Name: Announcing the Newly Expanded Security Operations Portfolio
Uploaded: 2025-10-15T10:31:37.934Z
Duration: 56 min 56 s
Description: Announcing the Newly Expanded Security Operations Portfolio

Transcript for "Announcing the Newly Expanded Security Operations Portfolio": Good morning. Good afternoon, everyone, and welcome to our special launch webinar, announcing the newly expanded security operations portfolio today. My name is Anna Becker. I'm the director of EMEA channel marketing. And today, I will be joined by our product marketing team, namely, Sally Adam, the VP of product marketing. And, Paul Murray, the senior director of product marketing, will be giving us the all the updates and exciting news about, the upcoming launches that you will see already happening next week. We are recording this session as always, and you will be receiving the recording and the slides with a follow-up email afterwards. And we are you are more than welcome to ask questions in the q and a section, and we will be answering the questions in the chat during the presentation. At at the end of the session, we have reserved some space and time to answer the most frequently, asked questions live. Yes. With this, I am happy to hand over to Ocely Adam, who will start the session. Thank you, Anna, and thank you, everybody, for taking the time to join us today. Now this really is an exciting time for all of us. We've just announced three major enhancements to the Sophos portfolio that will help you grow your business and elevate our mutual customer's defenses. We have the refresh of our endpoint portfolio, the expansion of our security operations portfolio, and also the expansion of our security services portfolio. Now we talked about the endpoint portfolio in our Southern Academy session in September. So if you missed that session, do watch it on demand. Today, we're gonna be focusing on that middle pillar, the expanded security operations portfolio. And next month, November, we're going to be focusing the academy session on the expanded security services, particularly our new advisory services offering. So do add that one to your calendar and join us then. Now what we're gonna talk about today really does deliver lots of benefits for you, our partners. It gives you new solutions to sell both to new and current customers. It gives you a more competitive value proposition to win new business and to expand your footprint with your existing customers. It makes it easier to quote, sell, and renew service, and it also enhances your AI story. So lots of benefits. So, really, let's get going. Now I want to start with taking a look at where we are today. The software security operations portfolio is designed to meet customers at every stage in their journey. For customers that want to detect and respond to threats in house, we've got Sophos XTR. For those that want twenty four seven detection and response delivered by Sophos experts, we've got Sophos MDR. We also have Sophos XDR and Sophos MDR service expansion add ons, specifically Sophos managed risk, which identifies vulnerabilities in the internal and external attack surface, and Sophos NDR, which detects suspicious activities inside the network. And for organizations that need a full next gen SIM solution, we've got our Tejas XDR offering. Now we're really excited to announce a number of expansions to this security operations portfolio. Firstly, we're introducing a new service EDR license option. We've been able to meet customers' needs for EDR through our XDR license for a number of years. However, the new Sophos EDR license will make sales easier and simpler. We're also introducing a new expansion option option for Sophos XDR and Sophos MDR, which is Sophos identity threat detection and response, which really elevates defenses against identity based threats. We're also making some changes to our existing Sophos XDR and Sophos MDR solutions. Firstly, we're now including all Sophos or non Sophos technology integrations automatically for new and existing customers. This removes the need to sell integration packs and really elevates the the overall offering. And we've made some great enhancements to the Sophos AI assistant, further supporting and accelerating analysts and enabling them to detect and respond faster. So we're gonna cover all of these changes in detail in this session, starting off with the new Sophos EDR license, which is the ideal solution for organizations at the start of their journey. And for this, let me pass you over to Paul. Thank you, Sally. So, very exciting. So the new addition of our EDR license tier. So just to re reiterate something that Sally mentioned a moment ago, we've been able to address customers' requirements around endpoint detection response in terms of features and functionality for a number of years now, and we've done that through our Sophos XDR license. But we have we've listened. We've understood that sometimes customers just want to focus on the endpoint side of things in terms of their cybersecurity journey. Perhaps they're not quite ready to, go into that full XDR, product line. So they want to they want to focus on endpoint detection response. So to meet that need, we're introducing an explicit license tier Sophos EDR that sits in between Sophos endpoint and Sophos XDR. So it's really now Sophos' best in class endpoint security, product offering. It combines the protection capabilities of endpoint of of Sophos endpoint with the detection and response capabilities from XDR where they focus on the endpoints and servers. So it really is that best in class endpoint security that we're now driving and leading with. The key differences between Sophos EDR and Sophos XDR that you'll be familiar with is, as I mentioned, it's focused on the endpoints and on servers. It's not focused on the broader attack surface, and that's where the XDR license comes in. And I'll speak a bit more about those differences in a moment. In terms of availability of the the new ADR license, the term licenses is gonna be available from November 1. And then for MSP Flex, it'll be available from late January twenty twenty six. So quick snapshot view of the difference between our core Sophos endpoint license, Sophos EDR, and Sophos XDR. So really simplified view here. Sophos endpoint is our protection first, robust, prevention focused offering, and then Sophos