The RSA Conference 2026 just wrapped, and the channel came home with a problem it already had before the flight to San Francisco.
Too many tools. Too many vendors. Too many promises.
Every major security vendor showed up with a new platform, a new integration story, and a comp plan designed to get more SKUs into your stack. Partners are now dealing with rising costs and an overabundance of security tools that don’t talk to each other, require separate training, and eat margin from every direction. Some are building security capabilities in-house just to escape vendor lock-in.
That’s the tell. When MSPs start insourcing capabilities, it’s not because they love operational complexity. It’s because the vendor economics stopped making sense.
Here’s the real problem: tool sprawl isn’t just an operational headache. It’s a silent margin killer that shows up as technician hours, training costs, and renewals you can’t justify to clients. The average MSP carries 15 to 20 security point solutions. Each one needs patching, monitoring, and at least one person who actually knows how it works. Each one has a renewal cycle, a price increase, and a sales rep calling to add a module.
The math breaks before you realize it.
Think about what you’re actually charging customers for security. Most managed security packages got built incrementally — $X for endpoint, $Y for email filtering, $Z for the SOC add-on — stacked on top of each other as new threats emerged and vendors pushed new products. The monthly cost to deliver that stack grew with each addition. The price you charged the client usually didn’t.
That’s not a pricing problem. That’s a portfolio design problem.
WatchGuard CEO Joe Smolarski has been making a pointed argument: a consolidated platform approach can double MSP margins on cybersecurity. His logic isn’t complicated. If you consolidate from six tools to two, you reduce technician time, simplify renewals, and create a package you can actually price confidently. The margin doesn’t double because the vendor has magic economics. It doubles because you stop bleeding hours on tool management.
You can debate whether WatchGuard’s specific platform is the answer. The underlying argument isn’t debatable. Fewer tools, deeper expertise, cleaner margin math — that formula works. What doesn’t work is competing on breadth, promising customers you cover every threat surface, and running a stack so complex only two techs on your team actually understand it.
The security market is moving to MSPs. Context’s analysis of early 2026 channel data shows managed services growth in security outpacing every other delivery model. UK and Ireland saw 42% managed security growth. Germany was up 72%. Customers can’t hire the skills internally. Compliance requirements are accelerating the shift. The demand is real.
But demand flowing to the MSP model doesn’t mean every MSP captures it equally. The ones winning are delivering a coherent security posture — something a customer can understand, audit, and trust. Not a list of 15 vendors that roughly covers the NIST framework.
WatchGuard’s threat research found a 1,500% spike in unique endpoint malware. That number is real and it’s going to end up in customer conversations. When your customer asks what you’re doing about that, “we have a tool for endpoints” isn’t an answer. A coherent detection, response, and monitoring program is an answer.
That’s what customers are paying for. The distinction between “we have a tool” and “we have a program” is where MSP pricing breaks in your favor — or doesn’t.
What actually works in 2026: Pick a security platform that covers the core threat surface and go deep on it. Endpoint, network detection, email, identity — you don’t need six vendors to cover those four. You need one or two that integrate natively and reduce handoff points. Build service packaging around your platform expertise, not around the vendor catalogue.
Then raise your prices.
Not incrementally. Materially. If you consolidated from a sprawling stack to a defensible core and built a documented security program around it, you’re now delivering something a customer can actually evaluate and trust. That’s worth more than the 12 point solutions you replaced, most of which you were never fully utilizing.
The MSPs treating security as a product line — more tools equal more coverage equal higher billings — are running a model that’s eroding. The ones treating it as a practice — defined scope, documented methodology, accountable outcomes — are the ones capturing the margin that comes with genuine expertise.
This isn’t new territory for the channel. Security has been the top channel revenue category for two years running. What’s new is the competitive separation between MSPs who built a real practice and those who bolted on tools. RSA just made it more obvious. Customers who’ve been burned by breaches despite “having security” are asking harder questions. The answer to those questions is practice depth, not product count.
Cut the stack. Build the practice. Charge accordingly.