WatchGuard CEO On ‘Scaling Up’ MDR Service With ActZero Acquisition

The cybersecurity vendor aims to enable a ‘dramatic reduction’ in alert fatigue and a more-open MDR architecture for MSPs, with the integration of ActZero with the existing WatchGuard MDR service, CEO Prakash Panjwani tells CRN.

WatchGuard Technologies is doubling down on its managed detection and response (MDR) service with the acquisition of ActZero, announced Wednesday, bringing major enhancements for MSPs including reduced alert fatigue and greater support for third-party security tools, WatchGuard CEO Prakash Panjwani told CRN.

The acquisition will represent a massive expansion of capabilities for WatchGuard’s existing MDR offering, which has already seen strong growth since its debut in October 2023 following the company’s acquisition of CyGlass, Panjwani said.

Now, the integration of ActZero’s technology will enable WatchGuard to provide MSPs with improvements including a “dramatic reduction” in false-positive alerts as well as a move to “more of an open architecture than what we were able to provide for the MDR service before,” he said.

Specifically, ActZero already brings support for endpoint security tools including CrowdStrike Falcon and Microsoft Defender — which will significantly expand the usefulness of WatchGuard’s MDR for MSPs that work with multiple vendors, according to Panjwani.

The integration will start off by connecting WatchGuard’s own endpoint protection, detection and response (EPDR) tool into the ActZero MDR offering, which should be completed during the first half of the year, he said.

The acquisition of the 40-person company will also bring WatchGuard’s total headcount to nearly 1,300, Panjwani noted.

Ultimately, while WatchGuard has been “very successful already” with bringing its MDR service to many of its 17,000 active MSP partners, the ActZero acquisition will lead to “scaling up our MDR,” he said.

What follows is an edited portion of CRN’s interview with Panjwani.

Prior to this acquisition, what sort of traction have you been seeing for your MDR offering?

It's been the fastest ramp-up we've ever seen of a new service. When we look for acquisitions, we look for something that ties to our mission as well. So the mission is about enterprise-grade security and making it accessible to the MSPs. This one checked all the boxes for us right away. It fit really well. It's accessible — it’s sold through the MSPs today, which is our core market. What it allows us to do is three things. First of all, it allows us to mature our service pretty much overnight. What ActZero has done is built an amazing 24/7 MDR service — which includes not just the SOC team, which we also have, but they have very mature processes around it. They have an amazing customer onboarding and partner onboarding function. And as we did our diligence, we found that was such a differentiator for them — that customer experience they provide.

The second thing for us is the platform itself. What they have built for MDR is a machine-learning- and AI-based platform. [The technology offers] a dramatic reduction in false positives. They have an amazing tool that they built around it. And then the final thing for us is, even though we built our MDR on our own platform, we’ve always said our vision is to be more open. We want to make sure that when we go to a partner environment and we are their MDR provider — yes, we want to lead with WatchGuard, but our partners have other security solutions as well. So how do we make sure that our MDR service is open enough that we can handle that overall environment as well. What ActZero allows us to do is exactly that — they already provide services to the third-party products. Our goal is to continue that and expand upon it in the future as well.

So up until this point, your MDR has mainly worked with your first-party WatchGuard products?

Yes, today it's built around primarily our endpoint solution, WatchGuard EPDR. But we do support some third-party [products] like Microsoft 365 components. This just puts us above and beyond that. [ActZero’s] architecture is built around a platform where you can integrate multiple EDRs. Today they already support CrowdStrike, they already support Microsoft Defender. Those two are probably the most prominent. Then there's API integrations to anything else that the customers might have. Our very first step, of course, is to integrate WatchGuard EPDR into the same platform as well.

How does their technology help with reducing false positives, and how will that help your MSP partners?

For us, it's really around making sure that we're giving them information that is really actionable. You don’t want to just alert for everything. [ActZero’s] secret sauce is that they have reduced that noise dramatically using their platform. That AI-based platform is really one of the biggest strengths. That's where we did a lot of testing with them. Sometimes it just comes down to [positive] stats — that they're able to show the efficacy of the service. I talked to a couple of [ActZero’s] partners directly, and they said, “The noise is [among] the lowest I've ever seen in the MDR business.”

What could you say about the plans for how you’ll be integrating the technology?

First of all, we're definitely continuing to offer the same service to their current partners. They've been growing tremendously, so we want to sustain that growth. But usually when we talk about acquisitions, we talk about how we're going to integrate [the acquired company’s] technology into our platform. This is the reverse. So our goal here is to integrate our EPDR into the ActZero platform. And then once we do that, the same processes that they have built for their service now will be available to our partner base. Our goal is to get that done definitely within the first half of 2025. There’ll be a few milestones along the way, so that as we integrate more [capabilities], our partners can benefit from their service itself.

Do you see MDR as one of the biggest opportunities for partners in working with WatchGuard right now?

Without a doubt. There has been tremendous excitement behind what we already launched [for MDR]. If you just step back, MDR became a space where a lot of companies did jump in. What we're seeing now is consolidation of MDR companies, and I think that will continue over the next few years. Because the partners would rather have [MDR] in the service from the same vendor who's providing the security platform. Because otherwise it just becomes one more relationship to manage for them. And if there's not a tight integration in their technology platform and the managed service, it puts the burden back on the partner. The whole idea of MDR is to take that burden away from your partner.

Overall, how would you describe the big themes for the company in 2025?

It's really around building this platform. The platform is very mature now. We have everything from identity to network security to endpoint, and they are truly working well together. And people are seeing the benefits from ThreatSync [XDR] that underpins the service. Very rarely do you have a vendor who can look at, on a per-account basis, what's happening on one side, and then take action based on it on the other side. When I look at what's ahead, I think each of our areas is an evolution. When I think of network security, we want to be the best hybrid network security provider in the market. That means not just on-prem, but cloud. We are making sure we support every configuration for our partners.

So the services are great, they work well together. Now it's about, how do they integrate into the MSP ecosystem? We're spending a lot of energy and a lot of the R&D dollars right now on finding integration opportunities with the MSP. For example, with PSA tools — how do we do it at a platform level, so that the life of the technician at the MSP gets even easier? And then we’ll continue to scale. The MDR service is obviously a good example of that. And we’ll be looking for other opportunities that will be inorganic to scale. The doors are always open to [new product areas] that we can add. Today we're very focused on identity, network security and endpoint. But obviously there are a few other things that we don't do today, and [there might be] an opportunity to integrate those things into our platform. So our goal is to scale that platform to the next level.

What other areas might you be interested in?

For example, email [security] is a good one. We don't provide that today within our platform directly. I think there are [capabilities] related to phishing and security awareness. One of the things we do very well is bring that enterprise-grade security and make it accessible. If you look at cloud security, and at posture management, there are a lot of different things happening in that space. It's high-end-focused today. And it's not yet downstream in the [midmarket]. We see a lot of things [where] if we could do the right technology tuck-in acquisition, we could bring it to our platform.