1.0 - Introduction
A good MSP has a great security stack. Efficiency in your stack is important for keeping your hard costs (licensing etc.) low but also for improving your efficiency and driving down your service delivery costs.
Your security stack is central to everything you do as an MSP and it's central to everything you will do in HighGround. You will map it to your clients security, include it in your security services and packages in our Sell module, and much more.
However, building a good security stack isn't easy. There are so many bases to cover, so many ways to do it and a seemingly endless supply of products in the market.
Use HighGround to cut out the noise and focus on making sure you have solutions in all the right areas, and a shortlist of vendors you can check out. By using HighGround to build your stack, it also ensures everyone in your MSP is on the same page with a single source of truth.
2.0 - My MSPs Toolset
Your security stack is made up of a combination of technologies and practices.
Technologies: almost identical to a tool, a technology is the genre of tool, where as the tool is the tool itself. You will have a tool for these technologies e.g. Sentinel One for Endpoint Protection.
Practices: these are things that you do, but do not necessarily have a tool for them, e.g. enabling SPF, DKIM and DMARC to improve clients email security and DNS Security to improve a clients domain security (increasingly, vendors are releasing tools for practices)
For each technology in the security stack you can link 1 or more tools that you use. If you don't see the tool you use in our list you can still add it to your stack by using the search feature and clicking the blue 'Add xxx' text.
2.1 - Adding your tools
Adding your tools: Click on the technology and search for the tool you use. HighGround has a pre-populated list of MSP centric tools for you to select from. If you can't find the tool that you use, start by searching for that tool and click the "Add xxx" blue text to add your own custom tool.
Multi Technology Tools: If your tool is multi-technology, HighGround will notify you of this and prompt you to review these additional technologies. This will save you time when building your stack whilst reminding you of what other services your current providers can offer so you can get better pricing by buying more from the same vendor.
Technology Groups: Some technologies are grouped together in HighGround and you will need to expand them to see and answer them. Examples include Data Loss Prevention, Backup and Secure Configuration.
Missing tools: If you do not have a tool in your stack for any of the technologies in the security stack module, HighGround is a great place to learn what MSP centric tools are available in the market and are being used by other MSPs. If you don't have a tool and/or don't want to provide a service for a given technology, you can always select 'No' at the top and provide an explanation (e.g. "we are looking into solutions in Q2 this year).
2.2 - Relationship between Technologies, Tools, Products & Practices
The image below demonstrates the relationship between technologies, tools and products, as well as practices.
Note: this is a simplified version of the relationship. It is possible for a Tool to be multi-technology. In these circumstances, vendors may have different licenses available, hence why we allow multiple products to be linked with a tool.
2.3 - Linking your tools to products
After you've added your tools to your stack, it's time to link them with the products that you actually buy from your suppliers. When the tools are linked with the actual products you buy, we are able to use them in HighGround as follows:
Client Security Tool Suggestions: when you connect your PSA, HighGround will scan the products you have sold to your client. When there's a match between a product you have sold them and a tool in your stack, HighGround will suggest that your client uses this tool. You can perform this action from the Cyber Score modal.
Building Security Services: when you build your security services in the HighGround Sell module, you will map the tools in your stack to the technologies you are including in the service. At this point, HighGround will ask you to select which product you would like to use and this will be included in the 'Product costs' section of the service, ensuring you cost your services accordingly.
To learn more about using your security stack across HighGround, read our How your security stack is used in HighGround article.
2.4 - Additional tool details
You have the ability to add additional data for the tools in your security stack, helping to keep your documentation thorough and up-to-date. This added flexibility will also prove valuable in future releases of HighGround, especially with the upcoming launch of our Insights module, where this data will be put to good use.
Status: This field lets you know if the tool is ready to integrate with HighGround (status: connect) or if it has already been integrated (status: connected). It helps you quickly assess where you stand with each tool in your stack.
Reason: You can add a brief note explaining why you’re using each tool. Whether it’s because "this tool is awesome" or you’re "stuck in a contract until May 2026," this field gives you a quick reference point for understanding your choices.
Monitored by SOC: Here, you can select whether the tool is monitored by a Security Operations Centre (SOC). You can choose from Always, Optional, or Never. If you select Optional, this gives you the flexibility to manually configure the tool's monitoring status when mapping your clients' security posture or including it in a security service package.
Note: for tools that are always monitored by a SOC, this will be pre-set to 'Always'.
