Securing the endpoints first, or ensuring the network is secure becomes more of a dilemma for CSOs and IT leaders in the digital era. CSO India had an intriguing chat with Joergen Jakobsen, senior vice president and managing director, APJ Sales, Sophos on the company’s big focus to steer its value proposition to the organizations. Intercept X is accelerating our end point security envelope supplemented by the company’s growing footprint in the network security domain, says Joergen Jakobsen popularly known as JJ.
What major changes have you implemented as APJ leader at Sophos since last December?
The company had two theaters–Japan independently and Asia Pacific, when I came into the company. Sophos decided to put Japan and APAC under one leadership.
That was the first big part to integrate the operations of Japan into APAC region. As part of the reorg, a new MD was appointed for Sophos Japan. I was appointed to lead APJ and drive the sales across the region at Sophos.
I have been focused to leverage more synergy between the five regions under APJ – India, ANZ, ASEAN, Greater China and Japan – since then. The objective is to provide more empowerment to each individual region as we work on financial structure, faster decision making to stay fast and agile in our overall processes. And importantly we want to stay optimized to our customers and partners in each country.
Do you see definite opportunities for Sophos beyond its dominance in domain of end-point security? Is the new GTM revolved around bundling products of network with end-point and vice versa?
Many people perceive Sophos as only end-point security company because of the company’s legacy in that domain. But today Sophos is pretty much fifty-fifty across end-user security and network security across most of the customers. We have a good portfolio mix and ‘best-in-breed’ products in the two sides as well as cloud offerings around it. We are uniquely positioned as the industry’s only security vendor with a portfolio that spans the entire spectrum with market leading products on both sides.
Sophos has been working on synchronized security for a long time, and many of our customers have taken advantage from it. Deploying ‘best in class’ point products individually is fine; but how do you make them talk to each other? The increasingly sophisticated threat landscape infused with point products that don’t speak to each other is a colossal challenge for many companies. The report of shortage of skillsets or manpower in cybersecurity globally (the figure of one million jobs is expected to go up to 1.5 million next year) does not help solve the problem. We are making sure to have an integrated security system that is automated, works together and simplify the way end users and partners react during a breach and fix it.
What is the real playground for Sophos as many of CISOs opt for ‘best of breed’ vendors like Palo Alto Networks for network security or Symantec for their endpoint security, as few examples?
We do a bit of both – network and endpoint. It’s better to have some part of customer business than have no chunk of it. We are happy to compete in individual product areas which we do in many customer accounts. Some customers use our products in end point or network that works well for them and also it competes at par with particular competitors in that domain.
At the same time, we make CISOs understand the advantage of collaboration between individual products from the same vendor. We have customers that buy across our portfolio to gain that benefit. We deliver the most value to the customers with Sophos Synchronized security which stretches across the IT infra for the products to speak to each other. There will be automatic changes if end point discovers something and updates the firewall, take the encryption keys and all that happens without human intervention.
It’s a big myth that different products of varied security vendors talk to each other in a single IT infra?
Yes, but maybe over time we will have better API structure to have the conversation better and clearer. In a typical multi-vendor environment, one can have other products integrated on the top or the humans ensuring that products do talk to each other. It is possible from the management platform perspective but it is a rather complex process and importantly you don’t get the benefit of integration.
Sophos CEO Kris Hagerman told me in last interaction on company focus on pragmatic enterprises. Does that route continue in APJ or Sophos is trickling up the pyramid in terms of segment size?
Our sweet spot is SME (or called as mid-market) globally including APJ. That segment (pragmatic enterprises) continue to be a great fit for Sophos. We have a number of very large customers like big banks. However our design center does suit the enterprise customers but it is difficult to be equally good for every segment. There could be different features, customized software needed in the enterprise space which becomes a different game for security vendor.
As per IDC, the cybersecurity market globally is around 90 billion dollars with roughly half of that being the SME market. Interestingly enough, many of our competitors like Palo Alto and Symantec that you mentioned, are targeting the enterprise segment. It is less crowded where we play (the SME segment) and that’s the reason our well integrated value prop is built around product design, GTM focus and security made simple for SME segment. We have main sweet spot on mid-market though we have customers above and below that segment size.
How are you building your channel army of partners for Sophos? Is there a different GTM across countries for network security and endpoint security?
Channels are critical to us both in terms of length and breadth of market coverage. Hence we align with large number of partners with local presence through a three-tier model across most countries. The optimized channel strategy spans across the ecosystem of distributors, systems integrators, service providers and small resellers. Also we need to cover the market from both sets of partners in network and end point security.
