Bill Robbins On Why Sophos Offers Unmatched MDR For Partners

Robbins, the recently appointed president of worldwide field operations at Sophos, told CRN that while some MDR (managed detection and response) vendors are ‘not as committed’ to the segment, ‘we’re going to be there’ for partners.

Channel-First MDR

In the hotly competitive market for MDR (managed detection and response) services, Sophos has landed more than 16,000 customers and is now seeking to attract more of its hundreds of thousands of customers to its offering. Now, Bill Robbins, a Mandiant veteran who joined Sophos in April, is at the helm of the effort as the head of global sales for the cybersecurity vendor. Robbins, whose title is president of worldwide field operations, joined Sophos shortly before Mike Valentine, Sophos’ longtime chief revenue officer and a “channel legend” according to solution providers, departed the company.

If anything, though, Robbins said he’s only looking to intensify the company’s focus on channel partners. For instance, Sophos is aiming to “turbocharge” its channel organization through boosting its investments in areas such as partner enablement and lead-passing to partners, he said in an interview with CRN.

[Related: Sophos CEO Kris Hagerman: We’re Winning On MDR And Now Driving The ‘Next Phase’ Of Security As A Service]

One of the big goals, according to Robbins, is to accelerate the partner-led growth in areas of Sophos’ business that have been taking hold with customers. First and foremost, that means MDR, which involves providing 24/7 monitoring for threats and responding to incidents that are detected. In MDR, Sophos stands out with its ability to deliver the services even to customers on the smaller side, Robbins told CRN. “We’re able to bring a level of sophistication that is substantially greater than many of our competitors that are focused in this market space [which] tend to be focused quite a bit up-market,” he said.

When you combine that capability with Sophos’ focus on partners — and its commitment to the MDR space overall — “I don’t believe there’s another cybersecurity company out there that can do [that] for the market segment that we’re focused on,” Robbins said.

What follows is an edited portion of CRN’s interview with Robbins.

What brought you to Sophos?

When we sold [Mandiant] to Google, I thought about taking some time off, and I did get a little bit. But before I’d even left Google, [CEO] Kris [Hagerman] had talked to me. I knew Kris from the Veritas [Software] days. I’ve been very impressed with what the team had accomplished at Sophos. When the opportunity arose here to come in and try to help the company keep going above that billion-dollar level, and really become an even broader security-focused company, [I saw] the opportunity to really say, “What’s the next stage?”

What’s a learning or takeaway from your time at Mandiant, that you’ve brought with you to this role?

One of the things that attracted me to Sophos is that Mandiant provided a lot of cybersecurity as-a-service, professional services, incident remediation, fast response to breaches. But they did it at the very high end of the marketplace. And I’ve always believed that every company deserves to be as protected as best they can. And frankly, the very large companies — the Fortune 50, Fortune 500, Global 1000 — they have a lot of resources, internal staff. They can afford to build out [a large security team] and then leverage a company like Mandiant on an as-needed basis, or for projects. But then that leaves hundreds of thousands of companies globally that don’t have those same resources. And with Sophos’ 550,000 existing customers, with the threat intelligence that we gather through our Sophos X-Ops organization, and looking at all that telemetry with the MDR offering — and then the strong reach to customer segments through the channel — it just felt to me like, this is an opportunity to become even more critical to helping customers become more secure.

It wasn’t so much that I saw something that Sophos didn’t have that Mandiant had — I actually saw a reflection of a lot of capabilities of what we had built at Mandiant within Sophos already. And I saw how you could serve a different market segment, and frankly, get out to hundreds of thousands of customers, instead of hundreds or a few thousand of the larger customers. And that was a very intriguing opportunity for me.

How do we figure out how to get that to the masses? How do we democratize the capabilities that Sophos has, in a way that are easily accessible, easily digestible and easily implemented by our partners to get out to our customer base? And how do we continue to grow and invest in — and frankly, turbocharge — our channel organization?

What do you think “turbocharging” Sophos’ channel efforts could look like?

I’m 90 days in, so we’ll be continuing to look at new things to do. But first and foremost it’s around enablement — really making sure that our partners, whether they be MSP partners, whether they’re reselling MDR — that they have the same access and training and enablement that we would give to our internal team. That’s whether it’s on our product side or on our go-to-market side. So that’s been a big focus, and the partners that I’ve talked to have said, “Sophos has generally done a good job with that. How do we make it great? How do we benefit even more from that expertise that you’re gathering?” So we’ve made investments on our enablement side and working with partners to get that information out.

The second thing we’re doing is lead generation and getting even more of those leads directly to partners, without even coming directly into Sophos. We want to make sure that they’re out there mining for opportunities, of course. But we want to make sure that the efforts that we’re doing from a marketing perspective and a lead generation perspective, are benefiting them as well. Partners that I’ve talked to have been thrilled with that.

And then the last thing I would say is [we realize] they have a business to run. You need to grow your revenue. You need to grow your margins. You need to make sure there’s career opportunities for your people. And that has to be aligned to what we’re doing, so we don’t have any channel conflict out there — or at least as minimal channel conflict as possible. But [we’re] working with partners to say, “Does this program make sense for you? Can you make money on this program? How do you make more money [in a way] that benefits you and us?”

Those are things I’m looking at in terms of putting a little more fuel on the fire. We’re happy with 40 percent or 50 percent growth. But if we could get that from 50 percent to 60 percent, we all win.

Given how many MDR vendors that are out there now, what are the biggest reasons you’d give for why partners should work with Sophos on MDR?

I really think there are three reasons for that. One is that when you look at our offering, we are able to provide a more holistic offering than a number of MDR providers that are out there. We have more access to threat intelligence. We have 500 people in our X-Ops organization, looking at these threats and monitoring what’s going on in real time. And we’re able to bring a level of sophistication that is substantially greater than many of our competitors that are focused in this market space. I’m not saying there aren’t other competitors that do good things, but they tend to be focused quite a bit up-market.

No. 2 is that we’ve always been a very channel-focused, channel-first, channel-best organization. And the economic returns that we bring to our partners are very strong. I think that really matters.

Then No. 3 is, our partners can trust that we’re in this business and in this market for the long term. There’s a lot of companies out there that try to get into the space and they back out because they realize it’s hard. It’s hard to go after this many customers. It’s hard to do this at scale. It’s hard to make money. And so they’re not as committed. We’re going to be there. That’s important, because credibility for our partners with their customers matters. So you put those three things together, and I don’t believe there’s another cybersecurity company out there that can do all three of those, much less match us in any one of those, for the market segment that we’re focused on.