Increased Focus on MDR
CF: Last month, Sophos announced it is sharpening its focus on MDR. What will that mean for partners and are they going to see a shift in channel strategy?
SB: The focus on MDR and really cybersecurity as a service is so exciting. I think when you look at the cybersecurity landscape, it is too complex and too difficult, and it changes so fast to be effectively managed by really most organizations. Look at the complexity of environments, the complexity of security tools, and we all know the security challenge. The attacks are just incredibly sophisticated. When we launched XDR, that was nice for the more mature MSP or MSSP that they can go in and do the active threat hunting. A lot of times the challenge there is 24/7. It’s really hard to also find and retain those cybersecurity experts. So from an MDR perspective, a lot of our MSPs and partners in general have really embraced it. And I think the way that we differentiate is … we’ll look at something and if we see something, we’ll let you know, and then you go and fix it. The hands on keyboard really are designed to help the MSP go and do the remediation.
And we have three different layers we can notify if you as a partner want to go and do the remediation. We can collaborate together and we’ll work on remediation together. So when an MSP is actually looking at an MDR solution … they really just need to make sure that it’s compatible with their environment. If you have identity tools or SaaS applications in the cloud, or maybe not a Sophos firewall, you need to make sure the MDR vendor can actually ingest the telemetry. So that’s one of the things that we recently launched, the ability to ingest third-party vendor telemetry. That’s going to help with event correlation so that you can respond or we can respond in a much more comprehensive fashion. You also need to make sure that it’s compatible with your needs. I don’t think a lot of MSPs realize that they need full incident response and assistance, or do you need full incident response or just assistance. If you just need assistance, you can find 100 vendors out there. If you need the full-scale incident response, there are only a couple of vendors that do that. And then on top of that, we just launched the ability to provide an up to $1 million warranty for both MSPs and for customers. That’s just a massive differentiator. And then lastly, is it compatible with their business? Do they need just XDR? And then we have the open APIs that they can ingest that telemetry into their own data lake, or do they want us to do it for them? And does it integrate into their professional services automation (PSA) and remote monitoriing and management (RMM) tools to help with automated billing and ticketing, and all of that type of stuff.
