10 Hot MDR Vendors Making Moves In 2025

Major acquisitions and AI-powered product launches are among the key moves by managed detection and response vendors this year.

Big Moves In MDR

In 2025, the managed detection and response (MDR) market has shown no signs of slowing down in the channel, with massive demand from solution and service providers looking to augment their own security capabilities—or even serve as the main source of detecting threats on endpoints and across the IT environment. At the same time, customers are continually looking for more when it comes to security, which has massive implications for the delivery of MDR. According to a recent report from Forrester’s Jeff Pollard, customers are looking for detection and response offerings to become increasingly proactive, and thus capable of improving their security posture rather than simply reacting to threats.

This is a remarkable shift, said Pollard, vice president and principal analyst at Forrester, in the Forrester Wave for MDR Services report, first-quarter 2025. And there’s a lot more change coming: While AI is impacting all technology products and services, MDR is especially poised to be transformed as it is far more reliant on human involvement than most other segments of cybersecurity—leading to a strong potential for AI to augment or even replace some functions of the human analyst responsible for delivering MDR.

In response to these shifts and other industry dynamics, top MDR vendors have been making big moves in 2025 to keep up with the opportunities, threats and market transformations ahead. Key MDR moves have included a number of major acquisitions as well as AI-powered product launches and expansions.

As part of CRN’s Cybersecurity Week 2025, we’ve collected the details on 10 hot MDR vendors making moves in 2025.

Arctic Wolf Adds Own EDR

In February, Arctic Wolf completed its $160 million Cylance acquisition deal with BlackBerry, paving the way for the security operations platform provider to begin offering its own endpoint security product. The addition of Aurora Endpoint Security to the Arctic Wolf portfolio—based upon capabilities in endpoint protection and endpoint detection from the Cylance acquisition—enables the vendor’s MDR offering to leverage telemetry from the Arctic Wolf EDR (endpoint detection and response), allowing MSP partners to consolidate on Arctic Wolf.

CrowdStrike Unveils New MDR Interface

In September, CrowdStrike debuted what it calls a unified interface for its Falcon Complete Next-Gen MDR offering, aimed at enabling improved prioritization of threats. The new interface, Falcon Complete Hub, brings together all activities and insight on the MDR platform as well as expert guidance, CrowdStrike said. Crucially, the new feature also instructs teams on how to utilize the guidance provided by experts—ultimately enabling accelerated responses as well as enhanced security decision-making, according to CrowdStrike.

ESET Launches MDR Offering For MSPs

In March, ESET announced the availability of its managed detection and response offering, Protect MDR, to its MSP partners. The company said the offering would be delivered as an add-on service to ESET Protect Enterprise or Protect Elite and would offer response times of as little as 20 minutes. Protect MDR provides proactive threat hunting as well as the advantage of having access to latest ESET research and threat intelligence—leveraging ESET’s experience from three decades of generating high-quality security research, according to the company.

Huntress Rolls Out Deeper Microsoft Integration

In July, Huntress unveiled a major new partnership with Microsoft that provides the Huntress managed security platform with enhanced visibility into telemetry from Microsoft’s widely used productivity and security tools. The collaboration includes integrations between the Huntress platform and Microsoft 365 Business Premium as well as Microsoft Defender for Endpoint—ultimately extending Huntress’ coverage on MDR deeper into the Microsoft ecosystem. The integrations also allow customers already using Microsoft products to more fully benefit from the tools even if they’re normally lacking in the resources to do so, according to the companies.

N-able’s Adlumin Expands Breach Prevention

Following the acquisition by N-able of managed detection and response vendor Adlumin in November 2024, N-able has been focused on expanding the functionality of the MDR platform as well as bringing Adlumin’s capabilities more broadly across the N-able portfolio. In April, N-able announced that it now offers Microsoft 365 management capabilities through the addition of Adlumin breach prevention to the N-able Ecoverse platform. The breach prevention feature is part of N-able’s broader strategy to deliver end-to-end security for Microsoft 365 environments and provides protection against account takeovers, credential theft and unauthorized access, according to the company.

OpenText Rolls Out MDR Offering To Partners

OpenText has brought a major focus on bringing its managed detection and response offering, OpenText MDR, to its MSP partners in 2025 following the general availability launch of the platform in December 2024. The offering, based upon OpenText’s acquisition of the Pillr platform, features more than 400 integrations with other security tools including third-party products, according to the company. In March, the efforts got a boost from the hire of industry veteran Mike DePalma as vice president of business development at OpenText.

Sophos Acquires Secureworks

In February, Sophos completed its acquisition of Secureworks, bringing key capabilities from the Secureworks Taegis platform such as extended detection and response (XDR) to the fast-growing Sophos MDR platform. Crucial areas where Secureworks has introduced or expanded capabilities for Sophos have included segments such as vulnerability detection and response and identity threat detection and response, according to Sophos. Meanwhile, the acquisition of Secureworks brought a major extension of reach for the Sophos MDR platform with the addition of about 350 new integrations, the company said.

ThreatLocker Boosts Detection Capabilities

Following the debut of ThreatLocker’s Cyber Hero MDR service in 2024, the company has been expanding its capabilities in threat detection during 2025. In August, ThreatLocker announced the introduction of Advanced Anomaly Detection, which delivers enhanced identification and mitigation of “sophisticated” threats, the company said in a news release. The capabilities bolster ThreatLocker’s Cyber Hero MDR by bringing improved analysis of log data from cloud environments to enable determinations of potential account compromise and other attacks, according to the vendor.

WatchGuard Acquires ActZero

In January, WatchGuard Technologies announced the acquisition of ActZero in a move to double down on its MDR service—ultimately bringing major enhancements for MSPs including reduced alert fatigue and greater support for third-party security tools. The acquisition represents a massive expansion of capabilities for WatchGuard’s MDR offering, which has already seen strong growth since its debut in October 2023 following the company’s acquisition of CyGlass, according to the vendor. The integration of ActZero’s technology enables WatchGuard to provide MSPs with improvements including a dramatic reduction in false-positive alerts as well as a move to more of an open architecture, the vendor said.

Zscaler Acquires Red Canary

In August, Zscaler announced it completed its $675 million acquisition of MDR trailblazer Red Canary, in a major shake-up in the managed detection and response sector. As a well-known player in MDR, Red Canary has tremendous expertise and technology in security operations that is massively accelerating Zscaler’s moves into the space, Zscaler has said. Zscaler has been integrating the Red Canary technology with functionality from its acquisition of security data fabric provider Avalor in March 2024, to offer new capabilities such as threat management that can improve security outcomes while removing the need for traditional SIEM (security information and event management), according to Zscaler.