Email security is quietly becoming one of the hardest problems for MSSPs to manage at scale. Attackers are using AI to generate more convincing phishing campaigns, and the volume alone is enough to overwhelm traditional detection workflows.
Darktrace is expanding its MSSP strategy with an AI-native managed email security offering and partner program updates designed for scale. The move gives partners a way to deliver continuous detection, investigation, and response across email, collaboration platforms, and user identities from a single operational layer, aligning email security more closely with how MSSPs run multi-tenant operations.
Why Email Security Is Becoming an MSSP Problem
The numbers tell the story. AI-assisted phishing is increasing, and a meaningful percentage of threats are still slipping past secure email gateways. That creates a gap that customers expect MSSPs to fill.
For smaller and mid-sized organizations, email security is no longer something they can manage internally. They are turning to service providers not just for tooling, but for outcomes. That puts pressure on MSSPs to detect threats earlier in the attack chain, reduce investigation time across high alert volumes, and deliver consistent protection across multiple tenants
This is where traditional rule-based systems start to break down. Static controls struggle to keep up with attacks that are designed to look legitimate.
What Darktrace Is Changing in SOC Operations
The core shift here is behavioral. Instead of relying on predefined rules, the system learns how users and organizations typically communicate and flags deviations that may signal threats like phishing, business email compromise, or account takeover.
Francesca Bowen, Global VP, Strategic Alliances at Darktrace, framed this in operational terms. She explained to MSSP Alert how AI is being used to reduce the burden on analysts by handling investigation and prioritization upfront. Instead of working through large volumes of alerts, analysts are presented with a smaller set of fully investigated incidents, which reduces triage time and helps teams scale without adding headcount.
She also emphasized that the system correlates activity across email, identity, and broader environments to build a complete picture of what is happening. That context allows the platform to take targeted actions, such as holding suspicious messages or removing malicious content, while still preserving normal business communication. Just as important, it provides visibility into why those decisions were made, so analysts can trust and validate automated responses.
Unifying Workflows Across Email, Identity, and Collaboration
Expanding security coverage beyond email into collaboration tools and identity systems often creates more operational complexity. MSSPs end up stitching together multiple consoles and workflows just to understand a single incident.
Bowen addressed that directly, describing a model where detection across email, tools like Microsoft Teams, and identity is driven by the same behavioral AI. That creates a consistent view of user and organizational activity, even as threats move across different channels.
On the operational side, she pointed to the ActiveAI Security Portal as the control layer that brings this together. MSSPs get centralized access across customers, with unified permissions and integrations, allowing them to manage response and scale operations without juggling fragmented systems. The goal is to give analysts one place to investigate, act, and manage multiple environments.
The Partner Model Is Being Reworked for MSSPs
Alongside the product launch, Darktrace is also adjusting how MSSPs engage commercially. The changes are aimed at aligning pricing and packaging with how service providers actually build and sell managed services.
Bowen described a shift toward more transparent pricing, where MSSPs can see the full cost structure upfront and design services with clearer margin expectations. The introduction of volume-based discounts means margins improve as partners scale, which ties profitability more directly to growth.
She also highlighted a dedicated MSSP SKU for email security, with a fixed per-mailbox cost and the ability to adjust licensing monthly. That flexibility matters for service providers managing dynamic customer environments, where usage and requirements can change quickly.
What This Means for MSSPs
This update fits into a larger pattern across the security market. Email, identity, and collaboration platforms are converging into a single attack surface, and MSSPs are being asked to manage all of it as a continuous service. That shift is raising the bar. Customers now expect real-time detection and response rather than periodic reviews. At the same time, operations need to scale, with multi-tenant visibility and automation becoming baseline requirements. Profitability is also tied more closely to efficiency, where reducing analyst workload and improving pricing flexibility directly affects margins. The takeaway is that email security is no longer a standalone control. It is becoming part of a broader, continuous service that spans users, identities, and communication channels. For MSSPs, the opportunity lies in turning that complexity into a repeatable, scalable service model..
