Sophos has purchased managed detection and response (MDR) provider Rook Security to help businesses of all sizes monitor, hunt for, analyse and respond to security incidents.
The UK-based platform security provider said it plans to combine US-based Rook Security's cyberthreat hunting and incident response capabilities with the DarkBytes Security Operations Denter (SOC) services platform acquired in January. Sophos said the new MDR services will be delivered through the company's network of approximately 47,000 channel partners worldwide.
"For an MSP to become an MSSP is very expensive," Kendra Krause, Sophos' vice president of global channels, told CRN USA. "Partners can do this without any investments in their own staff.
Solution providers looking to offer their own threat detection, investigation and response capabilities would need to hire deployment engineers and open a SOC, which Krause said could be an insurmountable hurdle for many smaller partners.
Even for MSSPs with their own incident response services, Krause said Rook Security will be able to enhance what they're doing around threat hunting and help them move to a 24/7 model. Most Sophos channel partners today, though, aren't providing customers with any type of MDR services, Krause said.
The MDR capabilities from the Rook Security acquisition are expected to be made available to Sophos partners and customers this summer, the company said. The services can be wrapped around any endpoint security sale, and are a natural extension of Sophos Intercept X with EDR (endpoint detection and response), Krause said.
Partners should expect MDR services margins to be equal to or greater than margins for product sales, Krause said. And customers and the channel alike will benefit from Rook Security's MDR capabilities being part of a complete, end-to-end security offering that include both endpoint security and firewalls, according to Krause.
Sophos plans to align its synchronised security technology and product portfolio with Rook Security, allowing Rook Security's experts to review customer security postures and ensure optimal policy configuration for Sophos products across estates. Rook Security founder and CEO JJ Thompson said the company's experts use threat hunting and data analytics to rapidly detect and mitigate active attacks.
"Together, we can implement faster, more effective threat detection and response capabilities to better protect businesses," Thompson said in statement.
Terms of the deal were not disclosed. Sophos' stock fell US$0.22 (4.19 percent) in trading Monday afternoon on the London Stock Exchange to US$5.05 per share. Rook Security was founded in 2008, and employs 19 people, according to LinkedIn.
Businesses are under siege from everything from tried-and-true phishing emails to the emerging threat of “hacker pen-testing” to find weaknesses in their IT environment, Sophos CTO Joe Levy said in a statement.
Although businesses need around-the-clock monitoring and management of what's happening in their network, Levy said many of them lack of expertise, can't keep up, or don't have the necessary in-house resources to optimally configure and manage security around-the-clock.
"With MDR, Sophos' channel partners will be able to provide businesses of all sizes with expert services that continuously detect, hunt for and respond to security incidents," Levy said in a statement.
This is Sophos' third acquisition in 2019, coming five months after the company purchased emerging cloud infrastructure vendor Avid Secure to provide end-to-end protection around public cloud services such as Amazon Web Services, Microsoft Azure and Google. Later in January, the company bought DarkBytes to serve as the foundation for its new MDR services.
Nearly two years earlier, Sophos purchased endpoint security startup Invincea for US$120 million. All told, Sophos has made 13 acquisitions since 2003, according to CrunchBase.