huntress logo

What Should MSPs Have in their Stack?

Key Takeaways:

  • Managed service providers (MSPs) need to build out their security stack so that they have layered defenses that address threats on multiple fronts 

  • A solid security stack should cover everything from endpoint to network to digital identities

  • A good foundation for building out an MSP security stack includes endpoint detection and response (EDR), multi-factor authentication (MFA), and patch management




Threat actors are always looking for a new security hole to use to worm their way into an organization, whether that’s through a compromised identity, through a phishing email, or an unpatched vulnerability. How, then, can MSPs best protect themselves? It’s important for MSPs to build up a security stack that addresses the most common security threats, but before looking at any products, they need to take a reflective look at operational security goals, risks, and culture. 

MSPs need first to take a step back, consider their security gaps across the board, and identify the biggest areas of risk. They need to be intentional about developing a security-minded culture so that security awareness is embedded into daily operations. And they need to create a security roadmap to strategize how to address these gaps and risks.

After this first crucial operational measure, MSPs can optimize how they take a layered approach to the security tools, products, and processes in their arsenal. MSPs need a varied security stack because the stakes are high. Threat actors recognize that these companies have valuable access to customers’ systems and data, and MSPs have previously been targeted in cyberattacks

Here are the most vital tools and processes MSPs need in their security stack to bolster their security.


What Should MSPs Have in their Stack?

Key Takeaways:

  • Managed service providers (MSPs) need to build out their security stack so that they have layered defenses that address threats on multiple fronts 

  • A solid security stack should cover everything from endpoint to network to digital identities

  • A good foundation for building out an MSP security stack includes endpoint detection and response (EDR), multi-factor authentication (MFA), and patch management




Threat actors are always looking for a new security hole to use to worm their way into an organization, whether that’s through a compromised identity, through a phishing email, or an unpatched vulnerability. How, then, can MSPs best protect themselves? It’s important for MSPs to build up a security stack that addresses the most common security threats, but before looking at any products, they need to take a reflective look at operational security goals, risks, and culture. 

MSPs need first to take a step back, consider their security gaps across the board, and identify the biggest areas of risk. They need to be intentional about developing a security-minded culture so that security awareness is embedded into daily operations. And they need to create a security roadmap to strategize how to address these gaps and risks.

After this first crucial operational measure, MSPs can optimize how they take a layered approach to the security tools, products, and processes in their arsenal. MSPs need a varied security stack because the stakes are high. Threat actors recognize that these companies have valuable access to customers’ systems and data, and MSPs have previously been targeted in cyberattacks

Here are the most vital tools and processes MSPs need in their security stack to bolster their security.


Email security

Email security measures are essential for preventing email-based attacks like phishing emails, business email compromise, and more. This can include spam detection, filters, and authentication protocols like DMARC and SPF.


Security awareness training

Email security can certainly help block some phishing emails before they reach recipients, but some messages still get through. In these incidents, security awareness training can help targeted employees better understand the major red flags, like urgent language or strange requests—phishing emails. The 2025 Huntress Cyber Threat Report found that threat actors are upping their phishing game with techniques like QR code phishing, image-based content, and brand impersonation. Security awareness training can help employees identify these types of social engineering threats, as well as attacks that go beyond email-based phishing, like deepfakes or scams.


Password management

Threat actors are increasingly using identity-based techniques to target organizations. Translation: they’re compromising employees’ passwords, and then using that access as a stealthy launch point for further attacks. This is particularly easy for threat actors because people reuse passwords or create easy-to-guess passwords, opening the door for brute force attacks, credential stuffing, and more. Password managers can help users automatically generate new, unique passwords for each site. They can also help users store and manage these credentials so they don’t have to remember them, reducing the risk of password reuse.


Multi-factor authentication (MFA)

If threat actors do manage to swipe employee credentials, MFA is an important preventative measure to stop them in their tracks. MFA involves two or more forms of authentication beyond a password, whether that’s a push-based authentication app or a biometric fingerprint scan. MSPs should enable MFA on accounts, services, and applications as a baseline security measure.



Patch management

MSPs should have patch management tools and procedures in place to make a comprehensive game plan for the process of finding, testing, and deploying fixes for security vulnerabilities. That’s because one way threat actors find their way into an organization is by exploiting vulnerabilities. Many times, these flaws have previously been found and fixed by the product manufacturers, but MSPs don’t make the actual update to the software version that patches the flaws, leaving a gaping hole open to attackers. A patch management plan can help MSPs ensure that critical-priority fixes and patches for flaws being exploited by attackers don’t fall through the cracks.


Identity and access management (IAM)

IAM is a framework of policies and procedures that helps businesses manage user access to systems and resources. Through this framework, IT administrators can restrict access across resources to make sure that the right individuals have the right level of access. This can help prevent unauthorized access.


Identity and threat detection and response (ITDR)

While IAM focuses on access policies, ITDR focuses on incidents where those access controls are bypassed by detecting and responding to suspicious identity threat behavior. Identity-related threat behavior includes unauthorized access, the misuse of credentials, and more. ITDR solutions typically involve real-time threat detection for suspicious behavior, monitoring for attack techniques, and automated remediation to stop identity attacks. MSPs can use ITDR to protect themselves against credential theft, account takeover, business email compromise, and session hijacking.


Endpoint detection and response (EDR)

EDR is another important tool for MSPs to have in their arsenal. EDR focuses on protecting endpoint devices by monitoring for and finding potentially suspicious activity. EDR provides MSPs with the ability to proactively detect and remediate against threats on endpoints while they happen. While many of the other practices and tools that we’ve outlined thus far have focused on keeping threat actors out from the start, EDR focuses on the incidents where attackers have still managed to slip through the cracks and stops the attack before it can escalate.


Antivirus software

Antivirus software can help protect businesses’ devices from known malware like viruses and ransomware. Antivirus is a good complementary solution to EDR because of the way they both protect against threats. Antivirus typically uses signature-based detection, while EDR offers real-time threat detection by finding suspicious behavior on endpoint devices


Security Information and Event Management (SIEM)

MSPs should also consider adding a SIEM solution to their security stack. SIEM aggregates data from various sources, which can help organizations in a number of critical ways, including identifying and responding to security incidents in real time and getting a better understanding of how security incidents happen. SIEM can also help companies manage regulatory compliance. 



A complete security stack for MSPs

MSPs reading this list may feel overwhelmed by the different practices, solutions, and frameworks needed to build out their security stack. The truth is, threat actors target all different parts of organizations, from their endpoints to their digital identities. 

Build a stronger defense for your MSP today. Start by assessing your security gaps and layering your stack with essential tools like MFA, EDR, and IAM. Partner with Huntress to get expert support, real-time threat detection, and tailored guidance to protect your clients and your business. Book your free demo now and secure your MSP’s future.


Continue Reading

Top Tools for MSPs

Right arrow

Protect What Matters

Secure endpoints, email, and employees with the power of our 24/7 SOC. Try Huntress for free and deploy in minutes to start fighting threats.
Try Huntress for Free