Incident Response Retainer Update

ProductsManaged Detection and Response (MDR)Security Operations (Sec Ops)Sophos Incident Response Services Retainer

Exciting new pricing and packaging for the Sophos Incident Response Service Retainer, making it easier to understand and more appealing to customers.

We have lowered and simplified the pricing of the Sophos Incident Response Service Retainer, making it easy for you to sell and more appealing to customers. The retainer is an annual subscription that provides attractive discounts on Sophos Rapid Response engagements in the case of an incident.

The Incident Response Service Retainer is a perfect add-on sale opportunity for any Sophos customer or prospect who doesn’t have MDR Complete. It is a cost-efficient way to prepare for an incident.

The retainer concept is easier to understand. It is a small annual fee, and should the customer experience an incident during their coverage period, they will have peace of mind knowing they have the resources to assist. Not only that, but they also have a guaranteed and attractive price cap with a considerable discount. Considering the value this brings to a customer, you should add the retainer to any Endpoint, Firewall, XDR customer, or MDR Essentials quote or renewal.

 

Summary of the changes

  • The packaging has been simplified to a flat per-device per-year price instead of fixed-size bands.
    • For example, a US customer will pay $3 per device annually. Pricing varies by region.
  • A minimum purchase of 200 devices is required. Customers of all sizes can purchase the retainer; however, a minimum of 200 will apply.
    • For example, a US customer will have an entry price of $600 ($3 per device x 200 devices), significantly lower than the previous price of $2,000.
  • The discount on Sophos Rapid Response engagements has been changed from a dollar-figure discount to a percentage discount—up to 50% off the standard price—increasing the customer’s return on investment.
  • All Incident Response Retainers now include a vulnerability scan for up to 50 IP Addresses/FQDNs (previously, the number of IP/FQDNs varied for each retainer size band).
  • Existing Incident Response Service Retainer customers are unaffected by these changes until their next renewal.
  • Should a cyber incident occur, the process for starting a Sophos Rapid Response engagement remains unchanged.

 

Essential Details about Pricing and SKUs

We’ve created a new SKU (IR-Retainer) to accommodate this simplified pricing model. The new SKU is already available and is included in the 2024-1.2 pricelist. It should be used for new Incident Response Services Retainer sales.

The old SKUs (IR-Retainer-SMALL, IR-Retainer-MEDIUM, IR-Retainer-LARGE) are retired. The last order date for the old SKUs is April 29, 2024.

Existing customers with a retainer are unaffected, and no action is required. Their existing SKUs will remain active until the end of the term. At renewal, existing customers must purchase the new SKU (IR-Retainer) with an appropriate number of devices to provide full coverage of their environment.

 

Changes to the Discount on Sophos Rapid Response Services

A significant benefit of the retainer is its attractive discount on a Sophos Rapid Response engagement in the event of an incident. It’s a cost-efficient way to be prepared.Instead of a dollar-value discount on the engagement, the customer will now receive a percentage discount based on the number of devices in their environment. A device is an Endpoint or a Server.

Number of devices Discount on Sophos Rapid Response
1 – 200 30%
201 – 1,999 40%
2,000+ 50%

The size of the customer’s device population during the Sophos Rapid Response engagement will determine the discount percentage.

Consider these examples:

Customer A has 10 servers and 300 endpoints.

  • They must purchase a retainer for 310 devices.
  • If a cyber-incident occurs, the customer will receive a 40% discount on the Incident Response Service (Sophos Rapid Response)

Customer B has 2 servers and 25 endpoints.

  • They must purchase a retainer for the minimum order quantity of 200 devices.
  • If a cyber-incident occurs, the customer will receive a 30% discount on the Incident Response Service (Sophos Rapid Response)

 

Who can I sell the Sophos Incident Response Services Retainer to?

The Sophos Incident Response Services Retainer is for any organization that is NOT a Sophos MDR Complete customer. Sophos MDR Complete customers receive a full-scale incident response as part of the service offering.

Target customers for the retainer include:

  • Sophos MDR Essentials customers
  • Customers using Sophos products (e.g., Sophos Endpoint, Sophos Firewall, Sophos Email, etc.)
  • Organizations that are NOT currently using any Sophos products or services

While the Sophos Incident Response Services Retainer can help organizations of all sizes, it is an ideal option for organizations that:

  • Do not have dedicated cybersecurity staff or have limited resources devoted to their internal security team.
  • Have Sophos MDR Essentials or a competing MDR service that does not include full-scale incident response.
  • Incident Response preparedness is a key factor that cyber insurance providers look for when assessing insurability. Buying a retainer can help your position when buying or renewing an insurance policy.

 

Increase the deal size and protect customers with an incident response plan.

  • Create an Incident Response Plan. Most organizations don’t have an incident response plan but need one with the current threat landscape. The Sophos Incident Response Service can be part or all of their incident response plan. Should a cyber incident occur, it provides them with pre-arranged access to an on-demand team of Sophos incident response experts who will deploy into their environment.
  • Increase the Deal Size. The Incident Response Service Retainer can be sold to any customer using Sophos or non-Sophos products. The one exception is Sophos MDR Complete customers, who already have a full-scale incident response included with the MDR Service.
  • Help customers with cyber insurance. Purchasing an MDR Service or having access to an Incident Response Service can help meet the requirements of cyber insurance companies.

 

Resources

 


Frequently Asked Questions

Q: Why is Sophos changing the pricing of the Retainer?
Following customer and field feedback, the new Incident Response Service Retainer pricing significantly improves the customer’s return on investment. It also lets you explain the retainer’s costs and benefits more effectively.

Q: How is the updated Retainer licensed?
The updated retainer is licensed by the customer’s total number of devices (Endpoints + Servers). When purchasing the retainer, customers must accurately provide their device population size.

Q: Is there a minimum purchase required for the retainer?
Customers of all sizes can buy a retainer for any number of devices; for customer environments between 1-200 devices, a minimum purchase of 200 devices is required.

Q: How is the Rapid Response discount percentage determined?
When customers with the retainer experience a cyber incident, they engage the Rapid Response team. At the start of the engagement, the Rapid Response team confirms the device population size. This number determines the discount percentage. Using this approach, customers cannot artificially increase their device count when purchasing the retainer to receive a higher percentage discount.

Q: Can a customer purchase the Incident Response Service Retainer for a portion of their business?
Full coverage of a customer’s environment is required.

Q: When can customers purchase the retainer using the new licensing SKU?
Orders with the new SKU (IR-Retainer) can be placed from April 8, 2024.

Q: When did we advise Partners about the new SKU?
The new SKU (IR-Retainer) was included in the 2024-1.2 pricelist.

Q: Is monthly MSP Flex pricing available?
The IR Retainer is an annual subscription. Monthly MSP Flex pricing is not available.

Q: Can MSPs purchase one retainer and ‘share’ it across multiple end-customers?
No. Partners must purchase an individual retainer subscription for each of their end customers.