Name: Fast Track to MDR and Sales Fundamentals Certification
Uploaded: 2025-02-18T11:31:54.063Z
Duration: 1 h 39 min 16 s
Description: Fast Track to MDR and Sales Fundamentals Certification

Transcript for "Fast Track to MDR and Sales Fundamentals Certification": Get underway very, very shortly. Thank you for your patience. And, as I say, we'll be, underway shortly. It's across the road. Let me show you. Okay. I can still see those attendance numbers going up. So welcome to the software sales delta courses presentation. And, as I said, it's just gone 10:00, here in The UK, so we will get underway just a short while. Okay. Fantastic. Well, I can see that, that, that torrent of people joining in has, gone to a a bit of a slowdown pace. So we'll get ourselves underway, and I will once again introduce the session. So welcome to this special webinar looking at the Sophos Sales Delta courses for 2025. My name is John Hope, and I'll give you a quick introduction. So I have been at Sophos since 02/2010, and, hopefully, you may well have seen some of my presentations in the past. My primary role here is a a senior technology evangelist, so I spend a lot of time looking through all of the interesting research and data that we produce and, taking that to the stage, either in person at events or through webinar platforms, just like this. I joined actually, as I say, almost by accident, I was running the firewall business in The UK and Ireland for Astaro, which is a name that many of you will know, of course, as a firewall vendor that Sophos acquired back in 2010, and I've been here ever since. Just a little bit of personal background as well for you. Outside of working here at Sophos, I have a passion for pets. My wife and I, we co own a pet care business, and that's our ambulance that you can see on the screen there. So, if any of you want to know how to do CPR on a dog, for example, then, feel free to message me afterwards, and I'll tell you all about it. I live right in the heart of The UK, just outside Birmingham, which is a long way from open water. Nevertheless, I'm a very keen sailor, which is, not a natural hobby for a a a Midlander. You can just about maybe make out my miracle boat there, which is the yellow hold one with the clear sail up there. I've got two boys, who often crew for me. So often you'll find us both out on the water together, which is a great pastime. But, that's probably enough about me because, of course, you're not here, to listen to my story. You are here to learn all about the Delta courses that we are offering. So let me take you through the agenda. The purpose of this session really is is a couple of things. One is, of course, or it's always useful to get an update on the latest software solutions and services portfolio. So there are some things in here which may be new to you, which I'll be happy to showcase. And it obviously, it's important to keep your knowledge up to date so that you're positioning the appropriate products and services to your end users and prospects. And, of course, it's great to equip yourselves to answer any questions that they might have, and, to enable you to ask the right questions of your customers to make sure that you precisely meet the needs that they have. But there is as well as that goal, there is also lot of the content that you will see here today is an ideal preparation for a couple of exams that are available from the Socras partner portal. Both s u zero one, which is the sales fundamentals course update, and s u o two, which focuses more on selling and positioning, MDR and our cyber cybersecurity as a service portfolio. Many of you will have joined this session because, of course, on the March 31, we will be enforcing our, partner program, technical and sales certification requirements. So, you may well have been compelled to join this, by your channel account manager, by your distributor in order to make sure that you've got the appropriate, qualifications that you need as a channel partner to either attain a new level of status or to maintain the status that you already have. If you're not certain what I'm talking about, then either check on your partner portal or please do reach out to your distributor or your channel account manager just to find out exactly what your certification requirements are to make sure that you meet those requirements for 2025. It will be a real shame if, partners were demoted because they had missed, undertaking these, these exams. So please just double check those. While I'm talking about that, in addition to this course, which is designed to help you, with the sales certification elements as part of this event series, some of my colleagues in sales engineering were doing similar courses to help partners with their engineering and architect certifications as well. So, similarly, we'll be enforcing the requirements for both engineering and architect, technical qualifications. And there are courses just like this to guide those technical individuals through those examinations as well. So once again, while you're talking to your channel account managers, talking to your distributors, please also check your technical certifications and, where appropriate, either join those sessions yourself or encourage your colleagues to join those sessions to make sure, once again, that you hit all of the certification requirements that, are placed upon you for this year. Okay. So, that's a little bit of background. This is the agenda that we'll be going through today. So as I mentioned, the course is here to help you with the, general introduction to cybersecurity sales and also more precisely the MDR and cybersecurity services, qualifications. There's a bit of a blend of both all the way through these sessions, so they're not necessarily going through in course order. But this is the agenda that we'll go through. So we'll start out with an introduction to Sophos. We'll start with a bit of an introduction as well to the cybersecurity background, and then we'll focus on our network security section as well as our endpoint. And then we'll move on to our cybersecurity as a services portfolio with a big emphasis, of course, on, MDR, but also taking into account our newer services such as incident response, such as managed risk, and looking at our MDR products as well and how that feeds into the cybersecurity as a services portfolio. There will be as well at the end some practical guidance on things that you can do next, particularly where to find the exams and what to do about those exams. And, of course, there will be the opportunity for you to ask questions as well. Now just a piece of some housekeeping. You are all on mute, so, you don't need to worry too much about background noise, and everybody can, enjoy the session without the distractions of background noise. But it doesn't mean that we don't wanna hear from you. So waiting in the wings, I have my, colleague, Charlotte Nickel from The UK, One of our channel account managers. She's standing by in the q and a chat. So you'll find that on the right hand side of your screen, there are two options. There's the chat, and there's the q and a. If I could ask you please to direct any questions that you might have into the q and a session, that is the section that Charlotte will be monitoring. And we'll answer some of those questions as we go through. But I will round up those questions at the end, and I will have a final call for questions at the end as well. So we'll make sure you get plenty of opportunity to have some feedback on there. To give you an idea about duration, the session has been timetabled for about two hours. I don't think you need to worry. I think we'll come in way underneath that time, so there'll be plenty of opportunity for q and a, and I suspect you'll probably get a bit of time back at the end of the session as well. But just to set expectations, then you need to be free until about, about, 12:00 midday UK time. Okay. So with all of those things set, welcome once again to the session, and we'll get ourselves underway. So sales fundamentals, first of all. Let's have a little look at the Sophos strategy. So our position is that we wish to offer our end users and our channel partners access to cyber security outcomes that are superior through our delivery as cybersecurity primarily delivered as a service. Our key podium products and our managed services are really where we wish to focus. But throughout the, dialogue that we have with our end users and how we position our products, we always talk about the background of our adaptive cybersecurity ecosystem. So this is a way of explaining how our products and services interact with each other internally, but also how they interact with external third party sources as well, and we'll learn a bit more about that as we go through the rest of the session. We'll also talk a lot about SoftAuth Central. So SoftAuth Central has been core to our strategy for a number of years. SoftAuth Central, of course, many of you will be familiar with is our centralized management platform that allows, single management, access to all of our product portfolio and also allows you to, set up the integrations that are required for those many and numerous third party products that we integrate with. We also place a heavy emphasis on AI. Of course, no product positioning is complete without artificial intelligence and automation conversations. We believe that delivering, technology through artificial intelligence and automation helps us to achieve superior cybersecurity outcomes. It helps us to deal with the huge volume of threats that we see on a day to day basis. And, of course, through automation, we take, in many cases, the human element out of the equation and allow systems to respond automatically for themselves, delivering a more timely outcome and, again, delivering superior cybersecurity outcomes. We also believe very much in research. So I mentioned at the start of this session, one of the things that we do a lot is research into, cybersecurity, from two different perspectives. One from the perspective of looking at how our end users are experiencing, the world of cybersecurity, how they are being targeted by cyber criminals, what their experiences are, the strategies, the tactics involved, from the cyber criminals, who they target, for example, but also more technical research, looking at, innovative tactics and cyber criminals, understanding how they're innovating so that we can respond accordingly and keep our customers secure. We also focus very much on the ease of doing business, both for our end users and also for our channel partners. So, of course, many of you will remember, the investment that we've made in streamlining our systems to make it easier and more streamlined to do business with us. And then finally, our strategy relies very much on you as our valued channel partners. Our approach is very much that we support the channel. We believe fundamentally in the channel. We want to invest in the channel. We want you to enjoy superior margin opportunities, superior support, so that you can deliver the best cybersecurity outcomes to your customers and so that we can become a key part of your business. And that applies whether you transact with your customers on a term basis or if you transact on a monthly basis through our MSP program. As I mentioned, our flagship call is really one of delivering cybersecurity as a service, and we'll explore this theme in a little bit more detail later on. But to give you a quick introduction, the concept of cybersecurity delivered as a service is intended really to streamline our world class, security technologies and our expertise, but also to wrap that with services, together so that we deliver a single holistic solution to our channel partners and to our end users. We believe fundamentally that the future of cybersecurity is security delivered as a service. We're already a leader in this space. So, for example, when you look at organization count, you'll find that we'll we are the world's largest cybersecurity as a service provider, And we're constantly looking for new ways that we can innovate to increase our services portfolio, to make the services that we have more appealing, and also to discover new business opportunities through, investigating new services that we can offer to to help our channel partners