EDR layers on top of that the detection and response capabilities. So detections, investigation capabilities, response actions, core AI features. You'll notice that we're including, core AI features such as our, case summary AI case summary, AI search, and AI command analysis, all included in that EDR, SKU. And then when you move up to the XDR piece, that's where you get additional AI capabilities. The AI assistants are included. But, really, the key difference is that visibility across the entire IT environment with XDR due to, third party integrations and also Sophos integrations. Now that leads us in quite nicely to, the next, chapter. So, Sally, if I can hand back to you to talk about integrations. Yes. Absolutely. Thank you very much. Wow. So we just lost the the slides at the moment. Just see if Anna's able to to bring them back up for us. Yes. And we don't want to talk about the integrations. So what we are doing is we are, including Sophos, Sophos and non Sophos technology integrations with all our Sophos MDR and Sophos MDR licenses, which is a really exciting enhancement. But I want to start by taking a bit of a step back and look at why integrations are important. So integrations do two main things. They enable us to ingest threat telemetry from the IT and cybersecurity solutions that an organization is using, whether that's their their endpoint, their email solution, their Microsoft technologies, their firewall, and use this information to detect attacks. Now this is really important because attacks can start at any point, and the bursaries often move through the organization in their in their attacks. We also use integrations to enable analysts to take response actions actions using these technologies to neutralize threats. So they can use integrations to apply host based firewall IP blocks, to disable user accounts, to terminate Microsoft three six five sessions. Now when it comes to integrations, the more you have, the better your outcomes. Because more integrations enable analysts to see and stop more threats, faster, and, they also enable them to take more response actions. So more integrations is is really a good thing for organizations. Now what you can see here on this chart are examples of the integrations that are available with Sophos MDR and Sophos XDR. Some of these are already included for free, so the Sophos integrations, the productivity integrations, the input integrations, while others have been chargeable, which we did through the integration packs. So for example, a customer that wanted to connect their SonicWall firewall would buy a firewall integration pack. Those that wanted to connect their proof point email will buy an email integration pack. Now while we're on the subject of integrations and to avoid confusion, I just want to make clear that, you know, integrations are are this way that we're taking telemetry and responding. They are separate from the, solution expansion add ons. So Sophos NDR, Sophos managed risk, the data storage. These continue to be, exactly that solution add ons. They're they're not part of the integration story. They're not included now, automatically with the, with the solutions that continue to be chargeable add ons. Now the big change we're making is that as we've mentioned previously, you know, we've had the integration packs that was, how customers access some integrations. Going forward, we're going to include all integrations, Sophos and non Sophos, automatically and no ex and at no extra charge for Sophos XDR and Sophos MDR customers. We're also gonna be stopping sales of the integration hacks. Now timing wise, this change is going to be effective from November 1 for new term customers, from November 8 for existing term customers, and from late January for MSP customers. You're likely wondering, you know, does this impact the price? Now for Sophos MDR, whether that is a term or flex subscription, there is no change to the price for the Sophos MDR piece. For Sophos XDR, there is a small price increase. MSP flex subscriptions will increase by around 10%. And for new term licenses, we're going to increase by around the equivalent cost of, previously adding one and a half integration packs. Now as I said, there is a there is a small pricing reserved for XDR, no price change for Sophos MDR, but this change brings a huge amount of benefits both for our customers but also for you, our partner community. For customers, it means better cybersecurity outcomes. The more analysts can see, the faster they can act. And this change makes it easier to maximize analyst visibility. It also enables them to get better value from their softwares solution, their their investment in softwares MDR, softwares XDR, and to get more benefit, more return on investment from their existing technologies. For partners, it makes sales easier. You've got a stronger offering to take to market, plus the retirement of the integration pack streamlines your sales process. You know, it streams down to your quoting, streamlines your ordering. It also presents an opportunity for you to sell more pro services, whether your own or softwares delivered to set up all of these integrations that are included automatically for customers. Plus, of course, the more integration the customer has enabled, the stickier stickier they are facilitating your renewals or, in the case of MSP, continued service usage. Now talking about MSP, there's one important point we need to share here, which is around migration parts for Sophos XDR Flex customers. Now you remember Paul mentioned the introduction of the Sophos EDR license, and the change to the integrations for MSP are also aligned with the same date for the introduction of the Sophos EDR license for MSP, all happening in late January. Now what's going to happen is that Sophos XDR Flex customers that are not using any integrations currently, either the paid for integrations or the free ones, they will be migrated to the new Sophos XDR oh, sorry. New South EDR license. Because they're not using any integration, they're essentially using an EDR, tool now, so the license the EDR license will better align to their activity. And the price of the EDR subscription will be the same as the current Sophos XDR subscription, so there'll be no price change. And just to kind of put a a scale on this, 93% approximately of our current Sophos XDR flex customers