Sophos announced in June 2019 that it has acquired Rook Security, which it will integrate across all products. In today’s managed security services (MSS) landscape, it’s imperative to have managed detection and response (MDR). The requirement to enter MSS no longer demands a security operations center (SOC) and SOC analysts (though those are still necessary to the enterprise). Rather, strong security vendors, such as Sophos, can broaden services with an acquisition of an MDR provider. In this case, Rook Security does have a SOC and SOC analysts, making this a boon to Sophos. The new MDR solution will initially launch in the Americas later this year. An invitation-only early access program (EAP) will focus on existing endpoint detection and response (EDR) customers to gain feedback from them on the new solution.
According to ESG research, buyers need help to reduce the complexity of MDR solutions and the threat environment, as well as to offset scant resources. In fact, 45% of respondents in a recent ESG study state that endpoint detection and response (EDR), which is part of most MDR solutions, is increasingly difficult to manage and 78% of respondents state they are currently using or plan to use MDR services (see figure). Additionally, the study showed that buyers believe that an MDR service provider would do a better job with this management (28%).
This is not the first acquisition for Sophos this year. It acquired DarkBytes for its MDR and SOAPA platform and Avid Secure for public cloud infrastructure, both in January 2019. Sophos’ protection coverage across endpoint, network, and mobile, coupled with technologies, people, and processes introduced by these recent acquisitions position the company well to offer a comprehensive MDR offering with visibility across the continuum of end-user actions from endpoint to cloud.
Sophos’ 47,000 worldwide channel partners were top of mind when designing this next stage of their strategy. They spent more than 2 years in discussions with customers, internal stakeholders, and partner advisory council members to determine the best go-to-market fit.
Rook Security brings consulting, penetration testing, vulnerability analysis and a virtual Chief Information Security Officer (vCISO) set of services to Sophos. They also provide event aggregation and response and remediation suggestions in similar fashion to a managed security services provider (MSSP). A few years ago, they pivoted to launch MDR fused with network visibility and for Sophos, it was clear that Rook Security offered them what is beginning to be called xDR in the market, which often includes network, endpoint, cloud, and email capabilities.
It seems clear from this announcement that Sophos sees massive opportunity in the MDR market and understands customer requirements for assistance with TDR. The company has done well with this latest acquisition which is fully accretive to the January acquisitions.
You can read my additional thoughts in my brief on the acquisition, Sophos Acquires Rook Security to Round Out Managed Detection and Response Offering, if you're an ESG subscriber.