Partnerships Unraveled

Joe Levy & Scott Barlow - Scaling MSP Success with Sophos

Partnerships Unraveled

Share episode

Live from Pax8 Beyond: Unpacking the MSP Growth Playbook with Sophos

In this special live episode from Pax8 Beyond in Denver, we sit down with Joe Levy, CEO of Sophos, and Scott Barlow, Global Head of MSP and Chief Evangelist, to explore what it truly takes to scale in today’s dynamic cybersecurity landscape.

With over a decade of experience each at Sophos, Joe and Scott share how they’ve built and evolved a 100% channel-led business, now empowering over 7,000 MSPs globally. From launching MSP Connect Flex to pioneering their Elevate program, they reveal the strategies that drive partner profitability.

We also dive deep into the critical role of operationalization in threat intelligence, how Sophos’s scale enhances its security response, and the power of integrating product, program, and personnel to support MSP growth.

In this episode, we unpack:

  • How Sophos enables 7,000+ MSPs to scale securely and profitably through programs like Elevate and Connect Flex
  • The impact of dual-use technologies and the rising threat to RMM platforms from attackers like Dragon Force
  • What makes Pax8 a game-changing partner and why face-to-face connections still drive channel success

This episode is a must-listen for anyone serious about building resilient, scalable partner ecosystems.


Connect with Joe: https://www.linkedin.com/in/j0313vy/
Connect with Scott: https://www.linkedin.com/in/scottjbarlow/

_________________________

Learn more about Channext 👇

https://channext.com/

Watch on YouTube ►

https://www.youtube.com/@channext


#channelmarketing #channelpartners

Speaker 2:

Welcome back to Partnerships Unraveled, the podcast where we unravel the mysteries about partnerships, and channel on a weekly basis. My name is Alex Whitford, I'm the VP of Revenue at Chanix and this week I'm very excited to welcome two of our special guests. How are you both doing?

Speaker 3:

Fantastic. How are you?

Speaker 2:

Yeah, well, we're in Denver at PAX 8 Beyond, which is an exciting time, maybe for the uninitiated. It'd be great if you could give us a little bit of an introduction about who you are and what you do.

Speaker 1:

Certainly. Thanks, alex, happy to join you. We're thrilled to be here at the PAX 8 Beyond event in Denver. My name is Joe Levy and I'm the CEO at Sophos. I've been with Sophos for about 10 years now, Previously been in a technology role and stepped into the CEO role about a year and a half ago and my name is Scott Barlow.

Speaker 3:

I head up the global MSP program and also the chief evangelist and global head of community at Sophos. I joined just after Joe about 10 years ago and super excited to be here. I appreciate you having us.

Speaker 2:

I love the word chief evangelist because I think that really represents what working in the sort of MSP space is. It's a lot of evangelizing around where the current market is, where the market's headed. You've worked with partners for a long time. Can you talk me through how some of that partner experience has changed over the last 10 years?

Speaker 3:

Yeah, I mean we've been 100% channel for as long as I've been at Sophos and as long as Joe's been at Sophos as well, and when I joined, we wanted to get into the MSP space, and so we actually launched and really built from the ground up an MSP program that was designed to help MSPs grow their revenue, lower their costs and improve their operational efficiency. Those were the three core tenants that we focused on, and they're still the three core tenants that we focus on today really helping MSPs learn how to sell cybersecurity as a service, but also helping them protect their own environment, because the MSPs are targets all day, every day, for you know all of the hackers and you know I think that's one of the one of the things that we've been talking about is maybe you can expand on the Dragonforce as well. I mean, that's pretty scary for MSPs.

Speaker 1:

Yes, I think Dragonforce is just the most recent example in a trend that we've seen over the years in the industry where attackers are highly motivated to steal the keys to the kingdom and when they have the opportunity to get in with administrative privilege with MSPs who are in the business of protecting hundreds of customers, and they have the opportunity to actually exploit the very platform that they're using to manage those environments the RMM platforms themselves. It gives them just a huge kind of leverage against multiples of victims and Dragonforce is just the most recent example of this.