are not using any of the integrations, so they're going to move over to to Sophos EDR, you know, exactly the same price, exactly the same capabilities that they're taking advantage of at the moment. Then for the approximately 7% of Sophos XDR Flex customers that are using integrations, either the the paid for or the free ones, they're going to stay on that Sophos XDR subscription, but there will be the price increase of around 10% that I mentioned. However, of course, while the the subscription price has has increased well, well, will increase by about 10%, you won't need to additionally add on the integration pack. So for many customers, the the net, cost will will remain the same. Now the inclusion of these integrations is good news for our customers, as I said. You know, they get better outcomes, better value. But, you know, we are mindful that, of course, we have customers that's already invested in paid for integrations. For those, we recommend you look at the individual customer situation when deciding if and when to let them know about the integration changes. Now most customers that have paid for integrations only have one or two. The vast majority have one or two. And for these customers, I'd recommend sharing that as valued customers, we've expanded their license to include all integrations. Now for those customers that have three or more paid for integrations, you may want to wait to to discuss the overall situation, their overall environment at renewal. And do feature yourself as a count team if you need support or guidance. And another important to point that I want to mention while we're on this sub subject of customers with integration is around, renewals. So, we have auto quote renewals for customers that have bought integrations, and they are going to match the current volume price. Very, very few SurfaceXDR and SurfaceMDR customers are paying list price anyway. And so whereas previously, the the the the current, subscription will be based on the, let's say, the MDR price plus the integration pack price, the auto quote will be at the same total price but with everything under the MDR subscription. So rather than splitting the cost between the, MDR or XDR license and the integration packs, we'll keep the price the same, but just put everything on, on the MDRX, CDR license, enabling you to offer seamless continuation of renewal, removing friction whilst really adding value. So do speak to your Sophos team if you need help here. So that is a big, deep dive into the integrations. Now I'm going to take a look at the Sophos AI assistant. Now setting the scene again here, you know, we group as Paul was sharing our AI into two areas. We have AI core, which is included with our EDR, XDR, and MDR licenses, and as well as AI assistant, which is included with our XDR and MDR licenses only. And along with the integrations, it's one of the key differentiators between our EDR and XDR licenses. Now we know that AI is a front of mind topic for customers, and they want to be sure that their cybersecurity solutions are leveraging AI to support them. And the good news is that Sophos has a tremendous pedigree when it comes to AI. We've been using AI in our solutions to elevate cyber defenses since 2017. And the Sophos AI assistant is not just any AI assistant. It's the experience of the Sophos MDR team, which secures more than 35,000 organizations worldwide that's been distilled into an intelligent agent. So it really is a thoughtful, outcome focused AI assistant. So we've recently made a number of, enhancements to make, our AI assistant and, and the AI experience even better. So you can assure your customers of continued AI leadership whilst continuing to focus on making an impact, not just hot air. So we've updated the navigation in Sophos Central with a new AI menu to make the assistant easier to find. We've got two new assistant roles, so the security analyst, which helps with investigations, and the threat hunter, assistant, which is, as you know, the name suggests for proactive threat hunting. And to make it even more useful, we've added context, based on what the analyst is doing and integrated intelligent prompts into the workflows. Now these enhancements are already available for all Sophos XDR and Sophos MDR customers, and we'll be continuing to expand and enhance our AI capabilities in the coming months. So those were the, the kind of big updates, the big enhancements we've made to our Sophos XDR and Sophos MDR solutions. But, now we that brings us to to update number four, Sophos identity threat detection and response. So, Paul, over to you. Great. Thank you, Sally. So SaaS has spent a good amount of time talking about some really, great optimizations and adjustments to the existing portfolio here. But what I want to talk about now is an expansion opportunity for you, which is a new offering Sophos ITDR or identity threat detection and response. So this is a new add on, for both Sophos NDR and Sophos XDR, available for term licenses as of next week, October 21, and then, just over a week later for MSP Flex. So we're hot on its heels, with MSP Flex monthly billings as well. So, again, it's an add on for XDR and MDR, not sold as a as a standalone solution. And I'll show you why in a moment because it's tightly integrated into that XDR platform and those MDR use cases. But what is Sophos I TDR then? It is both a proactive and a reactive identity security solution. So it identifies gaps in the customer security posture in their in their Microsoft IntraID deployment. It's detecting identity based threats. It's identifying abnormal user activity, and it also includes, dark web and breach database scanning and, detection as well. So we can highlight where, credentials from your organization, your customers' organizations have been, exposed in dark web marketplaces and in breach databases. So in terms of how that works with XDR and MDR, so XDR and MDR have, already, some capabilities in the identity security space with our existing integrations with the likes of Duo and Okta and, ManageEngine, for example. Where ITDR comes into it is, around security posture assessment of Microsoft EntraID. So we know from, from Microsoft that over 700,000 organizations worldwide use EntraID today. We also know from, our own incident response team's analysis that around 95% of EntraID deployments that we see are