Sophos MDR capability from Rook and DarkBytes acquisitions to be broadly available to MSPs

The MDR services Sophos acquired with Rook Security on Monday will be integrated with the DarkBytes platform acquired earlier, and Sophos’ own EDR offerings, and made available for MSPs without deep security experience and SOCs to resell.

Kendra Krause, Vice President of Global Channels at Sophos

On Monday, Sophos announced their second managed detection and response [MDR] acquisition in 2019. Rook Security, an Indianapolis-based provider of MDR services joins DarkBytes, acquired in January as the foundation of what will become a Sophos MDR portfolio. While that portfolio will ultimately include sophisticated offerings for MSSP partners, the plan for the rest of this fiscal year is to roll out MDR services which Sophos MSP partners with less security experience will be able to resell.

The plan with the Rook acquisition was to acquire an MDR company with a strong services and support capability, whose services could be delivered on the DarkBytes platform.  Rook, which has been in business since 2008, fit the bill.

“We had looked at a lot of different companies,” said  Kendra Krause, Vice President of Global Channels at Sophos. “They have a 24/7 managed services capability, with all resources being local. They have an incredible talented team cyberthreat hunters and incident response experts. We really liked how they supported their customers. They had the same vision as Sophos has, which makes it easy to integrate all of their capabilities into Sophos.”

While DarkBytes also had begun to build out a services capability, the main attraction there to Sophos was the architectural sophistication of the platform, and its capability to deliver SOC services to organizations of all sizes.

“DarkBytes is the tech platform that we will use to provide the services,” Krause said. “Rook brings the SOC and the engineers who will provide the 24/7 support.”

Sophos also plans to align its existing synchronized security technology and product  – its Sophos Intercept X Advanced with EDR – with Rook Security’s 24/7 services for MDR customers. Rook Security experts will also be able to review these customer security postures to ensure optimal policy configurations for Sophos products. The Intercept X Advanced solution will also be required for the MDR services.

“The Rook MDR services will support the Intercept X Advanced with EDR,” Krause said. “The MDR services will work together with the Intercept Advance X with EDR. So a customer will need one to get the other, or can buy them together.”

Partners who want to resell the MDR services obviously need to have the EDR capability as well.

“The EDR is the platform,” Krause said. “You need that to be able to see what’s going on in the networking.”

The good news here though for Sophos partners is that any MSP will be able to resell these services, not just ones with SOCs or deep security experience.

“This is why our channel loves this product,” Krause said. “No matter what services a partner offers today, they will be able to resell these services. Our MSPs are ecstatic about this. Most don’t want to invest in a SOC. So they will be able to bundle this in, and we will do the MDR services on the back end.”

The plan is to first bring the MDR capabilities to market through MSPs reselling the service – but there are other plans for next year.

“We will do a lot of sales education to enable MSP partners to resell the service,” Krause said. “We then plan to launch some certification programs for MSSPs who want to be able to offer it themselves, which will include a formal certification process. Look for that likely around the beginning of our next fiscal year [April]. The first priority this year will be enabling reselling MDR.”