Sophos Buys Managed Detection And Response Vendor Rook Security

Even for MSSPs with their own incident response services, Sophos global channel chief Kendra Krause said Rook Security can enhance what they're doing around threat hunting and help them move to a 24/7 model.

ARTICLE TITLE HERE

Sophos has purchased managed detection and response (MDR) provider Rook Security to help businesses of all sizes monitor, hunt for, analyze and respond to security incidents.

The Oxford, U.K.-based platform security provider said it plans to combine Indianapolis-based Rook Security's cyberthreat hunting and incident response capabilities with the DarkBytes Security Operations Denter (SOC) services platform acquired in January. Sophos said the new MDR services will be delivered through the company's network of approximately 47,000 channel partners worldwide.

"For an MSP to become an MSSP is very expensive," Kendra Krause, Sophos' vice president of global channels, told CRN. "Partners can do this without any investments in their own staff.

id
unit-1659132512259
type
Sponsored post

[Related: 5 Things To Watch For At Sophos Discover 2019]

Solution providers looking to offer their own threat detection, investigation and response capabilities would need to hire deployment engineers and open a SOC, which Krause said could be an insurmountable hurdle for many smaller partners.

Even for MSSPs with their own incident response services, Krause said Rook Security will be able to enhance what they're doing around threat hunting and help them move to a 24/7 model. Most Sophos channel partners today, though, aren't providing customers with any type of MDR services, Krause said.

The MDR capabilities from the Rook Security acquisition are expected to be made available to Sophos partners and customers this summer, the company said. The services can be wrapped around any endpoint security sale, and are a natural extension of Sophos Intercept X with EDR (endpoint detection and response), Krause said.

Partners should expect MDR services margins to be equal to or greater than margins for product sales, Krause said. And customers and the channel alike will benefit from Rook Security's MDR capabilities being part of a complete, end-to-end security offering that include both endpoint security and firewalls, according to Krause.

Sophos plans to align its synchronized security technology and product portfolio with Rook Security, allowing Rook Security's experts to review customer security postures and ensure optimal policy configuration for Sophos products across estates. Rook Security Founder and CEO J.J. Thompson said the company's experts use threat hunting and data analytics to rapidly detect and mitigate active attacks.

"Together, we can implement faster, more effective threat detection and response capabilities to better protect businesses," Thompson said in statement.

Terms of the deal were not disclosed. Sophos' stock fell $0.22 (4.19 percent) in trading Monday afternoon on the London Stock Exchange to $5.05 per share. Rook Security was founded in 2008, and employs 19 people, according to LinkedIn.

Businesses are under siege from everything from tried-and-true phishing emails to the emerging threat of “hacker pen-testing” to find weaknesses in their IT environment, Sophos CTO Joe Levy said in a statement.

Although businesses need around-the-clock monitoring and management of what's happening in their network, Levy said many of them lack of expertise, can't keep up, or don't have the necessary in-house resources to optimally configure and manage security around-the-clock.

"With MDR, Sophos' channel partners will be able to provide businesses of all sizes with expert services that continuously detect, hunt for and respond to security incidents," Levy said in a statement.

This is Sophos' third acquisition in 2019, coming five months after the company purchased emerging cloud infrastructure vendor Avid Secure to provide end-to-end protection around public cloud services such as Amazon Web Services, Microsoft Azure and Google. Later in January, the company bought DarkBytes to serve as the foundation for its new MDR services.

Nearly two years earlier, Sophos purchased endpoint security startup Invincea for $120 million. All told, Sophos has made 13 acquisitions since 2003, according to CrunchBase.

The Rook Security acquisition will make it possible for resellers, MSPs and MSSPs to add detection services to their line card, according to Karl Bickmore, CEO of Cumming, Ga.-based Snap Tech IT. MSSPs that already provide MDR-type services will now have the option of outsourcing a piece from Sophos, which Bickmore said could be most cost-effective and faster to implement.

"It's often more cost effective for channel partners to outsource MDR services if they don't have their own 24/7 security operations center," Bickmore said in a statement. "Most MSPs are not able to track threat traffic that has made it in, so this is a great way to add that missing piece and provide 24/7 service."