When Sophos recently acquired managed detection and response (MDR) specialist DarkBytes, the deal reinforced a growing thesis across the MSP (managed services provider) industry.
The thesis goes something like this: Most smaller MSPs don't have their own security operations center (SOC) teams and associated technologies. But those same MSPs want to push deeper into cybersecurity. Amid that reality, Sophos acquired DarkBytes with an eye towards assisting MSPs worldwide.
In a statement to MSSP Alert, Sophos VP of Global Channels Kendra Krause offered this perspective on the deal, and its implications for partners:
“Sophos’ strategy to address the growing MDR space is driven by our recognition that the vast majority of partners do not have a security operations center (SOC) or the expertise themselves, yet the demand for managed security services continues to grow. Customers are looking to managed services for either part or all of their cybersecurity needs in the face of the fast evolving threat landscape. Sophos’ acquisition of DarkBytes expands our portfolio and enables our partners to remain competitive without extensive investment in their own facilities or expertise. Sophos remains committed to the delivery of products and services through the channel, and continues to drive our “channel first, channel best” approach to the market."
So how will Sophos partners and end-customers consume DarkBytes' technology? Krause continues:
"Sophos is supporting partners by allowing them to license our endpoint detection and response (EDR) technology to innovate and advance their own MSSP business and security operations center capabilities, or to eventually offer to their customers MDR services from Sophos when they become available.”
Small MSPs and Big SOC Requirements
Admittedly, there are numerous ways for small MSPs to consume and/or extend SOC services to end-customers.
For instance:
- SolarWinds MSP is offering threat monitoring software to experienced MSSPs. Those MSSPs consume the software and extend related to services to smaller MSPs. SolarWinds maintains R&D control of the code but those MSSPs essentially run the code on their own.
- Continuum, in contrast, leverages third-party software from SentinelOne and Netsurion (EventTracker) to extend MSSP services to MSPs. Continuum also has a close relationship with Webroot.
Additional SOC Options for Partners
MSPs, MSSPs & channel partners have a lengthy list of additional SOC business model options. The lineup includes...
- AlienVault, now owned by AT&T, Netsurion and others develop software that many MSPs use in their SOCs;
- ConnectWise distributing Foresite’s MSSP, compliance and SOC capabilities;
- ChannelSOC, which surfaced at the CompTIA ChannelCon 2017 conference;
- CyberBit, which offers a SOC to MSSP partners like MNS Group;
- CyFlare — which has a SOC for VARs; and
- Infogressive, a growing master MSSP that offers services to MSPs.