position more services to their customers and to have more security services that our valued end users can consume. So we believe that cybersecurity service is key because it offers the best security outcomes to our end users. It removes some of the risk element because, of course, we are world leaders in the in the space of cybersecurity. We are experts in this space. So we can remove some of the risk associated with operating a business online by bringing that, expertise to bear through both products and the services that we deliver. We also believe that consuming cybersecurity as a service as an end user offers greater efficiencies. For example, it's incredibly difficult to recruit and retain, cybersecurity experts if you're trying to run a security operations center yourself. Whereas consuming similar services through cybersecurity as a service through our managed detection response service, It allows end users of all sizes and all types to consume cybersecurity as a service having access to this world class team of experts that they wouldn't be able to recruit in house. Of course, we know it's incredibly difficult to find, skilled cybersecurity engineers. It's very difficult to retain them, because the service is in such high levels of demand. So operating cybersecurity as a service for our larger organizations is a viable alternative through ease. But for our smaller organizations, the economies of scale that we can bring to bear means that organizations can experience a level of cybersecurity that they wouldn't be able to generate in house and to maintain in house. So that also offers as well as greater efficiencies, of course, naturally a reduced cost element as well. So by consuming our MDR services, organizations can have that level of cover at a price point they would never be able to achieve if they were trying to create that service for themselves. So what are the benefits for our channel partners? Well, first of all, under the Sophos umbrella, you will have a wide range of cybersecurity solutions. So we're not gonna talk all through all of those services and solutions today. But for example, we have our endpoint. We have, firewall. Of course, cybersecurity delivers as a service through things like MDR and managed risk, but we also have things like switches, firewalls, access points, routers, a whole bunch of different technologies which are available to our, value channel partners. We can help organizations elevate their cybersecurity defenses, and offer, services to end users that they wouldn't be able to generate in house. So much like we talked about, end users recruiting, cybersecurity technicians to deliver, 24 by seven threat monitoring investigation. Well, of course, channel partners experience the same, pressures and demands as well. So it's very difficult for channel partners to find and retain the level of expertise required to offer those services if they're generated in house. It gives maybe smaller resellers access to delivering, superior cybersecurity outcomes in a similar way through consuming our service and delivering it through to end users as opposed to trying to set up those services and run those themselves. And, of course, finally, this allows organizations, our valued channel partners, to enjoy higher revenue opportunities, giving them access to a wider range of products and solutions, a wider and more attractive range of solutions they can offer to end users, and using and leveraging the Sophos brand to attract new customers, increasing the customer footprint, increasing the wallet share, that they have access to within the end users. So it's really widening the portfolio. And the key thing, of course, is that you very much have a part to play. So it you have the relationships with your end users. You have the opportunity to position these products and services. You are absolutely intrinsic to the process, and we value you as channel partners. So I talked about the security platform. Let's have a look at that in a little bit more detail. So you'll see this, slide time and time again through the, the presentations and material that we put out at Sophos. So we we think of cybersecurity more as a platform rather than a bunch of individual products. Of course, those individual products underpin the solution that we offer, but we believe that cybersecurity is best delivered when you consider the whole picture. So we talk about the threat life cycle. We talk about reducing the, the threats, by things like appropriate patching and understanding and solving your vulnerability challenges. We believe in stopping threats from a technology perspective. We believe in detecting and responding to threats through human led threat investigation, whether that be delivered, by the end user, by the channel partner, or through our service. We want to hunt for new threats, and we want to stop threats and contain those threats where we see them. And, of course, we do that through our wide range of products, but also through all of the third party integrations. Now that's not a complete list that you see on the screen there, but that gives you an idea of the third party integrations that we offer. And, again, we'll explore those third party integrations and the value that they bring, as we progress through the session. All of this is configured and controlled through Software Central. So Sophos Central is a unified, management console which exists in the cloud. It's there to manage Sophos products. It is there to also power our unique Synchronized security capability, and also to simplify threat investigation and remediation. So this is delivered through our data lake, and, many of our products and many of those third party integrations will send data into the data lake so that we have a unified place that we can carry out threat investigations, carry out threat hunts, and carry out response actions where appropriate. The key goal of Software Central is to reduce the complexity of managing multiple different protection solutions, which typically would have been managed through various different, vendor consoles. So through vendor consolidation, you can manage multiple different solutions from a single intuitive interface, and also, streamline your management overhead and burden by having everything under one roof. As a partner, of course, as well, Software Central has a partner view that allows you to see all of your customers as well as all the individual products that they're offering and operating. So that's a bit of a view of our background of the platform, but let's have a look at the threat landscape. Let's have a look at the challenges that we are facing. So what are the key threats that exist out there? Of course, we all know that the cybersecurity landscape is complex. You only have to turn on TV, open a web browser, read a newspaper, listen to the radio, to hear a story about the cybersecurity landscape and how challenging it is. Of course, the cyber landscape is constantly changing and evolving. Keeping on top of it is a key part of any organization's, list of challenges. And later in the series, in fact, in just a short while, we'll explore some of these new innovative threats, and we'll look at some of the critical information out there around the cybersecurity landscape in more detail. What we're gonna do first of all is we're going to look at some of the common threats, that your end users and prospects might be worried about. So these are the some of the things that you see on the screen here that your end users might come to you and ask for solutions and help on. So, of course, as a trusted advisor, it's really important that you have, at least an element of understanding about what these threats are, what the challenges are to an organization and how soft offs can help to protect against these particular threats. So this isn't a technical presentation, but, of course, it's important that we have at least an element of dialogue that we can have with our end users. So we're gonna start with phishing. Phishing essentially is the practice of tricking users, by deception, in order to expose confidential private information that will then be used by the cyber criminals for illicit purposes or sold by those cyber criminals that get hold of that data to other criminal organizations, which ultimately will recycle those bits of information for illicit use. Phishing is typically associated with email messages, and that is by far and away, of course, the most common vector. So many of you, I'm sure in both your professional and personal lives will have received phishing emails that are trying to Jeep you into giving away that personal information, but it's not always email. Phishing can exist on websites, particularly things like fake portals, requesting you to log in. So your login credentials and your identity can be stolen, harvested, and then utilized against your organization. And also through other mediums as well, like the telephone, for example. So phishing, exists across a range of, different mediums, but the ultimate goal of the cybercriminals is the same. Phishing has become more and more commonplace as, generally speaking, technology becomes better defending against threats. Then rather than breaking into an organization, if cybercriminals can extract data that allows them to log in, for example, then that is often the more common approach. And our systems become more hardened from a technology perspective. The human being is potentially the more vulnerable part in the chain. So it's really important that your end users understand what phishing is and, empower their organization workforce to detect phishing, and report it appropriately rather than falling for it and exposing those precious details. Spear phishing is a version of phishing, which is a little bit more targeted. So it is a more focused attempt to trick a specific person in the organization into revealing, information, which again will be used in the same way for illicit purposes. Spear phishing is often something which is targeted towards high value individuals, but that's not always the case. Spear phishing is becoming increasingly popular by the cyber criminals because, of course, if you're sending out a generic phishing attack, then it's usually reasonably easy to spot that this is generic. It is not focused. But when a spear phishing attack is done properly, the cybercriminals will craft an attack that perfectly fits the individual victim's reality, often using bits of background information to make the story, the scam more, appealing, more convincing so that they have a higher ratio of success. And spear phishing is essentially powered by all of the information that we put out there online on a day to day basis. So every scrap of information you place online about yourself could always potentially be used by the cyber criminals against you. So simple things like background research to find out what your pet names are, for example, might be something that the cyber criminals would use against you. So if they know that you have a pet with a particular name, then that might be part of your password. Your favorite football team, for example, could be part of your password. So simple things like that. It's very, very easy for the cyber criminals to conduct research and look for what they tend to call euphemistically open, open source intelligence or OSINT. So looking at what is available out there. Okay. So moving on from some of the human types of attacks, let's also look at the next term along which is exploits. Now exploits, again, as we'll see a little bit later on is a key attack vector for the cyber criminals. Exploits exist in many pieces of software, as well as, security solutions and, platforms, such as applications that you'd find on your, laptops, your desktops, and throughout an organization. Vulnerabilities, or exploits basically are, loopholes that exist, unintended, gaps in in solutions, unexpected behaviors that the cybercriminals can often utilize against an organization. Now exploits are mitigated through patching. So updating your software is absolutely key. When your vendors suggest that you should be updating your platforms, your solutions, then often they will be doing that to add in new features and functions, but they'll also be introducing fixes to these bugs as they're detected so that the cybercriminals