Sophos Rides MDR Wave To Massive Managed Services Growth

Sophos CEO Kris Hagerman says the company is now one of the world’s largest managed detection and response (MDR) providers with more than 2,000 customers after moving into the space just 15 months ago.

Sophos has taken advantage of the fastest-growing offering in the company’s 36-year history to massively expand its managed service provider business, CEO Kris Hagerman said.

The Abingdon, U.K.-based platform security vendor is now one of the world’s largest managed detection and response (MDR) providers with more than 2,000 customers after moving into the space just 15 months ago, Hagerman said. Sophos has supplemented its MDR business with a rapid response offering that allows MSPs to help their customers respond to active incidents in real time, Hagerman said.

“The MSP is right at the core of what we do,” Hagerman said during an interview at Best of Breed (BoB) Winter 2021, hosted by CRN parent The Channel Company. “We made a strategic bet on MSPs, both in our product and service offerings as well as in the enablement that we offer and the tool and programs that we put in place … It’s a big part of why we’ve seen so much momentum.”

[Related: The 10 Hottest New Cybersecurity Products Of 2020]

MSPs have been a strategic area of focus for Sophos, Hagerman said, with the company growing its managed service provider business at more than 50 percent a year for the last four years in a row. Sophos now has more than 12,000 MSP partners, and Hagerman said the company continues to leverage the APIs made available to partners to attract additional MSPs to the community every day.

Layering on detection and response services has made it possible for smaller MSSPs to leverage Sophos’s bench of talent and expertise and help customers mitigate breaches better, according to Douglas Grosfield, president and CEO of Kitchener, Ontario-based Five Nines IT Solutions. Having a bench of readily available talent to assist with breach mitigation has been a boon for partners, he said.

“This was always the missing link,” Grosfield said. “It’s a forward-thinking move, and I think it’s served Sophos well in the short time since they’ve introduced it.”

Hagerman chided johnny-come-lately vendors who declare this the “year of the channel” and then roll out a bunch of temporary programs, spiffs or discounts only to change course six months or a year later and roll all those promotions back. Betting big on the channel soon after Hagerman’s arrival as CEO was one of the best decisions Sophos has ever made, he said.

“Every year is all about the channel at Sophos,” Hagerman said. “We don’t have the annual personality debate about who are we and what do we want to be when we grow up. We bet on the channel heavily eight years ago and every year we just strive to continuously improve.”

Many of Sophos’s MSP partners have come over from other providers who provide “good enough” endpoint protection, but the moment there’s a breach, Hagerman said these partners realize that good enough isn’t enough when it comes to security.

“Not only have you jeopardized your reputation with the customer, but, of course, the customer is in the middle of the breach,” Hagerman said. “That could be a business life threatening event for that company.”

Sophos rapidly accelerated its transition to becoming one of the world’s next-gen security leaders since Thoma Bravo closed its $3.9 billion acquisition of the company in March, Hagerman said. At the time the deal closed, Hagerman said just shy of 60 percent of Sophos’s business was in the company’s next-gen product portfolio, which encompasses all the company’s advanced products managed in the cloud.

By the end of March, Hagerman expects 70 percent of Sophos’s revenue will be coming from the company’s next-gen product portfolio. And Sophos’s next-generation business is growing at 30 percent a year, according to Hagerman.

“The ability to work with a single shareholder and take the transition that we were already driving and accelerate it and get to the future faster has really worked for us,” Hagerman said. Sophos had been publicly traded for four-and-a-half years prior to the close of the Thoma Bravo acquisition.

Sophos’s managed services are really helpful in giving smaller solution providers a level of protection they couldn’t achieve on their own without around-the-clock endpoint and infrastructure monitoring, said Michelle Drolet, co-founder and CEO of Framingham, Mass.-based Towerwall. The company has excelled at expanding its product portfolio beyond prevention over the past four years, Drolet said.

“Sophos still gets labeled an anti-virus company, but they’re way more than that,” Drolet said. “Their endpoint detection and response (EDR) is really, really strong.”

Hagerman said cybersecurity is a $65 billion market growing at 10 percent a year, with pretty much every organization on the planet classifying it as one of their top priorities. But 95 percent of the world’s 2,000 cybersecurity vendors focus only on very large organizations that are big enough to appear on the Global 2000.

“If you’ve got a great tool but it’s so complex to install and deploy and use that you need an army of security SOC professionals to manage and maintain it, that doesn’t work well for the vast, vast majority of organizations around the world,” Hagerman said.

Conversely, Hagerman said Sophos has always focused on delivering world-class, enterprise-grade security tools that are accessible to any size organization from 100 employees to 100,000 employees. Protecting more than just large enterprises is crucial since smaller companies are subject to the same kinds of threats but have nowhere near the same scale and resources to respond to them, he said.

“We’re very proud of the 450,000 customers that we have today,” Hagerman said. “But I mean, look, there’s more than 20 million organizations that we think are great potential customers for our solution.”