actually misconfigured and are leaving, exposures available to adversaries to to exploit. So it's about minimizing that attack surface in the on the left of Boom as we like to describe. And as I mentioned, we're also scanning dark web. We're using our, CTU that that we acquired from SecureWorks to, to scan the dark web marketplaces and breach databases and highlight and alert customers to when we identify credentials, that have been exposed in those marketplaces. And we correlate that information with, information such as last password updates and things like that so that we know whether, a breach database is something that the customer really needs to take, pay attention to. We also have risky user behavior identification as well, and this actually correlates with other detections from other Sophos products in the Sophos Central platform where we're highlighting users that may be, identifying, maybe servicing some suspicious activities that may be indicative of the fact that they may have been compromised. So that's what the ITDR piece does, and that all, integrates, deeply with the XDR platform. And where it's really as exciting is when you, add ITDR to Sophos MDR, and this is where we are able to escalate, high risk findings and identity based attacks as cases for our MDR analysts to then investigate and respond on the customer's behalf. So I'm gonna pause there for a moment. I'm gonna ask, Camilla to play a quick two minute video just to give you an overview of Sophos I TDR. So, Camilla, if I can ask you to press play. Identities are no longer confined within the traditional network perimeter. The shift to cloud and remote work has increased the complexity of monitoring and securing the identity attack surface. Identity and access management tools like Microsoft EntraID can be complex and difficult to manage, potentially resulting in critical misconfigurations that can leave your organization exposed. Cybercriminals are taking advantage by increasingly deploying sophisticated attacks that use compromised identities to gain unauthorized access to your sensitive data and systems. Sophos ITDR, or identity threat detection and response, continuously monitors your environment for identity risks and misconfigurations while providing dark web intelligence on compromised credentials. This solution helps you reduce your identity attack surface, monitor for leaked or stolen credentials, identify risky user behavior, protect against identity based threats, and respond to threats with speed and precision. Sophos ITDR rapidly uncovers identity risks by automatically and continuously performing more than 80 identity posture checks. The solution monitors and alerts when credentials are exposed in data breaches or on the dark web and looks for anomalous user activity associated with stolen credentials, such as unusual login patterns. With Sophos ITDR, you can identify identity risks in minutes compared to days with legacy solutions and benchmark your identity attack surface over time. Sophos ITDR detects and responds to threats that bypass traditional identity security controls, protecting against 100% of MITRE attack credential access techniques and accelerating response to identity based threats with automated playbooks. Limited security resources? We've got you covered. When you use Sophos ITDR with Sophos MDR, the world's most trusted managed detection and response service, our experts monitor identity based threats and execute response actions quickly on your behalf. Available at fully integrated add on for Sophos MDR and Sophos XDR, Sophos ITDR provides a comprehensive security solution that addresses the growing and complex challenges of identity threats and is delivered through the Sophos Central platform. Ready to learn more? Visit sophos.com/itdr or speak with your Sophos rep today. Terrific. So as I mentioned, Sophos ITDR is generally available as of next week for term licenses and from, early November for, MSP Flex. I should also add that, Sophos ITDR is built on the proven Tejas identity detection and response solution that we acquired through the, SecureWorks acquisition earlier in the year. And in fact, it's the first SecureWorks offering that we have fully integrated into, Sophos Central. So it's a major milestone on our, SecureWorks integration journey as well. There was a question that just sort of pop up, and we'll get to lots of questions at the end. There's a question about can can we get access to that video? Absolutely. It will be on the sophos.com website, when we go live on October 21, and we can, we can get a link to you as well for that. Okay. Moving on from, Sophos ITDL, a couple of bonus updates, for you here. So, back onto the endpoint space. First thing we'll talk about is, if I can get the slide to move along, is our Intercept X Essentials. The observed among you will notice that the Intercept X Essentials, license wasn't on that, license tiering chart that we showed earlier in the session. And that's because we are retiring the, Intercept X Essentials license. Now Intercept X Essentials, did not include, some protection capabilities such as, web control, application control, peripheral control, critical attack warning, and so on. And we strongly believe that all of our customers deserve the strongest possible protection. So we are retiring the Intercept X Essentials license, and so our core endpoint security solution will be Sophos endpoint and Sophos EDR for those customers that want the, detection response capabilities. So what does this mean then? For existing customers that have an Intercept X Essentials license, no change if they're if they have a term license, through until their natural renewal date. At that point, they'll be asked to upgrade to the or the endpoint 100, Sophos endpoint license. For MSP Flex customers using Intercept X Essentials today, we will be automatically upgrading those customers to the Sophos endpoint offering in, the late January time frame, so no effect until, until the February billings run for MSP Flex. In terms of last order dates, new licenses for intercept extensions can be, can be ordered until November 1. Existing term licenses can be, renewed until January 7. And then as I just mentioned, the MSP Flex, that change takes effect in late January. And the second update is a, a branding update. So for those that have been, Sophos partners