Reports from the cybersecurity front lines are rarely a comfort to businesses — or the managed services providers that bear the lion’s share of responsibility for protecting critical infrastructure. Good news tends to be accompanied by ominous signs of emerging threats.
Overall ransomware activity fell off significantly year over year in 2025, according to a WatchGuard Technology analysis of threat intelligence data from its network security products, endpoint telemetry and DNS filtering systems. Despite the 68% decline, WatchGuard saw a steady increase in novel endpoint malware detections, culminating in a more than 1,500% quarter-over-quarter spike during the final three months of the year.
“Today’s threat landscape has outgrown point solutions and reactive security models,” WatchGuard Chief Security Officer Corey Nachreiner said in a Thursday release accompanying the report. “For MSPs, the business risk is especially high. Client breaches increase support costs, damage trust, and create a clear competitive disadvantage.”
The stakes are indeed high for channel partners. More than 90% of $311 billion in cybersecurity spending is expected to flow through the channel this year, according to Omdia Chief Analyst Matthew Ball.
Those investments come with strings attached.
“Customer demands are escalating due to heightened threat levels, resource constraints and the necessity for comprehensive, proactive and AI-driven predictive security,” Ball said in a 2025 market report. “Vendors must consistently engage and enable partners at scale, adapting to diverse business models. Innovation, particularly in AI-driven automation for both threat management and partner profitability, is essential.”
WatchGuard is well aware of the pressure this puts on its customers — the 17,000-plus MSPs and security resellers that represent its core clients. As the threat landscape evolves, the onus is on those partners to respond or risk taking the blame, WatchGuard CEO Joe Smolarski told Channel Dive.
“If the customer gets breaches, regardless of whether they decline protection or not, they’re always going to look back to the MSP,” said Smolarski, who was appointed CEO in November after nearly a decade at Kaseya serving as COO and then president. “They’re going and ask, ‘How did you let this happen?’”
The degree of difficulty is high, particularly among small and midsized businesses, which comprise a large swath of MSP clients and are heavily reliant on partners for cybersecurity services. Partners are expected to consume $1.87 trillion of SMB spending in 2026, according to Omdia, a Channel Dive sister company. Cybersecurity services alone will total $35 billion, the firm said.
“MSPs are typically serving SMBs, and SMBs are cheap,” Smolarski said. “The challenge is delivering enterprise-grade security at SMB economics, and it's a challenge that very few have mastered.”
Platform economics
WatchGuard’s strategy has followed the familiar channel playbook of building a service delivery platform.
In the weeks leading up to Smolarski’s arrival, the company added multiple integrations to its Unified Security platform, including AI-assisted security capabilities, built-in zero-trust architecture and an AI agent to streamline deployments. WatchGuard expanded its managed detection and response services to include third-party tools in January to ease platform installations and provide MSPs with greater visibility into client tech estates.
“It’s a complete security platform, with endpoint, network, identity, MDR and now cloud all tightly integrated in a purpose-built platform for the MSP operating model,” Smolarski said.
Palo Alto Networks has also prioritized a platform-centric approach to cybersecurity, highlighted by CEO Nikesh Arora during the company’s Q2 2026 earnings call this week. The vendor has continued to bolster its capabilities through aggressive M&A, adding the CyberArk identity management and Chronosphere AI security platforms to its portfolio over the last several months and announcing the acquisition of agent endpoint security platform Koi this week.
WatchGuard has built up its defense arsenal through acquisitions, too. In January 2025, the company bought AI-enabled MDR service provider ActZero to increase the scale and speed of its detection and response platform and to build on the technology acquired with the 2023 acquisition of CyGlass.
The M&A moves strengthened WatchGuard’s AI and ML capabilities from the ground up, Smolarski said, helping MSPs offer enterprise-grade security affordably.
“You can buy a cheap MDR, but it's not cheap in the long run if it's overwhelming you with false alerts and false alarms,” Smolarski said.
Integrating multiple capabilities on a single platform makes the economics work, even as threats multiply and mutate.
“There are so many different layers of protection you need, and if those layers of protection are in different tool sets, where you’ve got to log into different applications, there's just no way to do that economically as an MSP or an SMB,” Smolarski said. “The platform approach simplifies all of that.”
WatchGuard’s threat analysis found that nearly one-quarter of the malware its platform identified would have evaded traditional signature-based detection. Threats of that nature underscored the need for behavioral, AI-driven detection, according to the report.
“AI can be BS at times,” Smolarski acknowledged. “But it's also very real, and you need to make sure that you're leveraging AI that can enable that small team to operate at scale.”
