Sophos has added integration with third-party security solutions to its managed detection and response service.
The new functionality, which is available immediately, lets Sophos analysts, partners, and end users exchange data and instructions with endpoint, firewall, cloud, identity, email, and other security systems from participants in the vendor’s Adaptive Cybersecurity Ecosystem in addition to products in the Sophos portfolio.
As a result, Sophos and channel pros alike can now better meet growing demand for expert, outsourced security assistance among businesses with multi-vendor security stacks, according to Raja Patel, the company’s senior vice president of product management.
“We don’t require them to rip and replace what they have in their environment,” he says. “We can go integrate with what they already have.”
Introduced some 15 months ago, the Adaptive Cybersecurity Ecosystem (ACE) is a cross-vendor architecture that allows Sophos to consume and act on input from third-party security solutions. Linking it to Sophos MDR adds products from Amazon Web Services, Check Point, CrowdStrike, Fortinet, Google, Microsoft, Okta, Palo Alto Networks, and others to the range of systems linked to Sophos’s SOC.
“It really opens up the environment so that we can actually do more on their behalf,” says Patel of MDR subscribers.
Technology acquired along with DevSecOps automation vendor Refactr last August, he notes, helps Sophos shorten response times when acting on threats.
Under a new pricing scheme also introduced today, subscribers can choose among three MDR levels. At the top tier, Sophos monitors and remediates threats for customers on a fully outsourced basis, updating customers on what it’s observing and combatting on their behalf via regular reporting. At the middle service tier, which Patel calls “collaborative,” Sophos shares detection and response responsibilities with partners and end users. At the lowest and least expensive tier, subscribers receive alerts from Sophos but respond to them on their own or through their MSP.
All existing MDR subscriber will be initially grandfathered into MDR Complete, the highest of the three levels.
Users at all three levels pay additional, optional fees, billed per user, for each type of third-party security technology, such as firewall or identity management, they wish to integrate with. Establishing those connections involves a one-time onboarding process that end users and MSPs can perform themselves or pay a Sophos concierge to do for them.
All MDR plans come with 90 days of data retention by default. Subscribers can pay extra to extend that up to a year.
Additional integrations will be available to MDR customers through the Adaptive Cybersecurity Ecosystem soon, according to Sophos. The vendor acquired SOC.OS, a provider of security alert services with a lengthy list of integration partners, in April to streamline the process of onboarding ACE members.
Sophos plans to draw on ACE connections for purposes beyond MDR in the coming months. “You’ll see us continuing to open up the platform for more and more types of integrations in various other dimensions,” Patel says, citing attack surface monitoring and as-a-service penetration testing as likely examples.
Originally named Sophos Managed Threat Response, Sophos MDR debuted late in 2019. The service currently has over 12,000 customers. “We’ve seen exponential growth,” says Patel, noting that businesses have been turning to outsourced security offerings more generally in recent years for help with increasingly numerous, diverse, and complex risks.
“As the problems have gotten more fragmented over time, that appetite for somebody to just take care of it for them continues to grow,” he says.
Gartner predicts that half of organizations globally will use an MDR service by 2025.