Sophos Acquires Rook Security to Extend Services Strategy

Sophos today announced it has acquired Rook Security, a provider of a managed set of detection and response services that will further advance the company’s expansion into cybersecurity services.

Company CTO Joe Levy said Rook Security would enable Sophos to plug a gap that continues to expand as more organizations struggle with the chronic shortage for cybersecurity professionals. By relying more on Sophos to provide cybersecurity software and services, organizations will be able to re-prioritize where and when they apply their own limited resources, he said, noting that’s critical because many organizations today are experiencing high levels of fatigue from having to maintain the security of their IT environments on their own.

Sophos’ acquisition of Rook Security comes on the heels of a move to acquire DarkBytes earlier this year, which gave Sophos access to a security orchestration and automated response (SOAR) platform through which to integrate the management of multiple security technologies.

Levy said Sophos also would extend the reach of the cybersecurity services offered via its managed services arm to include Sophos Cloud Optix, which is based on technology the company gained via its acquisition of Avid Secure earlier this year. Sophos Cloud Optix enables organizations to discover assets running in public clouds and determine their cybersecurity posture.

Sophos is straddling a fine line between the services it plans to provide and those already provided by many of the cybersecurity service firms it has partnered with over the years. Levy said some partners would opt to incorporate the Rook Security services within their portfolios, while others will continue to rely on their own managed services portfolios. At the same time, many more classic reseller partners will opt to resell the Sophos managed service portfolio, added Levy. Sophos claims it has more than 47,000 global partners either reselling its software or delivering managed services that incorporate its software.

Regardless of the product or service being provided, however, Levy said Sophos is committed to making available application programming interfaces (APIs) everywhere alongside traditional graphical user interfaces. In the age of DevSecOps, many cybersecurity services increasingly will be invoked via APIs that enable those services to be integrated easily within the context of another platform. Being able to aggregate massive amounts of data is also critical to the future of cybersecurity as vendors move to infuse machine- and deep-learning algorithms to drive a variety of emerging automation services based on artificial intelligence (AI). The more data a cybersecurity vendor can collect, the more accurate and relevant those AI services can become.

As cybersecurity vendors race to extend the reach of their portfolio into the realm of services, it’s clear a wave of mergers and acquisitions are underway across the entire cybersecurity sector. Major cybersecurity vendors are rolling up smaller players to create a platform that will enable more services to be cost-efficiently delivered at scale. It’s not clear yet which vendors might come out on top once the dust settles, but the days when the cybersecurity landscape was littered with individual point products appears to be coming to an end.

Michael Vizard

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 692 posts and counting.See all posts by mike-vizard

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)