'Security made Simple' Vision Empowers CIOs: Sophos CEO Kris Hagerman

It's been two and half years since Kris Hagerman took over as Chief Executive Officer at Sophos. Spearheading strategic direction and business operations for a security company is not new for Hagerman who held senior positions at Symantec and earlier at Veritas Software, which was later, acquired by Symantec. Now he is working towards positioning Sophos as an end-to-end enterprise security player. The company surprised the industry when it acquired Indian bred Cyberoam a year ago to tap the lucrative network security marketplace. On an India visit, Hagerman spoke to CIO India and as he reaffirmed, "Network security is a mutli-billion dollar market. Add our long standing dominance in end point security and we have a robust roadmap for CIOs / CISOs."

Excerpts from the interview.

CW: Heartbleed, Poodle, Shellshock in 2014 reaffirmed hackers are one step ahead of technology vendors. How can Sophos ensure peaceful nights to CIOs and CISOs?

Hagerman: By continuing to relentlessly execute on our strategy of delivering complete security portfolio covering all the different components of security juggernaut - end point, network, mobile, web, email, and server. One of the key attributes of Sophos' strategy is offering complete 'security made simple' solutions. We not only continue delivering world class solutions in end user security but in network security too. And for the first time we are meaningfully integrating both sides of the architecture.

And importantly a mere mortal IT admin can actually manage and deploy these products. By delivering security as a system and allowing these different components to communicate with each other. Each one of the component works great on its own but when you have more than one operating, it makes the other ones better. It is the only way that we will be able to stay ahead of bad guys.

CW: How can CIOs design a perfect security posture of their organizations?

Hagerman: I don't think there is a 'one-size-fits-all' answer because it is so customized and dependent on each individual environment -- Number of users, kind of applications, nature of IT system architecture etcetera. All these varied things make a difference. Security, just like any other discipline in IT, needs to be adapted. Having said that, there are clear best practices for any enterprise of any size.

First get the basics right. Take a compete orientation of identifying the key complements you need and to have them covered. And Sophos delivers lot of those components. Make sure those key components are delivered and consistently upgraded and updated. You can spend good amount of money on a piece of technology but if it is outdated or if it is too hard to get updated or the users do not like it to be put in place, then it is of no use. And finally educating your people on the importance of security as a priority. Technology itself can be very thorough but ultimately human beings are a critical part of the picture. Combining great technology - that is well deployed, well maintained - with a user base conscious of the threat landscape results in effective security posture.

CW: How do you fight next gen firewall companies like Palo Alto Networks, FireEye (claim to be layer-7, APT Blocker) that are making waves in security market?

Hagerman: Palo Alto and FireEye are great companies, but it is important to keep the comparison in context. However their specific target market and philosophy is quite diverse than ours. They almost exclusively focus on global 2000 organizations with big budgets and huge staff. In most cases companies need real security experts to deploy their solutions.

Our overall addressable security market is much bigger than those of the mentioned vendors. Our security solutions are usable for mere mortal IT admin in 10, 20, 30 million SMEs globally that often lack huge dedicated IT staff. We are hence virtually unique in the security landscape. How many large vendors (hardware and software) focus solely on security, focus on mid-market / SMB (what we call pragmatic enterprise) and deliver well-oiled and integrated components of end point, network, server, mobile etcetera? There is no one else except us. We are delivering world-class solutions and they are delivered in a way that is simple and easy-to-use. That is different than what FireEye and Palo Alto Networks do.

CW: But FireEye and Palo Alto Networks acquired end point companies Madiant and Cyyvera respectively few years ago.

Hagerman: Nobody uses their end point solutions. We probably have hundred million active end points. FireEye bought Mandiant. I don't think they have more than a million end points. Palo Alto Networks paid USD 200Mn for Cyvvera which is a zero revenue company. They too have maybe one million end points. The scale is simply too different and we are on different planets - with regard to end point security.

Sophos is the only vendor in the world that features in the upper right hand quadrant (Gartner) for both UTM and End Point Security. End point vendors Symantec, McAfee, Trend Micro, Kaspersky, none of them are in the leadership quadrant for UTM and UTM leaders like Checkpoint, SonicWALL, Fortinet, Cisco (that includes FireEye and Palo Alto) do not lead in endpoint.

CW: Sophos acquired UTM companies Astaro and Cyberoam in a space of three years. But the market for hardware appliances might dwindle with the advent of cloud.

UTM is the fastest growing market in security space globally - which in turn - is also the fastest growing market segment within the IT industry. Various analysts value UTM market value at 1.5 billion dollars with a 12 to 15 % CAGR. The next gen firewall market viewed separately - which probably should not be the case- makes it a colossal 3 billion dollar market. I don't think hardware security appliance business will slow down soon. We are thrilled with combination of Sophos and Cyberoam, just as we were equally excited about the acquisition of Astaro in 2011. To reign as a truly disruptive leader in network security, Indian company Cyberoam emerged as an incredibly complementary partner for us to pursue the mutli-billion dollar opportunity in network security. We can now deliver scale, speed, reach, innovation which neither company could have delivered its own.

At the same time, we are also viewing the cloud market selling virtual appliances or selling cloud implementations. The numbers are much smaller but they are growing quite fast. The real strength of our offerings enables partners and customers to choose on premise appliance or virtual appliance that's delivered on cloud or they can even choose hybrid cloud.

Yogesh Gupta is executive editor at CIO India. You can contact him at yogesh_gupta@idgindia.com and/or follow him on Twitter at @yogsyogi1

Join the CSO newsletter!

Error: Please check your email address.

Tags sophosShellsecurity

More about APTAstaroCyberoamFireEyeFortinetGartnerKasperskyPalo Alto NetworksSophosSymantecTechnologyTrend MicroVeritasVeritas Software

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Yogesh Gupta

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place