Cybersecurity is moving toward consolidation. Instead of juggling lots of standalone tools, teams are now shifting to unified and tightly integrated
platforms. The goal is simpler operations: less tool sprawl, clearer visibility across the environment, and lower overall cost.
The shift is important. Numbers vary, but most studies show that organizations are trying to manage an average of 15 to 20 tools, and the numbers are even higher for the largest enterprises.
In 2025, IBM revealed that companies are managing an
average of 83 security solutions from 29 vendors.
That said, many of these fragmented environments have built up over the year, and tearing products out to replace them with new ones is expensive, according to
Andrew Young,
WatchGuard Technologies’ chief product officer.
“This has become one of the biggest blockers to consolidation,” Young told MSSP Alert, adding that the myriad products and vendors are an even greater challenge for MSSPs and MSPs. For them, “mixed environments aren’t the exception; they’re the norm. They’re expected to deliver consistent security outcomes across customers with very diverse technology stacks, all while maintaining margins and scale.”
Enter Open MDR
WatchGuard is looking to lift much of that burden with the release this week of Open MDR, expansion of its managed detection and response services. As its name says, the goal is to bring an open approach to MDR.
It gives providers a way to deliver full-stack protection to endpoints, identity, networks, and clouds across both WatchGuard and third-party tools that can be managed via WatchGuard’s security operations center (SOC) and portal, while letting partners retain ownership of the customer relationship.
“What’s unique is that we’re extending MDR as an operational overlay, not tying it to a single vendor stack,” he said. “Many MDR offerings still assume customers will standardize on one ecosystem, which doesn’t reflect how MSPs and their customers operate today. Open MDR represents security without boundaries, working across
Microsoft Defender,
CrowdStrike,
Okta, WatchGuard, and more, while still delivering real response, not just alerts.”
MSSPs and other partners told WatchGuard they were looking for a way to deliver MDR to clients without asking them to switch security tools,
Linda Kerr, WatchGuard’s director of marketing for managed services,
wrote in a blog post.
MDR for Mixed Environments
“Many organizations already run strong tools but don’t have the staff, time, or expertise to monitor alerts around the clock, investigate activity across multiple systems, or respond quickly after hours,” Kerr wrote. “Open MDR [lets partners] add advanced protection with no rip and replace. It lowers friction, speeds up adoption, and brings MDR to mixed environments that have been hard to cover in the past.”
It’s what organizations have been looking for, Young said.
“What we’re seeing is that customers want better outcomes and simpler operations, not another mandate to standardize overnight,” he said. “Open MDR acknowledges that reality by ... delivering [to organizations] coordinated detection and response across mixed environments, rather than treating mixed technology stacks as a failure.”
The Power of AI
WatchGuard’s AI- and machine learning-driven MDR offers a range of services, from 24/7 monitoring and response and proactive threat hunting to unified portal visibility and a technical account manager (TAM). The service offers an average of six alerts and fewer than one false positive a month, 10 milliseconds to automatically block a threat, and an average mean time to response of six minutes.
With Open MDR – which is available now through the company’s MSP partners – WatchGuard now brings telemetry from supported tools in a single view to ensure threats are identified and dealt with quickly, Kerr wrote.
It also gives “partners a simple way to offer MDR across different customer environments without increasing staffing or operational load,” she wrote. “It opens a new managed service revenue stream, provides faster time to protection, and includes reporting and TAM support that help reinforce customer trust and long-term relationships.”
An Expanding Service
Open MDR is part of a larger push by the Seattle, Washington-based company to expand its MDR service for MSSPs and MSPs, that is launched in October 2023. A year ago this month, WatchGuard
bought ActZero to bring greater AI and automation capabilities and an open architecture to the service.
In June 2025, the vendor
introduced Total MDR, a service that unified all of WatchGuard’s enterprise-grade security services onto a single platform.