don't use those bugs to penetrate and, carry out attacks against an organization. Next down the list, we have ransomware. Now this is probably the conversation that you will have most frequently when talking about cybersecurity. So what is ransomware ransomware as a, as a technique and as malware is essentially using, crypto technologies, in order to, scramble a victim's data, in such a way that they will be prevented from accessing that data. And that can be done in various different ways that we won't go through in this particular session, but essentially using, crypto technology to then block a user from accessing their own data. And then, unfortunately, the victims are faced with a stock choice, because they will no longer have access to that data. The only people that will have access to that data will be the cyber criminals and the choice is a simple but challenging one. Do those victims elect to, pay the cyber criminals off and, hopefully get their data back, or do they accept that their data is lost? Now, of course, there is a third, opportunity here as well. That is the opportunity to have a good backup. So having a decent backup is gonna prevent the need to pay the cybercriminals off in many cases, because rather than pay them instead, you can restore from a backup. But the cyber criminals, of course, know this and will often target backups. And, again, I'll come on to that topic of conversation when we look at some of our integration partners. Next on this, we've got spyware. So many attacks are financially motivated, and involve a ransom of one type or another, but spyware is slightly different. Spyware can be, used as part of a, an operation to extract, sensitive data from an organization, and to gather insights, some of which may be used again against an organization by harvesting credentials, but also by extracting, things like intellectual property. So this is a type of software which is designed to be installed on victim organizations to sit there silently and insidiously harvesting that data and sending it back to our cyber criminals. And last down the list here, we have Trojan horses. So Trojan horses or simply Trojans as they're often known, are seemingly legitimate computer programs that actually contain secret instructions. And once activated, will either perform illicit actions or allow cyber criminals to gain access to an estate through those Trojan pieces of software. So, obviously, it's something to be avoided. If you want to learn more about these types of attacks and more, then there's a a lot of research that we conduct at Sophos, which you will find very, very useful. One of the key pieces of evidence, which is fantastic, when you're having conversations with the end users is the Sophos state of ransomware report. If you've seen, me conduct, presentations in the past, you'll know that I refer to the state of ransomware report on a very, very frequent basis. So now that you understand exactly what those threat types are, then you'll understand in a bit more detail, the information that was presented in the state of ransomware report. If you're not familiar with it last time, we connected the state of ransomware report in 2024, we interviewed 5,000 network leaders that are responsible for it and cybersecurity in 14 different countries, all across the world. And we wanted to learn more about their experiences of cyber, the types of attacks that they've seen, the frequency of, attacks that they've seen. The key takeaway is that the, the, the rate of ransomware remains incredibly high. And you can see more about that in here. So you can see that 59% of organizations involved in that survey experienced at least one ransomware outbreak. You'll see that many of the cybersecurity protection measures that are in place, have let organizations down because 70% of those attacks resulted in successful encryption of data. I should add at this point that of course, the respondents to this survey were not necessarily soft soft cost customers. In fact, they were selected at random. So there's a reasonable chance in fact that they probably on soft cost customers, which may explain for example, why that high number of attacks is, so prevalent. The average cost of ransomware is an eye watering $2,730,000. That's the cost of recovery excluding paying the ransom, but other other costs associated with things like downtime, loss of business opportunity, reputational damage. So, although the actual quantity of route, malware as a percentage has gone down, you'll see that the cost of an attack has increased by 50%. So the cyber criminals are still making good money and more money than ever before using ransomware as an attack vector, even though the actual percentages might've dropped slightly, the key takeaway from the poor. And certainly in my opinion, is that the cybersecurity landscape is now too complex and too challenging for most organizations to deal with effectively on their own. And, again, we'll talk about that in just a little bit more detail later on when we come to looking at the, cybersecurity as a service offerings that we have. But before we do that, of course, we should definitely be talking about product. So the next section that we're gonna focus on is our network security portfolio. So what are the challenges around protecting, network? So moving away from the endpoint, but looking at the network infrastructure, the fabric. Challenges really include, the fact that there are too many different products out there. So you'll need to have a firewall. You'll need to have switches to have access points to name, but a few network security products. And often they are delivered by different vendors, meaning they have their own independent management platforms, increasing the burden, on, the organization and the management overheads associated with running a a diverse portfolio. We also have some newer challenges. Of course, the world has changed fundamentally, and now remote working is commonplace. But we do still have office locations as well. We have a a variety of different devices in use on a day to day basis now. So not just, desktop devices, but we have devices that are leaving, corporate offices and going home with users, things like laptops and also accessing data on things like mobile devices as well. And of course, one of the challenges is if you start to, take those devices out of the estate, then we have this visibility challenge. It's not easy to see where those threats are coming from. End user devices are exposed if they're not behind a corporate firewall, for example. So it's difficult to see the whole estate and to carry our actions. And you also have this constant trade off of performance versus protection. In many cases, it's very difficult to have both, particularly when we consider things like the quantity of traffic, which is now encrypted, and then understanding whether we want to invest in larger firewalls to, decrypt all of those transactions versus, allowing that traffic to go through without detection and potentially risking, some form of exposure. So we'll have a look at some of those challenges and how we, answer those as we go through. But to give you a bit of an idea about the portfolio of products that we offer, of course, when people think about network security, they're immediately drawn towards our XGS series of hardware appliances. So these are firewalls. They typically sit at the edge of the network, and they are there to act as a gatekeeper. They are there to, control the traffic that comes in and the traffic that leaves the organization to inspect as much of that traffic as possible, so that we can maintain a security perimeter around our office estate. In addition, the firewall, of course, can also act as an access point in for remote users, either using VPN technologies or using our our our more recent addition to the portfolio, which is our zero trust or zed t n a, capability. So allowing, users to hook into an estate remotely and to access corporate resources and do their job from a remote location. Because once we're into the network, we've got various different demands around connectivity. So devices want to use, DNS as a service to access resources externally, and we have our capability around DNS as well. So looking at the requests that are being made and, using that as an additional enforcement point as well. This gives us a high level of protection, without placing too much of an additional burden on, end user devices. So, being able to check what, what types of, sites users are requesting and where, potentially malicious software might be hooking up to, things like remote commander control states, for example. We can detect those. We can intercept and protect. Then I've mentioned the fact we have said TNA. So said TNA is, of course, delivered, as part of a firewall solution, but it is also available as a standalone solution as well. And it's integrated into our endpoint protection. So many of the customers that you're talking to, if they've already got softwalls installed by their endpoint, they already have the zed t and a agent that they need in order to, create simple streamline to remote access. And of course, as you would expect all managed through software central and just the same way, as the rest of the portfolio. And then inside the estate as well, we have switching capabilities. So the ability to have both core centralized switches and also edge level connectivity, using a diverse range of switches, the offer, not just, standard connectivity, but also, a gigabit or 2.5 gigabit connectivity, and also the ability to have power over ethernet, allowing them to power devices such as, voiceover IP telephony, but also a more permanently to the softwares portfolio, our range of access points. So we offer our a p six range of access points to deliver Wi Fi six to many of our customers, allowing them to enjoy superior performance of, 2.5 gig connectivity. And again, allowing, the organizations to manage their, Wi Fi estate centrally using, software central as a management platform. So you'll see how all of that is integrated in together. We also have connectivity as well for branch office locations using our red devices. So if you've been around a soft cost for a long time, you'll you'll know the SD reds devices as a plug and play capability to hook in remote office locations, to allow modular expansion and and have a flexible connectivity, including as well as land based connectivities, also things like cellular services as well. Organizations, of course, will be receiving email in as well. So we have our messaging protection there to protect email. We talked about phishing as a common attack vector from the cyber criminals. So detecting inbound emails that may be, dubious in nature and blocking those at the, at the Internet level and also offering data security protection measures as well. And then of course, all of this joined together inside software central, a centralized management platform that allows us to manage the whole, Sophos estate, making it easy to manage complex environments, easy to manage multiple office locations, and also providing management insights using the dashboard and reporting capabilities that you'll find there. So when you start to consume our network security, products, then what does the end user get? Well, they get a sort of security solution, which is, first of all, easier to manage, through a single management console. So easier to maintain, easier to control, cross product integration there, allowing them to manage their solution from anywhere, but also allowing individual a zed t and a service to work remotely as well. So giving them seamless and simple, connectivity through to company resources, whether they be located in office environments in a traditional bricks and mortar data center or whether those, company resources are held out in a public cloud. As well, you will get, enhanced and improved protection performance. So when we look specifically off at our firewall, for example, which again we'll look at in more detail using an advanced architecture to provide a great combination of performance and protection at the same time. And then overall, you get an automated response. So a security solution that becomes more than the sum of its parts and allows cross product integration so that we can automatically active