Governance & Risk Management , Managed Detection & Response (MDR) , Managed Security Service Provider (MSSP)

Sophos Fortifies XDR Muscle With $859M Secureworks Purchase

Deal Enhances Sophos’ Managed Security Portfolio, Adds AI-Powered Taegis XDR Tool
Sophos Fortifies XDR Muscle With $859M Secureworks Purchase

Sophos plans to make the largest acquisition in its four-decade history, scooping up Secureworks for $859 million to turbocharge its threat intelligence, detection and response.

See Also: OnDemand | Identity Crisis: How to Combat Session Hijacking and Credential Theft with MDR

The Oxford, U.K.-based platform security vendor will combine its managed detection and response services with Atlanta-based Secureworks' XDR, SIEM and identity detection and response capabilities. The deal will enhance threat detection, response times and security posture for businesses worldwide, helping the combined company serve customers ranging from small businesses to large enterprises (see: Why Dell Is Once Again Eyeing the Sale of MSSP Secureworks).

“Secureworks offers an innovative, market-leading solution with their Taegis XDR platform," Sophos CEO Joe Levy said in a statement. "Combined with our security solutions and industry leadership in MDR, we will strengthen our collective position in the market and provide better outcomes for organizations of all sizes globally."

Why Sophos, Secureworks Are Better Together

Secureworks, founded in 1999, employed 1,516 people as of Feb. 2, and is publicly traded, with Dell having 97.4% of the total voting power. The deal is set to close in early 2025 and will pay Secureworks shareholders $8.50 per share, which is 28% higher than the firm's average trading price over the past 90 days. Secureworks' stock is down $0.10 - or 1.18% - to $8.37 per share in trading Monday morning.

Sophos will pay for Secureworks through a combination of debt financing and backing from private equity firm Thoma Bravo, which acquired the company for $3.9 billion in March 2020. This is the largest of the 18 acquisitions Sophos has made since its founding in 1985, dwarfing the company's $120 million purchase of endpoint security startup Invincea in February 2017 (see: Cybersecurity for SMBs: Joe Levy's Take on Risk Mitigation).

"Sophos’ portfolio of leading endpoint, cloud and network security solutions - in combination with our XDR-powered managed detection and response - is exactly what organizations are looking for to strengthen their security posture and collectively turn the tide against the adversary,” Secureworks CEO Wendy Thomas said in a statement.

Sophos plans to integrate Secureworks' capabilities around ITDR, SIEM, OT security and vulnerability risk prioritization into its broader suite of tools. The fusion will help customers detect, investigate and respond to threats more quickly, according to Sophos. The synergy between Sophos’ end-to-end products and Secureworks’ managed services expertise will further strengthen their offering, according to Sophos.

Secureworks and Sophos currently cater to different types of customers, and the firm said combining their technologies and services will make advanced security more accessible to smaller organizations while also benefiting large enterprises. This deal will also accelerate the use of AI, aiming for faster detection times and enhanced security visibility across both native and third-party tools, Sophos said.

Why Secureworks Was Seeking a Suitor

Both organizations work with channel partners, and Sophos said the acquisition is expected to create more value for these partners by offering them enhanced capabilities and a broader set of solutions to sell and support. Virtually all of Sophos' business goes through channel partners, while Secureworks generated 23% of its revenue last year through referral agents, VARs, trade associations and MSSPs.

Secureworks has faced challenges in recent years, including declining revenue and layoffs. Despite growing adoption of its Taegis XDR platform, the company has reduced in its workforce as its stock value has fallen. This proposed acquisition by Sophos comes as Secureworks has been working to streamline its business and focus on high-growth areas including XDR.

Specifically, Secureworks' sales for the fiscal year ended Feb. 2, 2024, fell to $365.9 million, down 21.1% from $463.5 million the prior year. And the size of Secureworks' staff has fallen by nearly 44%, with headcount plummeting from 2,696 employees on Jan. 29, 2021, to just 1,516 workers on Feb. 2, 2024. Secureworks' stock is down nearly 70% from its all-time high of $25.98 per share in September 2021.

Forrester didn't include Secureworks in its 11-vendor evaluation of the XDR market in June of this year. Sophos, meanwhile, was the eighth highest-rated vendor, ahead of Trellix, Broadcom and Fortinet. Forrester praised Sophos for integrating native tools and third-party data from Google and Microsoft, but said the security analyst experience falls short, with little contextualization and cumbersome management.

Dell has been exploring options to sell off non-core assets like Secureworks as part of its strategy to focus on its core businesses. Dell in September 2020 sold encryption titan RSA Security to private equity firm Symphony Technology Group for $2.08 billion. Dell first teamed up with Morgan Stanley to explore a sale of Secureworks in 2019 when the stock was trading at a then-record high.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.