- HOME
- ▸ news
- ▸ security
- ▸ 2025
- ▸ Sophos CEO On New Enterprise, SIEM Opportunities With Secureworks Acquisition
Sophos CEO On New Enterprise, SIEM Opportunities With Secureworks Acquisition
The $859 million acquisition of Secureworks will give Sophos a ‘much better competency’ on serving enterprise customers while also adding new capabilities in areas such as next-gen SIEM, Sophos CEO Joe Levy tells CRN in an interview.
Sophos’ acquisition of Secureworks will give the cybersecurity vendor a “much better competency” on serving the enterprise segment while also adding new capabilities in areas such as security information and event management (SIEM), Sophos CEO Joe Levy said in an interview.
The $859 million acquisition closed Feb. 3 and will enable the combination of key capabilities from the Secureworks Taegis platform, such as extended detection and response (XDR), with the Sophos portfolio.
[Related: Sophos-Secureworks Merger: 5 Big Partner Takeaways]
“Our goal, to state it plainly, is to take the Taegis platform and embed it within Sophos Central,” Levy said in the recent interview with CRN.
Crucial areas where Secureworks will introduce or expand capabilities for Sophos include segments such as vulnerability detection and response, identity threat detection and response (ITDR) and “next-gen” SIEM, he said.
For Sophos, SIEM will be a “net-new offering” that results from the acquisition of Secureworks, and it’s planned for availability later this year, according to Levy.
“As an industry, we continue to talk about this seemingly inevitable convergence between the promise of the SIEM platform and the actual benefit that XDR and MDR [managed detection and response] platforms and services have been delivering,” he said. “We think this is just going to accelerate that convergence.”
Ultimately, for partners, Sophos expects to be able to provide “a far greater capability in the market” for serving customers, Levy said. “We think this is just going to allow us to do an even better job for [customers] going forward.”
Sophos, which is owned by private equity firm Thoma Bravo, acquired Secureworks from its majority owner Dell Technologies.
While Sophos already has thousands of customers in the enterprise segment, Secureworks has primarily operated in this space and is “exceptionally well-known for servicing enterprise customers,” Levy said in the recent interview.
As a result, the acquisition “is just going to give us a much better competency to continue to serve the enterprise but also bring a lot of the benefit of the combined platform down into the midmarket and the SMB segment,” he said.
Here is more of CRN’s interview with Levy.
What are some examples of how integrating the two platforms will benefit partners and customers?
I think that [former Secureworks CEO] Wendy [Thomas] and the entire Secureworks team just did an extraordinary job embedding all of the working knowledge that they had from years and years of running Secureworks into this Taegis platform. And they created what, in my opinion at least, is one of the best XDR platforms, one of the best next-gen SIEM platforms and one of the best MDR experiences. So our goal, to state it plainly, is to take the Taegis platform and embed it within Sophos Central. Now the benefit to our customers is going to be we’re going to get this improved set of workflows that Taegis is going to be able to deliver to us. The benefit to our partners is going to be that all of the Secureworks customers and partners who originally were benefiting just from Taegis are now going to have access to the entire ecosystem that exists within Sophos Central. So the breadth of security solutions that we have—from email security to network security to cloud security, etc.
Could you talk about some categories where you’ll be able to expand your capabilities through integrating the technologies?
One of them [is] identity threat detection response. Identity continues to be one of the hottest areas within cybersecurity. I think [it’s] one of the biggest opportunities for the market to just do a better job for our customers. And being able to integrate identity solutions into the security operations platform, getting the embeddings within an XDR platform, making it part of an offering of an MDR service—I think that that’s a guaranteed elevation of the experience that we’re going to be able to produce for customers. So ITDR is certainly one of them. Vulnerability detection and response is another great offering that Secureworks brings. Sophos has already been in the market for a little over a year now with our managed risk offering, which we do in partnership with Tenable. Our intention there is to bring those two services together. And there is just a ton of complementariness and a lot of mutual benefit that we think we’re going to get in combining those two together. Other areas that I mentioned—next-gen SIEM, for example. As an industry, we continue to talk about this seemingly inevitable convergence between the promise of the SIEM platform and the actual benefit that XDR and MDR platforms and services have been delivering. We think this is just going to accelerate that convergence and allow us to offer the best that a SIEM has had to offer historically, in addition to all of the actual operational benefit that we see practically every single day with XDR products and MDR services.