adversaries, contain active threats, isolate potentially compromised devices before an attack gets any worse. Now I mentioned we look at the firewall in much more detail. So I want to bring to you some of the latest innovations and updates within our firewall portfolio. So, what you'll find with Sophos firewall is a next generation firewall, protection solution that meets the modern demands of a complex network. So allowing the, inspection of encrypted traffic, for example, carrying out intrusion prevention functions, looking at how, users are utilizing web access, looking at the applications that are flowing through the estate, and also staying on top of maintaining, zero day threat protection. So the ability to detect and contain new and previously undiscovered threats using a combination of things like machine learning capabilities and also our sandboxing capability as well. The administrators of a firewall is receiving enhanced, visibility and insights into the traffic. So a rich dashboard that shows the types of traffic that is flowing through the estate, identifies, risks that are in the estate, whether they be technology risks or identifying potentially risky users and providing all of that management insight through the free on box reporting capabilities or offering an enhanced, and, centralized reporting experience through, SoftPass Central reporting. And, again, of course, managed the firewalls are managed through, software central, so you can manage group wide, multiple firewalls, manage their configuration, and orchestrate, connectivity site to site using, the SD WAN capabilities and also orchestrating our red devices through central as well. So I mentioned our extreme architecture, and I thought it was worth looking at that in just a little bit more detail. This is a very complex technical diagram, which I'm not really going to go through in too much depth. But, essentially, our hardware firewall devices are, often found with two separate processes. So we have one processor that can carry out the day to day security tasks, which are most commonplace. And we have our extreme hardware chip, which is purpose built by Sophos, and is designed to handle the more complex mathematical processes that are associated with things like VPN and, including, the decryption of encrypted, transactions as well. So we talked about the, this the choice that many end users have to face. Do they buy bigger firewalls because they want to do this encryption, or do they accept that it is difficult to carry out those, inspections and are often leave security, vulnerabilities present and, blind spots in the estate by not being able to inspect that traffic. The the XGS series of hardware appliances gives, organizations an alternative route that gives them the best of both worlds. So they can buy firewalls at a a sensible price point, but because of the architecture, because of the way that the firewall is designed, they can enjoy that, decryption engine and inspect traffic, closing their security loopholes, essentially enjoying the performance without necessarily the associated price tag. So thanks to that technology and thanks to the streamline management experience and the wider security portfolio that we have, with things like zed t and a, then the the firewall and the the associated cybersecurity ecosystem is is the best that it's ever been here at Sophos. So giving world leading, price performance ratios, offering a much better management experience through all of the technologies that that we've just looked at. Now I mentioned about SD WAN as well. So I thought, again, it would be worth looking in a little bit more detail at SD WAN. There are a couple of questions within the Delta courses that look at SD WAN because it is something relatively new to the portfolio. So let's have a look at what SD WAN is is here to, to do and and why customers are asking about SD WAN. Well, there's a couple of reasons why organizations look towards SD WAN. One of them is the reduction in connectivity costs and the removal of complexity around, managing multiple different Internet connections. So dedicated connections and high bandwidth connections, they're often expensive. Having a private network through technologies like MPLS is inflexible and expensive. This, technology SD WAN allows organizations to instead to consume much more straightforward and simple broadband connectivity, the kind of connectivity that you might have at home, for example, but managing multiple connect, connections, so that we can balance traffic and promote, the, the the higher levels of service that we can get through having multiple Internet connections. If we've got multiple Internet connections together as well, then it also improves business connectivity continuity. So we have an outage, for example, on one of these lines, then, the SD WAN capability within our file will continuously transition those, those traffic types, those traffic flows through to other connection options. So rooting over to redundant connectivity, failing over to things like cellular services, for example. So ensuring that businesses maintain connectivity at all times, regardless of whatever failures may occur. SD WAN also simplifies as well the orchestration of multiple sites like connectivity. Traditionally, organizations would have used, VPNs to link sites, together. Setting up those VPNs is complex. It's time consuming, and it requires, a high level of skill and expertise. The SD WAN capabilities allow us to, automate the connection between multiple sites seamlessly when we have soft spot walls at each end. So it improves that, that configuration reducing the the complexity associated with it. And then finally, we can look at critical applications to a business, and we can focus on those. So we can allow end users to focus on applications that are particularly important to that organization, and ensure that they have the best connectivity options, that they have the best continuity options, that we give them the appropriate amount of bandwidth. But bandwidth isn't the whole story. As well as bandwidth, we also have quality of connection. So without going into too much technical detail, if you look at, electronic transactions like, voice over IP or video conferencing, I'm sure at some point we've all experienced, screens that break up audio, which, breaks down. This is often because of things like packet loss. So where the transactions are broken up as they're going through or what's called latency. So where the transaction takes a long time to arrive, this can cause stuttering on video calls, for example. So that the SD WAN capability in our firewall will look at, not just which connectivity options provide the best bandwidth, but also look at the quality. So look at whether they can provide a stable connectivity, which is required by these kind of voice over IP and video conferencing technologies. So we can help customers to unlock their goals around connectivity and applications using our SD WAN capability as well. And that capability extends outside the confines of the office as well through, ZedTNA. So I touched on this very briefly, but expand on that in a little bit more detail. The purpose, of ZedTNA is to allow users to seamlessly connect into resources, whether they be more traditional on premise apps or whether they be delivered to the public cloud. As I already mentioned, the Sophos endpoint is the agent which is associated to our z t and a service. So many cases, end users will already have the agent that they need. And, these ZTNA capability is there to allow those trusted endpoints once assessed to easily access resources with a minimum of interference to, the end user themselves. So seamless sign in processes in many cases, for example. Of course, those transactions have to go somewhere, and they can be terminated as a ZTNA gateway. So those can exist in the public cloud to access those public apps, or you can find them on premise either as a stand alone ZTNA gateway delivered on premise, but also using a firewall. So, again, a little bit of a consolidation message here around using our firewall as a termination point for ZTNA. Now I mentioned as well as one of the key advantages of the Sophos networking portfolio, the the concept of security automation, and this is delivered through our synchronized security capability. So synchronized security allows Sophos products to talk to each other with a number of security goals in mind. One of them is to identify threats. So whether a threat is detected by the firewall or whether it's detected by the endpoint, in both cases, the health status or what we often refer to as a heartbeat status of an endpoint is then shared and communicated across Sophos products, so that we can clearly identify the source of a threat using Sophos Central. But there's more to it because once we know that we have a threat present, we can then invoke the automated response. So our firewall, some of our access points, and our z t a ZTNA solution will automatically respond to a compromise. So when that heartbeat status changes, we can limit connectivity according to policy. So for example, you could contain a threat. If you detect an endpoint, which has a, a heartbeat that indicates a device is compromised, the firewall can respond by, cutting off that devices Internet access. This has the double benefit of making sure that no data is exfiltrated out of an organization, but what it also does as well is prevent the cybercriminals from sending additional commander control instructions to that endpoint. So, of course, in almost every case, the cyber criminals on the outside world, by cutting off Internet access to that compromised device, it prevents cyber criminals from sending any further instructions to it. But But there's more to it as well. It's not just a threat response capability, but synchronized security as well can also be utilized, in a unique way to help firewalls identify unknown applications. So no matter how hard we try to classify and recognize every application that's out there, there are so many applications. If you consider how many applications you've used, for example, during the course of the working day, there are so many, and it would be impossible to keep on top of all of them, particularly when all of the software vendors are constantly changing and updating their solutions. Rather than simply accept when we see it, a traffic type that we've never seen before that we can't do anything with it and reporting application unknown in, in the logs and reports, we leverage the capability that we have to talk for an endpoint. So if a firewall encounters an application that's not previously seen, if there's a soft pass endpoint associated with it, the firewall can actually seamlessly communicate to the endpoint to gather important information about what that application is. And then thanks to the, either automated classification or the administrator, that classification of applications, then once we know what that application is, then we can treat it like any other application. We can build controls around it. We can use SD WAN routing capabilities. We can block applications that are undesirable. We can promote applications that are key to the business. But, of course, this all starts and ends with understanding exactly what that application is and creating a classification for it. And the unique capability of our firewall that then point together means that if you've got a % Sophos endpoints in your estate and you've got a Sophos firewall, that practically every application across your estate is going to be classified either by Sophos Labs or by this integration between endpoint and firewall. So it's a really unique, opportunity, to talk about, this as a as a product differentiator. Okay. So we focused a lot on our endpoint, on our, networking portfolio, but we should also, of course, consider our endpoint portfolio as well. Now because this is focused on the Delta courses, we're not gonna look at the simple protection capabilities that you get with intercept text, but instead, we're gonna focus in this section on our extended detection and response or XDR, capabilities because these are the things that are included in the Delta course, that will bring you back up to date with your compliance if you've not already carried out that exam. So what is