Sophos CEO Hagerman: New MDR Offering Will Usher In An Era Of ‘Cybersecurity As A Service’

The new MDR service, with its integration of third-party telemetry, is a ‘game-changer” for Sophos and the industry at large, Sophos CEO Kris Hagerman tells CRN. ‘We’re pivoting the whole company to embrace this opportunity. I would expect over the next few years we will have over 100,000 [subscribers].’


Sophos Wednesday unveiled the general availability of what it’s calling the first “agnostic” MDR service that integrates telemetry from third-party vendors such as CrowdStrike, Microsoft, SentinelOne and other companies often considered rivals.

Sophos CEO Kris Hagerman told CRN he believes the new MDR service, with its integration of third-party telemetry, is a “game-changer” for Sophos and the industry at large, helping to usher in an era of “cybersecurity as a service.”

“We’re pivoting the whole company to embrace this opportunity,” Hagerman said. “I would expect over the next few years we will have over 100,000 [subscribers].”

Sponsored post

[RELATED: 10 Hot Cyber Threat Intelligence Tools And Services In 2022]

Customers simply can’t keep up with the technological changes and costs to protect their systems from sophisticated cyberattacks, he said.

“Our view is that the cybersecurity landscape has gotten to a point where it has become so complex and so difficult and moves so fast that the vast majority of organizations simply can’t manage it effectively on their own, and they probably shouldn’t even try.”

As a result, Hagerman said he sees companies increasingly outsourcing their security operations—thus pushing cybersecurity as a service in general.

“We think the best way for our customers to consume [security] technology is through a service,” he said.

According to Hagerman, the big plus of the new MDR third-party service for customers and partners is that they can keep their current security products, whether they’re from Sophos or from other companies.

“You don’t have to rip and replace anything,” said Hagerman. “If you want to work with Sophos products, great. If you want to work with a combination of Sophos and other third-party products, that’s fine. Or if you want to work entirely with other third-party products, that’s fine.”

Partners running their own Security Operations Centers will definitely benefit by not having to replace a lot of products if they opt for the new Sophos MDR service, he said.

Sophos, based in Abingdon, U.K., first unveiled its third-party service last month while it was still being beta-tested by about 500 companies.

Since 2019, Sophos has been running an MDR service initially known as Sophos Managed Threat Response, but it was exclusively for its own products.

That service now has 13,000 customers, and Hagerman. Sophos currently has more than 500,000 customers worldwide.

Jeremy Weiss, executive technology strategist at CDW, a Lincolnshire, Ill.-based solution provider, agreed that Sophos’s new third-party MDR service is a potential “game-changer” for Sophos, partners and customers. CDW, a longtime Sophos partner, helped beta-test the new MDR service.

“I love it. Building off a third-party ecosystem allows customers to actually say, ‘OK, I can use the tools I have without having to take out more technical debt,” Weiss said.

But sooner or later customers will need new products, he said, so they’ll likely turn to Sophos for those offerings if they’re already MDR customers. “I think it’s an ingenious way to [sell].”

Asked if the new Sophos service might be stepping on the toes of some partners, Weiss said, “I think it‘s quite the opposite. They want us to be selling products for sure. But they’re also taking a step back and saying you can use this as a tool as part of the managed platform to be more effective for your customers. And with that, product sales will inevitably come.”

Joe Levy, CTO of Sophos, told CRN in an email interview that integrations with third-party security products provide the Sophos MDR operations team with “expanded visibility and telemetry to better detect and remediate attacks quickly and precisely.”

“The more we can see, the more we can detect and the faster we can respond,” he said.

Levy said Sophos didn’t have to consult with other third-party vendors before introducing its new third-party MDR service.

“These are Sophos-led integrations. Most modern security and IT vendors have APIs that enable us to collect telemetry as part of Sophos MDR. For those without available APIs, customers simply need to install Sophos’ log collector virtual appliance and direct syslog from third-party technologies to our appliance, which manages the data,” he wrote.

“Sophos is the first leading endpoint security provider to integrate vendor-agnostic telemetry from third-party security technologies into its MDR offering. We’ve removed the technological barriers that have historically limited what managed security services can handle, effectively raising the industry standard for how MDR can be delivered,” he wrote.

Along with the general availability launch of the new MDR offering, Sophos launched Sophos Marketplace, described by the company as an “open ecosystem of more than 75 technology integrations, including Amazon Web Services, Check Point [Software Technologies], CrowdStrike, Darktrace, Fortinet, Google, Microsoft, Okta, Palo Alto Networks, Rapid7, and many others.”

The company also unveiled a new Sophos Breach Protection Warranty that covers up to $1 million in response expenses for organizations protected by Sophos MDR Complete, Sophos’ most comprehensive MDR offering.