Sign up to save your podcasts
Or
Share Fortra: building a channel platform from 20-plus acquisitions
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Fortra: building a channel platform from 20-plus acquisitions
Faraz Siraj, vice president of global channels and alliances at Fortra
Faraz Siraj, vice president of global channels and alliances at Fortra, joins the podcast to talk about what it looks like to build a channel program around a cybersecurity platform assembled through more than 20 acquisitions – and why MSPs should be paying attention now.
Fortra’s portfolio spans offensive security tools like Cobalt Strike and Core Impact, data protection through Digital Guardian, and security awareness training via Terra Nova Security. It’s a wide footprint, and as Faraz acknowledges, many partners still know the acquired brands without realizing they’re all under one roof. The Fortra Protect partner program, launched in 2025 with guaranteed margins and a single FortraOne partner agreement, is the company’s answer to the fragmented discount structures and multiple contracts that came with all that M&A.
The conversation also digs into Fortra’s recent decision to sell its Alert Logic managed detection and response services to LevelBlue – a deliberate move to position the company as a software provider, not a services competitor to its own partners. Faraz is candid about where offensive security capabilities realistically fit into an MSP’s stack and where they don’t, and offers a practical on-ramp for Canadian partners through Fortra’s acquisitions of Ottawa-based Titus and Montreal-based Terra Nova.
Read Full Transcript
Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show.
If I say the name Fortra, there’s a decent chance you might not immediately place it. But if I say Cobalt Strike, or Digital Guardian, or Alert Logic, or Titus, especially if you’re in Ottawa, those might ring a bell.
Fortra is the company that’s been quietly acquiring cybersecurity companies for the better part of a decade. More than 20 acquisitions in all, and now they’re trying to stitch it all together into a unified platform, pointed squarely at MSPs and MSSPs.
What makes this story interesting right now is they’ve recently made some moves that signal where they think they fit into the ecosystem. They sold off their Alert Logic managed services business to LevelBlue, which is a pretty clear statement. We make software, we’re not going to compete with you on service delivery. And they’ve rolled out a new partner program called Fortra Protect with guaranteed margins and a single partner agreement that covers the whole portfolio.
My guest today is Faraz Siraj, Fortra’s Vice President of Global Channels and Alliances, and I wanted to talk to you about what it looks like to build a channel program around a platform that was assembled through acquisition, how MSPs should think about the balance between offensive and defensive security capabilities, and whether there’s a Canadian go-to-market story here.
Let’s get right into it. My chat with Faraz Siraj.
Faraz, thanks for taking the time. I appreciate it.
Faraz Siraj: Great to be here.
Robert Dutt: Fortra has been built through a bunch of acquisitions. 20+, 25+ I think? For MSPs who know Cobalt Strike or Digital Guardian but don’t necessarily know the umbrella brand of Fortra, what’s the pitch for why they should think of you guys as a platform rather than sort of a collection of tools?
Faraz Siraj: Great question. Well, all of these products that we acquired over a, I’d say, a five-year period, it was around a little over 20 companies, we are going to platformization, and all of these will be available via the platform. And the platform provides a variety of tools to manage, and so MSPs would probably want to welcome that opportunity to utilize a single platform with multi-tenancy to help manage those solutions for their customers. It’s just a natural fit, and rather than having multi-screens, multiple interfaces to be able to provide those types of managed services, so it’s a very, very powerful way of bringing it all together.
Robert Dutt: For that MSP market, you guys sold off Alert Logic’s managed services business to LevelBlue a couple of months ago. What does that signal to MSPs about where you see Fortra sitting in the ecosystem moving forward, in terms of trying to be a technology brand behind the MSP?
Faraz Siraj: Well, that’s a perfect fit. I think we realized that the managed service business is not really what our strong suit is. And we aligned our Alert Logic business with a suitor that can take full advantage of that kind of business, and they’re very good at it. We, over time, realized that if you want to do that business, you have to really focus in on it, whereas we had other priorities.