XDR? Well, this is the definition of XDR. XDR unifies information typically from multiple different security products to either automate, threat detection or accelerate threat detection, providing insights to allow end users to carry out investigations and then also respond in a way that if you had individual security solutions, you wouldn't be able to achieve. So bringing all of these pieces of the puzzle together and, presenting that to an end user, in a single platform. So these are all the various different acronyms that exist out there, and it is definitely useful to understand empower yourself by understanding what these different acronyms are and how they fit together. So we'll start at the bottom of the wheel there with endpoint protection. This is, this is really the the minimum tier. This is where we have, intercept tech sitting there, protecting against threats that have previously been discovered or new detected threats using, technologies like machine learning. But the next stage of the wheel round is endpoint detection response. Now this isn't actually something that Sophos offer in a way because we've skipped that and gone straight to XDR. So let's just talk about the difference between EDR and XDR for a second. Endpoint detection and response as a technology focuses on, human led threat investigations through telemetry, which is derived from either endpoints or servers. Now, yes, of course, we do that at Sophos, but we skipped straight to XDR because when you buy XDR from Sophos, you will get a package which has, within it, preconfigured policies and rules to take insights from your Sophos firewalls and other technology in your estate. Our XDR service also offers the ability as well to bring in, telemetry, through third party integrations. So if you have a mixed security infrastructure, if we have integrations to those other security products, we can take their telemetry and again, present it in the same dashboard. So when you're carrying out a threat hunt and when you're investigating these suspicious activities, then you can, use those insights to look and search for suspicious and dubious activity, not just on the softbox products, but also on the range of third party products as well. Now, of course, many end users may like the idea of conducting their own threat hunts, but as we discussed earlier on, it's very difficult to find analysts. It's very expensive to to hire an analyst. It's very difficult to to retain those analysts. And running 24 by seven security, operations yourself is probably a leap too far for most end users, and that's where managed detection and response comes into play. So it's a bit of an oversimplification to say that if you buy MDR that you are simply having Sophos run your XDR estate, but that's certainly an element. So using those tools of XDR, which incidentally you still get when you buy Sophos MDR, You still have access to that toolset so you can carry out investigations and searches for yourself. But our security analysts are also, able to access that data and the suite of tools beyond that give customers the very, very best insights into exactly what's going on in their estate. And, again, we'll talk about MDR in a little bit more detail when we come on to selling cybersecurity as a service. Now you'll notice there that there is one other aspect to this wheel as well, which may be new to to many of you on this call. That's the NDR or network detection and response. So what is that? How does it fit into the rest of the story? Well, up until now, we've talked a lot about, detections and suspicious activity that's been detected on endpoints and servers, whether they be Sophos endpoints and servers or whether they'd be protected by other third party, products. But, of course, there are many things on the estate that simply don't have agents of any type from a security perspective installed upon them. To give you a couple of examples, if you look around your office right now, you might see a CCTV camera, for example. It's probably connected to your network. But, of course, by the nature of that device, it's not going to have an agent installed on that. You might find printers, for example. If you happen to be working in a factory, you might have machine tools that are, Internet enabled. They're controlled by a computer, but maybe that computer is quite old. It's quite difficult to replace those numerical controllers, to update them. So maybe they don't have agents on them either because they're too old or maybe because the manufacturer specifies that you shouldn't be installing agents on there. If you go to a hospital, you may, for example, see sensitive medical devices where, again, the manufacturer has provided some kind of computer to run those diagnostic machines, but has specifically said you cannot install endpoint protection on that. And then finally, something which is not so visible, not easy to spot. No matter how big or small an end user organization is, they will probably, at some point, have an issue with the device that is simply not protected. So for whatever reason, the administrator has accidentally forgotten to install some kind of protection software on that endpoint, or it might be a guest that's just joined to the network. And there's a whole bunch of different circumstances that conspire together, meaning that inevitably there will be devices on the estate that don't have an agent on there. So whether you have an estate that has, devices on that that can't have, protection or, if you've simply forgotten, the obvious question is, how do we see what those devices are doing? How do we investigate threats that might be lurking on these devices where we don't have an agent associated with them? And that's where NDR comes into play. So NDR is there as a sensor which plugs into your network. It detects the traffic that's flowing across your network and can provide valuable insights and flag up devices that don't have protection and also to flag up threats that might be flowing across your estate from devices that simply don't have endpoint agents installed. So it's giving you that extra layer of visibility, which is then fed either into our XDR platform if if an end user is running their own threat investigations, or those same insights can be fed into our MDR platform so that our team can carry out those threat investigations. Now just, again, just really to reemphasize this difference between XDR and EDR. So just to really emphasize, Sophos does not have an EDR product. You cannot buy EDR from Sophos because we believe that the best protection involves, those integrations into other products as well. So out of the box connectivity into a firewall, for example, and those third party connection options as well. So the XDR is there for end users to carry out their own threat investigations across all of those attack vectors. So hopefully that helps you understand the differences between the two and why we have skipped a step and gone straight to XDR. So moving on to selling MDR and selling cybersecurity as a service. Now I've already mentioned through the research that we've conducted, which you are very welcome to, investigate and read in more detail after this session. Cybersecurity is essentially too complex for most end users to manage effectively on their own. It is too challenging to keep up. It's too difficult to maintain eyes on twenty four hours a day, seven days a week, which is why we believe so fundamentally in cybersecurity as a service. What we offer as cybersecurity as a service is access to a team of dedicated experts and instant security operations center staffed 24 by seven by three six five with experts there that are skilled and highly trained in threat hunting so that we can deliver superior cybersecurity outcomes. And, also, if there is some form of incident, we have a separate team which are dedicated incident responders that contain threats and allow, victim organizations to exit that situation in the best possible state. And we'll talk a bit more about that when we come on to our incident response capabilities. Okay. So why do we believe in cybersecurity as a service so heavily? Of course, I touched on this at the start. We believe that, the best combination is a combination of highly performant technology and experts around it. So less risk by offering improved capabilities around, detection of new and unknown threats across our endpoint, our network, our email, and cloud security platforms to name but a few. Trying to reduce the number of incidents and investigations that we have to carry out. Because, of course, if we can contain a threat be before it becomes an incident investigation, that is by far and away the most efficient way, for us to deliver cybersecurity. Then we also offer cybersecurity service as well for other reasons as well of efficiency. So delivering, expertise and capabilities, using, whatever works best for you kind of approach. So some end user organizations, they might have an ability to respond. They might have a security team that works nine to five, Monday to Friday, for example. So when we onboard a new MDR customer, we can consider what is their ability to respond, what do their capabilities look like so that we can work alongside them, augment their security teams, augment their capabilities, and delivering it in an efficient way. So did when we consider the cost of hiring expertise in, for example, the ability to, have that security team available through cybersecurity services often a much more cost effective way of delivering that service. So that, of course, leads us nicely into lowering the cost. So often much cheaper than delivering similar levels of security readiness in house. And in many cases, according to our own research, as much as three times cheaper to buy in cybersecurity as a service rather than try to stand up this, this capability yourself. So we talked a lot about benefits to the end user, but what about partner benefits? How does the channel partner, you as value channel partners, how do you benefit from this flexible approach? Well, it's really about protecting organizations and fitting in with the, the capabilities that you have and complementing your business. So we help partners to actively mitigate the risks associated with, doing business online and and augmenting the capabilities that they have. So delivering, a fantastic and expansive cybersecurity portfolio to channel partners is really one of the first, additional capabilities. So, we've talked at length about the wide portfolio of products that we have, the diverse range of products that we have. So by partnering with Sophos, it extends the offerings of both products and services that you can offer as a channel partner, but also augmenting and complementing the existing security solutions that you offer. We can elevate, customer cyber defenses. So positioning you in a good light by offering that 24 by seven capability, that monitoring, that threat investigation and neutralization capabilities, in a way that maybe you wouldn't be able to do in house. And then also, of course, to grow your cybersecurity revenue. So there is a huge demand for MDR and other security services out there right now. Organizations of all sizes are really awakening to the the the reality that technology on its own simply isn't enough to contain most threats. So there's a huge need for MDR. And, of course, many of you may well have considered running security teams of your own and doing that in house, but it is far quicker to capitalize on the market opportunity and more sustainable in the long run to consume cybersecurity as a service and promote that to customers, increasing the footprint that you have with those end users, but also driving revenue opportunities as well. Of course, we all know that MDR sales are more, big ticket sales, and also drives you into conversations around the rest of the, customer's infrastructure, bringing into, to look at things like their Microsoft estate, looking at their public cloud estate, driving you into new business opportunities, and exposing you to more of those opportunities. Partners that, align themselves to our MDR services typically drive three times the the volume of revenue, during the customer lifetime and and retention. So much, much better business opportunities for you, associated with promoting our top tier