Sophos is doubling down on managed detection and response (MDR) providers with final week’s settlement to accumulate SecureWorks. The $859 million all-cash deal, set to shut in early 2025 pending customary approvals, will speed up Sophos’ push into MDR and prolonged detection and response (XDR) with SecureWorks’ common Taegis platform on the core, the corporate mentioned.
SecureWorks has solely 4,000 clients to Sophos’ 600,000, however the firm affords superior XDR capabilities constructed on a cloud-native information lake structure to bigger enterprises delivered by service suppliers. Constructing on its managed XDR capabilities, SecureWorks this yr has added community detection and response (NDR), vulnerability detection and response (VDR) and most just lately, identification menace detection and response (ITDR) to the Taegis platform.
Dell Applied sciences, which owns practically 80% of SecureWorks’ publicly traded shares, has been exploring methods over time to divest its management of the safety supplier. Dell joins the small membership of enormous corporations quitting the operations enterprise this yr: IBM abruptly introduced the sale of its QRadar SaaS portfolio to Palo Alto Networks, and AT&T spun out its managed safety enterprise, now referred to as LevelBlue.
In the meantime, Sophos was trying so as to add a sophisticated XDR and MDR platform that it might combine with its personal Sophos Central safety operations heart (SOC). The central administration instrument gives endpoint, server and e mail safety and entry to different safety providers, together with firewall, cloud and encryption, amongst different level choices.
Sophos, which additionally added its “vendor agnostic” MDR service to its portfolio in late 2022, rapidly noticed demand for it from its clients, says Enterprise Technique Group principal analyst Dave Gruber. “Scaling operations to serve an viewers of this dimension is difficult, making this acquisition a sensible transfer for Sophos, as SecureWorks has most of the finest and brightest safety professionals within the trade,” Gruber says.
Constructing an XDR Platform on Taegis
Sophos CEO Joe Levy says he cannot reveal particular integration plans earlier than the deal closes within the first quarter of 2025 because it undergoes regulatory clearance processes. However he does not dispute that bringing Taegis and Sophos Central collectively is what’s driving this deal, which might mark the biggest for the reason that firm was based in 1985.
“We’re aiming towards this world the place we convey collectively the very best hits of the 2 operations,” Levy tells Darkish Studying. “We’ll determine that mixture of the know-how stack–Taegis inside Sophos Central and the safety operations heart itself.”
In response to Levy, that can embrace delivering the MDR enterprise and the vulnerability detection and response, managed threat, identification, menace, detection and response. “[It’s] the service part that clients are counting on to assist to maintain them safe,” he says.
Levy explains that in addition to figuring out a unified method to provisioning providers from SecureWorks and Sophos choices, a key problem might be enabling collaboration among the many safety operation groups inside its MDR enterprise, clients and companions, notably MSPs and MSSPs who ship the 2 corporations’ respective choices.
“We wish to produce the very best workflows whereas demonstrating empathy and understanding of what the safety operators are doing each single day,” Levy says. “These are the driving ideas which are going to be guiding the best way that we undertake this.”
SecureWorks Shift to XDR Platform
SecureWorks started creating Taegis in 2017 and launched it in early 2021. Taegis is constructed with a knowledge lake structure designed to ingest and normalize information and an analytics engine constructed to determine, prioritize, and block threats.
Wendy Thomas, SecureWorks CEO, informed buyers throughout the firm’s Q2 2025 quarterly earnings name in September that she sees continued development potential for Taegis. “We have more and more seen clients greater than prepared to maneuver away from noisy, exhausting and costly to take care of SIEMs to an XDR method to detection and response,” she mentioned. “That development is simply accelerating.”
Since Taegis was launched, analysts and clients have given the platform excessive marks. “The Taegis platform from SecureWorks has nice detection and response capabilities,” says IDC analyst Craig Robinson.
Whereas SecureWorks’ and Sophos’ respective MDR providers supply many related options, Robinson notes that Sophos’ providing has a extra vendor-independent mannequin than Taegis. “Whereas there’s overlap, Sophos has extra particular person merchandise whereas Taegis is a platform,” he says.
Impartial guide William Klusovsky believes that including SecureWorks is poised to deepen Sophos’ attain into bigger enterprises and supply richer providers to small and mid-sized organizations. However he warns Sophos might “fumble” that potential if it does not adequately put money into the mixing of the merchandise.
“If they’re too short-sighted and focus solely on financials and returns, they might find yourself with two companies that do not work collectively and lose the expertise they should create the precise enterprise,” Klusovsky says. “They should have a imaginative and prescient, stick with it, and imagine in it.”
Transition to Managed Safety Companies
Klusovsky notes that Sophos is owned by personal fairness agency Thoma Bravo, whose portfolio he says is usually product corporations, whereas each SecureWorks and Sophos have been shifting to providers.
“The providers trade may be very completely different,” he says. “The excellent news is the product highway maps, and integrations needs to be one thing they will create effectivity with and drive in a constructive course. The unknown goes to be in managing service supply, gross sales, the channel, and go-to-market as these motions are very completely different for a managed providers supplier than a product firm.”
Levy says he first began driving the shift from a product-only cybersecurity enterprise to a hybrid product and providers enterprise in 2018 earlier than Sophos agreed to be acquired by Thoma Bravo.
“We now consider it extra by way of life cycles of engagement with our clients, fairly than simply promoting them a product or promoting them a service,” Levy says. “We’re working in collaboration with this ecosystem of cyber safety gamers to take care of life cycle engagements with clients, so simply pray that the subsequent level resolution they purchase is definitely going to offer higher safety.”
Equally, SecureWorks has undergone a number of important adjustments, having shifted from working as a managed safety providers supplier (MSSP) to a platform provider. As a substitute, SecureWorks tapped its ecosystem of channel companions to supply the Taegis platform with their very own managed safety providers.
IDC forecasts that demand for managed safety providers will develop to $44 billion in 2024, up from $39.5 billion in 2023. Demand is estimated to develop to $49.2 billion subsequent yr, IDC’s Robinson says. Driving the expansion are shrinking budgets and a dearth of expert safety operations expertise.
“Everybody’s taking a look at and ensuring that for each greenback spent, it is being spent in the precise means,” he says. “And managed safety providers is just not solely a greater means, but it surely’s additionally, extra usually, a greater end result.”
