Sophos is bucking two trends in the security industry.
July 25, 2017
Lorna Garey
Sophos on Tuesday released an in-depth report on the latest evolution in ransomware: delivery of an executable in an “as a service” model. By following the path of the Philadelphia ransomware service from productization to sale on the dark web for $389, the report offers an eye-opening case study.
Malware distributor Rainmaker Labs even created a 13-page marketing brochure explaining Philadelphia’s feature set, which includes unlimited malware samples, a one-time purchase fee that includes all upgrades and the ability to play Russian roulette, deleting some files after a set period of time.
Sophos’ Dan Schiappa
Dan Schiappa, SVP & GM of Sophos’ end user and network security group, says the lowered bar is bad news for customers.
“Fifty-seven percent of data leakage actually comes from hacking and malicious code,” said Schiappa in an interview at Sophos’ Boston-area offices. “Now with things like malware and ransomware as a service, you don’t even have to be technically advanced.”
Sophos is bucking two trends in the security industry.
First, while many providers are pulling together consortia to help partners assemble multi-vendor security bundles, Sophos is focusing on making its full suite of endpoint and network security products communicate and quickly learn from one another. Schiappa cites a Forrester survey where enterprise IT respondents overwhelmingly said they prefer to buy an integrated suite from one vendor versus best of breed.
Schiappa says partners approve of that strategy as well because it lets them “land and expand” within customer sites.
“We’ve blended all the products into a common interface,” he said. “Our partners love that because it matches with our other big innovation, which is Synchronized Security. The benefit there for partners is, I can get in with one product. And if I sell them another Sophos product, I didn’t just didn’t sell additional product, I actually made the previous product smarter because now it has another product to talk to and get insight from.”
The Synchronized Security ecosystem covers endpoints, mobile devices and servers with integration into the Sophos Central platform.
Schiappa also stressed the expansiveness of the company’s partner program, in contrast to suppliers limiting the number of resellers and demanding, if not monogamy, then a certain level of exclusivity. Sophos now has more than 30,000 partners, and Schiappa credits them with driving about a 90-plus percent renewal rate among current customers and generating $632.1 million in FY17 billings, more than 24 percent growth, with 81 percent of that recurring subscriptions.
The company does have a “Blue Chip” designation for partners that transact five or more deals in a six-month period. This top partner tier has grown from 4,721 in FY16 to 8,524 this year.
“We’re all about the partners,” he says. “I think we’re probably the only security vendor that has in our mission statement our loyalty to the channel community.”
What does Schiappa see those partners tackling as we move into 2018?
Distributing ransomware in an inexpensive SaaS model lowers the cost of …
… entry dramatically, thus the deep dive into Philadelphia. With no command-and-control servers to maintain, for example, attackers can take a shotgun approach and more widely target individuals and SMBs. He also expects more attacks on mobile devices, a continued shortage of security experts and more use of machine learning to categorize cloud-based and niche applications that may not be recognized by firewalls.
“One of the biggest challenges around firewalls is, I want to create a policy around certain categories of applications, whether it’s a productivity app or in the browser or whatever,” he said. “And the largest category is ‘other’ — I don’t know what an application is. And so with us sitting at the endpoint, we know exactly what the application is, and we can share that with the network and it can create a proper policy.”
He sees encryption becoming an easier sell as GDPR comes online in May and the technology becomes more transparent for end users.