And so what that tells the market and other partners out there is that we need our partners to be able to provide those managed solutions. We truly are in the business of making and providing software. We do not want to be in the services game. We want to have our partners provide those services, whether it is managed services or whether it’s installation services, optimization services delivery, we need our partners to do that.
And that’s what creates opportunity. And that’s what I’m really excited about with our platform play, as well as where our future direction is as a company around the products that we provide.
Robert Dutt: One of the most interesting things I think you guys talk about is the idea of MSPs balancing offense and defense. And I guess I want to dig into what that actually looks like in terms of the service delivery level. Where does offensive insight realistically show up in the day-to-day stack for an MSP?
Faraz Siraj: Well, it shows up everywhere, whether you realize or not. It is in whether it is vulnerability management, it’s in offensive security tooling, it is in pen testing, it is in simulations. That takes some knowledge and ability to provide those services around those capabilities. And that’s just from an offensive side. There is a need for support for those particular product sets. On the defensive side, it’s pretty simple. I mean, we have a lot of those defensive protection products, and we need our partners to be able to provide solutions around it.
Robert Dutt: Yeah, and MSPs, most I would dare say at this point, are defensive operators by nature. Prevent, detect, respond, deal with the problem. What can MSPs realistically do with offensive capabilities, and where should they not be trying to operationalize offensive capabilities in their stack?
Faraz Siraj: Well, the first thing that I would tell them is be comfortable with what you’re providing. Be comfortable with your capabilities that you can go to your market with, with your customers. If you don’t know it, you can certainly learn, but you don’t want to try to pigeonhole yourself into a technology that you’re unfamiliar with.
We can help with that. We have a lot of training. We have a lot of classes available through our Fortra Academy that can help them, and we have onboarding that we can help partners with. Again, it would be, I would think about the customer and work backwards. You would want to qualify the customer and qualify their needs. And if offensive security is something that is a pain point for your customer, then investigate it. And sometimes it’s not. And if it’s not needed, why would you want to venture and invest in an area that you’re unfamiliar with? Now I’d love for all of them to do it, but I’m an honest person. Sometimes it doesn’t make the right business sense.
Robert Dutt: You guys acquired Red Macros Factory to enhance Outflank Security Tooling. Cobalt Strike is used by red teams worldwide, but it’s also used by threat actors who are probably using cracked copies. That led Fortra and Microsoft to take joint legal action in the past. How do you talk to partners about selling offensive tools when some of those tools have been weaponized against their customers?
Faraz Siraj: It’s a discussion point. It’s also sort of a proof of concept in a twisted sort of way. Well, we do not support any illegal use of our products. We do not support using it for the wrong reasons, so to speak. We have strict legal language on it and we have gone to legal with Microsoft about those kinds of things, because we have strict requirements of how you’re going to utilize this tool.
If we find out that you’re using it for the wrong reasons, weaponization, we cut it off. And that’s part of the qualification. And that’s also part of the execution and inspection that we look at. These are very powerful tools and they are not for that purpose.
And just as another example is when we provide NFR gear, it’s meant for testing purposes and lab gear. You cannot be utilizing it to provide protection from as a customer standpoint, even though it’s not the same completely. It’s similar. And we just, we have to be very transparent and upfront about what these tools are about and how they’re supposed to be used.
Robert Dutt: Let’s talk about the program and what you guys are doing there. You’ve introduced guaranteed margins with Fortra Protect and the FortraOne agreement. What problem were you specifically trying to solve with that model and what was sort of the problem with how partners were engaging with Fortra before?
Faraz Siraj: Yeah, there’s several problems that we were addressing and yet we came to an innovative way on how to address it. So let’s look at a little history. When you acquire so many companies, your discount structure is all over the place. In Fortra transparency, we had discounts that were in the low 20s and going way north into the higher discounts.
And when partners want to work with you, they expect a certain discount table for all products. And when you’re all over the map, you can’t really do that. Additionally, we wanted to encourage our partners to look at the entire portfolio and be encouraged by representing all Fortra. We had different agreements and we had different programs by product lines and we needed to bring it all together.
