The managed service provider (MSP) landscape is rapidly transforming, driven by shifting customer expectations, growing compliance demands, and the surge of AI-driven automation. At the forefront of this evolution is Matthew Warner, CEO and co-founder of Blumira, a cybersecurity company with deep roots in the MSP space.
In this CloudTweaks interview, Matthew shares his insights into the most pressing challenges and exciting opportunities facing MSPs in 2025. From vendor consolidation and tool sprawl to hybrid security best practices and community-driven growth, we explore how MSPs can stay competitive and future-ready in a dynamic digital environment.
Matthew, the MSP space has gone through major changes in recent years. What are the most significant shifts you’re seeing in how MSPs are evolving in 2025?
Having started in the backroom of an MSP, I’ve seen firsthand how quickly this space has—and continues to–evolve. In 2025, the biggest shift is that MSPs are no longer just service providers; they’re becoming full-fledged security advisors. To keep up, they’re leaning heavily into scalable, automated detection and response tools like those we’ve built at Blumira, which reduce the burden on their teams while improving outcomes. We’re also seeing a surge in MSPs investing in education and certifications to build technical skills and differentiate themselves in a crowded, competitive market.
How are customer expectations changing when it comes to the cybersecurity services MSPs provide, especially for small and midsize businesses?
Customers—especially SMBs—are expecting more proactive, always-on protection from their MSPs. They’re no longer satisfied with just basic antivirus or firewall setups; they want real-time detection, rapid response, and clear evidence that their provider can handle evolving threats. The expectation is that MSPs bring enterprise-grade cybersecurity down to a manageable and affordable level for smaller organizations, which is exactly where solutions like Blumira step in. We’re helping MSPs meet that demand with easy-to-deploy, automated security tools that don’t require a full security operations center (SOC) to operate, giving SMBs confidence without overwhelming their budget.
The most successful MSPs adapt their business models to meet these changing expectations while maintaining a healthy margin, offering per-seat, all-inclusive pricing packages rather than à la carte security services. But the key to profitability isn’t becoming a security generalist, it’s specializing in specific customer verticals by deeply understanding and meeting their needs. By focusing on particular industries like healthcare or financial services, MSPs can build expertise in relevant compliance requirements and develop tailored security service bundles. This helps them command better margins while still delivering the comprehensive security services their clients demand. Blumira’s platform is designed to support this model, giving MSPs the flexibility to bundle our capabilities into their specialized offerings without requiring significant overhead or specialized security staff.
For example, you may recall SocGholish, a malicious fake browser update used to spread malware through JavaScript downloads. The malware uses obfuscated filenames (like “Updаte.js”) and delayed activation (“long sleeps”) to bypass detection tools. Blumira has been following this malware for some time and we were able to layer security controls and alerts, enabling affected customers to respond swiftly and prevent ransomware deployment.
With increasing pressure around compliance and security, do you think MSPs are moving more toward specialization, or are most still taking a generalist approach?
There’s a growing trend toward specialization, primarily driven by necessity. As compliance frameworks like CMMC, HIPAA, and PCI DSS become more demanding and as cyber threats grow more complex, MSPs realize that a generalist approach just isn’t sustainable for all clients. We’re seeing more partners carve out niches, whether it’s healthcare, manufacturing, or financial services, so they can align their security and compliance offerings to industry-specific needs.
What kind of impact are automation and AI having on how MSPs manage security operations and scale their services effectively?
Automation and AI are game changers for MSPs striving to scale cybersecurity without overwhelming their teams. Most small and midsize MSPs can’t afford a full 24/7 SOC, but automation bridges that gap by streamlining detection and response, turning what used to take hours or days into a matter of minutes. AI enriches alerts with context, cuts through noise, and guides faster action without requiring deep threat expertise, giving technicians confidence instead of fatigue. Blumira is built with these people-first principles in mind—empowering MSPs to deliver enterprise-grade security outcomes while preserving their team’s time, focus, and mental health. By reducing alert fatigue and manual triage, we help MSPs avoid burnout and sustain long-term, high-impact protection for their clients.
