Shared cost model
ADJUST SLIDERS TO MODEL CLIENT COUNT AND PRICE
Fixed monthly cost — all three tools
Vulnerability Scanner
$350
per month
vPenTest
$495
per month
Network Detective Pro
$350
per month
Total floor
$1,195
must cover this
Model your pricing
Breakeven & margin targets by client count
| Clients | Breakeven | 25% margin | 40% margin | 50% margin |
|---|
Vulnerability Scanner
SALES GUIDE — TALKING POINTS & OBJECTION HANDLING
Vulnerability Scanner
Continuous visibility into exposed weaknesses across the client's environment — before attackers find them first.
$350/mo shared cost
Best-fit clients
Strong fit
- Law firms with client data obligations
- Financial services under SOC 2 or GLBA
- Healthcare / HIPAA-adjacent
- Any client post-incident or near-miss
- Clients with remote workers or BYOD
Decent fit
- SMBs with 20+ endpoints
- Clients recently onboarded (unknown baseline)
- Companies with frequent staff turnover
- Anyone asking "are we secure?"
Talking points & objections
Talking points
See what attackers see
A vulnerability scanner finds the same open doors a hacker would probe — misconfigured services, unpatched software, weak credentials — before they're exploited.
Continuous, not once-a-year
Your environment changes constantly — new devices, software updates, new staff. A one-time audit goes stale in weeks. This runs continuously and alerts on new exposures.
Compliance evidence
Regulators and cyber insurers increasingly want proof of ongoing scanning. This gives you a report you can hand an auditor without scrambling.
SMB angle
Most small businesses assume they're too small to be targeted. In reality, SMBs are preferred targets because defenses are weaker. This levels the playing field.
Objection handling
"We already have antivirus / EDR."
EDR catches malware after it's running. A vulnerability scanner finds the unlocked door before anyone walks through it. They solve different problems and work together.
"We've never had an incident."
That's exactly when to start — not after one. Most breaches exploit vulnerabilities that existed for months before anyone noticed. This tells you your current exposure, not yesterday's.
"We just had a security audit."
Audits are snapshots. The week after your audit, a new CVE drops, someone installs software, or a firewall rule gets changed. Continuous scanning keeps you current.
"What does it actually find?"
Unpatched OS and application vulnerabilities, open ports that shouldn't be exposed, misconfigured services, outdated protocols like TLS 1.0, and weak or default credentials.
vPenTest
SALES GUIDE — TALKING POINTS & OBJECTION HANDLING
vPenTest
Automated penetration testing that simulates a real attack — proving whether vulnerabilities are actually exploitable, not just present.
$495/mo shared cost
Best-fit clients
Strong fit
- Law firms and financial services
- Clients with cyber insurance requirements
- Post-breach clients rebuilding trust
- Clients facing vendor security questionnaires
- Anyone with compliance audit exposure
Decent fit
- SMBs with sensitive client data
- Clients asking "could we actually be breached?"
- Growing companies adding staff or systems fast
Talking points & objections
Talking points
Scanning finds vulnerabilities. Pen testing proves they matter.
A vulnerability scanner is a checklist. A pen test is a hacker trying to actually use those vulnerabilities to get in. You need to know which weaknesses are genuinely dangerous.
Real-world attack simulation
vPenTest mimics the techniques actual attackers use — lateral movement, credential abuse, privilege escalation — and tells you exactly how far they could get.
Actionable report, not a raw list
You get a prioritized remediation report: here's what's exploitable, here's how bad, here's how to fix it. Not a 200-page CVSS dump you can't act on.
Cyber insurance & compliance
Many insurers now require evidence of penetration testing. This gives you that documentation — and often justifies a lower premium.
Per-user math works in your favor
Market rate for automated pen testing runs ~$10/user/month. A 30-user client at market rate is $300/month — and a 50-user client is $500/month. Use that math when a prospect pushes back on price: you're at or below what they'd pay going direct.
Objection handling
"Isn't a pen test just for big companies?"
That used to be true when pen tests cost $15,000–$30,000 per engagement. vPenTest makes it accessible at a fraction of that cost, on a recurring basis — so you're not relying on a once-a-year snapshot.
"What's the difference between this and the vulnerability scanner?"
The scanner finds unlocked doors. The pen test tries to walk through them, take something, and get back out without being noticed. You need both — discovery and proof of impact.
"Will it disrupt our systems?"
vPenTest is designed to be non-destructive. It tests exploitability without causing downtime or data loss. We schedule it during low-traffic windows and you're notified throughout.