And so as I joined, we did the FortraOne agreement, which brings everything into one unified legal agreement to be able to represent our products. And that’s the easy part. Second, we wanted to provide incentives to our partners to represent not only the products they’re familiar with, but all the other products that we had. And guaranteed margin was the best way to do it.
Now there’s no guesswork on partner profitability. You know what you’re going to be making. And when you know that upfront, you can now focus in on the real problem at hand is providing customer solutions. We can work on it jointly. I can tell you I’ve been in the industry long enough where I continuously talk to partners and their pain points are around profitability and the unknown. Working deals and then being squeezed or not knowing what they’re going to make until the very end. And you’ve spent all this time working on these solutions and then you are not going to kind of have that profitability that you want. That’s a big deal. And we took the guesswork out of it. And now let’s focus on the customer, which is quite from what I hear the most important thing.
Robert Dutt: I’ve heard the same thing, believe it or not. What do you see as sort of the, as you’re looking at the platform structure and trying to make it easier and more smooth for partners to sell across that, what are kind of the one or two top entry points for partners? And what do you see as sort of the next adjacencies that partners naturally gravitate towards as they get to know what all you guys are doing and get comfortable with the model?
Faraz Siraj: Yeah, I think the best entry point would be around data protection. And we offer so many varieties of security solutions, but the best way is around data protection. And let’s face it, data has been exploding and will continue to explode. There is a fun new variable out there called AI that is in the forefront of everybody’s minds. And it’s being utilized for the right reasons and the wrong reasons.
And whatever your case is, you need to protect your data with however which way it’s exposed. And so we have data protection solutions that will be enhanced by AI, but also will protect against AI because your data is the most valuable commodity that you have as a company. And so with our data protection, such as our DLP solutions, our data classification solutions, DSPM, that’s a great entry point. And then you can expand from there with the use of the platform. But that’s what I highly recommend for partners that are just getting into this.
Robert Dutt: You joined Fortra in late 2024, and this is being described as kind of the company’s first dedicated channel push. For Canadian MSPs who aren’t in the ecosystem currently, what’s the realistic on-ramp for working with you guys? And I’m curious where you’re at in the Canadian market in terms of is there a distribution and go-to-market story here, or is it sort of primarily still being built around the US model?
Faraz Siraj: No, it’s a true North American model. By the way, we acquired a few Canadian companies, and we have several Canadian MSPs already that we work with. We are always looking to expand within the Canadian market.
Companies that we acquired that are well-known in Canada, such as Terra Nova and Titus. Terra Nova out of Montreal. Titus was out of, I believe, Ottawa. Terra Nova, by the way, human risk management or security awareness training, if you want to call it, is an MSP’s dream. It can be branded by a partner, and it can be run as if it were the partner’s business. And we actually go to market heavily with a lot of Canadian companies for that particular product line.
If you ever wanted the easy button to get involved with Fortra, it would really be the Terra Nova product, human risk management, because everybody needs security awareness training. I go through it every six months at Fortra ourselves. I’m a user on product, but you need to have that refresher, because in the simplest forms, we are exposed to crazy stuff that comes to us, and you need to be trained on it.
So that’s where I would go from a market perspective, but we love our Canadian companies, and we’ll continue to operate that way.
Robert Dutt: It sounds like you’re open to adding additional MSPs, obviously. What do you find are some of the common threads among successful Fortra MSPs?
Faraz Siraj: It really is around providing good customer joint solutions. We obviously want to be in the software business, but we also want to be with partners that align to that software as well as providing the customer satisfaction. And so the ones that do it well are the ones that are able to bolt onto their services on top of the solution and do it well. And we’re not hearing about issues. In fact, the successful ones are the ones that are expanding those solutions and going into more and more customers.
The other piece of it is being able to be creative with billing for the partner so that it entices them to go out and obviously have partner profitability.
Robert Dutt: If an MSP is listening to this and they’re doing the standard defensive stack – EDR, SIEM, firewall – but they’ve never really offered anything on the offensive side, what’s the first conversation they should be having with customers? And how do they avoid turning offense into, you know, the once-a-year pentest PDF and call it a day kind of thing?
