A good MSP has a great security stack. Efficiency in your stack is important for keeping your hard costs (licensing etc.) low but also for improving your efficiency and driving down your service delivery costs.

Your security stack is central to everything you do as an MSP and it's central to everything you will do in HighGround. You will map it to your clients security, include it in your security services and packages in our Sell module, and much more.

However, building a good security stack isn't easy. There are so many bases to cover, so many ways to do it and a seemingly endless supply of products in the market.

Use HighGround to cut out the noise and focus on making sure you have solutions in all the right areas, and a shortlist of vendors you can check out. By using HighGround to build your stack, it also ensures everyone in your MSP is on the same page with a single source of truth.

​

Your security stack is made up of a combination of technologies and practices.

Technologies: almost identical to a tool, a technology is the genre of tool, where as the tool is the tool itself. You will have a tool for these technologies e.g. Sentinel One for Endpoint Protection.
​
​Practices: these are things that you do, but do not necessarily have a tool for them, e.g. enabling SPF, DKIM and DMARC to improve clients email security and DNS Security to improve a clients domain security (increasingly, vendors are releasing tools for practices)

For each technology in the security stack you can link 1 or more tools that you use. If you don't see the tool you use in our list you can still add it to your stack by using the search feature and clicking the blue 'Add xxx' text.

Adding your tools: Click on the technology and search for the tool you use. HighGround has a pre-populated list of MSP centric tools for you to select from. If you can't find the tool that you use, start by searching for that tool and click the "Add xxx" blue text to add your own custom tool.

Multi Technology Tools: If your tool is multi-technology, HighGround will notify you of this and prompt you to review these additional technologies. This will save you time when building your stack whilst reminding you of what other services your current providers can offer so you can get better pricing by buying more from the same vendor.

Technology Groups: Some technologies are grouped together in HighGround and you will need to expand them to see and answer them. Examples include Data Loss Prevention, Backup and Secure Configuration.

Missing tools: If you do not have a tool in your stack for any of the technologies in the security stack module, HighGround is a great place to learn what MSP centric tools are available in the market and are being used by other MSPs. If you don't have a tool and/or don't want to provide a service for a given technology, you can always select 'No' at the top and provide an explanation (e.g. "we are looking into solutions in Q2 this year).

The image below demonstrates the relationship between technologies, tools and products, as well as practices.

​

After you've added your tools to your stack, it's time to link them with the products that you actually buy from your vendors/suppliers. When the tools are linked with the actual products you buy, we are able to use them in HighGround as follows:

Client Security Tool Suggestions: when you connect your PSA, HighGround will scan the products you have sold to your client. When there's a match between a product you have sold them and a tool in your stack, HighGround will suggest that your client uses this tool. You can perform this action from the Cyber Score modal.

Building Security Services: when you build your security services in the HighGround Sell module, you will map the tools in your stack to the technologies you are including in the service. At this point, HighGround will ask you to select which product you would like to use and this will be included in the 'Product costs' section of the service, ensuring you cost your services accordingly.
​

You can add additional data for the tools in your security stack for better documentation purposes. This will also come in useful in future releases of HighGround where we will be launching an Insights module.

Status: This will show you if you can integrate this tool with HighGround (status: connect) or if you have already integrated it (status: connected).

​Reason: provide a reason for why you use this tool e.g. 'this tool is awesome' or 'stuck in contract until May 2026'.

​Monitored by SOC: you can select whether the tool can be monitored by a Security Operations Centre (SOC) and if so, you can select from Always, Optional and Never. If you select optional, this will allow you to set it manually when mapping your clients security posture or when including it in a security service.

Linked Products: You can link your tool to 1 or more products. These products can be synced from your PSA and/or added manually in the Sell module.

Contract end: The date your contract with the vendor/supplier for the tool is due for renewal.

Supplier: Who you buy the tool from.

Note: Add any additional notes about the tool that will help you or your team.
​

You can update your security stack at any time by adding new tools, making changes to current tools or removing tools completely.

To remove a tool, select the technology, find the tool, click '...' and click Remove.

If you want to remove a tool from your stack which is actively in use in HighGround (e.g. you have mapped the tool in a clients Cyber Score or have added the tool to a Security Service in the Sell module), you will be prompted to reallocate these with another tool from your security stack or to add a new tool to your security stack.

Your security stack is a core part of your service offering to clients and is used throughout HighGround.

When you've built your security stack, it becomes much easier to map your clients security posture and build the security services you will offer to clients.

Your clients cyber score is determined by what technologies they have. This process is a lot like building your own MSP security stack. For each technology listed there is a 'yes' and a 'no' option. When selecting 'yes' for a technology you will add the tool(s) that your client uses and select if it is monitored by a Security operations centre (SOC).

Each technology you provide an answer for establishes the cyber score your client is given.
​
​

You can build managed security services and packages in HighGround that you can sell and apply to your clients. Here is a overview of the steps involved:

Create Security Services: create your security services, during which you will select what technologies and practices are included and map these the tools in your security stack.
​
​Create Security Packages: security packages are a collection of 1 or more security services. This gives you freedom and creativity to bundle your managed security offerings to clients in different ways for different clients without re-engineering the actual security service you are providing. It also helps to keep your costs under control and protect your margins.

Apply a Security Package to a Client: when a client decides to buy one of your security packages, you can apply this to the client with a single click. At this point, the tools in your security stack that you have included in the security package (via the security services) will be automatically applied to your clients.
​
​

The majority of MSPs focus heavily on tools but have a weak spot when it comes to delivering on the governance and resilience needs of clients.

Whilst some MSPs have some or all of these capabilities internally, most will partner with MSSPs who specialize in these areas such as Governance, Risk & Compliance (GRC ) and Offensive Security like Penetration Testing.

Either way, it is essential that you determine what your position is, so that you can work on either creating partnerships, deciding what services you will and won't offer, advise clients on your position for these items and maintain consistency across your team.

For each of the Governance & Resilience items, you can select Yes, No or Under Review. For No and Under Review answers, you can add a note with additional information that will be useful for your team.

Once you get the hang of HighGround, you may find it time consuming to map your clients security stack, or cross-reference a technology across multiple clients at the same time by reviewing these on a per-client basis.

You can use the 'Map across your clients' features to view the mapping in a Matrix view, which you will find much easier.

Map your MSP Toolset across your clients: use this feature to map your toolset across multiple clients quickly. You can also use it to find out all clients that do/don't have a particular technology (e.g. 'I want to see all clients who have Email Filtering')

Map your Clients Governance & Resilience: use this feature to map your clients governance & resilience capabilities across multiple clients quickly. You can also use it to find out which clients have a particular capability (e.g. 'I want to know what clients have an Incident Response Plan').