Sophos CEO: Pending Acquisition Part of Larger Services Shift
The pending $3.9 billion acquisition of Sophos by Thoma Bravo, announced this week, is part of a larger effort to transform how cybersecurity is achieved and maintained.
Sophos CEO Kris Hagerman said as the threats organizations face increase in both volume and sophistication, it’s become apparent that the collection of IT security point products most organizations rely on today for cybersecurity needs to give way to a service-based approach infused by artificial intelligence (AI).
The first step Sophos made in the direction came in the form of an endpoint detection and response service dubbed Intercept X. It’s now only a matter of time before Sophos makes its entire portfolio of products available as a service augmented by AI, said Hagerman.
Naturally, the transition to cybersecurity services models infused with AI is creating something of an arms race among cybersecurity vendors. Vendors that don’t have the resources required to build and operate managed security services at scale will be left behind as customers increased their reliance on cybersecurity services capable of responding to new and emerging threats in real-time, said Hagerman. While the $3.9 billion being shelled out by Thoma Bravo will go to existing Sophos shareholders, the venture capital firm hasn’t been shy about making additional investments.
It’s still unclear whether Thoma Bravo will use Sophos as a base to roll up other companies into a larger entity that one day will go public or be acquired. The acquisition is being implemented through Bidco, a newly incorporated company, formed on behalf of funds managed and/or advised by Thoma Bravo, by way of a court-sanctioned arrangement under Part 26 of the United Kingdom’s Companies Act 2006. Thoma Bravo has thus far completed more than 200 acquisitions representing more than $50 billion in aggregate enterprise value, with most of those companies continuing to operate as independent entities.
Headquartered in the UK, Sophos today has more than 400,000 customers in more than 150 countries spanning 100 million users. Hagerman said the primary focus of the deal is not about industry consolidation as much as it is transforming Sophos into a larger entity. As part of that strategy, Hagerman said Sophos is betting that its approach ultimately will increase the number of managed security services providers (MSSPs). Rather than each MSSP having to invest capital to replicate the capabilities provided by Sophos, Hagerman said he expects many will opt to resell services provided by Sophos under their own brand. Those partners will then add value by being able to invest more in developing cybersecurity expertise than IT infrastructure, he noted. Sophos already has more than 47,000 partners that today mainly resell its software.
Regardless of how the transition is accomplished, Hagerman said Sophos is no longer just a provider of cybersecurity software. As a provider of services, Sophos will be more focused on delivering highly automated solutions.
Less clear, of course, is to what degree IT organizations that historically have preferred to buy and integrate cybersecurity products are also ready to make that transition.
