A few things stood out this week. Platform vendors are connecting more of the SOC workflow across identity, endpoint, cloud, and threat intelligence. Telcos and large service providers are pushing further into mid-market MDR through hyperscaler partnerships, which puts more pressure on smaller and independent providers. And the performance numbers now showing up around the market, from
Foresite Cybersecurity sub-15-second managed response claims to 90% investigation-time reductions and
Mandiant’s 22-second attacker handoff finding, are raising the bar for what buyers will expect MSSPs to prove in future RFPs. The common thread is simple: the time between signal and action is shrinking.
Silverfort and SentinelOne are trying to connect identity and endpoint investigation so analysts do not have to jump between tools to answer basic containment questions. Cork is taking aim at the manual mapping work that slows automation across clients, devices, and inboxes. Team Cymru is moving threat intelligence away from static indicator lists and toward scored, machine-ready data that SOC teams can act on faster. ConnectWise is putting a 15-minute MDR SLA behind its agentic AI model, turning response time into something closer to a contract expectation than a marketing claim.
For MSSPs, the message is pretty direct: clients are buying response time, not tool counts. The providers that can prove faster containment, cleaner handoffs, and more automation in the middle of the workflow will be better positioned through the second half of 2026. Those still relying on manual triage across disconnected tools will have a harder time keeping pace with attacks that are already moving faster than their teams can respond.
Market Pulse: Cybersecurity Deals, Funding, and Platform Shifts
Vodafone Business and Google Cloud launch MDR for European SMBs: Vodafone Business is launching a managed detection and response service enabled by Google Security Operations, for small and medium-sized businesses across Europe. The service combines Google's security analytics and AI-driven threat intelligence with Vodafone's SMB reach. It debuts in Germany, aligning with GDPR data protection rules, before expanding across European markets later in 2026. The launch is part of the companies' $1 billion, 10-year partnership announced in October 2024. Vodafone also introduced Vodafone Business AI Concierge, an agentic AI tool built on Gemini for automated customer interactions. The broader signal here is that telcos are becoming some of the largest MSSPs in the world, and Google is positioning itself as their SecOps backbone.
Google adds new SecOps agents and Dark Web Intelligence capabilities:
Google has added three new Security Operations agents in preview, joining an existing Triage and Investigation agent that processed more than five million alerts in the past year and cut typical 30-minute manual analysis down to 60 seconds. A Threat Hunting Agent proactively hunts for novel attack patterns and stealthy adversary behavior that bypass traditional defenses. A Detection Engineering Agent identifies coverage gaps and generates new detection rules for specific threat scenarios. A Dark Web Intelligence agent analyzes millions of daily external events using Gemini models, with internal tests showing 98% accuracy in flagging only threats that matter to an organization. These agents are heading into the workflows of every MSSP running Google SecOps. Detection Engineering as an automated capability is the one worth watching. It's the same work that historically required senior analysts and commanded premium billing. When detection rule creation moves from weeks to moments, the MSSP margin structure around detection engineering shifts.
CrowdStrike expands MSSP go-to-market strategy across Japan and Asia Pacific (JAPAC): CrowdStrike is pushing harder into the SMB market across Japan and Asia Pacific by expanding its MSSP program with Dicker Data and Otsuka Corporation. The setup is simple: distributors handle the work of signing up and supporting MSSPs, which frees CrowdStrike to reach smaller customers without building out direct sales. The pitch to partners is the services revenue. CrowdStrike points to Canalys data showing every $1 of Falcon sales can drive up to $7 in partner services. In Japan, Otsuka is bundling Falcon with its own SOC support through a service called Rakuraku EDR Premier, aimed at SMBs that don't have the staff to run security tools on their own.
ANY.RUN expands free threat intelligence access for SOC: A
NY.RUN expanded access to its Threat Intelligence capabilities for SOC and MSSP teams, adding 20 premium requests in Threat Intelligence Lookup and YARA Search to its Free plan. The data is sourced from real sandbox investigations across a community of 15,000 organizations and 600,000 security analysts. The release also introduces AI-assisted search in TI Lookup, letting analysts query in natural language instead of building structured queries manually. Faster alert validation, fewer escalations driven by uncertainty, and threat hunting grounded in current attack data rather than static indicators. It fits the same pattern running through every other announcement this week - the value is not in having more intelligence, but in how quickly analysts can turn it into a decision.
Have news to share or just want to connect? Reach anytime at [email protected].