services. Of course, providing as well, industry leading threat defense and response time. So looking at, the capabilities that we have and the fact that we can turn around an incident to contain and neutralize a threat, 96% faster than an organization would be able to using their own internal security team. So clearly superior cybersecurity outcomes there. The MDR, sales motion is highly flexible, and like I said, it complements your existing business model. So some of you out there may have a security team of your own. You may provide some cybersecurity, services of your own and the MDR capability that we provide can extend your security team without adding additional headcount. So we can add in additional services, cover higher numbers of users, but dealing with the volume of those threat investigations ourselves. We can also expand your service hours. So if you have a a network desk that runs nine to five, then we can cover your out of hours capability, for example, and allow you to reach, not just out of hours, but also expand the number of customers that, you have under your protection banner without, again, necessarily having to add additional headcount into your organization. Alternatively, maybe some of you do not offer security services right now, and I'm wondering how you can get into the security services game. Well, actually you can very easily resell our MDR service and provide customers with an instant security team. So much faster than trying to stand up your own security center. End users can simply buy into our security capabilities, allowing you to position, threat monitoring and threat hunting twenty four hours a day, seven days a week without having to hire a team or consider the technology challenges associated with, running, those those additional, scans yourself. Or, finally, some of you may be larger channel partners, larger resellers. You may well have a 24 by seven desk if you're a reseller of size. And if you do have that and you wish to continue to deliver your own cybersecurity solutions, of course, you will need technology in order to carry out those threat hunts to record the data. And that's where our XDR service comes into play for you as a, as a channel partner. So you can, use our XDR platform to power your own security services, and use all of the advanced threat hunting capabilities that we've already talked about at length in order to power your own response services. But, also, always bear in mind that our incident response service is there as well if you do need additional support. So, if an incident, escalates to a point where you feel that you're not best placed to assist, then our incident response team, can step in and assist you with that. So let's have a look at the MDR market in just a little bit more detail now. Let's consider obviously, there are other vendors out there. Well, how do they position their security solutions? So there are essentially two core philosophies associated with MDR that we should we should investigate. So one of them is the approach of bringing your own technology. So this is where an MDR vendor has only services but does not have, a a technology element of their own. So for example, they're not providing endpoint protection. They don't have a firewall to stay, that kind of thing. So that's one approach, and that obviously is flexible. But it does mean that because there's no technical presence on the end user location, it's very difficult to perform response actions. And this typically leads to a service which is really only guidance and not necessarily the response element. On the opposite side of the fence, you have the MDR service delivery model that wraps around a vendor's own cybersecurity tools. So this is a little bit more commonplace in the market. This is where a vendor may have security solutions, and then they add services on top. And this obviously means that the customer is then limited, to the data that they can ingest. They can only ingest the data associated with the vendor that they've aligned themselves to. So this would cause visibility gaps, for example. It also means that when a customer wants to adopt this, service model, that they often will have to rip and replace existing cybersecurity tools that kind of inherently you have to replace an endpoint if you have to move to a different vendor that, offers the service as well as the endpoint itself. So this is disruptive. It's costly. Sophos, however, have a unique, position of being able to combine the strength of both delivery models. So, of course, we have a fantastic and world class endpoint agent of our own. We have world class products that sit right across the diverse set of cybersecurity tools, and you can have those as part of the MDR service. But if you already have existing technologies in place, there is no need to rip and replace those because our MDR service model is flexible and would allow you to integrate, those third party products so that you're getting the visibility insights without necessarily having the need to rip and replace those technologies. So let's have a look at the visibility that we offer through third parties in a little bit more detail. So, this isn't the full list, but this is a a pretty comprehensive list of all of the, alignments that we have and the different technology streams that they occupy. So it shows you how we have visibility across all of the key attack services. So, obviously, endpoint, firewall, traffic flowing across the network, emails coming into an organization, the productivity suite, the public cloud estate, identity providers, and backup and recovery. So I'm particularly interested in the backup and recovery side of things because this is often a fantastic early warning for us. Many cyber criminal tactics now involve the attempts to compromise a backup early in the attack chain because they know fine well that if an organization has a good backup, they are, unlikely to pay any kind of ransom demand because they can simply restore from backup. So the backup and recovery agent in a way and that integration has really become, an early warning sign that indicates an organization is about to experience some kind of issue. You'll notice as well there are some some teal colored ticks on here, which indicate from a pricing and licensing perspective which of these integrations are chargeable versus which ones are actually included inherently as part of our MDR service tiers. So you'll notice, of course, that all of our Sophos integrations are included by default, but you'll also notice as well that the endpoint category is also something which we include by default. So, essentially, if an end user has a mixed state of various different endpoint vendors that doesn't include Sophos, then we can take that telemetry, as part of our MDR service, and there is no additional charge for that integration pack. The same is also true of productivity suites. So the Office three six five integration and, our integration into Google Workspace, the rest of these are chargeable license packs. So if you want to integrate data from a third party firewall, then there is an additional charge, albeit a smaller one, to bring in data from there. The same is true of our network integration, our public cloud integration, and our identity and our backup and recovery, are all chargeable license packs. The licensing model associated with these integration packs is a very simple one. So just like the rest of the Sophos, portfolio, it is charged based on the number of users plus the number of servers. So it's a very, very simple pricing and licensing model and one that, of course, you will naturally be accustomed to. So what happens to all of that data, when it arrives with us? So regardless of where the event source is, whether it be, endpoint, whether it be network level, whether it be the firewall, whatever it what happens to be, all of that data is collected through our third party integrations and, is correlated together. It's normalized. It's contextualized, correlated together to spot trends, suspicious activities, and events that are linked together. And that information is fed very rapidly either into our MDR service or, of course, can be presented to, to end users through the XDR platform for them to carry out their own threat investigations. So, again, just a reminder of how these licenses are structured and how this capability is structured, these are all of the integrated, in, partners that we have and and platforms that we have that you get inherently as part of the MDL platform. So all of the softbox portfolio, plus the Microsoft Security Suite, the Google Security Suite, and a number of other third party endpoint agents as well. And you also get data retention for a period of ninety days included. So these integrations really are a very good way to maximize the return on investment of the security solution, particularly when you look at Microsoft, which is pretty much omnipresent. It's a great way of extending the, detections and the telemetry that we can receive at no additional charge. But like I said, if you have organizations that have already investigated in a number of other cybersecurity solutions out there, then these are the ones that are chargeable, and you can see how those licenses are packed, and you can see how those are split out. You can also choose to augment, the MDR, data retention. So you can include up to a year of data retention at additional charge. And we should also talk at this point a little bit more about our managed risk capability as well. So this is a partnership with Tenable that augments our MDR service to help end users, detect where they might potentially be vulnerable and, to help close some of those exploits, loopholes that we talked about right at the start of the session. And, again, as a reminder, the licensing packs, they're great value add integrations. They're licensed by category in the way that I've just shown you, a really simple licensing model number of users plus numbers of servers, and it's available in many cases as term subscriptions or as this a small increase in the monthly billing associated with MSP Flex. So it fits both licensing models. Now also as part of our MDR service, those organizations that choose to select MDR complete, and I'll show you the two licensing tiers in just a second, they will enjoy our breach protection warranty. So this is a warranty of up to 1,000,000 US dollars, for an environment which is protected by MDR complete. And what it does, it it it allows organizations to enjoy an extra peace of mind. It an it helps them to understand that we we stand by the service that we offer, and will help organizations if it feels like there has been an incident, which, which hasn't been, correctly contained for whatever reason. It adds that peace of mind and adds further value to our MDR complete offering over the MDR essentials, which is the slightly lower tier of service that we offer. It's a good reason to push customers and incentivize them towards our top tier offering. Our breach protection warranty is clear. So it's clear to see that it's included within our MDR as part of our business terms. It covers all of the countries that we operate in, so there's no exclusions from a geography perspective beyond naturally embargoed countries. There's no, there's no restrictions in the coverage in terms of, how long you've been with us, if it's a renewal versus a new purchase, for example, and there's no additional licenses to buy. This is a core part of our MDR complete offering. The warranty is comprehensive. It covers, devices running both Windows and macOS without exceptions on either of those two platforms. It includes, breaches that, occur using, one of the endpoints or servers protected by our MDR complete. It's included, for the duration of your life license or your monthly subscription in the case of MSP Flex, and it's available for both new and renewing customers. The warranty pays up to a million, dollars sorry. A thousand dollars rather, I should say, per breach machine and up to a total of a million dollars in in in in in totality, in the case of a a widespread incident. It covers multiple incurred expenses, including, PR, legal, compliance, a whole bunch of factors. So it's very, very simple to understand exactly what is included, without, too much, by way of terms and