for quite some time, we'll be very familiar with, with Intercept x as a terminology. We have evolved over time, and we have, decided that now is the time to move away from the term Intercept X. So we are standardizing on, product names, Sophos endpoint, Sophos EDR, Sophos XDR. What that means is that you'll start to see, references to Intercept X removed from product names in marketing collateral, in price lists, and, license descriptions. So some examples that I put on the slide here, central Intercept X advanced, for example, is now simply Sophos endpoint user. Central Intercept X advanced for server is now simply Sophos endpoint server and so on. To be clear, though, the SKU codes, for example, six are are not changing here. We are simply changing the names and descriptions you should see in the latest price list that are available now. Okay. Sally, back to you to to wrap us up. Thank you very much, Paul. So we have covered, a lot. So, I just want to kind of go through the the enhancements, the changes, and then, lots of questions have come in, and we'll be able to take them too. So, at the top level, looking at the the portfolio, we have the new license option, Sophos EDR. We also introduced Sophos endpoint 100 license, which we covered in the endpoint update, last month. And, following on what Paul was just saying, what's not on here is the Sophos Intercept X Essentials license, which is being retired because it doesn't provide the fullest protection. When we look at our portfolio add ons, we've got three new, new expansion options. We have Sophos ITDR, which we've talked about today and, has a video for. We have Sophos endpoint for legacy platforms, which we covered in last month's endpoint session. And we also have our new advisory services offerings, which we'll be covering in detail in the November academy session. But in the meantime, there's a lot of information on our advisory services on the partner portal and indeed on the Sophos website, and they are live and available for for you to sell now. Now I just want to walk through the the changes with a customer lens because, of course, you know, we want to be very, aware of of how these these updates, you know, impact our our different customer groups. And I want to start off by by looking through a a term customer, lens. So first up, Sophos Intercept x essentials customers. They can continue with their current license, up to renewal date. And, at renewal, they will need to move to one of our most comprehensive licenses, whether that is Sophos Intercept, sorry, was was the old Sophos Intercept x Advanced now, Sophos endpoint with poor sharing, or Sophos endpoint 100, or even if they want to uplevel their protection to to include detection response to to EDR. So customers that are on the current Sophos Intercept x advanced license, they have absolutely no change to their their capabilities, but we are renaming the solution to Sophos endpoint. Customers on, some of the Intercept x advanced with XDR, their license is going to be renamed to the far the easier to say, Sophos XDR. They're going to gain access to all technology integrations, then get access to the enhanced AI assistant, and they'll be able to take advantage of the Sophos ITDR, which is a chargeable add on from next, next week. And for Sophos MDR customers, they will, have no change to their license name, but they'll also get to access all of the technology integrations, the AI assistant, and Sophos ITDR. So hopefully, that that lays it out cleanly for the term licensed customers. Let me just flip now to the MSP, licensed customers. The customers with, Sophos X Essentials, the flex license, they're going to get that automatic upgrade to Sophos endpoint, at the January, the the six set equivalent SKU, and, giving them the the most complete protection, reducing their cyber risk. Customers, with MSP who have our Intercept X Advanced, license, they're also going to have that solution renamed, and that's actually going to take effect from November 1 for all Intercept X Advanced customers, whether it's, Flex or or Term. Some of the Intercept X Advanced customers with XDR, if they are not currently using any integration, whether that's a purchased or an included one, they'll just migrate to the Sophos EDR license with no price change at the January. And those customers, around 7% of Sophos Intercept XDR flex customers who are using integrations, they will stay on the Sophos XDR license. They'll get access to all of the integrations, the enhanced AI assistant, and Sophos ITDR, and there will be approximately 10% price increase. And finally, Sophos MDR Flex customers, they will gain access to all technology integrations, the enhanced assistant, and the ability to add on Sophos ITDR with no price change. So, hopefully, this is a a helpful kind of, you know, what is this, table showing what's happening for all of our customer groups. Now I started off by saying that, the, the the expansion of our security operations portfolio brings a lot of opportunities. And, I hope you're as excited about them as we are. For in terms of expanding sales opportunities, we have the new soft side TDR solution that Paul shared, which we can add to all Sophos MDR and XDR sales. We have the Sophos EDR license, which we can use to upsell endpoint customers and to also win new business for people who are specifically looking for an EDR solution. And, of course, the inclusion of integrations, gives some great pro services sales opportunities to set them up. And so we have a more competitive value proposition. So for our XDR and MDR solutions, they really are now, you know, clearly demonstrating fully open offerings, fully open XDR, fully open software's MDR solutions with all those technology integrations included automatically, so enhancing your offering to take to market. We've made the solutions easier to quote, sell, and renew. You no longer need to add integration packs to quotes and orders. And with more customers using more of the integrations, getting more technology, it makes for stickier sales, easier renewals, and easier customer continuation for for MSP. And we've also enhanced the AI capabilities, which ultimately reduces mean time to respond whilst enabling all of our customers to take advantage of innovations in AI, but with a real focus on outcomes there. So that's, that's, where we're at in terms of