Between doing everything yourself and relying entirely on the outside, Sophos also offers the middle ground of a modular architecture for IT security
2020 will be remembered in general as a negative year, marked by the pandemic. But for companies operating in cyber security, the digital boom caused by lockdowns has been at least an element of awareness even for companies traditionally less attentive to their protection. And, consequently, a scenario that has allowed you to grow your business. It also happened for Sophos, which in March 2020 officially began its “new life” under the wing of Thoma Bravo and which has since scored growing results. This has recently been up 17% in EMEA, as Marco D’Elia,Country Manager, Sophos Italy, explains. In the recent history of Sophos, it is especially striking a chain of acquisitions that bodes well for the expansion of the functions that the company’s platforms can offer.
Only in the second half of 2021 were the acquisitions of Capsule8 in the container security field, Braintrace for the detection-response part, Refactr for its orchestration and security automation functions. More security options are certainly always convenient, but – underlines D’Elia – the point to keep in mind today is that”The cyber security market is changing because the types of attack change. So today the most important thing is to have the ability to realize that you are under attack when everything seems to be going well.”
In short, the reactive approach is not enough.
It has been true for some time but the news of cyber security has made it clear, with the cases of large companies put out of the game for days due to trivial ransomware attacks. Which in itself is nothing new, if anything – in the vision of Sophos – the fact that the attacks are in general much more organized, targeted and articulated than in the past. “Todayon average it takes 11 days – explains D’Elia – before detecting an attack in progress. But in fact we must talk about a set of attacks, starting from the actions often carried out by criminals to identify the sectors and employees of the most interesting parts of the company, from which strategic information can be exfiltrated”.
In the face of such complex threats and attacks, different forms of defense can be implemented, but above all it is necessary to have implemented technologies to perform analysis within the network,in order to detect any suspicious action as soon as possible. This is the theme of the various acronyms that end up in DR(Detection and Response),but Marco D’Elia in this sense warns: it is good to talk about detection and response, to implement them directly you need skills and time that not all companies have. That’s why the focus is shifting from products to complementary services. If the user company does not have everything it would need to do on its own, even if perhaps it would like to, it must be supported in various ways. “Itis no longer a question of product – warns D’Elia – because the companies that are affected have certainly made their motivated choices in this regard.
But they were still attacked and suffered damage.” The detection-response part therefore assumes two aspects. On the one hand the XDR platforms that a company decides to adopt, on the other hand, MANAGED DR services in which external teams of experts constantly analyze the context of the company itself to identify as soon as possible if it is under attack and, in any case, where it can improve its security infrastructure.
One of the main evolutions that cyber security is experiencing concerns precisely this aspect. Voluntarily or out of necessity, companies are now aware of the importance of cyber security. Now many have to choose how much to implement it on their own, buying technology and developing the necessary skills, and how much to turn to the outside, equipping themselves with managed services. The two options are not mutually exclusive and for this reason”vendors will prevail – explains D’Elia – capable of supporting both,while suppliers only of product will tend to become niche”.
Sophos Managed Threat Response (MTR) is the managed service offering that Sophos has built with this vision in this vision. That for Sophos is really achievable only if you have historically chosen an approach of integration between your solutions. For this reason, the company believes it has a competitive advantage over the competition: “We havebeen following an integrated cyber security strategy since 2013 – underlines D’Elia – and since 2017 we have launched the concept of synchronized security, which is the basis of the current architecture”.
Sophos Synchronized Security is, in a nutshell, the ability that its solutions have to operate in synergy, sharing information and being able to be managed by a single management console. The sharing of data collected on the network also allows you to apply targeted machine learning functions transversely to the entire security system. These obviously help to quickly identify threats and attacks, but above all they ensure that the cyber security architecture dynamically adapts to the specific infrastructure and operating mode of the user company.
Thus increasing its level of effectiveness. “Thesame combination of Sophos products could operate differently in a different infrastructure,”D’Elia explains. Underlining then that the degree of automation of the platform is widely customizable. Adaptability for Sophos is also the ability to integrate products from different vendors. An indispensable element for the now large number of different tools that companies find themselves having in their network. “Modularity is an advantage for us, customers and channel partners: equipping yourself with our platform does not necessarily mean making a global investment or a large migration. You can start with a particular component and grow gradually. You still buy a product that is integrated into a wider architecture that can grow over time, in relation to your needs and availability,”D’Elia points out