Faraz Siraj: Yeah, well, it really goes back to understanding the customer. Now, it starts with, yes, pen testing is very important, but it’s not just once a year. Given today’s threat landscape, you need to do that a lot more often.
Vulnerability management, those are the two major entry points. We built our vulnerability management tool from a mixture of six different technologies from six different companies, and we fused it together to make our own Fortra vulnerability management tool. Such companies like Tripwire, Digital Defense, Beyond Security, even a little bit of Alert Logic that was in there and there’s a couple others that I’m forgetting, but when you’re able to do that, it makes for a great value product.
Robert Dutt: Interesting conversation. I appreciate the colour around the partner program and I appreciate the idea of adding offensive capabilities to the MSP stack. I think that’ll be an interesting space to watch. Faraz, thank you very much for joining us.
Faraz Siraj: Oh, you bet. Thank you, Robert.
Robert Dutt: There you have it, Faraz Siraj from Fortra. I’d like to thank Faraz for his time. I appreciated his candor, especially on the managed services exit and the reality of what MSPs should and shouldn’t try to take on when it comes to offensive security.
Thank you for listening today. A couple things that stuck with me from this conversation. First, the Alert Logic move. When a vendor sells off their managed services business and tells you straight up, we’re in the business of making software and not competing with you on services, that’s worth paying attention to. Doesn’t guarantee anything, but it’s the right signal. And in a market where MSPs are constantly wondering which vendors are going to show up as competitors, it matters.
Second, the platform story. 20-plus acquisitions is a lot of integration work. And I think the jury’s still out on how seamless that experience actually is for partners day to day. But the FortraOne agreement and the guaranteed margin model suggest they’re at least thinking about the partner experience at the business level, not just the technology level.
And for Canadian MSPs specifically, the Terra Nova and Titus acquisitions mean there’s a local footprint here that a lot of people might not realize.
If you’re not subscribed to the ChannelBuzz.ca podcast, now’s a great time. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. If you’re finding value in these conversations, a rating or review goes a long way.
Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
View all episodes
By ChannelBuzz.caFaraz Siraj, vice president of global channels and alliances at Fortra
Faraz Siraj, vice president of global channels and alliances at Fortra, joins the podcast to talk about what it looks like to build a channel program around a cybersecurity platform assembled through more than 20 acquisitions – and why MSPs should be paying attention now.
Fortra’s portfolio spans offensive security tools like Cobalt Strike and Core Impact, data protection through Digital Guardian, and security awareness training via Terra Nova Security. It’s a wide footprint, and as Faraz acknowledges, many partners still know the acquired brands without realizing they’re all under one roof. The Fortra Protect partner program, launched in 2025 with guaranteed margins and a single FortraOne partner agreement, is the company’s answer to the fragmented discount structures and multiple contracts that came with all that M&A.
The conversation also digs into Fortra’s recent decision to sell its Alert Logic managed detection and response services to LevelBlue – a deliberate move to position the company as a software provider, not a services competitor to its own partners. Faraz is candid about where offensive security capabilities realistically fit into an MSP’s stack and where they don’t, and offers a practical on-ramp for Canadian partners through Fortra’s acquisitions of Ottawa-based Titus and Montreal-based Terra Nova.
Read Full Transcript
Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show.
If I say the name Fortra, there’s a decent chance you might not immediately place it. But if I say Cobalt Strike, or Digital Guardian, or Alert Logic, or Titus, especially if you’re in Ottawa, those might ring a bell.
Fortra is the company that’s been quietly acquiring cybersecurity companies for the better part of a decade. More than 20 acquisitions in all, and now they’re trying to stitch it all together into a unified platform, pointed squarely at MSPs and MSSPs.
What makes this story interesting right now is they’ve recently made some moves that signal where they think they fit into the ecosystem. They sold off their Alert Logic managed services business to LevelBlue, which is a pretty clear statement. We make software, we’re not going to compete with you on service delivery. And they’ve rolled out a new partner program called Fortra Protect with guaranteed margins and a single partner agreement that covers the whole portfolio.
