sakkmesterke -

Sophos expects MDR approach will chime with MSSPs

Security player’s plans to make third-party compatibility really mean something should arm managed service providers with more flexibility

Sophos is expecting its latest managed detection and response (MDR) proposition will appeal to managed security service providers (MSSPs) that are looking for flexibility.

In a nutshell, the MDR service works with third-party offerings from a range of Sophos rivals, including Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace and more.

That should make it easier for MSSPs to present it as a complementary tool to customers, rather than a rip-out-and-replace pitch.

David Mareels, director of product management at Sophos, said the approach the vendor was taking to be compatible with other vendor offerings would improve life for MSSPs. “We’re living in a very different landscape in terms of what our customers’ security stack looks like, from a technology standpoint,” he said. “Customers are no longer happy with just software-centric services.

“Customers are now pushing vendors. They say, ‘well, you’re doing a great job with managed services: consolidate and take more of my third-party telemetry’.”

Mareels said the MDR offering stood out from the crowd because of the open approach Sophos chose to take. “We’ll take that security telemetry off of you and we know how to operationalise it,” he said. “We have a data-processing pipeline which can normalise this data: we can enrich and correlate it to really make sense of it.

“Lots of people say they are compatible with third-party providers, but that’s what I would call ‘connecting the pipes’. That’s definitely an important part, but it’s not the full meal. You need to know how to operationalise that data.”

Strong demand

Mareels added that there was a strong demand from both partners and customers for Sophos to take this approach, and the expectation was that it would be welcomed by the managed service community.

Frank Dickson, group vice-president for IDC’s security and trust research practice, said: “The approach that many cyber security technology providers have taken with their extended detection and response, and their resulting MDR offerings, is to focus on integrating only their own proprietary hardware and software products, resulting in a closed and limited ecosystem offering.

“The challenge of this approach is that attributes of existing IT architectures may not be negotiable, given the realities of commercial contracts, technical debt or IT complexity.”

Read more on Security Network Services