HailBytes SAT for MSSPs: Running Multi-Client Phishing Simulations at Scale

Managed security service providers face a specific challenge with phishing simulations: they need to run campaigns across dozens of clients with complete data isolation, different template sets, different schedules, and different reporting requirements - without the cost structure of a per-seat SaaS platform multiplied across every client. At $5 per user per year across a client base totaling 10,000 employees, that’s $50,000 annually in platform licensing alone. Most MSSPs absorb that cost and deliver thin margins, or they skip phishing simulations entirely.

HailBytes SAT changes the economics. Each AWS instance handles unlimited users and campaigns for a single client. The per-instance pricing means your cost scales with the number of clients, not the number of employees. A 20-client MSSP portfolio costs a fraction of what a per-seat SaaS vendor would charge, and you keep full control over the infrastructure, the data, and the reporting.

MSSP Multi-Client Architecture - Isolated Environments, Shared Infrastructure

Per-client groups in HailBytes SAT - segment each client's departments inside their dedicated instance.

Architecture: One Instance Per Client

The cleanest multi-client architecture uses dedicated HailBytes SAT instances per client. Each client gets their own EC2 instance from the AWS Marketplace AMI, running in your MSSP’s AWS account (or the client’s, depending on your service model). Data isolation is physical - no shared databases, no shared credentials, no risk of campaign data leaking between clients.

This approach has operational benefits beyond isolation. When a client churns, you terminate their instance and all associated data is gone. When a client requests a penetration test that includes phishing, you spin up a fresh instance, run the engagement, export the report, and tear it down. No cleanup, no data retention concerns, no shared infrastructure to audit.

Manage all instances through AWS Systems Manager or your preferred infrastructure-as-code tool. Tag instances by client name, engagement type, and status. A Terraform module that provisions a HailBytes SAT instance with the correct VPC, security groups, and DNS records takes about 15 minutes to build and reduces new client onboarding to a single command.

Template Management Across Clients

Phishing templates are the core intellectual property of an MSSP’s simulation practice. Build a master template library organized by difficulty level (easy, moderate, hard, spear-phish), scenario type (credential harvest, malware download, BEC), and industry vertical (healthcare, finance, technology, government). Store templates as HTML files in a Git repository, version-controlled and reviewed by your red team.

When onboarding a new client, deploy the appropriate template set based on their industry and maturity level. A healthcare client gets templates themed around EHR system updates, HIPAA training notifications, and insurance provider communications. A financial services client gets wire transfer confirmations, audit request notices, and regulatory compliance alerts. Customization is the difference between a generic simulation and one that tests whether employees recognize the threats they actually face.

HailBytes SAT’s template system supports merge fields for per-client personalization. Build templates with variables for company name, internal system names, and sender identity. A single template becomes instantly reusable across clients by swapping the merge field values. Your red team builds templates once; your delivery team deploys them everywhere.

Role-based User Management per client instance - give the client's security team read-only access while your analysts keep admin rights.

Reporting That Your Clients Will Actually Use

MSSPs live and die by their reports. HailBytes SAT exports campaign data as CSV, which gives you raw material but not a client-ready deliverable. The recommended approach: build a reporting template in your preferred tool (Google Slides, PowerPoint, or a BI dashboard) that pulls from HailBytes SAT’s CSV exports and auto-populates the metrics.

A strong MSSP phishing report includes five sections: executive summary (one paragraph, one key number), campaign details (template used, timing, target count), results breakdown (click rate, credential submission rate, time-to-click distribution), department comparison (which departments are most vulnerable), and recommendations (specific next steps with urgency ratings). The report should take 30 minutes or less to produce per client per month - if it takes longer, your template needs work.

For clients who want real-time visibility, HailBytes SAT’s web dashboard can be accessed directly. Set up a reverse proxy with HTTP basic auth or VPN access so the client’s security team can watch campaign results in real time without needing SSH access to the underlying instance. This self-service access reduces your support burden and makes clients feel ownership over their security awareness program.

Per-client Audit Logs - JSON and CSV exports, plus REST API and webhooks, plug straight into your MSP SIEM or client-facing reporting pipeline.

Pricing Your Phishing Simulation Service

The standard MSSP pricing model for phishing simulations is per-employee per-year, matching how the enterprise SaaS vendors price. The difference is your margins. If KnowBe4 charges $18–$30 per user and your cost basis with HailBytes SAT is a fraction of that per instance (regardless of user count), your margin on a 500-person client is substantial.

A typical MSSP tiered offering: Basic (quarterly campaigns, standard templates, summary report) at $2–$4 per user/year. Professional (monthly campaigns, industry-specific templates, department-level reporting, repeat offender tracking) at $5–$8 per user/year. Premium (monthly campaigns plus targeted spear-phishing for executives, custom templates, remediation coaching for repeat offenders, compliance-ready evidence packages) at $10–$15 per user/year.

At the Professional tier, a 500-person client generates $2,500–$4,000 in annual revenue. Your cost: one HailBytes SAT instance plus approximately 2–3 hours of analyst time per month for campaign execution and reporting. Across a portfolio of 20 clients, that’s a high-margin service line built on a platform you fully control.