Sophos to acquire Secureworks for US$859 million in major security consolidation deal

The two cybersecurity vendors will combine offerings including MDR and XDR, according to Sophos.

Sophos announced that it’s looking to integrate Secureworks technology including extended detection and response (XDR) into its cybersecurity platform through its planned acquisition of the vendor for $859 million.

The deal seeks to bring together publicly traded Secureworks—whose majority owner is Dell Technologies—with cybersecurity giant Sophos, owned by private equity firm Thoma Bravo.

The all-cash acquisition for Secureworks, which employs 1,500, is on track to close by early 2025, according to Sophos.

In August, Reuters had reported that Dell was mulling a possible sale of Secureworks to private equity investors.

Recent years have seen Secureworks transition from its roots as an MSSP to a vendor focused on providing XDR capabilities. Secureworks has deeply leveraged its knowledge and experience of managing security for customers in the way that it has built its Taegis XDR platform, Secureworks President and CEO Wendy Thomas told CRN previously.

Sophos, meanwhile, has increasingly emphasized MDR (managed detection and response) as well as its own XDR platform in recent years, with a focus on securing SMB and midmarket customers.

In a news release announcing the acquisition deal Monday, Sophos touted the potential for delivering “complementary advanced MDR and XDR solutions” through combining the two companies. Sophos is fully expecting that capabilities from both companies will be integrated together, the company said in the release.

Sophos also noted that both companies operate as “partner-centric” vendors, and that an expected outcome of the merger is to generate “greater value within the channel.”

Jason Slagle, president of CNWR, a top security-focused MSP based in Toledo, Ohio, said the deal packs a big punch, moving Sophos upmarket with additional security capabilities to grab enterprise share, while also providing additional security offerings that are attractive to the SMB and midmarket. “This provides Sophos not only with customer acquisition in the enterprise and SMB but also smart security talent,” he said.

Slagle, who has opted for a best-of-breed security model with tools from Huntress and SentinelOne, said he sees Sophos providing a “compelling” offering for SMBs andthe midmarket all integrated from the firewall to advanced MDR and XDR.

There was no immediate mention of whether Secureworks is expected to remain a stand-alone brand after the closure of the deal or whether Thomas will be remaining with the combined company. CRN has reached out to Sophos for comment.

Last year, Secureworks disclosed two rounds of layoffs, including a 15 percent staff reduction in August 2023.

The deal also comes five months after Sophos veteran Joe Levy was named permanent CEO of the company, following several months as acting CEO.

In the release Monday, Levy pointed to Secureworks’ Taegis XDR platform as a key asset for the acquisition that will be combined with Sophos’ MDR offering. Secureworks also offers an “XDR-powered” MDR service, Thomas said in the news release.

In May, Secureworks expanded its product portfolio with the debut of its Taegis NDR (network detection and response) offering. Amid the explosion in network traffic, Taegis NDR “doesn't just provide that complete picture of traffic entering and exiting at the edge, but also all internal traffic between endpoints,” Thomas told CRN in May.

SMB, Midmarket Threats

In terms of the threat landscape, CNWR’s Slagle said that bad actors continue to go downmarket targeting SMB and midmarket customers that are not investing in a full zero-trust security platform.

“Small business continues to be behind the curve as far as security goes,” he said, noting that his company offers a fully managed security service.

“The bad actors are targeting more and more SMB and midmarket companies. It is our job as MSPs to take care of our customers,” Slagle said. “Customers have risk whether they choose to accept it or not. It is our job as an MSP to make them understand the security risk.”

Steven Burke contributed to this report.