Subscribe To Our Daily Enewsletter:

Booz Allen Hamilton Acquires Morphick for Managed Detection and Response (MDR)

Bill Phelps

Horacio Rozanski

Booz Allen Hamilton, a Top 100 MSSP for 2017, has acquired Morphick, a 40-person cybersecurity firm that offers managed detection and response (MDR) services. Financial terms were not disclosed.

Morphick’s MDR platform, according to Booz, “analyzes the motivation and actions of attackers to thwart their attacks, assists companies in mitigating the challenges of the shortage of skilled cyber professionals and limitations of traditional, static defenses.”

Among the apparent deal synergies:

  • Booz Allen believes that Morphick extends a key focus for the firm’s consulting business—the detection and response capabilities, making them available as a 24×7 remotely delivered managed service.
  • Morphick complements Booz Allen’s current managed threat intelligence service, Cyber4Sight – helping clients use their insight into adversaries to better detect and respond to attacks, the companies say.
  • Morphick will initially support the firm’s commercial clients, and in the future, the capabilities will extend to support other client demands.

The deal bolsters Booz Allen’s U.S. commercial business, which is increasingly shifting to on-demand managed threat services, according to Booz CEO Horacio Rozanski.

Bill Phelps, leader of Booz Allen’s U.S. Commercial business, echoed that sentiment, calling Morphick a “pioneer in detect and respond managed services for enterprises.”

MSSPs vs. MDR: What’s the Difference?

At first glance, managed security services sound similar to managed detection and response services. But Gartner is quick to point out the differences in a report, stating:

“The overlap between most MSSPs and MDR providers is still limited to a couple of services — e.g., managed EDR and threat hunting. Clients should be wary of claims from traditional MSSPs on their ability to deliver MDR-like services. Delivering these services requires technologies not traditionally in scope for MSS, such as endpoint threat detection and response, network behavior analysis and network forensic tools. Those exploring MSSPs for these services should assess the MSSPs’ expertise in running the technologies, using them to effectively identify and respond to breaches. They need to understand how MSSP incident response services that may provide some of these capabilities are integrated.”

MSSPs Buying MDR

It’s a safe bet more MSSPs will acquire or develop MDR technologies over the next few years — positioning the MDR offerings as “advanced” managed security services.

Booz Allen’s buyout of Morphick is expected to close in the third quarter of fiscal year 2018.

Return Home

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *