoint’s existing strengths in MDR and compliance, alongside an increasing focus on being proactive in areas such as exposure prioritization and cloud security posture. The goal is to empower MSPs to offer a more holistic security narrative to their clients, moving beyond just “firefighting” to include proactive strategies for better cyber hygiene.
“That's the journey I'm taking the organization on, really bringing the proactive and reactive worlds cohesively together, focusing on security posture, enabling our partners to be able to better articulate that story to their clients and show the value of the services they provide,” he said.
He explained that speed of resolution is really the key – it’s what partners and customers are all looking for. It also happens to be something Blackpoint excels at, with a critical piece of the equation being its human Security Operations Center (SOC), which runs alongside automation, ensuring a real person is available to address and resolve breaches swiftly.
Visualizing his strategy, Srivastava shared what he thinks are the key components of a comprehensive security program that combines speed and agility with a holistic strategy: Managed Detection and Response, Exposure Prioritization, Cloud Security Posture, Security Posture Rating, Compliance, and Security Awareness Training. Blackpoint already has a footing in several of these areas, and Srivastava's theory is that weaving them into a cohesive solution that MSPs can readily offer benefits the entire ecosystem.
“My goal is to create a managed security posture solution that brings all these different services and products as a whole that MSPs can sell,” he said. “We may build some on our own, for some we may partner with other strategic vendors and then bring them together to offer a single, unified solution.”
Just a few weeks ago, that vision became reality when Blackpoint announced CompassOne , its new unified security posture and response platform, which is designed to give organizations full command of their entire cybersecurity posture – from gaining visibility and implementing preventative measures to executing real-time response and recovery. The platform provides users with complete visibility and context across their entire attack surface, guided prioritization for addressing risks, and expert-driven insights to continuously improve and measure their security maturity over time.
“By unifying proactive hardening and real-time response, CompassOne helps organizations measure, prioritize, and strengthen their security posture over time – with holistic visibility and context, a focus on what matters most, and all from a single platform,” said Srivastava. “It’s the culmination of everything we’ve learned fighting real-world threats, built to help our customers stay ahead of the adversary and take control of their security posture like never before.”
This is just the beginning, though. The cybersecurity space is anything but stagnant, and security vendors need to stay on top of emerging threats and new technologies. Srivastava expressed optimism in the constant innovation driven by security professionals. Despite – or perhaps, because of – the ever-present threat of malicious actors, the industry continually finds new ways to improve tools and strategies.
He also pointed to significant improvement in security awareness among businesses, often integrated into onboarding processes. Blackpoint's human SOC plays a role here by not only resolving breaches but also educating partners. Indeed, Srivastava believes that vendors, like Blackpoint, should primarily shoulder this responsibility, making it easier for MSPs to focus on their businesses. Blackpoint aims to build this intelligence into their products, guiding MSPs through the user interface and enabling them to effectively communicate with their clients.
But, perhaps more importantly, Srivastava identified a significant opportunity for MSPs in helping their customers demonstrate the value of security services. He emphasized that vendors need to streamline their offerings to make it easier for MSPs, many of whom are small businesses themselves, to manage their own operations while effectively serving their clients. The sheer volume of cybersecurity vendors and tools makes it challenging for MSPs to choose the right solutions, and Srivastava suggested that MSPs should first understand their clients' needs and then identify integrated tools that align with those requirements and a future roadmap.
“The problem is real for the MSPs where they're selling, trying to attract more clients and generate more revenue, and they have to take care of their current customers as well,” he explained. “If we, the vendors, can help them with that ecosystem and help them package it all into one comprehensive solution and make their lives easier, so they can then spend more time with their clients and show more value with the limited time they have, that will be great for everyone.”
Srivastava added, “Clients are tired of hearing about tools – they want outcomes. So, instead of pitching another product, MSPs can lead with a posture-centric, proactive, strategic offering that moves MSPs up the value chain – from being a vendor of tools to a trusted security partner. That leads to stronger relationships, higher retention, and the ability to scale services more efficiently.”
Naturally, Blackpoint has some differentiators that Srivastava believes position the company well in that scenario, including unique detection techniques, its human SOC, and the ease and speed of deployment and value realization – and, of course, CompassOne, which ties everything together into one complete platform. But, he also emphasized the relationship-driven approach of Blackpoint's team, many of whom have firsthand experience in the MSP space, which has allowed the company to create a solution that will resonate with MSPs and their clients.
But, acknowledging that Blackpoint offers a premium product, Srivastava outlined an evolving product strategy with tiered offerings to cater to different levels of maturity and needs, allowing MSPs to start with a foundational level and progress to more comprehensive solutions as their clients' needs evolve. This approach fosters long-term partnerships and enables MSPs to retain clients as they grow. It also increases Blackpoint’s value proposition.
Looking ahead, in addition to the move towards more unified cybersecurity solutions within the MSP space, Srivastava expects the AI war between attackers and defenders to continue shaping the landscape. While Blackpoint’s human SOC is a key part of both its value proposition and partner- and customer-centric approach to security, he doesn’t overlook the importance of AI in cybersecurity.
“If AI can help automate the mundane things and allow the SOC analysts to focus on higher order problems, that's a great win,” he said. “There's a lot of guidance that AI models can deliver to help those analysts and even clients, where AI can help with the overall security journey starting from the onboarding process. I think you're going to see a lot of AI, not only in detection and in the SOC, but also in the entire experience.”
Ultimately, cybersecurity stands out as a paramount challenge for businesses today, given its potential to disrupt all aspects of operations. With Blackpoint’s previous success and growth, combined with Srivastava’s vision – including the realization of a unified platform for MSPs – he sees Blackpoint as being extremely well-positioned to address this challenge by championing the need to unify proactive and reactive security.
Srivastava’s advice is sound. If they take time to understand their clients' current security postures and business goals, and by meeting clients where they are and aligning security solutions with their broader roadmaps, MSPs can build stronger, more effective partnerships. His vision for Blackpoint provides the technology for MSPs to adopt such a client-centric approach to security.
Edited by
Erik Linask