the security operations portfolio. We do have some webinars coming up. So let me, know that, let me pass over to Anna who's going to talk us through them. So, Anna, over to you. Thank you so much, Sally. Thank you also, Paul. You have heard a lot today, right, that a lot of things coming, a lot of exciting opportunities for you as our partners. But this is not the only change that we will be, announcing. And here, you can see the schedule of our sessions for this quarter. So this is only the beginning in October. Right? On the November 5, we will be hosting the, softest quarter of the business update with Jason Ellis and with some guest speakers to talk about, in more general details about the opportunity. For you with all our launches, with all our, enhancements and updates that are coming in this quarter. Then in November, starting from the November 12, we will be offering another launch session, namely on an Sophos advisory services. They have been launched, already, and we will be updating you and giving you more details and explaining the opportunity in November. And we will be offering, five sessions in all five core languages, so English, German, French, Italian, and Spanish. And right now, as I speak, my colleague is posting the registration links to those sessions, for you to join to register and join those sessions. And finally, in in winter in December, on the December 10, we will be announcing Sophos firewall version 22. So you as you can see, every month, we have some exciting updates and exciting enhancements for you to help you sell and to help you grow your business. So please join the sessions forward to your colleagues, and we'll be happy to welcome you into. I guess that's it from us on the informational side of things. And we had quite a lot of questions coming in, during the presentation, and, I'm excited to, welcome Paul and Sally back to the stage so that we can cover all those questions. Handing over to you. Thanks, Anna. So, yeah, thank you for your questions. We've been seeing some of them come in. We've tried to get to some of them along along the way, but there's still a fair number that, that we haven't addressed. So we've got some time now to go through those. So, Sally, let me let me pose one to you. Endpoint 100, there's a question here. Is there a change of price to endpoint 100? I think that's really what is Cephas endpoint 100 relative to in Cephas in Cephas Advance or Sophos endpoint? Yeah. Yeah. Great question. So Sophos endpoint 100 was a new license option that we introduced last month that provides a single fixed price, offering for organizations with up to 100 employees. It's a it's a term license that was introduced to address particular frictions that we were hearing from partners in the the the term license process with those smaller businesses for endpoint, specifically the, the need to get involved with the sales teams for for discounting and, the time it was taking to to get the the the quotes out. So it's a, so single fixed price license offer, that has, you know, no no discounts, no, no deal reg. So you can sell it with, extreme ease and also with very predictable margins. This is, though, as I say, a a license, option. So it's the same core Sophos endpoint protection capability, but was Sophos Intercept X Advanced now being rebranded to to Sophos endpoint. It's exactly the same capabilities. It's just a different license option. So that continues to be a, an item on the on the price. It's still very much something for you to sell, and there has been no change to the overall price of, Sophos endpoint 100. Thank you, Sally. So I'll pick one up here. And I just want to make sure this is really clear actually in case, what I explained wasn't as clear as it could have been. There's a question. Did I hear right that we're retiring Sophos MDR essentials? No. Absolutely not. We're not retiring MDR essentials. What we're retiring is the Intercept X essentials, older entry level endpoint protection product. Sophos MDR essentials is not affected at this time, so it's not part of that retirement. I wanna make that absolutely clear, and apologies if I didn't make that clear to to begin with. Great. Paul, there's a question I think I can pick up here. So, a question has come in. Sophos advisory services, is pricing available for partners? So, yes, pricing should be available on the partner portal. Do take a look. If you are struggling to to find it, if there's any display issues, please reach out to your Sophos team. So advisory services are very much something that you can you can quote and and and sell today. So do do check out the pricing, and hopefully, you won't be able to attend the session next month where Buzz Ellis in our team is going to take you through the services in a lot of detail. Terrific. There's a couple of questions around add ons. I'll try and I'll try and address these together. So one of the questions is, you know, which add ons are available for Sophos XDR? There's a few listed here. So let let let's be clear on that. So for the Sophos XDR customer, you can sell add ons such as Sophos ITDR, a new solution that we explained today. You can sell Sophos endpoint for legacy platforms. You can sell Sophos NDR, our network detection response solution. You can sell extended data retention. So Sophos XDR includes ninety days of data retention in the cloud by default, but you can extend that up to a year with an add on. There is a suggestion around Sophos managed risk just to be clear about Sophos managed risk. That's an add on for Sophos MDR, not for Sophos XDR. There's also a question that's just come in which is kind of related to this. So why is there an option for the Sophos instant response services retainer for Sophos MDR complete if it includes all incident response? Now that's actually a relatively recent change. So Sophos MDR complete includes full scale incident response, so full neutralization of threats and ejection of adversaries, root cause analysis, etcetera, no caps or extra fees. However, with the convergence of, the SecureWorks retainer offering and the, sorry, emergency response and Sophos rapid response into Sophos emergency incident response. You can now sell a, a Sophos retainer to an MDL complete customer if they want to ultimately get a discount on the emergency incident response service, which now offers additional capabilities