Breaking
CyFlare named to Channel Futures MSP 501 for the seventh consecutive year Open-XDR SOC-as-a-Service now spans 1,500+ partner-led accounts Reported 97%+ true positive rate across managed detection Ranked #20 on MSSP Alert's 2023 Top 250 MSSPs CyFlare ONE platform ships 400+ integrations and 670+ playbooks Recognized on the CRN Tech Elite 250 for 2026 CyFlare named to Channel Futures MSP 501 for the seventh consecutive year Open-XDR SOC-as-a-Service now spans 1,500+ partner-led accounts Reported 97%+ true positive rate across managed detection Ranked #20 on MSSP Alert's 2023 Top 250 MSSPs CyFlare ONE platform ships 400+ integrations and 670+ playbooks Recognized on the CRN Tech Elite 250 for 2026
The Cyber Ledger · Company Profile West Seneca, New York · Est. 2017
CyFlare logo

The SOC That Works for the Channel, Not Around It

CyFlare runs the round-the-clock security operations so managed service providers can keep selling to their own clients - detection, response and compliance under one roof.

CyFlare - the West Seneca, New York managed security firm that decided its customer wasn't the enterprise, but the partner defending it.

MSSP / SOC-as-a-Service Open-XDR Managed Detection & Response ~58 employees Founder & CEO: Joe Morin
0
Partner-led accounts
0
Platform integrations
0
True positive rate
24/7
SOC coverage
The Story

A back office for the people who sell security

In the crowded market of cybersecurity vendors, most companies chase the same buyer: the enterprise with a budget and a breach to fear. CyFlare took the opposite bet. Founded in 2017 in West Seneca, New York, the company built itself to serve the partners - the managed service providers, value-added resellers and technology vendors - who sit between the security industry and the businesses that actually get attacked.

The pitch is blunt: "We power the security operations. You stay focused on your clients." Rather than sell a dashboard and wish a partner luck, CyFlare operates a 24/7 Security Operations Center on their behalf. When an alert fires at three in the morning inside a partner's client, it is a CyFlare analyst who validates it, isolates the compromised host, runs the investigation and hands back the evidence.

That model solves a specific, expensive problem. Any MSP that wants to offer security eventually hits the same wall: building an internal SOC means hiring scarce analysts, buying tooling, and staffing overnight shifts before a single dollar of margin arrives. Most give up or lose money trying. CyFlare rents the SOC that already exists, turning a capital project into a recurring line item - and, the company argues, into a partner's most profitable practice.

The technical spine is an Open-XDR approach, delivered in partnership with Stellar Cyber. Instead of forcing partners to rip out the tools they already sell, CyFlare integrates with them - more than 400 integrations across SIEM, identity, email, endpoint and cloud. A partner can keep its endpoint vendor, its email gateway and its firewall, and still get a unified SOC layered on top. Vendor neutrality is not a slogan here; it is the go-to-market.

The work is heavily automated by necessity. One SOC cannot manually watch 1,500-plus accounts, so CyFlare leans on correlation, a security data lake and a library of hundreds of playbooks to handle the routine cases. The company reports automating the large majority of common response actions and a true-positive rate in the high nineties - numbers that, if they hold, translate into fewer false-alarm calls and less analyst burnout. Automation handles the noise; humans handle the cases that need judgment.

In early 2025 the company rebranded around a plain-language tagline - "where cyber becomes clear" - and consolidated its portfolio under a single platform, CyFlare ONE, which stitches detection, response, vulnerability management and compliance evidence into one workspace. The rebrand signals the actual product on offer: not more dashboards, but clarity for partners drowning in tools and alerts.

Making the MSP 501 for the seventh year running tells you everything about how we built this company. Joe Morin, Founder & CEO, CyFlare

Products & Services

One platform, many services

CyFlare packages its Security Operations Center as a set of managed services that partners can resell, all running on the CyFlare ONE platform.

Platform

CyFlare ONE

The unified operations platform connecting detection, response, vulnerability management, compliance and collaboration - 400+ integrations and 670+ active playbooks in one workspace.

Core Service

Managed SOC

24/7 monitoring, investigation and response by a purpose-built Security Operations Center, correlating threat data across a client's environment for rapid containment.

Detection

Managed Detection & Response

Security operations across cloud, endpoint, identity, email and network - delivered with the compliance evidence partners need to defend their work.

Extended

Managed XDR

Extended detection and response reaching beyond endpoints into network, cloud and identity, built on an Open-XDR foundation that keeps existing tools in play.

Endpoint

Managed EDR

A SOC service layer over endpoint tools that validates each detection, isolates compromised hosts, investigates, and returns the evidence trail.

Email

Managed Email & Identity

Threat detection paired with SOC investigation to stop phishing, business email compromise and account takeover before an inbox becomes an entry point.

Risk

Vulnerability Management

Continuous scanning across internal, external and cloud environments, with prioritized remediation so partners fix what matters first.

Governance

Compliance Support

Audit readiness and evidence collection folded into daily operations, helping partners answer the client question every MSP dreads: "Are we secure?"


The Difference

Why partners pick a rented SOC

CyFlare's edge is not a single feature - it is a stance. Three choices set it apart from the wider field of MSSPs and SOC-as-a-Service providers:

Partner-only, by design

CyFlare positions itself as a back office that sells exclusively through and for partners, rather than competing with them for the end customer. For an MSP, that removes the fear of handing a client to a vendor who might one day sell around them.