Linked Products: You can link your tool to one or more products, allowing for greater visibility and organization. These products can either be synced from your PSA or manually added through the Sell module, depending on your preference.
Contract End: This is the date when your contract with the vendor or supplier for the tool is due for renewal. Keeping this updated ensures you never miss a deadline for renegotiation or renewal.
Supplier: Here, you can specify who you’re purchasing the tool from. This helps keep track of your vendors and streamline your procurement process.
Note: Add any additional notes about the tool that may be helpful for you or your team. Whether it’s reminders, special configurations, or any specific tool-related details, this field ensures everyone stays on the same page.
2.5 - Updating your Toolset
You have full flexibility to update your security stack at any time—whether you want to add new tools, make adjustments to existing ones, or completely remove tools you no longer need.
To remove a tool: Simply select the technology, locate the tool you want to remove, click the '...' menu, and select Remove. It's that easy.
Important: If the tool you want to remove is actively being used in HighGround—such as being mapped in a client's Cyber Score or included in a Security Service in the Sell module—you'll be prompted to take action.
3.0 - Using your Security Stack
Your security stack is a core part of your service offering to clients and is used throughout HighGround.
When you've built your security stack, it becomes much easier to map your clients security posture and build the security services you will offer to clients.
Tip: You can now use AI to help provide your answers when you select that you do not have a tool for a specific technology. To learn more on AI read our Using AI in HighGround article.
3.1 - Building a clients cyber score
Your clients cyber score is determined by what technologies they have. This process is a lot like building your own MSP security stack. For each technology listed there is a 'yes' and a 'no' option. When selecting 'yes' for a technology you will add the tool(s) that your client uses and select if it is monitored by a Security operations centre (SOC).
Each technology you provide an answer for establishes the cyber score your client is given.
3.2 - Building your security packages
You can easily build and manage security services and packages in HighGround that are tailored to your clients' needs. Here's an overview of the steps involved:
Create Security Services: Start by creating your security services, where you’ll select the technologies and practices you want to include. From there, you’ll map these services to the tools in your security stack, ensuring a seamless integration with your existing resources.
Create Security Packages: Security packages are made up of one or more security services. This gives you the flexibility to bundle your managed security offerings in various ways, tailored to the specific needs of each client. The best part? You don’t have to reinvent the wheel each time—you can easily reuse the same security services across different packages. This approach not only saves time but also helps keep your costs in check, ensuring your margins stay protected.
Apply a Security Package to a Client: Once a client decides to purchase one of your security packages, you can apply it to their account with just a single click. The tools from your security stack, which you’ve included in the security package through the security services, will be automatically applied to the client. This streamlined process saves you time and ensures the client’s security posture is instantly updated.
4.0 - Governance & Resilience
Many MSPs tend to focus heavily on the tools they provide, but often fall short when it comes to meeting clients' governance and resilience needs.
While some MSPs may have these capabilities in-house, the majority choose to partner with MSSPs (Managed Security Service Providers) who specialize in areas such as Governance, Risk & Compliance (GRC) and Offensive Security services, like Penetration Testing.
Regardless of the approach you take, it's crucial to define your position on these areas. This clarity will guide you in forming partnerships, deciding which services you will or won't offer, and providing clear guidance to your clients. Additionally, it ensures consistency across your team when it comes to communicating your offerings.
For each of the Governance & Resilience items, you’ll have the option to select Yes, No, or Under Review. If you choose No or Under Review, you can add a note with relevant details to help keep your team informed and aligned.
5.0 - Applying your stack on mass
As you become more familiar with HighGround, you might find that mapping your clients' security stack or cross-referencing a specific technology across multiple clients can be time-consuming when reviewing them individually.
That's where the 'Map Across Your Clients' feature comes in handy. With the Matrix view, you'll be able to see everything in one glance, making the process much quicker and easier.
Map Your MSP Toolset Across Clients: This feature allows you to quickly map your entire toolset across multiple clients at once. It’s also a great way to identify which clients have—or don't have—a particular technology. For example, you can easily search for all clients that use Email Filtering, saving you time and effort.
Map Your Clients' Governance & Resilience: Similarly, you can use this feature to quickly assess your clients' governance and resilience capabilities across multiple accounts. Want to know which clients have a specific capability, like an Incident Response Plan? Simply use this feature to find that information instantly.
With these tools at your disposal, managing your clients' security and governance becomes faster, more efficient, and less of a headache.