My guest today is Faraz Siraj, Fortra’s Vice President of Global Channels and Alliances, and I wanted to talk to you about what it looks like to build a channel program around a platform that was assembled through acquisition, how MSPs should think about the balance between offensive and defensive security capabilities, and whether there’s a Canadian go-to-market story here.
Let’s get right into it. My chat with Faraz Siraj.
Faraz, thanks for taking the time. I appreciate it.
Faraz Siraj: Great to be here.
Robert Dutt: Fortra has been built through a bunch of acquisitions. 20+, 25+ I think? For MSPs who know Cobalt Strike or Digital Guardian but don’t necessarily know the umbrella brand of Fortra, what’s the pitch for why they should think of you guys as a platform rather than sort of a collection of tools?
Faraz Siraj: Great question. Well, all of these products that we acquired over a, I’d say, a five-year period, it was around a little over 20 companies, we are going to platformization, and all of these will be available via the platform. And the platform provides a variety of tools to manage, and so MSPs would probably want to welcome that opportunity to utilize a single platform with multi-tenancy to help manage those solutions for their customers. It’s just a natural fit, and rather than having multi-screens, multiple interfaces to be able to provide those types of managed services, so it’s a very, very powerful way of bringing it all together.
Robert Dutt: For that MSP market, you guys sold off Alert Logic’s managed services business to LevelBlue a couple of months ago. What does that signal to MSPs about where you see Fortra sitting in the ecosystem moving forward, in terms of trying to be a technology brand behind the MSP?
Faraz Siraj: Well, that’s a perfect fit. I think we realized that the managed service business is not really what our strong suit is. And we aligned our Alert Logic business with a suitor that can take full advantage of that kind of business, and they’re very good at it. We, over time, realized that if you want to do that business, you have to really focus in on it, whereas we had other priorities.
And so what that tells the market and other partners out there is that we need our partners to be able to provide those managed solutions. We truly are in the business of making and providing software. We do not want to be in the services game. We want to have our partners provide those services, whether it is managed services or whether it’s installation services, optimization services delivery, we need our partners to do that.
And that’s what creates opportunity. And that’s what I’m really excited about with our platform play, as well as where our future direction is as a company around the products that we provide.
Robert Dutt: One of the most interesting things I think you guys talk about is the idea of MSPs balancing offense and defense. And I guess I want to dig into what that actually looks like in terms of the service delivery level. Where does offensive insight realistically show up in the day-to-day stack for an MSP?
Faraz Siraj: Well, it shows up everywhere, whether you realize or not. It is in whether it is vulnerability management, it’s in offensive security tooling, it is in pen testing, it is in simulations. That takes some knowledge and ability to provide those services around those capabilities. And that’s just from an offensive side. There is a need for support for those particular product sets. On the defensive side, it’s pretty simple. I mean, we have a lot of those defensive protection products, and we need our partners to be able to provide solutions around it.
Robert Dutt: Yeah, and MSPs, most I would dare say at this point, are defensive operators by nature. Prevent, detect, respond, deal with the problem. What can MSPs realistically do with offensive capabilities, and where should they not be trying to operationalize offensive capabilities in their stack?
Faraz Siraj: Well, the first thing that I would tell them is be comfortable with what you’re providing. Be comfortable with your capabilities that you can go to your market with, with your customers. If you don’t know it, you can certainly learn, but you don’t want to try to pigeonhole yourself into a technology that you’re unfamiliar with.
We can help with that. We have a lot of training. We have a lot of classes available through our Fortra Academy that can help them, and we have onboarding that we can help partners with. Again, it would be, I would think about the customer and work backwards. You would want to qualify the customer and qualify their needs. And if offensive security is something that is a pain point for your customer, then investigate it. And sometimes it’s not. And if it’s not needed, why would you want to venture and invest in an area that you’re unfamiliar with? Now I’d love for all of them to do it, but I’m an honest person. Sometimes it doesn’t make the right business sense.