Speaker 2:

Yeah, what's sort of fascinating is slightly perverse right, which is the whole benefit of the channel is you can have this one throat to choke and access many end users and service many end users. But that's a two-sided sword right. Suddenly now we have these bad agents looking to really expose the threat there. It's sort of fascinating to see how you guys are working so hard to protect. I know Sophos XOps is one of the many features and programs that you're running diligently to drive that forward. Maybe for our audience who are not familiar with some of those services, you can talk us through what that means.

Speaker 1:

Yeah, so the reference that you just made we often describe as dual-use technology, meaning that the same technology that we use to do good things for our customers, attackers can use to do bad things against them if they manage to obtain administrative privilege, and this is why it's so critical that we ensure that we're safeguarding these environments. Msps have a remarkable amount of access and a remarkable amount of power in their customers' environments, so it's essential that they maintain the integrity of their operating environment and that they're working with partners like Sophos, who can ensure that they bring the best kind of threat intelligence not only the availability of the threat intelligence, but maybe more importantly, the operationalization of that threat intelligence so it can be brought to bear to protect customers.

Speaker 2:

I have a bit of a litmus test on this podcast when I speak to sort of senior channel people where I think I can tell you how good the program is by how often they receive and use feedback. I get very, very worried when I speak to program leaders who haven't spoken to a partner in four months. I'm like this is a problem. I know feedback was one of the things that really drove your Elevate program. Talk to me about one how did you gather that feedback? And two, what did you action as a result of that feedback?

Speaker 3:

I mean Elevate is only one example of so many different capabilities that we've enhanced or offered to our MSPs and our channel partners in general. Elevate specifically is helping MSPs really double down on Sophos and help them grow their revenue, and so for a commitment to Sophos, we're actually giving them access to some exclusive products and services. We launched MDR for MSP, so it basically allows MSPs to have a single SKU for MDR, complete server MDR, all of the integration packs, meaning you can ingest the telemetry from a variety I think it's 150 or 200 other third-party security vendors into our data lake and network in a box. So the firewall, the switches, the wireless access points, all for a special discount if you're part of that Elevate program. The base program is called MSP Connect Flex and we launched that about nine years ago in April and we've grown it to over 7,000 MSPs globally and I think you said on stage earlier it was 60% of the overall company revenue in the last 10 years. So it's really exciting to see the program scale and be able to offer these MSPs more capabilities.

Speaker 3:

One other example is you know, most recently the MSPs are like I want to see telemetry across the board for all of my customers. You know telemetry, Like what is happening with the statistics. So now we've just launched a customizable partner dashboard where the MSP can log into the dashboard, see all of their customers, but they can see these widgets, and the widgets are customizable, they're movable, they have full integration. It's RMM and PSA applications to help the MSP improve their operational efficiency. So you put all that together and it's you know. An MSP can partner with Sophos, get the depth and breadth of our entire security portfolio, have the integration with all of the other vendors in their ecosystem and just log in on demand and add customers, add users, deploy products. They never need to work with us, they never need to get a quote or an invoice, that's all, 100% automated for the MSP.

Speaker 2:

When I speak to MSPs they are obviously incredibly concerned or stressed about how do they maintain profit right? It's a complicated business. Talk to me about how that simplicity and operational efficiency that your elevated product not to use the pun is able to do what that does to the unit economics of running an MSP.

Speaker 3:

So I can start. I mean, we did a study with a lot of MSPs I think over 300 MSPs in our community and we found out that if you consolidate six different security vendors down to Sophos, you're going to save 48% of the operational efficiency and the management of the different programs and the SPFs and the MDF funds and everything that comes with the partner program. And so just by partnering with Sophos and looking at you know, the variety of different services that we offer you're going to save a lot of internal bandwidth and from there now you can take that savings and you can invest in sales, you can invest in marketing, you can go and hire somebody if you really wanted to do that. In addition to that, from an operational standpoint and from a product standpoint, mdr right. Mdr is Managed Detection and Response. We do 24 by 7 active threat hunting.