conditions. Of course, terms and conditions do apply around the breach warranty as you would expect, and you can find the full details of the terms and conditions and the exclusions to that warranty at the URL that you can see on the bottom of the screen there. So that's softos.com/legal. But it's pretty transparent and pretty straightforward to understand. So I've talked about the two licensing tiers. So let's investigate that in a bit more detail now. So MDR complete is the, the one that you see on the far right hand side, which, of course, includes all of the 24 by seven threat monitoring, the, the reporting, the threat cast that we offer, the account health check on a periodic basis, our threat hunting capabilities, and also, of course, that full incident response capability as well as, the breach warranty that we've talked about. Now we also offer MDR essentials, and we offer MDR for Microsoft Defender. In both cases, this is a slightly lower tier of service, which is really orientated towards customers that do not have Sophos as an endpoint, protection vendor. So that has a few additional, exclusions to it. So for example, we don't include the breach protection warranty because, of course, there are, there are endpoints out there which are not soft cost protected, which we couldn't necessarily guarantee the protection of of those other platforms. And as a sort of side consequence to that, we don't include the incident response service either, natively as part of MDR essentials. But what you can do, to to those end users that want the peace of mind of having incident response is you can attach the incident response services retainer to your MDR essentials sales. So this is a cost effective way to offer some peace of mind that the end user has access to an incident response service in the unlikely event that an incident occurs. It's that peace of mind that means that if incident response services are, required, that they're on hand, they're available, and it also offers a a distinct reduction in the cost of our incident response services. And I'm gonna talk a bit more about what is included in our incident response service in just a second because what we're gonna do now is look at the additional services offerings that fit around MDR. So remember, I said that we're always looking at new opportunities to empower you to promote more cybersecurity as a service offerings. These are just a couple of examples of the additional services that we offer. So there are three that we'll talk about, in this section. We'll talk about the incident response retainer, the compromise assessment, and the rapid response service. So the incident response, service is there for everybody, with the exclusion of Sophos MDR complete customers because, of course, they already have the incident response service included. This allows an on demand access to a team of incident response experts. So a different team to the ones that provide our MDR service, but a team of experts that are there to contain threats, eliminate threats, and get back to normal operations as rapidly as possible. So by purchasing the incident response retainer, there's a prearranged set of service terms and conditions that ensure that we can rapidly get to the point of, containing an active, threat without having to go through all of the legal process. So we've already defined that framework. It also means that the end users who have an incident response retainer enjoy a discounted, price. The fit it is a fixed price service, but they do get a discount, but it means that end users don't have to worry about hidden costs or unpredictable costs associated with remediation. The incident response retainer also provides a vulnerability assessment report and a health check to generally understand customer security posture and to reduce the likelihood of a breach in the first place, and then also, allows them to access our, monthly threat intelligence briefings as well. So we've been able to look at incident, response experts showcasing the latest insights and best practices to help an organization stay secure. So that is the how do I prepare to respond to a breach. There is another tier of service, which is compromised assessment. This is orientated towards customers that have a question mark. They think there is a chance that I might have been breached. What do I do about it? How do I find out? So what compromised assessment service is a team of experts and threat hunters that will actually investigate customers' estate and understand if an attack is in progress, is an attacker operating undetected in the environment. They will identify the scope of the threat, quantify the threat, identify the potential risk sources, and try to reduce a more widespread security incidents. They will, as part of their service deliverables, produce a written report with tech technical documentation and nontechnical executive report summary as well explaining and detailing the evidence of cyber criminal activity. And, obviously, as a result of that kind of, investigation, if it does transpire that an attack is present in the organization, then we can rapidly move customers over to the next tier of service, which is rapid response. So rapid response is a service which is there if an organization knows that they've been breached and they don't know what to do next. So this is delivered by, again, a team of dedicated remote incident responders, using threat intelligence analysis and carrying out threats across the estate, rapidly containing the threat, going through the process of triage containment and then elimination to reduce the scope of a cybercrime incident to reduce the and eliminate ultimately the active threats in the estate. When you purchase rapid response, what you're receiving is access to forty five days worth of ongoing, protection and monitoring from Zoho. So containing the initial breach and for the remnants of that forty five day period, our team will continue to monitor to make sure the cybercriminals don't come back and and to to handle immediately any reoccurrence of the threat. The real bonus of our rapid response services I've already highlighted is the fact that this is a fixed price engagement, so it's determined by the number of users and servers in the estate. It doesn't matter how much time we have to spend carrying out that remediation and those investigations associated. The costs are predictable to the end user, because the fixed price engagement has already been defined. And, again, just one final reminder, if you want the peace of mind of reduction of that incident, that rapid response containment, that can be, that can be acquired, through the incident response retainer. So for organizations, for example, that purchase MDR essentials or, purchase a a protection only or XDR solution, All of them can benefit from the incident response retainer for for that relatively small uplift, but then knowing they've got access to rapid response teams when they need it at a at a substantially reduced rate. Okay. So moving forwards and and getting a little bit closer towards the end, we have then additionally our managed risk service. Again, this may well be new to you. This is our latest, addition to the cybersecurity as a service portfolio and is delivered through a partnership with an industry leader in this space, which is tenable. So the reason why we launched this particular service is through, research like our state of ransomware report. We discovered that a third of ransomware attacks are typically starting with some kind of, vulnerability which has been exploited. So remember, this could be a combination of any types of, loopholes in software common to organizations like operating systems or various different applications which have not been patched and are therefore exposed to some kind of cybersecurity exploit. So we believe that delivering cybersecurity outcomes that are superior would also include closing these loopholes down to make sure they're not exploited in the first place. And we partner with Tenable because they are industry experts in being able to identify an attack surface, looking at the vulnerabilities, and presenting that data. What we offer through our managed risk service is analysis of the data provided by our OEM partner, Tenable, so that we can identify and work with our end users who consume this service to identify the most high priority exposures, because every organization is different, and, an exposure in one organization may be much more impactful. So helping them to understand what remediation, activities they should carry out and help them to focus their remediation efforts on closing the loopholes associated with the tax that will be most disruptive. So providing them with priority order on which, which activity to carry out first. It kind of goes without saying that there isn't really enough time in the day to patch everything. It's too much of a difficult process. Otherwise, exploited vulnerabilities wouldn't be a thing in the first place. So identifying and prioritizing the limited time that end users have available for threat, analysis and and vulnerability management is absolutely key. So the key deliverable of the service is identifying which things an end user should prioritize. The licensing model associated with managed risk is really simple. So there's a couple of prerequisites that you need to understand. The the first of which is that, in order to consume our managed risk service, the customer must also already be our, one of our MDR customers. So it doesn't matter which tier of MDR, but in order to purchase managed risk as an add on, it is an additional subscription alongside our MDR service. So that's the first thing to understand. The second thing to understand is the licensing model associated with SoftPos managed risk is simple. So it's exactly the same licensing model that you would expect, and is consistent with the rest of our portfolio. So it's how many, users do we have and how many servers do we have. So it's the same and consistent with all the other services that we offer. It doesn't matter how many external assets that you have that exposed to the Internet. It doesn't matter how, complex your organization is in terms of structure. The licensing model remains consistent. It's very, very simple. The, the MDR and managed risk combination as it stands today is only available to our term based subscription customers. This may well change in the future. We may well extend this to our MSP monthly billing option, but as it stands today, the Sophos managed risk service is only available to our, term based subscription, customers. Couple of other things that I should probably mention as well. As it stands today, and this might be important for the exam as a little bit of a hint there, we are only offering external attack surface and monitoring. So as it stands today, managed risk will only look at customers' external assets that are exposed directly to the Internet. Now that will change, and we will be augmenting the capability, hopefully, not too, far away to also include internal attack surface assessment as well. But just so we're all clear and maybe for the purposes of the exam, we are only looking at external attack surfaces as it stands today. And it's worth also mentioning as well because you might find it in the exam too, that although we partner with Tenable, there is no obligation and no requirement for the end user to purchase, Tenable licensing or subscriptions of any type directly with the Tenable vendor. Everything is dealt with through our licensing model, so no need to buy and maintain and and worry about additional subscriptions. It is all included with the managed risk service. Okay. So now finally, from a products and services perspective, we'll just talk very briefly about NDR. Once again, just to give you a bit of a reminder, because, again, you may well find this in the exam. Skilled attackers will utilize any kind of loophole in the network, and that is often unprotected devices, rogue devices that have simply arrived, in an unmanaged fashion. You know, people bringing devices into the estate and more novel threats like Internet of things and and and data that's slowly leaking out of an organization using some kind of remote session. And then Doctor is there to detect all of those things. So utilizing NDR is a