CyFlare runs the round-the-clock security operations so managed service providers can keep selling to their own clients - detection, response and compliance under one roof.
CyFlare - the West Seneca, New York managed security firm that decided its customer wasn't the enterprise, but the partner defending it.
In the crowded market of cybersecurity vendors, most companies chase the same buyer: the enterprise with a budget and a breach to fear. CyFlare took the opposite bet. Founded in 2017 in West Seneca, New York, the company built itself to serve the partners - the managed service providers, value-added resellers and technology vendors - who sit between the security industry and the businesses that actually get attacked.
The pitch is blunt: "We power the security operations. You stay focused on your clients." Rather than sell a dashboard and wish a partner luck, CyFlare operates a 24/7 Security Operations Center on their behalf. When an alert fires at three in the morning inside a partner's client, it is a CyFlare analyst who validates it, isolates the compromised host, runs the investigation and hands back the evidence.
That model solves a specific, expensive problem. Any MSP that wants to offer security eventually hits the same wall: building an internal SOC means hiring scarce analysts, buying tooling, and staffing overnight shifts before a single dollar of margin arrives. Most give up or lose money trying. CyFlare rents the SOC that already exists, turning a capital project into a recurring line item - and, the company argues, into a partner's most profitable practice.
The technical spine is an Open-XDR approach, delivered in partnership with Stellar Cyber. Instead of forcing partners to rip out the tools they already sell, CyFlare integrates with them - more than 400 integrations across SIEM, identity, email, endpoint and cloud. A partner can keep its endpoint vendor, its email gateway and its firewall, and still get a unified SOC layered on top. Vendor neutrality is not a slogan here; it is the go-to-market.
The work is heavily automated by necessity. One SOC cannot manually watch 1,500-plus accounts, so CyFlare leans on correlation, a security data lake and a library of hundreds of playbooks to handle the routine cases. The company reports automating the large majority of common response actions and a true-positive rate in the high nineties - numbers that, if they hold, translate into fewer false-alarm calls and less analyst burnout. Automation handles the noise; humans handle the cases that need judgment.
In early 2025 the company rebranded around a plain-language tagline - "where cyber becomes clear" - and consolidated its portfolio under a single platform, CyFlare ONE, which stitches detection, response, vulnerability management and compliance evidence into one workspace. The rebrand signals the actual product on offer: not more dashboards, but clarity for partners drowning in tools and alerts.
Making the MSP 501 for the seventh year running tells you everything about how we built this company.Joe Morin, Founder & CEO, CyFlare
CyFlare packages its Security Operations Center as a set of managed services that partners can resell, all running on the CyFlare ONE platform.
The unified operations platform connecting detection, response, vulnerability management, compliance and collaboration - 400+ integrations and 670+ active playbooks in one workspace.
24/7 monitoring, investigation and response by a purpose-built Security Operations Center, correlating threat data across a client's environment for rapid containment.
Security operations across cloud, endpoint, identity, email and network - delivered with the compliance evidence partners need to defend their work.
Extended detection and response reaching beyond endpoints into network, cloud and identity, built on an Open-XDR foundation that keeps existing tools in play.
A SOC service layer over endpoint tools that validates each detection, isolates compromised hosts, investigates, and returns the evidence trail.
Threat detection paired with SOC investigation to stop phishing, business email compromise and account takeover before an inbox becomes an entry point.
Continuous scanning across internal, external and cloud environments, with prioritized remediation so partners fix what matters first.
Audit readiness and evidence collection folded into daily operations, helping partners answer the client question every MSP dreads: "Are we secure?"
CyFlare's edge is not a single feature - it is a stance. Three choices set it apart from the wider field of MSSPs and SOC-as-a-Service providers:
Partner-only, by design
CyFlare positions itself as a back office that sells exclusively through and for partners, rather than competing with them for the end customer. For an MSP, that removes the fear of handing a client to a vendor who might one day sell around them.
Bring your own tools
The Open-XDR approach means partners keep the stack they already know and sell. "Rip and replace" is off the table; integration is the whole point.
Accountability with a number on it
CyFlare backs its service with a $500K warranty - a rare move in an industry that usually hides behind disclaimers.
Figures self-reported by CyFlare; bar widths are illustrative.
In market terms, CyFlare competes in the fast-growing managed detection and response space alongside names like Blackpoint Cyber, Arctic Wolf, Huntress, Pondurance and Deepwatch - but its channel-only posture places it deliberately upstream, as the engine other providers run on rather than a direct rival for the enterprise buyer.
Joe Morin launches CyFlare in New York as a purpose-built SOC for cybersecurity channel partners.
CyFlare starts a multi-year streak on the Channel Futures MSP 501 as its partner base expands.
The company unveils a SOC-as-a-Service offering powered by Stellar Cyber's Open-XDR platform for automated correlation and multi-tenancy.
CyFlare cracks the global top 20 managed security service providers on MSSP Alert's annual ranking.
Named to MSSP Alert's Top 250 MSSPs for the sixth consecutive year.
New brand, new website, and the portfolio consolidated under the CyFlare ONE platform.
CyFlare earns its seventh consecutive MSP 501 placement and a spot on the CRN Tech Elite 250.
CyFlare describes its leaders as people who "stood up SOCs, run incident response, scaled MSP service lines, and built channel programs from scratch." Founder Joe Morin's background spans SurfControl, Websense, Zscaler, Forcepoint, Barracuda and Comodo.
Founder & CEO. Self-styled "builder of the world's first Cyber OS," with two decades across Silicon Valley security firms.
Co-CEO, helping steer operations and growth across the partner business.
Chief Financial Officer.
Chief Product Officer, overseeing the CyFlare ONE platform.
Chief Operating Officer.
VP, Security Operations - leading the round-the-clock SOC.
| Legal name | CyFlare, LLC |
| Founded | 2017 |
| Headquarters | West Seneca, New York, USA |
| Founder & CEO | Joe Morin |
| Team size | ~58 employees |
| Category | Managed Security Service Provider / SOCaaS |
| Est. revenue | ~$8.75M (approx., third-party data) |
Profile compiled from public sources including CyFlare's website, MSSP Alert, Stellar Cyber and BusinessWire. Figures such as revenue and operational metrics are approximate or self-reported.