The 'endpoint plus network' strategy is CSO's armor: Kris Hagerman

A holistic security portfolio elevates the company's value proposition as a preferred vendor for companies, Sophos CEO says

Sophos CEO Kris Hagerman

Cybercrime continues to spread its fangs globally across companies of all sizes. The year 2016 saw new forms of malware, ransomware and breach attacks impacting many companies’ infra and brand reputation.

In an exclusive interaction with CSO India, Kris Hagerman, CEO of Sophos, spoke on M&A, competition, and innovations in the cybersecurity world. Hagerman says, “India is an extremely strategic market for us as we have one fourth of Sophos' global workforce in this part of the world.” 

Edited excerpts:

What is the current state of the security world as we step into 2017 as hackers (Mirai malware, new ransomware) give sleepless nights to security vendors and their customers?

The summary statement is that IT security across the world is becoming more difficult and more complex and the cost of getting it wrong continues to go up. The year of 2016 wasn’t terribly different from 2014 and 2015. There has been a consistent pattern in the way cybercrime has grown as a business. And there is a great deal of innovation amongst cyber criminals on finding all sorts of new ways to ultimately get the data of an organization.

Our customers and partners constantly look at Sophos to innovate and stay ahead of cyber criminals. They want us to fundamentally protect their data from both network and endpoint perspective as they work in tandem and importantly talk to each other. 2016 was a year of innovation with Sophos Intercept X launched a quarter ago. Sophos which went public 18 months ago is outgrowing the security market in network and endpoint.

What is revolutionary about Sophos' Intercept X in today’s multi-vector attack surface which also includes Cloud and IoT?

In IT security business, vendors need to come up with advanced techniques that solve the big problem of ransomware or malware for the customers. The exciting offering Intercept X is the next gen end point to fight ransomware at the very core of IT infra’s exploit level. It is an innovative way to solve the most substantial problem that every company is today a target for ransomware. The patented anti-exploit technology identifies not specific signatures of malware but different and unique techniques of malware used by hackers. Intercept X is one of the prime reasons for Sophos to emerge as a visionary vendor in the end-point security market.

More digital data in App economy is a big headache to CISOs and C-level executives of organizations.

The challenges for CISOs today are extraordinary. They have been asked to protect more digital data used on more devices by more people across every possible application in a world where there are more cybercriminals who are becoming much more sophisticated. CISOs have to protect more digital data used on more devices by more people across every possible application in a world where there are more cybercriminals who are becoming much more sophisticated.

 If you are CISO or IT executive of any level of organization of any size, you really have a tough problem on hand. The consistent thread across any surveys done globally or region-wise is that IT security is the number one priority for CISOs. If they get IT security wrong, they can literally ruin their company and it could be the end of the business in many cases.

But many security companies have a new ‘detection is more important than prevention’ GTM. Doesn’t it confuse CSOs more?

First of all, it’s not true. It is equivalent to saying that it is not important for an intruder to enter the bank. The only important thing is detecting their action when they get in there. It just makes no logical sense. The truth is that sometimes tech companies get excited about the latest things and some pretend to win the innovation game with a renewed pitch. A responsible security strategy should be complete, work as a system and it should be simple. Prevent as much as possible and if the sophisticated hacker gets in, detect it extremely fast. But it should be executed across multiple parts of security infra.

Most major vendors, particularly over the past couple of decades, were good in either network or endpoint security. Symantec, Trend Micro, McAfee were good at endpoint but they never did network security. On the other side, vendors like Palo Alto Networks, Cisco, Fortinet were good at network security but they have little or no endpoint expertise. Cybercriminals today are very effective in finding gaps between each other because the products do talk to each other. 

Sophos is leading both the portfolio across end-point and network. The independent silos meaningfully talk to each other and catch threats (if any) quicker through Sophos synchronized security concept.IT security was earlier like security guards inside and outside the building. For the first time ever we have given walkie talkies to them (outside (endpoint) and inside (network) to actively talk to each other.

SonicWALL, McAfee became independent entities this year while Symantec swelled with Blue Coat, Dell with RSA as few examples. Aren’t we over with M&A in security world?

Security is one of the few markets in all IT that hasn’t seen a dramatic amount of consolidation in last two decades. Security is the only technology space where instead of playing tennis against a wall, you are playing tennis against millions of active participants on the other side of the net. It’s different than just building a good database or a great web application for the customer. However, cybercriminal has an eye on that database every single day.

In Cybersecurity market we see a wave of some large companies launching new solutions to combat new-age threats or some small companies with innovative solutions getting acquired. Then a fresh batch of security startups which gets acquired. And this cycle continues to pedal.

Sophos enhanced its value proposition by acquiring smaller companies that supplement our portfolio like network Security Company Cyberoam as an example. Last year we bought security software firm SurfRight. We recently launched Intercept X to beat ransomware. We innovate and also tuck in M&A deals to stay ahead of the curve.

Let’s talk about channels. Have the challenges around integrating channels of Sophos and acquired UTM companies Astaro and Cyberoam been ironed out?

All channel partners across the companies are effectively under a single channel program of Sophos. It is true that over the year we had channels that were proficient in end-point security (Sophos) and some were only selling network security (Astaro and/or Cyberoam). However, over the past 18 months, our strongest channels partners are selling both – end-point and network.

The results for six months ended Sept. 30, 2016, indicated that customers who have both Endpoint and UTM products increased from 6.4 percent to 8.4 percent YOY. We grew our overall number of partners to 26,000 and increased our blue chip partners (those generating at least 5 transactions in the prior 6 months) from 4,700 at the prior year-end to 5,400.That is a very encouraging trend.

And what about consolidation of three prominent brands -- Sophos, Astaro, and Cyberoam -- to avoid any conflict of interest amongst CISOs and channels?

We now sell only one brand Sophos. We today offer three series of UTM - SG (from Astaro), NG series (from Cyberoam) and XG. XG is the future platform that is the superset of SG and NG and combines its best features together.

 We basically do not want to compel customers to migrate to the innovative platform XG from their earlier model but only when they are ready to move to a newer platform along with investment protection. We want to make the transition as smooth and as friendly for customers and partners and channels and customers over time will see more value in our future UTM platform.  

Last year the company’s key focus was pragmatic (SME) enterprises. Does that strategy hold true today or is Sophos keen to address large enterprise clients?

The value prop of the complete advanced security appeals to organizations of all sizes from 50 users to over 5000 users too. However, there is no question that we are the best fit for SMB market and the channels that serve them. Our solutions are complete, work as a system and easy to use and manage which is a huge benefit for small and medium businesses who are mostly short of dedicated IT or security professionals.

 Kris Hagerman’s 5 Security Trends for 2017

1. Cybercrime industry to become much more difficult, complex and sophisticated.

2. An increase of cloud usage by good and bad guys as online applications become popular.

3. Realization by people that data is the gold supported by efforts like GDPR in Europe.

4. Effective security solutions should be complete, operate as a system and be simple.

5. Network and end-point solutions from a single vendor to become a common norm.


This story, "The 'endpoint plus network' strategy is CSO's armor: Kris Hagerman" was originally published by CSO India.

Copyright © 2016 IDG Communications, Inc.

What is security's role in digital transformation?