Managed Detection & Response (MDR) , Security Operations
Open Systems Splits Ontinue MDR Division From SASE Business
Split Will Help Open Systems, Ontinue Optimize Engineering Stack and Selling MotionOpen Systems has split its MDR and SASE businesses into separate divisions with unique executive teams to help each optimize its engineering stack and selling motion.
See Also: Webinar | Identity Crisis: How to Combat Session Hijacking and Credential Theft with MDR
"At the end of the day, these two businesses do cater to different groups within our customer base."
– Tom Corn, chief product officer, Ontinue
The company's 300-person MDR division will be known as Ontinue and led by Geoff Haydon, who had served as Open Systems CEO since February 2021, while the slightly smaller SASE division will retain the Open Systems name and be led by former CTO and Chief Product Officer Daniel Neuhaus. The split will allow for Ontinue and Open Systems to maximize growth while serving different parts of the market.
"At the end of the day, these two businesses do cater to different groups within our customer base," Ontinue Chief Product Officer Tom Corn tells Information Security Media Group. "The markets are at different stages of maturity. Running a NOC is different than running a SOC. There was more to be gained by having them focus on their respective areas and maintain and build connective tissue."
'It's Really Different, and It Is So Compelling'
A significant number of customers use both Open Systems and Ontinue today, but customers have said there's no way to make a single user interface or portal that's suitable for both SASE and MDR use cases. Although joint customers will need to use two separate portals going forward, Corn says it will create an optimal experience for both NOC and SOC personnel while facilitating integration behind the scenes.
Ontinue - which is "Continue" without the "C" - got its name from providing customers with continuous security operations, according to Corn. The company's ION platform eschews the traditional MDR path of building yet another portal or management console and is instead built into the Microsoft Teams collaboration system so customers can make decisions and execute faster, Corn says.
Customers can ask Ontinue questions using chatbots within Teams and connect with Ontinue by text, voice or video by hitting the "engage" button within Teams, according to Corn. Open Systems was recognized as Microsoft Security's MSSP of the Year in 2022, and he says putting Ontinue's management console inside Teams will facilitate real-time interaction with end users and IT and security practitioners.
"Focusing on this stack has allowed us to do some things that are quite unique," Corn says. "I can't wait for people to start playing with this new interactive model in Teams. It's really different, and it is so compelling."
'We're Really Trying to Think of It as a Productized Service'
ION's automation, meanwhile, streamlines a substantial portion of incident response from detection to triage to response, meaning Tier I incidents are responded to quickly and consistently without analyst intervention, Corn says. As a result, he says, Ontinue can employ more Tier II and Tier III analysts who focus on advanced investigations and threat hunting. This builds on the company's November acquisition of Tiberium (see: Open Systems Buys Tiberium to Automate Security on Microsoft).
Ontinue also plans to expand from detection and response into prevention. Every client will be assigned a senior SOC engineer to help customers determine who's responsible for what assets and who different types of issues should be escalated to, Corn says. The cyber adviser will produce action reports detailing what customers can change to improve their security score and reduce incidents in the months ahead.
The company's expertise around not only Microsoft security tools - such as Defender, Sentinel, E3 and E5 licenses - but also other areas of the Microsoft technology stack - such as Teams, Power BI data visualization and Adaptive Cards - allows Ontinue to consolidate the control plane and deliver value around Microsoft. Ontinue is further along than other MDR providers, who are less specialized and focused on Microsoft.
"Often, MDR is thought of purely as a service," Corn says. "And we're really trying to think of it as a productized service. It is really an interesting blend between product and service. We're excited for people to start using it."