Bring your own tools

The Open-XDR approach means partners keep the stack they already know and sell. "Rip and replace" is off the table; integration is the whole point.

Accountability with a number on it

CyFlare backs its service with a $500K warranty - a rare move in an industry that usually hides behind disclaimers.

Operational metrics (reported)

True positive rate
97%+
Automated responses
98%+
Integrations (scaled)
400+
Active playbooks
670+
Partner margin
40%+

Figures self-reported by CyFlare; bar widths are illustrative.


Business & Market

Where CyFlare sits

The business model

  • B2B2B channel model - CyFlare serves partners, partners serve the businesses.
  • Recurring, subscription-style revenue billed per protected account.
  • Positions managed security as a high-margin (40%+) recurring line for partners.
  • Two partner tracks: MSPs running security as a practice, and resellers white-labeling MDR/SOC.

Who uses it

  • MSPs, MSSPs and value-added resellers as direct partners.
  • Cybersecurity technology vendors using CyFlare as a back-office SOC.
  • End clients span financial services, healthcare, education, legal and manufacturing.
  • Reported reach of 1,500+ partner-led accounts through a single multi-tenant SOC.

In market terms, CyFlare competes in the fast-growing managed detection and response space alongside names like Blackpoint Cyber, Arctic Wolf, Huntress, Pondurance and Deepwatch - but its channel-only posture places it deliberately upstream, as the engine other providers run on rather than a direct rival for the enterprise buyer.


Milestones

The road so far

2017

CyFlare founded

Joe Morin launches CyFlare in New York as a purpose-built SOC for cybersecurity channel partners.

2019

MSP 501 run begins

CyFlare starts a multi-year streak on the Channel Futures MSP 501 as its partner base expands.

2020

Open-XDR SOCaaS launch

The company unveils a SOC-as-a-Service offering powered by Stellar Cyber's Open-XDR platform for automated correlation and multi-tenancy.

2023

#20 on MSSP Alert Top 250

CyFlare cracks the global top 20 managed security service providers on MSSP Alert's annual ranking.

2024

Sixth straight Top 250

Named to MSSP Alert's Top 250 MSSPs for the sixth consecutive year.

2025

Rebrand: "cyber becomes clear"

New brand, new website, and the portfolio consolidated under the CyFlare ONE platform.

2026

Seventh MSP 501 & CRN Tech Elite 250

CyFlare earns its seventh consecutive MSP 501 placement and a spot on the CRN Tech Elite 250.


Leadership

Operators, not just executives

CyFlare describes its leaders as people who "stood up SOCs, run incident response, scaled MSP service lines, and built channel programs from scratch." Founder Joe Morin's background spans SurfControl, Websense, Zscaler, Forcepoint, Barracuda and Comodo.

Founder

Joe Morin

Founder & CEO. Self-styled "builder of the world's first Cyber OS," with two decades across Silicon Valley security firms.

Executive

Akash Desai

Co-CEO, helping steer operations and growth across the partner business.

Finance

Chirag "Chi" Desai

Chief Financial Officer.

Product

Matt Farry

Chief Product Officer, overseeing the CyFlare ONE platform.

Operations

Eric Dowsland

Chief Operating Officer.

Security

Dan Lennon

VP, Security Operations - leading the round-the-clock SOC.


Fact Sheet

CyFlare at a glance

Legal nameCyFlare, LLC
Founded2017
HeadquartersWest Seneca, New York, USA
Founder & CEOJoe Morin
Team size~58 employees
CategoryManaged Security Service Provider / SOCaaS
Est. revenue~$8.75M (approx., third-party data)

Fun facts

  • CEO Joe Morin's LinkedIn handle is "cyberbatman."
  • The Twitter handle @cyflare_soc literally ends in "soc" - the product.
  • Its Facebook page is named "CyFlare Watchdogs."
  • One multi-tenant SOC defends 1,500+ partner accounts from West Seneca, NY.

Questions

Frequently asked

What does CyFlare do?
CyFlare is a Managed Security Service Provider that runs 24/7 Security Operations Center services - detection, response, vulnerability management, email security and compliance - on behalf of MSPs, resellers and security vendors through its CyFlare ONE platform.
Who are CyFlare's customers?
CyFlare sells to and through channel partners - MSPs, value-added resellers and technology vendors - who serve small and mid-sized businesses across regulated industries. It reports supporting 1,500+ partner-led accounts.
What is CyFlare ONE?
CyFlare ONE is the company's unified cybersecurity operations platform, connecting detection, response, vulnerability management, compliance and collaboration in a single workspace with 400+ integrations and 670+ playbooks.
Who founded CyFlare and where is it based?
CyFlare was founded in 2017 by Joe Morin, who serves as CEO. The company is headquartered in West Seneca, New York.
What makes CyFlare different from other MSSPs?
CyFlare works exclusively for partners rather than selling to enterprises directly, and uses an Open-XDR approach that lets partners keep their existing tools while adding a full 24/7 SOC, backed by a $500K service warranty.

Watch

Interviews & demos


Profile compiled from public sources including CyFlare's website, MSSP Alert, Stellar Cyber and BusinessWire. Figures such as revenue and operational metrics are approximate or self-reported.