ChannelLife New Zealand - Industry insider news for technology resellers
New Zealand
Scott
#
Firewalls
#
Network Security
#
SOCs

Turning security into a story: How managed service providers use reporting to drive retention and revenue

Fri, 24th Apr 2026 (Today)
By Scott Jenkins, Solutions Architect, SonicWall

Reporting is the main way to show your customers exactly what you've done for them, and SonicWall can help. 

The Day a Great MSP Almost Lost Everything 

Marcus had built something to be proud of - a 14-person managed services practice protecting 60 small businesses with a solid SonicWall stack: NSM for centralized firewall management, Capture Client on endpoints, and Cloud Secure Edge for remote-heavy clients. His team was catching threats every single week. 

Then Coastal Fabrication, a customer of over five years, called to say they were switching to a competitor for $200 a month less.

Marcus drove over with uptime logs, patch records, and blocked threat counts. The owner listened politely, then said something Marcus never forgot:

"I appreciate what you've done, Marcus. I just don't really know what that is."

That was the moment Marcus realized he had a reporting problem.

The Invisible MSP

Security, when it's working, produces an absence of bad events. Customers don't see the threats you blocked, the patch applied 48 hours after a critical CVE dropped, or the configuration drift you caught before it became an entry point. They see a quiet network and a monthly invoice, and eventually they fall into the very human trap of thinking there was never a problem in the first place. After all, if they never have any security issues, why are they paying for security services? That might seem like a silly question, but it's one that gets asked every day.

Invisible protection is a business problem. It's great that, as an MSP, you're protecting your customers so well they never have problems. However, if customers can't see what you're delivering, renewal conversations become cost negotiations instead of value conversations.

What You're Actually Delivering

Marcus mapped out the five core pillars of his practice. The pillars he came up with are true for any MSP.

Monitoring: continuous watching of network health, security events, and threat indicators, enabling fast, reliable detection.

Patch and Firmware Management: the unglamorous engine of security. The 2025 SonicWall Cyber Threat Report found that 75% of exploits occur within four days of public disclosure, with 61% striking within 48 hours. The average unmanaged organization takes 120–150 days to patch. That gap is the business case for managed services.

Configuration Management: catching and correcting policy drift before it becomes an entry point.

Alert Response: the fast, expert response when something goes wrong that delivers customers the confidence they're paying for. 

Reporting: the deliverable that makes all the others visible. Without it, the other four pillars exist only inside your operation.

Building Reporting that Scales with SonicWall

Manual reporting was unsustainable for a managed services practice the size of Marcus's. SonicWall's platform made reporting simple and automatic.

NSM's Capture Threat Assessment gave him a customer-ready view of threat types, attack vectors, top blocked threats, and trends over time - the centerpiece of every quarterly business review.

The Security Assessment Report went deeper, surfacing configuration gaps that naturally led to expanded service conversations. The Change Report delivered complete firewall audit trails in minutes, making it easy to handle compliance-driven customers.

Capture Client added the endpoint layer: EDR events, threat hunting findings, and complete profiles of device activity across Windows, macOS, and Linux. Cloud Secure Edge closed the final gap for hybrid and remote workers, demonstrating that security coverage followed users wherever they went.

Where Retention Gets Built

Eighteen months after his near-miss, Marcus introduced quarterly business reviews for his mid-tier and premium customers. The first time he sat with a client holding a full QBR deck - threat data, assessment reports, improvement trends, and three specific 90-day recommendations - the client asked:

"What else should we be doing?"

With that question, Marcus moved from just another vendor to a trusted strategic advisor.

The data backed it up. Marcus's renewal rate for QBR customers was 96%. For basic monitoring customers receiving only monthly reports: 71%. The reporting relationship was the retention mechanism.

Packaging the Story

Marcus restructured into three tiers:

Foundation: core monitoring, patch management, configuration management, and monthly operational reports.

Standard: added alert response SLAs, Capture Client endpoint protection, and quarterly business reviews. Customers at this tier could describe their security posture to their boards and auditors. They renewed without being asked.

Premium: compliance-focused reporting, Cloud Secure Edge management, advanced threat hunting, and SonicSentry MXDR and MPSS for 24/7 SOC and NOC coverage. 

The key: iron-clad, documented deliverables at every tier. Ambiguity is where MSP relationships break down. Specificity is where trust gets built. This specific documentation provides regular proof of value to customers.

Epilogue: Coastal Fabrication Comes Back

Three years later, Marcus called Coastal Fabrication. He'd heard through the MSP community that the competitor's reporting was minimal and their QBR program nonexistent.

The owner answered. Marcus asked how things were going.

There was a pause. Then:

"To be honest, it's about the same as before. I still don't really know what they're doing."

Coastal Fabrication returned six weeks later, this time on the Standard Tier. At their first QBR, Marcus walked the owner through the Capture Threat Assessment, the Security Assessment, the Configuration Change Report, and the Capture Client endpoint summary. 

The owner sat quietly for a moment. Then:

"I didn't know any of this was possible."

Reporting is how you tell your MSP story so your customers don't just see your value: they want to drive more value with you.

The Framework, In Brief

The framework Marcus used can be applied to almost every MSP. Using three simple stages helps you group your clients and provide clear deliverables for each tier.

Early stage: Monthly operational reports - threats blocked, patches applied, uptime, incidents. Use NSM's built-in reports to eliminate manual data collection. 

Growth stage: Add the Capture Threat Assessment and Security Assessment. Lead with threat landscape context. Introduce quarterly business reviews.

Maturity stage: Full rhythm - monthly operationally, quarterly strategically. Integrate PSA Hub, layer in Capture Client, WNM, and CSE reporting for a complete story.

At every stage, the goal is the same: make the invisible visible. Make the protection your customers are receiving something they can see, understand, and value.

MSPs who win long-term aren't just delivering security. They're delivering the experience of being protected. Reporting is how they prove it.

Scott Jenkins, Solutions Architect, SonicWall
Related stories
Elastic ties security platform to Google's air-gapped cloud
From scramble to certainty: rethinking tax time for Kiwi small businesses
CrowdStrike launches AI security coalition with partners
ClickHouse deepens Google Cloud tie-up with four updates
Granicus names seven digital government award winners

Top stories

Infosecurity Europe adds AI summit amid cyber defence shift
Valeo expands Google Cloud tie-up with Gemini rollout
Kingston expands industrial memory & SSD range in APAC
Commvault extends Clumio support to Google Cloud Storage
Commvault brings cloud resilience tools to Google Cloud