that weren't available before. So examples being on-site support or ransomware negotiation, how all of those kind of capabilities that are now part of the emergency incident response solution that weren't there before. So there are now reasons that you could sell a retainer to, an MDR complete customer. So I hope that's a little bit clearer. Thanks, Paul. There's a a few questions have come in on the similar theme around the MDR bundle for MSP and what these changes mean. So let's take a minute to to to look at that one. So, as background, to make sure everyone's aware, as part of the MSP Elevate program, partners gain access to an exclusive MDR for MSP bundle that, is a, bundle where you get, all of the integrations, supports NDR, one year's data retention, and the, pricing of the server licenses is the same as for the endpoint licenses. So this is a a kind of a an enhanced bundle. So, obviously, up to up to now, the the inclusion of all the integrations was, was a differentiator. For MSP as of the late January, the integrations will be included with all of our MDR licenses, essentials, complete, and, MDR bundle for MSP. So we're making this change, inclusion of the integrated, is part of our ongoing program to develop and enhance our offerings to keep customers ahead of advanced cyber threats. You know, we're increasingly seeing adversaries being sneaky, using different methods of entry to penetrate organizations. And so we really want to focus on making sure they've got the the best defenses, which is why we're we're kind of looking to facilitate the inclusion of more telemetry for all customers. Obviously, for those of you where you have a a customer using the MDR bundle for MSP, this is no longer a differentiator. However, you do still have those other key benefits. So Sophos NDR, enabling, you or or us, whoever's doing the, the threat hunting, to see adversaries inside the network. And this is really important because however good an attacker is at, hiding their steps, cleaning up behind them, they always need to cross the network. So NDR is an increasingly important part of an effective cybersecurity strategy. So you've got the ability to to really sell in the the NDR. The enhanced data storage, which is increasingly important for for many organizations that need that longer term storage, which Paul was just talking about. That is still included. But the feedback we've also had from partners within the, MSP Elevate program is that the the single biggest benefit they're seeing from this this bundle is the parity between the user and the the server pricing, particularly for customers that have large server installations. They've been able to see some quite significant reduction. So, the the bundle, you know, all the other benefits remain the same. And and, obviously, of course, you can move customers between bundles or or, you know, MDR licenses as you need using the license wizards. So, hopefully, that provides clarity there on the MDR on the premise piece situation. Paul, any others well, I I see one that I think may be a a good one. It's around ITDR, and the difference between Microsoft Graph integration and an ITDR and what the difference is there. Is that something you could shed some light shed some light on? Yeah. Let let me take a run at that. So, so Sophos MDR and Sophos XDR, include an integration with Microsoft Graph API. In fact, we have two versions of that integration currently running today. What that does in a nutshell is, it ingests security alerts from Microsoft security tools. One of those is, Defender for Identity, for example, and that takes, some of Microsoft's own, security data from IntraID. What Sophos IT Diado does is really a a step change beyond that. So, if we take the posture assessment, piece of Sophos ITDR to begin with, we are scanning the intra ID environment, and we are running over 80, posture assessment checks against that intra ID environment, which is significantly more than you would get with, any other third party solution that we've actually found, but also with intra ID p one or intra ID p two combined. So for the posture assessment alone, that's additional capability that you don't get through that graph API integration. On top of that, though, you also get things like the dark web monitoring, breach database monitoring, risky user assessment monitoring that you don't get with, that ingest of security data from the graph API. So I I I could go on, but ITDR is is a step up from that integration. Yeah. That's that's great. Thank you very much, Paul. And and I've got one that perhaps perhaps I can, answer. So, one of partners who attended our, experienced partner roadshow in in Rotterdam, heard about, the introduction of, with a vCISO solution. So vCISO or virtual c so or a really, c so assistant is how we're actually thinking of it, is a solution, a program that we're working on to, equip and enable partners to, you know, further extend the, the services and support they provide to customers. This is our our strategy. It's our our vision. In terms of actual deliverables, let me be clear. We're probably looking at 2027. So we wanted to share with you both some of our immediate updates that that we're we're, we're working on, but also a bit more of the the the strategy and the the journey that we're going on. So, I'm delighted that you you're likely the the the CISO CISO assistant piece. We'll be able to share more details as as we firm it up. But that's something we're working on, but it's not something that is coming in the immediate future. We'll be very, very excited to tell you about it as and when it's it's ready. Super. Thanks, Sally. I'm just gonna jump back to an ITDR question that I should have picked up at the same time around dark web monitoring. Is it its own service and how many domains are included? It's a little low level question here. So it's not its own service. It's part of Sophos ITDR if I answered that quest or if I read that question correctly. So it's part of ITDR. It's not something you can buy separately. How many domains are included? It's based on the Tejas IDR solution, which, essentially uses verified domains within your IntraID, tenant. So you'll have those, surface within Sophos Central, and then you'll be able to choose. And I believe the answer is up to 20 top level domains that you can choose, to to scan as part