Speaker 3:

But the most important letter in MDR is the R and I think you know Canalys did a great study where they or a trend and they said that the frustration is going to continue as expectations are not met. So when you look at the R, it's response Are you doing incident response? Is it hands-on keyboard or is it eyes on glass. Are you sending the MSP instructions on how to fix it or are you fixing it yourself as a vendor? And what we do is we fix it. We're doing the incident response. We're hands-on keyboard either with the MSP or on behalf of the MSP, and I think that is a huge differentiator. But that's going to save so much time and so much frustration for the MSP, because seconds matter in those scenarios.

Speaker 1:

Yep, alex, you mentioned unit cost economics. It's something that has to flow from the vendor to the partners. It's something that has to flow from the vendor to the partners. So the vendors themselves. They need to be able to demonstrate the ability to operate their platforms, their products and their services at scale economically efficiently, and that puts them in a better position where they can pass the profitability of those operations on to the partners. And Selfos is operating at a pretty rare scale, both in terms of our total customer base. We have about 600,000 total customers, 250,000 of those are our MSP customers, by the way. We have about 300,000 customers being protected by our endpoint products, our EDR and our XDR products. We have about 300,000 firewall customers, and then we have about 30,000 combined MDR customers, and that's the combination of the Sophos MDR business and the approximately 2,000 customers that we just recently brought over with the acquisition of SecureWorks approximately 2,000 customers that we just recently brought over with the acquisition of SecureWorks.

Speaker 2:

So one of the things that obviously that amount of scale is. It's impressive, obviously. Well done guys, you've done a great job. Obviously, however, there must come a lot of learnings, both from a product and a security perspective, that you have data from all of those end users. How does that allow you to maybe box smarter, quicker, faster, respond better than maybe you would have been able to if you had half that scale?

Speaker 1:

Surface area matters when it comes to cybersecurity. The greater the exposure, the greater the potential for encountering new threats early, the greater the diversity of the geographic footprint, the vertical footprint. We're very well represented globally. We're very well represented globally. We're actually larger in Europe than we are in North America, which I think is a little bit different to the typical cybersecurity company. And that kind of scale of customer base, that kind of heterogeneous sectoral and geographic diversity that we have just gives us an amazing amount of exposure to these new threats, and it allows us to operationalize defense for the broadest set of our customers possible.

Speaker 2:

Well, as a European, I'm glad to hear that we're winning. That's excellent. You talked about the operational advantage of consolidation to sort of a singular or maybe a dual vendor strategy. One of the things that we're sort of passionate in terms of informing the market is how MSP should sort of reallocate that resource. Msps very often hit a certain revenue threshold and then they struggle to move past that revenue threshold. Scott, could you talk me through some of the tactics that you've seen or that you believe MSPs should implement to continue their rate of growth?

Speaker 3:

Yeah, msps, by virtue of how they've evolved over time, are technical. They understand how to do the tech side of the business. I think they need a lot of help or a lot of assistance in learning how to acquire new customers or go and do lead generation or marketing or where they should focus. And you know we've talked to MSPs for years about. I'll give you an example of co-managed IT right, where you have a larger end user customer and that end user customer has their own IT department, but they don't have the 24 by 7. They don't have weekends. They might have somebody that you know goes on vacation.

Speaker 3:

So a lot of these MSPs are looking at LinkedIn. So when you have an end customer looking for a you know technology analyst, well, pick up the phone call that you know customer and now maybe they can outsource a portion of their IT to you as an MSP and then that's going to help you scale the business. So I think what we see you know more traditionally is investing in sales and marketing and growing their business. But also, you know, we've had some MSPs that have saved so much by partnering with Sophos and help scale their business because we do a lot of lead sharing and stuff like that, that a lot of these you know MSPs. As they grow, they want to acquire some of the smaller MSPs in their territory and that's another great opportunity for MSPs to grow their business.