"We passed our last audit."
Audits check configuration against a standard. Pen tests check whether that configuration actually holds up under attack. Passing an audit and being secure aren't always the same thing.
Network Detective Pro
SALES GUIDE — TALKING POINTS & OBJECTION HANDLING
Network Detective Pro
Deep network assessment and risk reporting — surfaces what's actually on the network, what's misconfigured, and what's been missed.
$350/mo shared cost
Best-fit clients
Strong fit
- New clients during onboarding
- Clients with no current network documentation
- Businesses after a merger or acquisition
- Clients preparing for QBRs
- Regulated environments needing risk reports
Decent fit
- SMBs that have grown organically with no IT planning
- Clients with aging or undocumented infrastructure
- Anyone asking about network risk or compliance posture
Talking points & objections
Talking points
You can't secure what you can't see
Most SMBs have devices, services, and open ports they don't know about. Network Detective Pro builds a complete picture of what's actually on the network — including shadow IT.
Ready-made risk report
It generates a professional risk assessment you can hand a client during a QBR — showing them exactly where they stand and what needs attention. Makes you look sharp.
Perfect for onboarding
When you take on a new client, you inherit their unknown risks. This gives you a baseline scan immediately — so you know what you're walking into before it becomes your problem.
Surfaces misconfigurations
Open shares, outdated OS, misconfigured AD, password policy gaps — things that don't show up in day-to-day support tickets but represent real exposure.
Objection handling
"We already know what's on our network."
Most clients say this — until we run the scan. Shadow IT, personal devices, forgotten servers, and unauthorized software show up constantly. The gap between "what we think is there" and reality is usually significant.
"How is this different from what you already do for us?"
Day-to-day support is reactive — we fix what breaks. Network Detective Pro is proactive — it looks for what's quietly wrong before it breaks, or before an attacker finds it first.
"We don't have compliance requirements."
You don't need a compliance mandate to have a breach. And increasingly, cyber insurers are asking for network risk documentation even for small businesses. This gives you that.
"What do we do with the report?"
We walk through it with you. Every finding is prioritized — critical, high, medium. We build a remediation roadmap together. It becomes the foundation for your security roadmap going forward.
Prospect pricing
RECOMMENDED SELL PRICES FOR NON-CLIENTS — BASED ON MSP MARKET RATES
How to read this
These are standalone prices for prospects who are not existing NTG managed clients. Pricing is based on current MSP market rates for each product category. SMB rates apply to general small business clients. Regulated rates apply to law firms, financial services, healthcare, and any client with a compliance framework. Bundle pricing offers a modest discount to close faster and lock in recurring revenue.
Individual product pricing
Vulnerability Scanner
Your cost: $350/mo shared
SMB
$200
– $350 /mo
REGULATED
$400
– $700 /mo
At $200/mo you're at market floor and covering cost with 2 clients. Regulated clients justify the higher rate due to compliance documentation value.
vPenTest
Your cost: $495/mo shared
SMB
$300
– $500 /mo
REGULATED
$600
– $1,000 /mo
Traditional pen tests cost $5K–$30K per engagement. Your recurring model is a significant value story — lean on that comparison hard.
Network Detective Pro
Your cost: $350/mo shared
ONE-TIME
$750
– $2,500
RECURRING
$200
– $400 /mo
Strong as a paid assessment to open the door with a prospect. One-time assessment naturally leads to a managed services conversation.
Bundle pricing — all three products
SMB BUNDLE
$599/mo
All three tools, one line item
REGULATED BUNDLE
$999/mo
Law firm / financial / healthcare
YOUR FLOOR (ALL 3)
$1,195/mo
Break even at 1 prospect client
A single SMB bundle prospect at $599/mo covers 50% of your floor. Two covers it entirely — everything after that is margin. One regulated client at $999/mo nearly covers the floor on its own.
Positioning notes for the sales conversation
Lead with the bundle
Three tools, one monthly number, one conversation. It's harder to say no to a package than to approve three separate line items. Start there and discount to individual only if needed.
Use Network Detective as the door opener
A one-time paid assessment ($750–$1,500) is low friction for a prospect. Run it, show them what you found, and the managed security conversation writes itself.
Anchor against traditional pen test cost
Tell prospects that a single traditional pen test engagement runs $5,000–$30,000. Your recurring vPenTest model delivers that continuously for a fraction of the cost. That framing closes deals.