7 Truths about MDR Every Partner Needs to Know

ResourcesManaged Detection and Response (MDR)

Sophos MDR enables you to deliver unparalleled cybersecurity outcomes with lower TCO, better protection, improved productivity, and customer satisfaction.

The year is coming to the end but cybersecurity isn’t slowing down. As cyber defenses have become more sophisticated, organizations of all kinds, from the end user to the channel partner, need a more advanced level of skill to deliver cybersecurity. For most, cybersecurity has become too complex to manage effectively because they simply don’t have the necessary round-the-clock expertise. According to IDG, it’s nearly impossible for organizations to outrun threat actors and keep themselves, their customers, and employees safe.

And that’s your chance to broaden your portfolio and bridge this gap.

By adding an advanced managed detection and response service like Sophos MDR to your line card you can provide all your customers – no matter how large or how small – with a 24 x 7 x 365 elite threat monitoring and response team, without adding any headcount or losing any sleep.

You’re able to deliver unparalleled cybersecurity outcomes – lower TCO (total cost of ownership), better protection, improved productivity, and customer satisfaction.

It’s not too good to be true! We have summarized the top 7 truths about MDR and why you should consider entering the cybersecurity services business. And if you’re already selling services, you’ll learn why you should consider Sophos MDR.

1. The MDR business opportunity is substantial

The business opportunity is huge, and the Future is XaaS! By 2025, Gartner predicts that 50% of organizations will use Managed Detection and Response.[i] We see that Sophos Partners selling MDR are growing their sales 3X faster than partners who don’t.

Sophos MDR helps you to differentiate your business whether you are a reseller or an MSP. You can include managed detection and response services and offer new protection capabilities to your customers without taking on the heavy lifting of building and maintaining such teams on your own.

MDR is a new need brought about by the evolution of cyber threats and is directly building on what you have previously sold. Therefore, providing managed cybersecurity is not about replacing anything you already do but about augmenting your offering. We cover the gaps that you and your clients can’t fill. No additional headcounts needed!

By integrating data and telemetry from Sophos and third-party endpoint, cloud, identity, email, firewall, and other security technologies your customers get the most out of their investment and don’t need to unnaturally rip and replace security products.

2. An MDR service significantly lowers the threat risk for your customers

The increasingly challenging threat environment impacts organizations of all sizes, not just large enterprises.

Six in ten IT pros working in small and mid-sized organizations with 100-5000 employees saw an increase in the complexity of attacks in the last year. At the same time, 57% saw an increase in the volume of attacks as adversaries take advantage of malware-as-a-service models, AI and automation in their attacks. And almost two thirds were hit by ransomware last year.[ii]

These attacks have a considerable impact on the organization as a whole and to make things worse, most attacks are unique: According to Sophos X-Ops, 75% of attacks have been only seen once!

Sophos MDR gives you and your customers peace of mind as your clients’ networks will be constantly defended by human-led teams staffed with expertly trained engineers to find and fight the types of sophisticated, targeted cyberattacks that are purpose-built to evade purely technology-based defenses.

3. An MDR solution provides superior outcomes for your customers

The average organization has more than 46 cybersecurity monitoring tools in place[iii]. At the same time, workload is a huge challenge for many organizations. IT Managers report that they don’t have enough people in the team or enough time to dedicate to managing threat response while being fully in control.

It is important that customers can build on and enrich their existing cybersecurity ecosystem to leverage the full extent of their investment.

Engaging in MDR is not about replacing an IT team, it’s rather about enabling the IT team to focus on activities that will help achieve the organization’s goals.

Since implementing the Sophos service, London South Bank University has been able to free-up significant operational hours. This has allowed their teams to focus on real-time student initiatives that have, in turn, increased student satisfaction, a key metric for their organization.

The IT team of a US supermarket chain with 13,000 employees saves 4-6 hours every day with Sophos and uses that extra time to reduce their attack surface and up-skill staff.