Speaker 2:

Awesome, one of the things that I sort of firmly believe when it comes to building a really healthy channel ecosystem. Three Ps product program personnel. We've spoken around how your product is powerful. One of the things that's incredibly important is what programs do to incentivize or encourage the right behavior. How do you feel that your program is able to support or encourage or motivate MSPs to maybe take on some of that extra workload, really chase that new deal? How does that program work for you?

Speaker 3:

So we have the Sophos Partner Program. It's the overarching program. We also have the MSP program that sits underneath that, as well as the CSP program. We've made a lot of enhancements over the years. Internally, commission-wise, we want to encourage the sales team to help MSPs grow their business. We also give MSPs 24x of their monthly recurring revenue towards their Sophos partner program level and we have silver, gold, platinum, and so that's going to help them get additional discounts if they want to buy hardware a firewall, a switch, wireless access point and it will give them higher discounts. And we also built a MSP specific sales team that live and breathe. You know MSP, so we know how to talk, to talk. We know how MSPs operate very different from the traditional reseller and so we can help MSPs. You know from that perspective as well. I don't know if you have anything to add. I think you covered it, scott.

Speaker 2:

So onto the third P, which I find very funny, because we live in this extremely digital world and we're becoming more digital, very AI led, and yet we're at an in-person event, talking, meeting face-to-face, shaking hands, not kissing babies, but doing everything in between, and one of the things that I find so powerful about this ecosystem is that still matters today, maybe matters more. Why do you think that is Because the metaverse didn't take off.

Speaker 1:

No, I think there's no substitute for this, just the amount of interactions that you have when you're walking a 200 foot corridor. It's a series of micro reunions for, in many cases, people that you've done business with for 25 years, and it's remarkable to get to see these people in person. Our business, particularly cybersecurity, is built on trust, and the foundation of building these trust relationships is actually getting to spend face-to-face time with people, so we really value the opportunity to be here.

Speaker 2:

And maybe one final thought, for we're here at Pax8. Talk to me about why Pax 8 is so uh strong in supporting your go-to-market motion. What value do they?

Speaker 3:

do they bring self-worth yeah, I mean we've been. I've known pax 8 for I don't know eight to ten years. You know from um, when they first started with ryan walsh and you know hanging out with ryan at the bar, having an idea, you know, and then taking it to this is absolutely fantastic. I think they've built a phenomenal community. There's a real following. What I think was the tipping point for us was when MSPs would sign up and we'd say here are the list of distributors and they're like oh, you're not on PAX 8?, we're not doing business with you. And so having the ability to do automated provisioning, consolidated billing so not just Sophos but your Microsoft and everything is in one single invoice but taking that and integrating that to all of the PSA and RMM vendors, it just makes sense.

Speaker 3:

And you know we've Joe goes way back with the CEO, scott Chase, and I go way back with Rob Ray. I mean we're both probably 20 years plus and I think it's again your prior question. It's all about relationships and we were able to get it done between Nick Heddy, ryan Walsh, rob Ray, scott, jason. We were able to negotiate something that made sense for both sides because we've built an MSP channel globally and they're very excited to take us to the next level or help take us to the next level, but us help take us to the next level. But I mean, we were told earlier that we're the fastest growing vendor that Pax8 has had, and so that, I think, is a really strong testament about the need for, you know, security products in the MSP space.

Speaker 3:

But it's also it goes back to relationships, all day, every day. You know, we've done a lot of these MSP workshops and roadshows and I could do five one-hour webinars and I'll probably get somebody to listen for 15 minutes. You do a three-hour MSP workshop in a specific region where we are going to, where that MSP is located, so they don't have to take the time away from their business because a lot of them are smaller. And so in three hours I could accomplish what I could accomplish, know, accomplish in months. Uh, in a virtual way. And it's again, it's all about the relationships yeah, I uh.

Speaker 2:

It's uh well something to be proud of. Fastest growing vendor in the largest global msp marketplace uh, hell of an achievement. Guys, I'd like to thank you both for coming on. It's been awesome, uh awesome speaking to you today thank you for your time.