Will next-gen SIEM be a new offering for Sophos?
This is going to be a net-new offering from us. The Taegis platform is what’s going to enable this. There are many customers who operate in regulated industries where it’s effectively mandated that they have to have a SIEM. And whether they’re using the SIEM as the basis for their security operations, or whether they’re using it for adherence to compliance programs, or theyre using it from long-term log storage and retention—these are all different use cases that SIEM has primarily satisfied in the market. Increasingly, we’ve been seeing XDR [becoming] capable of satisfying more and more of those use cases. And this is just going to accelerate our ability to do that. So while we’re probably not going to position it as a stand-alone, next-gen SIEM offering, it is absolutely a capability that we know that our customers have been asking for, and that our partners are excited to have access to—probably a little later this year, as we start getting that integration rolling.
Do you expect to retain the Secureworks brand and Taegis brand going forward?
There’s a lot of brand value in the Secureworks name and in the Taegis name. In the near term, you’re going to see us referring to Secureworks, a Sophos company. Over time, we’ll continue to rationalize the way that that integration is actually going to happen. But we’re really, really fond of the Taegis platform. And you’ll probably see that manifest in the way that it ends up getting integrated.
But for now, you’re continuing to offer what Secureworks offered as a stand-alone to the people who are already customers and partners?
Yes, branding aside, probably the most important thing that I could say is that, first, do no harm. We don't want any kind of discontinuity to the experience—either for the Secureworks, customers and partners, or for Sophos customers and partners. So for the near-term future, at least, it's going to be business-as-usual operations on both sides. Obviously, we're working on converging the technologies — the platforms and the product and service offerings that we bring to market. The single most important thing for us right now is seamlessness and no discontinuity.
As far as having Secureworks’ technology integrated with Sophos Central, is that also likely to happen later this year or could some things come sooner?
We’re probably going to see some things come sooner. There is a lot of interest in being able to provide some of the exemplary protection capabilities that the Sophos Intercept X brand has to offer to SecureWorks customers. So we’re looking at ways to fast-track making that available to many of the Secureworks customers, who have been waiting for some time for this kind of capability from Secureworks.
Now, I’ll accompany that by saying we don’t have any intentions of changing the solutions that the Secureworks customers are using today. It’s really important that I offer this assurance. Oftentimes in these kinds of acquisitions, you see this sort of brute-force approach to the way that the integration occurs, and the vendor will then force the customers to change the set of solutions that they’re using, or they’ll make radical changes to the pricing. And this, of course, affects both the customers and the partners. In the spirit of ‘first, do no harm,’ we’re not intending to mandate any of those changes. So if the customer is using third-party solutions on the endpoint or third-party solutions for network security, we are going to continue to support them the same way that Secureworks has supported them. Now we will provide the additional optionality of being able to consolidate with a vendor, and there are real-world operational benefits that will accompany that. But we are absolutely looking for ways to accelerate bringing the joint solutions to both of the populations.
Could you talk a bit about how open XDR will factor in for Sophos, given that it has been such a focus for Secureworks?
Open XDR is an industry mantra at this point. I think most vendors who talk about XDR, talk about it in that way. It’s something that we at Sophos have been practicing for a couple of years now. If you recall, a few years back, we acquired a company called SOC.OS. And that became the basis for opening up our MDR and our XDR ecosystem to support third-party products. Today, we’ve got about 50 different integrations that we’re supporting. Secureworks immediately brings us about 350. This is a number that we intend to continue to grow over time. We think that we’ve got great [third-party] coverage today for the existing investments that our customers have made in IT solutions—whether it’s identity systems, network security, email security, cloud security, etc. And that’s something that we’re going to continue to develop to satisfy the diversity that we see in the market. But open XDR is nothing new to us. We think it’s the best way to actually deliver the right outcomes to customers.
In terms of partners, was there significant overlap across the two companies?
There was some overlap in the partner population. But I will say that Secureworks also brought some really extraordinary partners into the Sophos family. I’m personally very excited by some of the really high-end, well-known partners that Secureworks is bringing here. They also have some great relationships with systems integrators at a global level, which historically Sophos has not really done. Secureworks with hyperscalers. So there is absolutely an expansion of the partner opportunity that Sophos is going to have as a company as we continue to bring the Secureworks partners on board.
