Q&A: Sophos CEO On WannaCry Ransomware, New Products And Double-Digit Security Growth

A Red-Hot Sophos

Sophos closed out its fiscal 2017 with a bang, posting double-digit growth in sales and billings, as well as strong and growing traction for some of its new products and acquisitions. CEO Kris Hagerman sat down with CRN following the company's year-end earnings call to discuss some of the highlights from the year, including huge wins the United Kingdom-based security vendor is seeing in the channel. Driving that growth is the company's Sophos Central platform and new anti-ransomware product Intercept X, he said, which is already seeing increased growth following the recent WannaCry ransomware attacks. Take a look at what Hagerman had to say about what's going on at Sophos, and what to expect in the months to come.

Sophos recently reported its year-end earnings. What were some of the highlights?

We announced what we certainly believe were really strong results. We delivered 20 percent year-over-year billings growth. We also announced a tripling of our cash flow to over $133 million. Both of those numbers were well ahead of consensus. We also, reflecting the continuing confidence we have in our business and our business model, for the first time set a medium-term outlook that we will generate $1 billion of billings in three years. In short, what we think it is a very strong set of numbers and frankly it is a very exciting time at Sophos right now.

It was great. This announcement also dovetails with our annual partner conferences. Every year we have get togethers with hundreds of our partners in each in the major regions … There's just a tremendous amount of energy and excitement from the Sophos partner community. There's a lot of exciting things going on and the company is performing well, we have some really exciting new products … There is just a lot of energy and momentum in the partner community. It's a little bit of a love fest at the moment.

What kind of growth are you seeing around the Sophos partner community?

Year over year, we grew from about 20,000 total partners last year to about 30,000 partners this year. So, pretty substantial growth there. We also grew our Blue Chip partners – what we call our most active partners – from around 4,700 to 6,100. Those are partners who generated at least five transactions in the last six months. What we're seeing happen is several things in parallel. One, we're recruiting more partners overall. No. 2, we're turning more of the partners that we have into active and productive partners. And, No. 3, those partners who are active and productive are finding a way to help themselves sell more to both new customers and cross-selling and up-selling to existing customers.

What kind of growth are you seeing around managed service provider partners in particular?

Managed services is really taking off for us. Part of it is Sophos Central itself and part of it is we are continuing to invest aggressively in our managed services program. It has one of the highest growth rates in the company. It’s a rocket ship at the moment.

What sort of growth did you see for the Sophos Central platform?

One of the key drivers for that [partner growth] is the Sophos Central platform. Sophos Central is a single, integrated cloud-based management platform for our entire product portfolio … The growth in that platform has just been stunning. Over the past few years, on annual basis it has gone from $1 million, to $8 million, to $27 million, to the year we just finished with $88 million. We now have over 45,000 customers on Sophos Central. Partners love it because they are now starting to use Sophos Central as platform for them to become MSPs in their own right, manage across multiple customers, and enhance cross-sell and up-sell. What's really interesting is that it not only allows partners to drive additional topline billings by bringing in new customers and doing more cross-sell and up-sell, but it also helps margin as well because they can manage across all those customers remotely … It's turning out to be a real hit.

Are you seeing more partners selling across the Sophos portfolio?

I would say it's just starting, but … we see cross-selling rates consistently move up … We now have of the 10 or 12 key products that we offer we I think we now have eight or nine of them that are now managed inside Sophos Central. Within next 12 to 15 months we will have literally the entire portfolio within Sophos Central. That just makes it a lot easier for partners to sell, easier for them to manage their customers, track which customer have bought what, which customers are coming up for renewals, and where there are green spaces or selling opportunities for them to protect their customers better.

You launched Intercept X last fall – what sort of traction are you seeing for that?

Intercept X has obviously been an extraordinary grower. I mentioned that we launched it in September. It's a fully next-generation endpoint solution, obviously focused on anti-exploit and anti-ransomware. It's all signature-less and all next-generation. We're now one of the clear leaders in the market in next-generation endpoint. We probably now have more customers than the next two or three pure-play next-generation endpoint players combined. We have probably 8,000 customers in just two quarters. That has just a dramatic growth rate. What's interesting is that when we launched Intercept X in September, if you think about some of those other next-generation endpoint companies, most of them sell almost exclusively to the very large enterprise. We focus very much on small and midmarket enterprises. There was a lot of question if next-generation endpoint, because it is complicated and generates a lot of [false positives], so we ended up architecting a solution that is managed inside Sophos Central so it is cloud managed, it is simple, it has very low [false positive rates], and it just works. As a result, it has just been a huge hit with our channel and with our target user base. That is a real growth driver.

What sort of impact have you seen on Intercept X from the recent WannaCry ransomware attacks?

Intercept X is really focused on anti-ransomware. As you can imagine, even before this whole WannaCry incident, that had become one of the fastest growing products in Sophos history. We launched it in September. We had over 8,000 customers – actually probably 9,000 now, with 8,000 at the end of March. It's all managed inside of Sophos Central, so it's very easy to deploy and very easy to manage, but has arguably the world's strongest protection against ransomware anywhere. It's actually proven to be 100 percent effective against the WannaCry incident. Literally every single customer that has had Intercept X was fully, proactively protected against it. You can imagine that over the last two or three days, our partners have been hearing from their customers around what can they do for them to ensure they are protected against ransomware. This is obviously a great opportunity.