Robert Dutt: You guys acquired Red Macros Factory to enhance Outflank Security Tooling. Cobalt Strike is used by red teams worldwide, but it’s also used by threat actors who are probably using cracked copies. That led Fortra and Microsoft to take joint legal action in the past. How do you talk to partners about selling offensive tools when some of those tools have been weaponized against their customers?
Faraz Siraj: It’s a discussion point. It’s also sort of a proof of concept in a twisted sort of way. Well, we do not support any illegal use of our products. We do not support using it for the wrong reasons, so to speak. We have strict legal language on it and we have gone to legal with Microsoft about those kinds of things, because we have strict requirements of how you’re going to utilize this tool.
If we find out that you’re using it for the wrong reasons, weaponization, we cut it off. And that’s part of the qualification. And that’s also part of the execution and inspection that we look at. These are very powerful tools and they are not for that purpose.
And just as another example is when we provide NFR gear, it’s meant for testing purposes and lab gear. You cannot be utilizing it to provide protection from as a customer standpoint, even though it’s not the same completely. It’s similar. And we just, we have to be very transparent and upfront about what these tools are about and how they’re supposed to be used.
Robert Dutt: Let’s talk about the program and what you guys are doing there. You’ve introduced guaranteed margins with Fortra Protect and the FortraOne agreement. What problem were you specifically trying to solve with that model and what was sort of the problem with how partners were engaging with Fortra before?
Faraz Siraj: Yeah, there’s several problems that we were addressing and yet we came to an innovative way on how to address it. So let’s look at a little history. When you acquire so many companies, your discount structure is all over the place. In Fortra transparency, we had discounts that were in the low 20s and going way north into the higher discounts.
And when partners want to work with you, they expect a certain discount table for all products. And when you’re all over the map, you can’t really do that. Additionally, we wanted to encourage our partners to look at the entire portfolio and be encouraged by representing all Fortra. We had different agreements and we had different programs by product lines and we needed to bring it all together.
And so as I joined, we did the FortraOne agreement, which brings everything into one unified legal agreement to be able to represent our products. And that’s the easy part. Second, we wanted to provide incentives to our partners to represent not only the products they’re familiar with, but all the other products that we had. And guaranteed margin was the best way to do it.
Now there’s no guesswork on partner profitability. You know what you’re going to be making. And when you know that upfront, you can now focus in on the real problem at hand is providing customer solutions. We can work on it jointly. I can tell you I’ve been in the industry long enough where I continuously talk to partners and their pain points are around profitability and the unknown. Working deals and then being squeezed or not knowing what they’re going to make until the very end. And you’ve spent all this time working on these solutions and then you are not going to kind of have that profitability that you want. That’s a big deal. And we took the guesswork out of it. And now let’s focus on the customer, which is quite from what I hear the most important thing.
Robert Dutt: I’ve heard the same thing, believe it or not. What do you see as sort of the, as you’re looking at the platform structure and trying to make it easier and more smooth for partners to sell across that, what are kind of the one or two top entry points for partners? And what do you see as sort of the next adjacencies that partners naturally gravitate towards as they get to know what all you guys are doing and get comfortable with the model?
Faraz Siraj: Yeah, I think the best entry point would be around data protection. And we offer so many varieties of security solutions, but the best way is around data protection. And let’s face it, data has been exploding and will continue to explode. There is a fun new variable out there called AI that is in the forefront of everybody’s minds. And it’s being utilized for the right reasons and the wrong reasons.
And whatever your case is, you need to protect your data with however which way it’s exposed. And so we have data protection solutions that will be enhanced by AI, but also will protect against AI because your data is the most valuable commodity that you have as a company. And so with our data protection, such as our DLP solutions, our data classification solutions, DSPM, that’s a great entry point. And then you can expand from there with the use of the platform. But that’s what I highly recommend for partners that are just getting into this.
Robert Dutt: You joined Fortra in late 2024, and this is being described as kind of the company’s first dedicated channel push. For Canadian MSPs who aren’t in the ecosystem currently, what’s the realistic on-ramp for working with you guys? And I’m curious where you’re at in the Canadian market in terms of is there a distribution and go-to-market story here, or is it sort of primarily still being built around the US model?
