• United States



Senior writer

Sophos unifies threat analysis and response units into X-Ops team

Jul 20, 20222 mins
Incident Response

Cybersecurity vendor Sophos reorganized three prominent organizational teams into a single new entity, for more efficient responses to modern threats.

UK-based cybersecurity vendor Sophos announced today that it had reorganized its SophosLabs, Sophos SecOps and Sophos AI teams into an umbrella group called Sophos X-Ops, in order to provide a more unified response to advanced threats.

The company said that while its security teams routinely share information among themselves, the creation of the X-Ops team makes that process faster and more streamlined.

According to Joe Levy, CTO and chief product officer at Sophos, the new organizational move is a recognition of the fact that the threat landscape has changed rapidly of late, and that there’s an increasing need for collaboration.

“Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged,” he said in a statement. “Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”

Sophos said that the new team helps it combat cyberthreats more holistically, combining threat intelligence, ransomware mitigation, and law enforcement liaison to address the causes and effects of cybercrime.

It’s an organizational idea taken, in some part, from the criminal side of the cybercrime equation, according to IDC research vice president Craig Robinson.

“The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it,” he said in a Sophos press release. “The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups.”

Forrester vice president and principal analyst Jeff Pollard said that this type of reorganization isn’t uncommon, and reflects an understanding that siloed teams frequently have different incentives and pull in different directions, to the detriment of the company’s overall effort.

“For example, teams that aren’t working with the same incentives may lead to researchers that find amazing but impractical exploits, operations teams saddled with tools that do not focus on Analyst Experience (AX), and data scientists that find brand new ways to confirm old knowledge,” he said.