All in all, what would you say is the biggest opportunity for partners through this acquisition?
[It’s to] do a better job for customers. This is something that we always aspire to do, and this gives us a far greater capability in the market—just the size of the combined organization, the relative strengths that we’re bringing together here, bringing the [Secureworks] Counter Threat Unit into the Sophos X-Ops team, bringing Taegis into the Sophos Central platform, just bringing together the talent of the two organizations. We’re already operating at a pretty rare level of scale within the Sophos business today—600,000 total customers, about 28,000 MDR customers that we’re protecting. There’s a reason why there’s so much trust placed in us with the customers who are selecting us. And we think this is just going to allow us to do an even better job for them going forward.
Sophos is known for securing the SMB and midmarket, but could you talk about the enterprise opportunity with acquiring Secureworks?
Secureworks is exceptionally well-known for servicing enterprise customers. They have a breadth of customers as we do. They have a number of customers in the SMB, in the midmarket space. But they’re primarily known for [having] an enterprise security brand, and we’re incredibly excited about that. Because, like them, we also have thousands of customers in the enterprise segment. This is just going to give us a much better competency to continue to serve the enterprise, but also to bring a lot of the benefit of the combined platform down into the midmarket and the SMB segment.
Recently there has also been some other M&A activity in the endpoint security space— what are your thoughts on how that market is evolving?
This space is absolutely continuing to grow. I think the pendulum has swung a number of times over the years between, ‘Protection and prevention is everything to, ‘You can’t rely on it, you must only have detection or response.’ And now the pendulum, I think, is swinging back toward the center. And this kind of centrist view, I think, is the most practical view that we could take as an industry. The reality is you need both of them. You have to have the benefit of the best protection and the best prevention that you could possibly get because that just lowers the noise. It gives you a more hygienic operating environment where you could actually focus on doing the operational work that is going to provide the highest value and the best benefit to customers. So, clean up the environment as much as you can. That is best done by highly competent technologies, whether it’s endpoint security or network security or cloud security— create the most orderly environment that you can, and then you can really allow the benefit of the service and the detection and response technologies that help to drive it really shine and really deliver benefit. So it’s great to see that there’s still this movement within the endpoint industry. I think it’s a testament to the fact that this combination [with Secureworks] is the right combination. There’s a lot of demand for cybersecurity products and services in the market today. There’s a lot of room in our industry for strong competitors.
In terms of helping customers to deal with vulnerabilities, what are the biggest things you’re seeing there?
There’s this ever-increasing complexity within modern IT systems. They never get simpler, they never get less complex. They always get more complicated and more complex—more parts that are interconnecting together. There’s an inscrutability to modern IT systems for the most part. If you ever asked a typical business, ‘Can you produce a data flow diagram of how information actually flows in and out of your business and through your IT systems?’ Chances are they probably could not produce that sort of thing. And understanding what the interface is to the business logic, and how data flows through our systems, is fundamental to being able to protect them. So when we do software design, for example, data flow diagrams are a mandatory component. There’s no way that we could really secure it and understand whether we’re building a resilient and robust and secure product and adhering to secure-by-design practices as a vendor. It’s the only way that we can do it. But the vast majority of systems that are out there today—IT systems that are being operated by every organization, in every vertical, in every country—in general, they probably cannot describe the complexity of how the data flows through those systems. And insecurity lurks in those dark shadows and in those interconnects. We need to be able to do a better job for our customers, helping them to know how to navigate that.
Not every organization is going to be able to hire their own CISO and build their own internal security practice. As vendors, and working with our partners, we need to become better advisers to them so that we can help them to put together these strategies. I’ll continue to say its not nearly as exciting as some of the exotic technologies that we talk about today or some of the advancements that we see in AI. But the better that we can do on the basics—the better that we can get at hygiene, reducing disorder in our systems, just understanding the organization and the flow of data—the better [are] our odds of actually protecting them and having better cybersecurity outcomes. So that’s something that’s going to remain very important to us. And you’re going to be hearing a lot from us in the coming months about how we intend to do a better job for our customers and with our partners.