Faraz Siraj: No, it’s a true North American model. By the way, we acquired a few Canadian companies, and we have several Canadian MSPs already that we work with. We are always looking to expand within the Canadian market.
Companies that we acquired that are well-known in Canada, such as Terra Nova and Titus. Terra Nova out of Montreal. Titus was out of, I believe, Ottawa. Terra Nova, by the way, human risk management or security awareness training, if you want to call it, is an MSP’s dream. It can be branded by a partner, and it can be run as if it were the partner’s business. And we actually go to market heavily with a lot of Canadian companies for that particular product line.
If you ever wanted the easy button to get involved with Fortra, it would really be the Terra Nova product, human risk management, because everybody needs security awareness training. I go through it every six months at Fortra ourselves. I’m a user on product, but you need to have that refresher, because in the simplest forms, we are exposed to crazy stuff that comes to us, and you need to be trained on it.
So that’s where I would go from a market perspective, but we love our Canadian companies, and we’ll continue to operate that way.
Robert Dutt: It sounds like you’re open to adding additional MSPs, obviously. What do you find are some of the common threads among successful Fortra MSPs?
Faraz Siraj: It really is around providing good customer joint solutions. We obviously want to be in the software business, but we also want to be with partners that align to that software as well as providing the customer satisfaction. And so the ones that do it well are the ones that are able to bolt onto their services on top of the solution and do it well. And we’re not hearing about issues. In fact, the successful ones are the ones that are expanding those solutions and going into more and more customers.
The other piece of it is being able to be creative with billing for the partner so that it entices them to go out and obviously have partner profitability.
Robert Dutt: If an MSP is listening to this and they’re doing the standard defensive stack – EDR, SIEM, firewall – but they’ve never really offered anything on the offensive side, what’s the first conversation they should be having with customers? And how do they avoid turning offense into, you know, the once-a-year pentest PDF and call it a day kind of thing?
Faraz Siraj: Yeah, well, it really goes back to understanding the customer. Now, it starts with, yes, pen testing is very important, but it’s not just once a year. Given today’s threat landscape, you need to do that a lot more often.
Vulnerability management, those are the two major entry points. We built our vulnerability management tool from a mixture of six different technologies from six different companies, and we fused it together to make our own Fortra vulnerability management tool. Such companies like Tripwire, Digital Defense, Beyond Security, even a little bit of Alert Logic that was in there and there’s a couple others that I’m forgetting, but when you’re able to do that, it makes for a great value product.
Robert Dutt: Interesting conversation. I appreciate the colour around the partner program and I appreciate the idea of adding offensive capabilities to the MSP stack. I think that’ll be an interesting space to watch. Faraz, thank you very much for joining us.
Faraz Siraj: Oh, you bet. Thank you, Robert.
Robert Dutt: There you have it, Faraz Siraj from Fortra. I’d like to thank Faraz for his time. I appreciated his candor, especially on the managed services exit and the reality of what MSPs should and shouldn’t try to take on when it comes to offensive security.
Thank you for listening today. A couple things that stuck with me from this conversation. First, the Alert Logic move. When a vendor sells off their managed services business and tells you straight up, we’re in the business of making software and not competing with you on services, that’s worth paying attention to. Doesn’t guarantee anything, but it’s the right signal. And in a market where MSPs are constantly wondering which vendors are going to show up as competitors, it matters.
Second, the platform story. 20-plus acquisitions is a lot of integration work. And I think the jury’s still out on how seamless that experience actually is for partners day to day. But the FortraOne agreement and the guaranteed margin model suggest they’re at least thinking about the partner experience at the business level, not just the technology level.
And for Canadian MSPs specifically, the Terra Nova and Titus acquisitions mean there’s a local footprint here that a lot of people might not realize.
If you’re not subscribed to the ChannelBuzz.ca podcast, now’s a great time. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. If you’re finding value in these conversations, a rating or review goes a long way.
Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.