Have you seen a lot of inbound interest around WannaCry? What impact has that had on sales?

Yes, dramatic. You can imagine if we have what is widely regarded as one of the world's leading technologies to protect against ransomware, and then in the last three or four days the topic of ransomware is literally front page news in ever country for days in a row, that will probably generate a lot of interest among customers and partners. That is exactly what has happened.

What do you think the impact WannaCry will have on the SMB and midmarket?

The truth is something like WannaCry is compatibly indiscriminate with respect to the size of the organization. The cybercriminals who launched WannaCry, there is some growing evidence that some cybercriminal originally intended to set a few isolated brush fires to collect some money from it and then unwittingly unleashed a global wildfire that actually burned his own house down. As that spread all over the world with increasing velocity, it affected organizations of every size, in every country, in every vertical. It's completely indiscriminate. We don’t really see any distinction between it affecting the large enterprise more than midmarket – it just went out and hit anyone it could. If you were protected you were fine, and if you weren't it wreaked havoc.

Do you see customers looking to be more proactive around ransomware, even if they weren't hit by WannaCry?

Absolutely. Something like WannaCry and all of the prominent coverage it's receiving ends up serving as a pretty clear wake-up call to the world to make IT security a top priority and to redouble our efforts to get the basics right, including making sure that you have modern operating systems, that you are patching and updating those operating systems, that you have the latest next-generation forms of protection that explicitly focus on things like ransomware, and that you take a layered defense approach where you have multiple security technologies acting as a system. We call that synchronized security, where you have multiple defenses acting in layers so you can protect yourself in multiple steps. It's just another reminder that these are the kinds things that any size organization needs to make a priority to make sure they are protected and managing their security effectively.

Other than Intercept X, what other growth are you seeing around the endpoint security portfolio?

One is Sophos Central, this cloud-managed platform that spans across multiple products … Partners are really behind that. The excitement around Sophos Central at the partner conferences was just amazing … Server is growing like crazy. Our firewall platform is growing at probably 2 to 3 times the industry rate. There is just a lot of growth engines that are underpinning our overall growth rate at probably three times the market rate now … We think we're just getting started. We're very proud of the 260,000 customers that we have. We're adding about 10,000 new customers a quarter. That's pretty exciting, But, at the same time there, are 60 million small and midmarket enterprises. We feel like we have a lot of running room and we're just getting started.

We're having a lot of fun … Of course we're excited about our financial performance, but the thing that really gets us out of bed in the morning is working with our partners to deliver better protection for hundreds of thousands and – hopefully someday – millions of organizations around the world. We think we have a chance to do real good in the world.

How do you see the next-generation endpoint security market evolving?

Our view is that we are off to a strong start with Intercept X and the recent announcement that we acquired Invincea for the machine learning, AI technology. We are going to integrate the Invincea technology and ship that as a new product as part of Sophos Central sometime later this calendar year. If you take what we're doing with Intercept X and what we're actively building with the Invincea machine learning technology, we think we will have the single best next-generation endpoint security solution in the world – not just for midmarket enterprises, but for any enterprises. We just think that is really exciting. Our view is that there are just very few other vendors, whether they are pure-play startups or whether they are some of larger incumbent vendors, that have the combination of enterprise-grade, proven, leading, next-gen technology, that at the same time is easy and simple to deploy and manage and use … We think we have a legitimate chance to be not just one of the leaders but the leader in next-generation endpoint. Certainly for our target customer.

Do you expect to see more consolidation to come? Sophos is already driving some of that with the acquisition of Invincea.

I do. In fact, I'm a little surprised that more of it hasn't happened already. I think your hunch is right. I would expect to see more, yes.

How is the integration with Invincea progressing?

It's good. The team is doing great. We're hiring additional people. The teams from Invincea are working really nicely together with the teams at Sophos. It's full steam ahead. We feel very good about the integration progress and we feel like we're right on track. It's going to be an exciting product.

What does Invincea add to the Sophos portfolio that you didn't have before?

The core component it adds, which we felt was really the only missing part that we had in our next-gen story, is the machine learning. We really felt like Invincea had one of the very best machine learning platforms in the world and that’s why it was such a great fit with Sophos. That brings machine learning in and that’s the key new piece that we will deliver when we ship that integrated product.

What can partners expect to see from Sophos as it looks to continue the growth trajectory it is on?

The message that we were sharing with everyone at the partner conference was pretty simple. One: this game plan is really working. We bet 100 percent on the channel. They are not just one of our routes to market, they are our only route market. That commitment to the channel is really working. No. 2: we will continue to drive innovation in Sophos Central, in products like Intercept X for next-generation endpoint and anti-ransomware, in the Invincea product for machine learning, in the firewall, in Synchronized Security to bring together all these components … We think that the approach that Sophos is taking to the market, with a single integrated cloud platform that is focused on the midmarket enterprises, dedication to continuous innovation, all delivered with simplicity and manageability, and all done through the channel – we think that is a very unique approach to the market. It is working. It is really working for our channel partners. We are going to continue to double and triple down on it. There is more of the same [growth] to come, that's for sure.