4. An MDR service needs to be flexible

By providing an MDR service, you become the trusted security advisor for your customers. Ideally, you can take a whatever-works-best-for-you approach when it comes to managing security operations. For example, with Sophos MDR, we can use Sophos tools, someone else’s tools that generate threat detection data or any combination of the two.

It’s also not a decision of either engaging in an own, self-managed SOC or providing a managed service. With Sophos MDR, you have choice: You can establish your own threat hunting and incident response team, rely on our expert teams or combine both approaches so you can take the lead during the week, and we’ll take over after hours – if that’s what you wish. You choose the engagement level that’s best for you and your customers’ business and define if we just notify, advise or respond (collaboratively).

Basically, you can get full-scale incident response or assistance in making more accurate decisions.

5. Creating and maintaining a SOC is very expensive

Finding and keeping skilled threat analysts is hard enough but making sure resources cover 24/7, weekends and holidays, makes it even harder. The number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021. In the US there are 1 million cybersecurity workers and 750,000 cybersecurity openings[iv]. Security Analysts cost $100-150K per year, and the annual cost to maintain a SOC is $2.86M[v].

The Sophos MDR service is about 5x cheaper, immediately set up and easier to maintain than standing up an own SOC.

6. MDR services grow cybersecurity revenue

Take advantage of the huge demand for MDR and other security services to win new customers and increase your existing customer footprint. Selling Sophos MDR is financially rewarding with competitive pricing, unbeatable margins and lucrative incentives.

Services are easier to articulate for a sales team. Plus, services generate more money and more margin for resellers. A good service is more difficult to replace than a product alone. Yet alone, it would be impossible to stand up your own service at this quality and cost.

7. MDR is pushing open doors with the board

Customers are listening and are receptive to outsourcing. According to a global survey of 5,400 IT managers, 76% anticipate an increase in in-house IT security staff by 2026 and 64% expect the number of outsourced IT security staff to grow by 2026.[vi]

We hear from our partners that they constantly feared a breach at one of their customers because they were lacking visibility of potential malicious activity. Sophos MDR comes with a team of expert threat hunters that has your customers’ back at all times. And as one of our customers put it: “You wouldn’t build your own AV

Sophos already protects more than 12,000 MDR customers – meaning that more organizations trust Sophos for MDR than any other vendor. On Gartner Peer Insights, Sophos is the highest rated and most reviewed MDR service with an exceptional rating of 4.8/5.

Are you interested in hearing more?

There are plenty sales resources and training courses available that address different levels of skills.

If you only have an hour to spare, we recommend you take the Sophos MDR Certification. It takes even less than 60 minutes, so there’s also time to browse the additional courses and resources.

If you’re in sales, we recommend you continue with the MDR Partner Masterclass to learn more about the benefits of an MDR service, how a threat hunt is performed and how you can sell MDR in general. Then, join the MDR Partner Briefings to understand customer packaging, migration paths, and third-party integrations.

For a technical deep dive, join the Threat Hunting Academy: MDR Special to explore how these security services fuse machine learning technology and expert analysis to eliminate today’s advanced complex threats.

Please also bookmark the MDR Partner Resource Center on the Sophos Partner Portal. It’s your hub for all MDR resources for the channel and the latest enablement events. To jumpstart your MDR business, make the most of our MDR Partner Success Campaign that helps you generate Sophos MDR leads for your business.


[i] Source: Gartner Market Guide for Managed Detection and Response 2021

[ii] Source: Sophos State of Ransomware 2022

[iii] Source: https://newsroom.trendmicro.com/2021-10-12-Cybersecurity-Tool-Sprawl-Drives-Plans-to-Outsource-Detection-and-Response

[iv] Source: https://fortune.com/education/business/articles/2022/06/30/companies-are-desperate-for-cybersecurity-workers-more-than-700k-positions-need-to-be-filled/

[v] Source:  Ponemon Institute: “The Economics of Security Operations Centers: What Is the True Cost for Effective Results?”

[vi] Source: The IT Security Team: 2021 and beyond