Many MSPs are dealing with tool sprawl and vendor fatigue. How important is vendor consolidation right now for streamlining operations and improving outcomes?
Vendor consolidation is becoming a top priority for many MSPs, and it’s easy to see why. Managing a patchwork of 10 or more tools across diverse client environments creates inefficiencies, increases risk, and makes it harder to maintain consistent service quality. Fragmented tech stacks complicate data correlation, slow down response times, and stretch teams thin as they try to stay trained across multiple platforms. As a result, MSPs are increasingly seeking integrated solutions that streamline detection, response, and reporting, reducing complexity so they can focus on delivering security outcomes, not managing overhead.
Hybrid environments seem to be the new standard for most clients. What best practices are emerging for MSPs to secure networks, endpoints, and cloud environments in an integrated way?
Hybrid environments have become the norm, and that complexity demands a unified security strategy. Savvy MSPs are adopting practices centered on visibility and automation across all layers, including centralized log collection, cloud-native threat detection, endpoint telemetry, and identity monitoring. It’s about creating a cohesive picture, so nothing falls through the cracks, whether it’s a misconfigured cloud bucket or a compromised workstation. Blumira helps MSPs do that by providing integrations across Microsoft 365, endpoint platforms, and firewalls—so they can detect threats early and act fast, no matter where they originate.
For newer MSPs trying to build trust and credibility, what strategies or differentiators tend to work best in a crowded and competitive landscape?
For newer MSPs, standing out doesn’t require an extensive service portfolio—it comes down to demonstrating that you can detect threats quickly, respond effectively, and communicate clearly with clients. Specializing in a specific industry or compliance area can offer an edge, but even generalist MSPs can differentiate themselves through automated reporting, proactive insights, and transparent metrics that showcase their value. By highlighting security operations as a core strength, MSPs can build trust and position themselves as strategic partners, not just service providers. The ability to show impact through clear, consistent communication often speaks louder than a long list of offerings.
Peer-driven communities, training programs, and co-marketing initiatives seem to be gaining traction. How are those types of support programs helping MSPs grow their reach and reputation?
As MSPs grow, the entire tech ecosystem grows alongside them. Peer-driven communities and structured support programs have become essential to helping MSPs scale effectively, especially in high-stakes, fast-evolving fields like cybersecurity. These communities foster knowledge sharing, practical problem-solving, and access to hard-earned insights that go far beyond any product documentation. Training, certifications, and co-marketing opportunities accelerate skill development and business credibility, enabling MSPs to expand confidently and efficiently. The most successful tech vendors recognize that investing in their partners’ success ultimately fuels their own long-term growth.
Given Blumira’s roots in the MSP world, how has that firsthand experience influenced your approach to serving MSP partners today?
Blumira was born out of real-world MSP experience, and that practical insight drives every aspect of our platform. We understand the constant pressure MSPs face—juggling limited time, lean teams, and clients who demand top-tier protection with SMB budgets. That’s why we’ve built features like one-click cloud integrations, out-of-the-box detections, and guided response playbooks that work seamlessly within existing MSP workflows. Our platform deploys in hours, not weeks, and enables security teams to act confidently. From product roadmap to support programs, every decision is made with the goal of making cybersecurity more accessible, scalable, and sustainable for growing MSPs.
With the recent enhancements to your MSP program, how is Blumira aligning its platform and resources with the evolving needs of MSPs in 2025 and beyond?
In 2025, MSPs are under immense pressure to keep pace with an evolving threat landscape, dealing with everything from ransomware-as-a-service to stealthy initial access malware like SocGholish, as I mentioned, all while navigating tight budgets and rising client expectations. That’s why we’ve expanded our MSP program with features and support that directly address these challenges. Purpose-built integrations with platforms like Microsoft 365 and ConnectWise PSA help MSPs detect and respond faster across the tools they already use. Our certification programs and partner enablement resources accelerate readiness against modern threats, while dedicated success roles ensure MSPs are never navigating this landscape alone. By combining automation, visibility, and education, we’re helping MSPs stay ahead of attackers—and ahead in the market.
By Randy Ferguson