Why openness, 'big-D big-R' MDR, and frictionless commerce will shape the next era of cybersecurity partnerships.
As cybersecurity evolves in complexity and urgency, so too must the partner models that support it. IT Europa sat down with Chris Bell, SVP of Corporate Development and Channel at Sophos, to unpack the company's latest moves—including the acquisition of Secureworks—and explore how openness, integration and partner enablement are defining its approach.
Sophos at a Glance
Founded in 1985 and headquartered in the UK, Sophos has long been a fixture in endpoint and network security. But in recent years, it's evolved into a fully managed, 100% channel-driven security vendor with a growing emphasis on MDR (Managed Detection and Response), XDR (Extended Detection and Response), and open-platform integration.
Today, Sophos protects more than 600,000 customers globally and works with over 25,000 partners, including 7,000 MSPs. Its SOC (Security Operations Centre) is powered by 500+ threat analysts and investigators. The company remains two-tier in its channel model, leveraging both broad-line distributors and SaaS-focused marketplaces to meet partners where they are.
You've just acquired Secureworks. What's the strategic logic?
"Secureworks has been mainly focused mid-market and up, while Sophos has traditionally focused mid-market and down," Bell says. "It was a puzzle piece that makes all the sense in the world." The deal enhances Sophos' XDR portfolio, provides more visibility into US enterprise accounts, and immediately bolsters its IR (Incident Response) capacity.
"It accelerates our open platform vision," Bell adds. "With Taegis, we have stronger telemetry and SIEM-like capabilities that allow us to better correlate data—not just collect alerts."
You talk a lot about 'big-D big-R' MDR. What does that mean in practice?
"MDR is only effective if you're doing both detection and response at the highest level," Bell explains. "You need the best threat researchers in the world to detect what's happening, and you need the best analysts to respond—just like you'd want the best firefighter when your house is on fire."
He stresses the difference between surface-level MDR and deeply integrated, proactive service. "Some MDRs just re-image a machine from backup and call it a day. That's not response."
Post acquistion - are you still committed to the channel?
"Absolutely. First and foremost, that's not going to change. That's what got us here and that's what's going to get us into the future," says Bell. Sophos is, and remains, a 100% channel company.
"We find extreme value in distribution channels, and in some of the emerging channels like marketplaces as well. Both are crucial." He points to distributors as vital aggregators of demand and enablers of scale, while marketplaces enable faster deployment and self-service for partners in the lower mid-market.
What does 'open' mean for Sophos?
Bell sees open integration as a core differentiator. "Customers don't want rip-and-replace. They want to maximise the investments they've already made. Our platform integrates with Check Point firewalls, Aruba Wi-Fi, and other security tools because it's about correlation, not control."
That openness also defines Sophos' XDR roadmap. "The winning platform is the one that integrates technologies the best—that's how you create value from data."
What's your view on consolidation?
"We’ve been talking about consolidation for decades, but I think it's finally happening," Bell says. "There are over 1,800 cybersecurity vendors. That's not sustainable. We're going to see consolidation not just through M&A, but through deeper integration partnerships."
How are partner needs changing?
"We're seeing growing importance for service-led partners—MSPs, MSSPs, GSIs," he explains. "Most customers don't have a CISO. They need partners who can provide not just technology but advice, managed services and remediation."
To support this, Sophos is expanding its enablement efforts—including cyber insurance programmes, go-to-market frameworks and advanced SOC capabilities partners can white-label.
What's Sophos doing with AI?
"I see Sophos as the tool-maker, not the tool-shaper," Bell says. The company is embedding generative AI across partner quoting, onboarding and incident response workflows, but it also wants partners to build their own.
"A five-person MSP in Manchester and a Fortune 50 bank in Frankfurt are going to use AI very differently. Our job is to expose APIs and let them shape their own value."
What’s next for Sophos and its partners?
"We are going to be the partner that's the easiest to do business with," Bell insists. That means frictionless deal registration, AI-assisted quoting and removing complexity from licensing models.
"If we can save partners time, remove barriers and help them grow recurring revenue faster, that creates a win-win dynamic. That's where we're going."
Bottom Line
With a clear commitment to partners, a more open and extensible platform, and a renewed focus on making cybersecurity simpler to consume and deliver, Sophos is positioning itself for the next wave of channel-driven growth. As Bell puts it: "We're leaning further into the channel, not away from it."