The product mix of end point and network security in the rest of world is around fifty-fifty. The starting point was different in countries like Australia and Japan compared to India. In that region for example Cyberoam has large presence and Sophos was relatively small. Our end user security has been tripling yearly in India. In countries where network security dominated our end point customer base, we are leveraging the breadth of our portfolio to our large UTM client base and we are now pitching end user security. We will get to a balanced product mix overtime across most regions.
There were three UTM brands – Sophos, Astaro and Cyberoam – under your fold couple of years ago? How would you end this confusion for your channels and their customers?
With regard to the different UTM brands, we acquired India born UTM vendor Cyberoam three and half years ago. This acquisition technology wise gave us great presence in India. Today more than 25% of global work force of Sophos is in India which is now an important hub for product development besides sales operations in the country. We had another firewall brand SG from acquisition of Germany based network company Astaro in 2011.
We don’t want to force the integration of different UTM brands as it will be a natural transition. Cyberoam continues its value prop in Sophos XG series with additional features from SG (Astaro). We see the natural shift in India in the past few quarters wherein all the cyberoam market (because of history) has now seen almost 25% of our customers in India are now buying XG.
What has been the real acceptance of Sophos Intercept X and how is it adding to the overall endpoint portfolio?
Intercept X has been the fastest growing product for Sophos globally including APJ since its launch three quarters back. It has performed extremely effective in ransomware environment. Around the same time we introduced it, there were big prolific attacks with WannaCry and Petya. The attacks had big visibility globally which put the demand for Intercept X in overdrive as everyone was seeking better solutions and effective ones. Intercept X is behaviors-based technology which start to see encryption take place, it will stop, roll back root, do root cause analysis, and clean it up. It showed people who had installed Intercept X came out fine after those attacks. Across APJ like rest of the world, Intercept has been big driver in the end point security. Sophos has now over 20 million users across 8000 plus customers of Intercept X across the globe.
Another key element is CyrptoGuard (around encryption technology) that has been moved into protection suite which help protect other areas than just client endpoints.
What would be your recommendations for CSOs to brave the connected world?
Cybersecurity is constantly getting elevated to the board level even in government as risk areas and continuity discussions happen for most companies to deal effectively with the threat landscape.
I usually recommend 3 Ps for CSOs and CIOs of modern companies.
Make sure to PATCH. We do have a number of very large customers like big banks. There are many old Microsoft machines that are not patched, and hence vulnerable, in countries like India. The WannaCry took advantage of that lapse and hence CSOs need to patch and update the systems to reduce the vulnerability.
The other P is around PEOPLE, which continue to be of the biggest threat vector that fall victim to spear phishing, email breach etc. Education becomes a continuous process as numerous people still click on the bad mails.
The last piece is PROTECTION. It is imperative for CSOs to implement robust cyber security protection strategy across their company. Companies, as they become more digital, should look at advanced security tools from vendors like Sophos. A single breach can derail their business across the IT infra.
Is Internet of Things (IoT) is turning out to be Internet of Threats? What other trends do you foresee?
As everything goes digital, IoT offers the potential for the new threat to surface as it is about many digital devices having access to internet. Sophos recently partnered to secure Konica Minolta’s workspace hub. There was massive DDoS attack through cameras last year. One of the things that makes us nervous is that there are no software update, no security standards in most of these IoT devices as they sprawl personal and enterprise spaces. Modern endpoints are beyond laptops and mobiles into connected cars, printers, wearables and more. Security vendor has to protect threats from all end points for the customers. IoT vendors themselves are under pressure to ensure adequate security across on-premise and cloud based environments.
As you move high value data into hybrid cloud and public cloud, you need to be sure to align with the vendor to secure that. People have to protect the data from being stolen by ransomware and other threats. It does not matter where data resides—on-premise or in cloud. Many governments are implementing laws for cybersecurity and privacy. We see GDPR come up in Germany and Indian court has come up with interpretations of privacy laws.
The security in physical world follows the rules and it is highly mature. The virtual world is not developed much as it will take some time for security to become standardized and more robust. There will be more Teslas, and connected devices to wake up the entire security ecosystem to new threat factors on the horizon.
3 Ps for Modern CSOs: JJ, Sophos
Patch: Get patch done ASAP especially in old Microsoft machines
People: Educate people more to avoid spear phishing, mail click
Protection: Implement advanced cybersecurity protection tools