⬇️
Key Takeaways
- Fortra is divesting its managed security services business, shifting customers and delivery to LevelBlue.
- The deal allows Fortra to focus exclusively on software development while expanding LevelBlue’s MDR and XDR footprint.
- This move highlights a growing trend of "separation of powers" between pure-play technology vendors and managed service providers.
The cybersecurity market has been noisy lately, but the recent announcement between LevelBlue and Fortra signals a specific type of quiet reorganization that actually matters to the channel. In a move that clarifies the lane markers for both companies, Fortra is offloading its managed security services (MSS) business to LevelBlue.
On the surface, it looks like a standard asset transfer. Dig a little deeper, though, and it’s a commentary on the difficulty of being both a software builder and a service operator.
By shifting managed service delivery to LevelBlue, Fortra effectively exits the direct-to-customer service game for its detection and response stack. For the uninitiated, Fortra has spent years aggregating a massive portfolio of cybersecurity tools—everything from data protection to threat research. But owning the tools and managing the people who watch the screens are two vastly different business models.
Here’s the thing about the "one-stop-shop" dream: it’s incredibly hard to execute.
Tech vendors often start offering managed services to help customers adopt their complex tools. It seems like easy revenue at first. But eventually, service margins drag down software margins, and the operational headache of running a 24/7 Security Operations Center (SOC) starts to distract from writing code. Does a software vendor really want to be the one waking up at 3 a.m. for an incident response call? Usually, the answer becomes no.
For Fortra, this divestiture allows them to retreat to their stronghold: product development. They can double down on their intellectual property without the drag of service delivery logistics.
LevelBlue’s Aggressive Play
So, who catches the ball? LevelBlue.
If the name sounds somewhat fresh, that’s because the brand itself is a relatively new coat of paint on a very established engine—the joint venture formed by AT&T and WillJam Ventures. They are aggressively positioning themselves as a dominant force in the managed network and security space.
Absorbing Fortra’s managed services business is a scale play. It brings an influx of customers specifically looking for Managed Detection and Response (MDR) and Extended Detection and Response (XDR). LevelBlue gets the service contracts, and in theory, they get a tighter integration with Fortra’s technology stack.
It creates a symbiotic relationship. Fortra supplies the ammunition (software), and LevelBlue supplies the soldiers (analysts).
The Acronym Soup
Speaking of MDR and XDR, can we take a moment to acknowledge how blurry these lines have become? The industry loves its acronyms. XDR was supposed to be the evolution of EDR (Endpoint Detection and Response), pulling in network and cloud data. Then MDR came along as the service layer on top of that.
For the average CISO or IT director, the distinction is often academic. They just want the breach stopped.
However, the distinction matters financially. XDR is a product license; MDR is a service subscription. By splitting these functions between Fortra and LevelBlue, the two companies are essentially agreeing to stop stepping on each other's toes. LevelBlue becomes the primary vehicle for delivering outcomes based on Fortra’s XDR capabilities.
The Talent Factor
There is also the human element to consider. Automation is great, and AI is certainly making headlines, but cybersecurity still requires human intuition.
Building a team of security analysts is expensive. Retaining them is even harder. Burnout in SOC environments is notoriously high. When a product company tries to run a services arm, they often treat their analysts like support staff rather than the frontline warriors they are. A dedicated MSSP like LevelBlue, whose entire business model rests on service delivery, is theoretically better equipped to manage, train, and retain that talent.
This transition suggests that Fortra recognized they couldn't optimize that workforce as effectively as a dedicated partner could.
What This Means for the Channel
For the broader B2B tech market, this deal reinforces a trend of consolidation and specialization. We are seeing fewer "hybrid" vendors. The market is bifurcating into those who build the tech and those who manage it.
This is good news for MSPs and MSSPs. It validates the service model. If a major vendor like Fortra decides that services are too heavy a lift and hands them off to a partner, it proves the value of the channel. It signals that even with the best tools in the world, the "management" layer is a distinct, valuable commodity that cannot simply be automated away or treated as an afterthought.
Going forward, expect LevelBlue to leverage this expanded customer base to cross-sell other network and advisory services. For Fortra, the success of this move will depend on whether shedding the services weight actually translates into faster product innovation. If they can ship better code faster, the strategy wins. If not, they just gave away a recurring revenue stream.
Ultimately, this is a rationalization of the market. The builders are building, and the watchers are watching. And for the customers caught in the middle, clarity on who is responsible for what is usually a win.
