We sit down with Sophos CEO Joe Levy during Pax8 Beyond to discuss, among other things, the progress of the SecureWorks acquisition. He reveals how the Taegis platform is becoming the centerpiece for security operations across both customer bases. He shares insights on harmonizing overlapping technologies, the convergence of SIEM and XDR platforms, and why compliance alone doesn’t equal security.
The SecureWorks acquisition, which closed in February, is progressing faster than anticipated. Sophos has already integrated the entire go-to-market team. They are also working through platform and technology integration. The company has announced several major milestones, including support for Sophos endpoints within the Taegis platform. Moreover, the availability of Sophos endpoints for all Taegis customers has been achieved.
The next significant milestone will be the availability of identity threat detection and response (ITDR) capabilities within Sophos Central. This capability, built by SecureWorks over several years, will be available to both Sophos and SecureWorks customers. It represents a key enhancement to the combined security portfolio.
Taegis platform becomes security operations centerpiece
Levy explains to us that Taegis will become the centerpiece for security operations for all combined customers going forward. SecureWorks customers will continue to use the Taegis platform they’re familiar with. Meanwhile, Sophos customers will migrate to Taegis throughout the remainder of 2024 and early 2025.
This strategic decision brings immediate benefits to Sophos customers, particularly the addition of generalized SIEM capabilities. Sophos already had one of the industry’s leading XDR platforms. Approximately 45,000 customers use the XDR product, and 35,000 are on the managed detection response service. However, SIEM capabilities were not inherent in the Sophos XDR product. This made the Taegis integration particularly valuable.
Harmonizing overlapping technologies
As with any acquisition in the cybersecurity industry, there was overlap between the two portfolios. Both companies had XDR technologies, MDR services, and capabilities around network detection and response, network sensors, vulnerability detection, and managed risk. Sophos is harmonizing these overlapping elements by consolidating around the best capabilities from each platform.
The major movement involves bringing SecureWorks’ Taegis platform into Sophos Central. This consolidation accelerated Sophos’ roadmap in several key areas. The most important thing it added were generalized SIEM capabilities. These enable customers to ingest, store, parse, and index virtually any kind of log. They can then build detections on top of that data.
SIEM and XDR Convergence
When we mention the convergence of SIEM and XDR and the ongoing debate whether organizations still need SIEM technology, Levy is clear. He sees a future for both technologies. He notes that the SIEM industry has been moving toward XDR while the XDR industry has been moving toward SIEM. This creates a mutual convergence.
The key difference, according to Levy, is that XDR is highly specialized for security operations and workflows. In contrast, SIEM has been more generalized in its application. SIEM can ingest almost any kind of log and has been used for security. However, companies like Splunk essentially “stumbled onto security” rather than designing specifically for it.
Addressing the cybersecurity poverty line
Beyond the well-known cybersecurity skills gap, there’s growing attention to the concept of a cybersecurity poverty line. Levy elaborates on that in our conversation too. This conceptual line represents organizations operating in a state of poverty when it comes to cybersecurity. This is not just about budgets for cybersecurity but, more importantly, also deals with the kind of leadership and strategic capabilities needed.
Organizations below this line lack the ability to define roadmaps, understand key metrics, and plot a course from their current state to their intended destination. They struggle to continuously drive resiliency into their business. Organizations also need to align cybersecurity with overall risk management goals. This represents a risk that many businesses fail to recognize until it’s too late.
Levy is convinced that Sophos, now with the additional capabilities that SecureWorks brings to its offerings, can help organizations stay away from the cybersecurity poverty line. Listen to and watch the video now.
Also listen to and watch: Pax8 wants MSP’s to become MIP’s: what does that mean?