of dark web monitoring. So, I will double check that after the call just to be sure, but I know that the Tejas IDR solution on which this is based has a limit of 20, top level domains. Another question while I'm talking, which license do we need to benefit from synchronized security? Is this included in the Sophos EDR license? That's a great question because as we talk about integrations, integrations can mean multiple things to to multiple people. So, we have that native integration between Sophos endpoint and Sophos firewall, and other products that we describe as synchronized security. That isn't changing. So that is a core capability of the Sophos endpoint solution as it works with the Sophos firewall solution. So, is it included in the Sophos EDR license? Yes. Absolutely. It is because it's part of the endpoint solution. It's included in the Sophos EDR license. Okay. Cool. One that's come in that perhaps I can take, is someone who said most of my customers have, six stuff, so Sophos endpoint, plus XDR term licenses. Does this mean that they're going to be changed to EDR, and will this impact perceived value? So, firstly, we are not moving automatically moving any term customers. So customers who have Sophos, Intercept X Advanced with XDR or to become Sophos XDR, they're going to absolutely just stay on that license. They will now have the opportunity to take advantage of all of the technology integrations, and they'll also have, the, access to the to the enhanced AI system. So there's absolutely no no change there. In fact, to their their licensing, but they are going to be getting even more value for that. So, hopefully, that that is helpful. I'm just looking through we'll see if there's any more any more questions, coming in that we can answer immediately. I'm just scanning through the scanning through the list. I see that there was one, around XDR and XGS and whether you need Sophos NDR. So maybe I could take a shot at that, Paul, and, you can, fill in any gaps. So Sophos XDR, integrating with Sophos firewall, Sophos XGS firewall, does that remove the need for Sophos NDR? So, what I'd say is that Sophos firewall and and Sophos NDR, the NDR capabilities are are separate and complementary. You know, the firewall is securing the traffic in and out of the the organization, whereas the NDR solution is securing the traffic that's well, it's identifying risks and, potential intruders inside the network traffic. So they're doing different things. So they are very much complimentary. So, you you can, you know, you can use a a soft NDR solution. You could use another vendor's NDR solution. And with the update to to Sophos XDR, you can now, add, telemetry from another vendor's NDR solution, at no additional cost if you want to. So, you know, NDR and firewalls are are complementary elements in the the security stack. Yeah. Great. Thanks, Sally. There's a question that just came in literally as you've been talking. So just to clarify a point, is Sophos NDR included in Sophos XDR? So just to recap something that Sally said earlier on, no. It's still an expansion opportunity. That's an add on that you can sell. The integrations that are included are what you've previously been selling as integration license packs. So there's third party integration packs. Those are the things that we've changed and are now included with the XDR subscription and MDR subscription. The add ons including NDR, Sophos ITDR, etcetera, are still expansion opportunities for you for for XDR and MDR. Okay. Great. Well, the question sorry. There's a question on add ons still around, will Sophos managed risk be available for XDR customers? At the moment, it's an add on for MDR customers. That's still something that our product management team is reviewing as far as the the road map and whether or not that will happen. So no, no commitment on that at this point. As it stands, managed risk as a managed service is an extension of the, MDR managed service. Great. Thank you. I'm just scanning through to sorry. There's lots of questions that have come in. So apologies. I just looked through through the, through the list. I think we have we have got most of them. Oh, there was a question that came in about how do you request additional integration. So someone has suggested, you know, Checkpoint Harmony, email. So please reach out to your Sophos account team. They will be able to forward that request, into the product management team that focuses on the integrations. And and I really would encourage you to to, to let your teams know if there are integrations that would be beneficial to you. Obviously, there's there's a lots of lots of solutions out there, and the team will will prioritize the the the integration building work, based on demand. So, you know, if you have key solutions that would be helpful to have integrations with, then please do do let your account team know and and and ask them to call pass on to the product management team. Right. I think I'll hit one more to wrap us up then. So will ITDR include or support on prem AD? So at, at GA, it's a enter ID cloud based enter ID support only. However, our product management team is obviously actively planning the roadmap and looking at what additional IDPs and platforms they need to support. So it won't, perpetually, only support entry ID will be extended, and on prem AD is is part of that consideration. So at GA, it is cloud based entry ID. Yeah. I think we we can wrap up, I think, Sally. Yes. That sounds great. So, thank you all very much for, for your time. Thank you for for spending it with us, hearing about the solutions, and thank you all for all the questions. We'll we'll go through afterwards when when we're not trying to look live and make sure that there's none we missed and and respond to those as well. So, Anna, let me pass over to you to to take us home. Thank you so much, Sally. Thank you, Paul. And, also, thank you to our, participants today. We know it was a lot today. Right? So please, you will receive the the slides. Go through them again. Go through the recording again, and please join us for the next, upcoming sessions that we are offering to continue talking about the product enhancements and launches. With this, thank you for your time today. We hope you have a wonderful rest of your day, and we hope to see you in one of our next sessions. Thank you, and goodbye.