great addition to our MDR service. NDR is also a great addition to our XDR service as well because it feeds in both cases that extra vulnerability, information into, those dashboards or to that service team in the case of MDR so they can identify threats as they're actually happening in the estate. Works a lot alongside the firewall as well. So helping you get visibility of, traffic, of course, moving east west as we call it. So inside the network using NDR and north south as it's often referred to traffic leaving the organization through the firewall. It's a great combination, when you have both of those things working together. The alerts and information that we see, in our NDR product is passed immediately through to either the MDR, service desk or the XDR dashboard for further investigation by, humans where required. And the delivery model for this is that it's delivered as a virtual appliance that connects, to a, either physical in the case of most infrastructure or virtual switch typically in the case of, cloud infrastructures on the state because that's that's where we get the visibility. So we plug it into a special port on those switches so that we can get a copy of all the transactions spraying through those switches so that we can see, the traffic and identify where the threats might exist inside those hidden traffic flows. So, again, simple licensing model, as you might expect. It's based on the number of users and service. So it's very, very simple. Doesn't matter how many virtual appliances you need. So if you've got a a network that's got lots of different switches, maybe lots of different office environments, it's all segregated out. That's fine. You can deploy as many virtual appliances as you need in order to to get the telemetry that you need and feed it back into, into our XDR or MDR tool. So, that's it for, the products and services perspective. Just wrapping the session up, we'll look finally at the benefits associated with partnering with Sophos. So there's a number of service specializations that I need to highlight to you because, again, you might find some of this content inside the examinations. There's, there's a dedicated specialization towards managed services, and there's a dedicated, specialization towards cloud services. And our next gen resellers also can highlight their own differentiators by looking at, the wider cybersecurity estate. There was also a number of partner tiers. And, of course, for many of you, the whole purpose of being on this session is to to elevate yourself or maintain the partnership that you've already attained. So you'll see there are five tiers. They're associated with a combination of both revenue and certification requirements. So, again, reach out to your cam, reach out to your distributors to make sure, for the tier that you are aspirate, aspiring towards or the tier that you wish to retain. Have you got the appropriate certifications that you need, in order to, to get there or to elevate your position and, increase your visibility through attaining a higher level of tier? If that is your business goal. Those accreditations, exist across both, the engineering discipline through our Sophos, certified engineer, Sophos, certified architect and technician, but also Transcend as well both, endpoints and the firewalls. So there's separate examination processes, both endpoints and files from a from a technical perspective. And then you can also attain synchronized security, status as well as a centralized security partner by combining those together with one small minor additional examination as well. All of that, exam, certifications and the training program behind it is available through the partner portal. So when you log into the partner portal, you'll find the extensive training programs that we have there as well as the examinations themselves. And just a little bit of a refresh. This may vary depending on which region you're in, but these are the the requirements associated with each of those partner tiers. You will incidentally, by the way, get a copy of these slides at the end of the session. So don't worry too much about absorbing all of that detail now. But, again, if you're uncertain in any way, then, your your your channel account manager, your distributor can help you, navigate through exactly what your certification requirements look like. These are the exam, names that we have. So I mentioned SEO one, SEO two. For the purposes of engineers, we have ETs and we have ATs for architects. So that will help you understand what discipline these accreditations are related to. And, in the case of the numbering system, they're fifteen and eighty. They're referring respectively to endpoints and to firewall. So that helps you demystify, the different, accreditation, names that we have there for the different, examinations and courses. As I said, you'll find everything inside the softwares partner portal and a whole bunch beside there as well. So the softwares partner portal is there not only for your certification purposes, but also to help you manage opportunities, manage renewals, register new business opportunities, manage your customers, licenses, as well as getting the training that we've talked about there and also to get additional sales resources, like things like the state of ransomware report that I've just talked about and the marketing resources there as well. So the soft spot report will really use your one stop shop to boost your business and, to help you maintain those certifications and training requirements and really keep yourself up to date as well, using things like the latest news and partner block. As well, I will mention the fact that on a monthly basis, I deliver a monthly technical update, which is obviously orientated towards, the technical people within your organizations, giving them insights into the latest, product innovations, on a slightly more technical level on a on a monthly basis. So lots of different ways that you can keep yourself up to date. Okay. So you'll be glad to know. I'm sure that we're pretty close to the end. The obvious next steps are it's time to take a look at the exams. So I'll just pause on this screen here just for a short while so that you can zap those QR codes. So you can see the links there that you need in order to get to the two exams. This will also give you a little bit of an indication about how much time you need to allocate to taking these exams. Pretty much everything that you'll need in those exams, we've actually covered during the session today. That's the purpose of this session really is to prepare for these examinations. So your s, SUO one there, your sales fundamental course, there are 20 questions, from a from a pool there, and it should take you no more than a hundred and twenty minutes to complete that exam. The s u o two, this is, the selling MDR and cybersecurity as a service. This is the Delta course from version one to version two. So the Delta exists to bring in all those new services that I talked about in a bit more detail. There are just 10 questions in there, and we estimate that it should take you no more than one hour to complete that exam. So that gives you all of the, the bits of information there that you need in order to budget your time appropriately, allocate the appropriate amount of time, in order to carry out those, certifications. And you'll find it inside the Sophos Academy. So look for that, that multiple hat little logo there, that little device, to find the Sophos Academy. And then you can see where, in order to keep your certifications up to date, where where a delta is available to you in the partner portal, then you can, you can see where that, delta will take you through to the latest updates to keep your certification current. I'm just gonna pop that screen back up one more time there. One last call if you wanna take a screen grab so you can navigate to those exams, or you can simply take the QR code and and and get yourself directly to those exams. Okay? So, that does bring me to the end of the session. I'm just going to stop my screen share so that I can have a little look at the chat dialogue box and see what questions you might have, that we can answer for you. Okay. Let's have a little peek. Okay. So some questions, and I'm not clear if I need certification. Again, I I can't answer that directly here and now, but reach out to your appropriate contacts either at soft office or your distributor. Yes. You will get copies of the slides. So thank you very much indeed for your request for there. Let's have a little peek through to see if there's any others. Is it possible to have access to test like a simulator? Unfortunately not. But, you you do have opportunities to reset the exam should you fail. I'm sure you won't because, hopefully you've, you've absorbed everything from this session. I've tried to keep it really focused. But, if you do need a reset, after you've run out of opportunities, then then reach out again to your, channel account manager, to your distributor, and they will help you with that. That's not a problem. If people have registered and not been able to attend, they will get a copy of the presentation and the recording as well. So, yes, that should hopefully help with that. Just one last thing that I've really feel I want to bring to your attention, just before we wrap up. There is just one little odd discrepancy that I've noticed when looking through the, the exam questions. So I've given you the correct, from a functional perspective, information associated with Sophos MDR for Defender, but the exam, for whatever reason, seems to have a slightly different opinion. And I guess sometimes these things are down to interpretation, but at the risk of giving you too much information, there is a question that many of you will encounter in that, selling cybersecurity as a service around the MDI defender, which is, which of the three customer use cases are addressed by Sophos MDR for, Microsoft defender. And it does talk in that question a little bit about third party integrations and receiving data from, from non Microsoft products. And that isn't actually a correct answer from a perspective of the examination, but actually in reality, you can purchase the additional security integrations and get the telemetry from non Microsoft products. But just for the purposes of the exam as a little bit of a hint, it doesn't actually list that as a correct answer. So I have flagged that up and it will be changed. I'm sure. But just in the interim, that's just one thing to remember. The other thing is, for some reason in that, that particular question, it does seem to suggest as well that you will receive full incident response as part of that, purchase without purchasing an incident response retainer. And if you think back to the service tier that I showed you there in the table, you'll you'll hopefully recall that actually incident response as a service, the retainer is an optional purchase, for MDR for Microsoft Defender. So that's the answer to that is incorrect as well. So just to reemphasize, if a customer purchases MDR from our soft defender and they want the incident response retainer, that is an additional purchase. So apologies for that small little discrepancy there. It's a bit of an oddity. I don't quite know why that's ended up that way, but I will flag it up, but that will give you a bit of a tip there. So you you should get at least 10% on your exam there because I just gave you the answer. So I once again, I hope you found that useful. I hope you found it, educational insightful, and I wish you every success, with your examinations. The very best of luck to you all. But if you do have any problems, if you're uncertain about the exams that you need, if you need to do a reset, if you need any kind of assistance, please talk to your channel account manager, talk to your distributor, and please don't leave it too late. Again, the March 31 is not that far away. It's really important that you do the certifications that you need and allow plenty of time to get those things done. Make it a focus, for this month. It's your New Year's resolution if it's not too late to get those certifications under your belt. So So once again, thank you ever so much for your time. I hope you found it useful, and I wish you a very pleasant rest of the day. Goodbye for now.