Technology

Sophos Launches Fusion, a Unified Defense System Built to Replace the Average Enterprise's 45 Security Tools

Kasun Illankoon

By: Kasun Illankoon

6 min read

As attacks compress from days to hours, Sophos is betting that the fix for enterprise security isn't another tool, but one connected system, and its own security operations center is already running proof that the model works.

[For more news, click here]

The typical enterprise now runs more than 45 separate security products, a sprawl that leaves security teams managing more dashboards and more manual work while attackers move at machine speed. Sophos, the global cybersecurity provider, is arguing that the answer is not another product to add to that pile, but a different kind of architecture altogether. The company today announced Sophos Fusion, which it describes as the industry's most complete AI-native cybersecurity defense system, an open architecture designed so that every control point, every service, every data source, and every analyst operates as one, whether that control point is built by Sophos or by a third party.

Why Tool Sprawl Became the Real Vulnerability

The case for a defense system rests on a simple observation about how attacks have changed. Coordinated intrusions can now move across an organization's environment as a single operation, compressing the time between first access and real damage from days down to hours. Most security and IT leaders have tried to match that speed by buying more specialized tools, and the result is an enterprise security stack that has become its own liability: dozens of point products, each with its own console and its own blind spots, none of them talking to each other fast enough to keep pace with an attacker who does not have to coordinate across departments to make a move.

Sophos frames a cybersecurity defense system as a distinct category, built around four traits that separate it from a conventional security stack. It runs on one shared context lake, where every signal from every control point flows into a single data layer in real time. It relies on what Sophos calls Synchronized Security, in which a detection on one control point triggers coordinated action across the others at the same moment. It operates with agentic autonomy that still sits inside boundaries analysts set and continuously calibrate, rather than acting entirely on its own. And its intelligence compounds, meaning every threat the system encounters anywhere across its customer base makes every other customer's defense stronger the next time.

Proof Inside Sophos's Own Security Operations

Sophos Fusion is built as the next evolution of Sophos Central, the management system already trusted by 625,000 organizations worldwide, now rebuilt on one open architecture that incorporates Secureworks Taegis analytics following Sophos's 2025 acquisition of the company. What makes the pitch harder to dismiss as marketing language is that Sophos is running the same model on itself. The company operates what it describes as the world's largest agentic security operations center, covering more than 40,000 customers, and reports that 52 percent of cases are resolved entirely by AI, with an average time from alert to a fully automated response of 89 seconds.

Joe Levy, chief executive officer of Sophos, said:

“As AI increases the speed, scale, and complexity of attacks, organizations need a modern connected, intelligent, and adaptive defense,” said Joe Levy, chief executive officer, Sophos. “Sophos Fusion is built as a defense system optimized for Human-AI workflows. We bring the most complete solution to a new category, a timely advancement demanded by the AI era.”

The platform folds endpoint protection, endpoint detection and response, extended detection and response, next-generation SIEM, identity threat detection and response, managed detection and response, network security, email, cloud, and advisory services into a single system. Sophos Endpoint, one of the native control points inside it, is designed to stop entire classes of attacks by watching for behaviors, such as memory abuse or data encryption and exfiltration, rather than waiting to recognize a known signature. Beyond the tools Sophos builds natively, more than 500 third-party integrations feed the same shared data layer, which means an organization's existing endpoint, firewall, or identity tools can operate inside the system alongside Sophos's own defenses rather than being ripped out and replaced.

What Rolls Out Between August and October

Sophos is expanding Fusion in stages, with new capabilities reaching general availability from August through October 2026. Sophos Next-Gen SIEM, generally available August 15, provides long-term data retention, compliance reporting, and analytics on the same unified data, priced by users and servers rather than by data volume, so organizations can feed in all of their telemetry without unpredictable billing. Sophos AI Defense, in early access that same month and generally available in October, gives organizations visibility into the AI tools already in use across their business, including shadow AI adopted without formal approval, along with policy controls and protection for the data those tools can reach.

Sophos CISO Advantage, arriving in October, is designed to give every organization access to CISO-level guidance regardless of whether they have a chief information security officer on staff, combining continuous control validation, compliance mapping, peer benchmarking, and risk assessment with human expertise delivered through Sophos's global network of managed service providers. Sophos MDR is expanding with continuous, AI-enabled threat hunting fed by the company's X-Ops research team, alongside broader two-way response across endpoint, firewall, cloud, email, and identity, generally available August 15. Sophos XDR, powered by Secureworks, is being rebuilt on Secureworks Taegis analytics with thousands of new detectors, a new analyst experience inside Fusion, and built-in SOAR automation with playbooks, also landing August 15.

A Different Pitch for the Channel, and a Signal for the Gulf

Sophos sells primarily through one of the largest global networks of managed service providers, managed security service providers, resellers, distributors, and technology partners, and Fusion changes what those partners are actually selling. Instead of assembling a set of point products for a client, a partner now has a single system to sell and operate, which Sophos says opens new recurring-revenue paths, with Sophos CISO Advantage in particular designed to let managed service providers act as strategic security advisors rather than vendors reselling licenses. Because intelligence compounds across every environment the system defends, each customer a partner manages benefits from every threat Sophos sees anywhere else in its base, a structure that should strengthen both customer retention and the actual security outcomes partners can deliver.

For enterprises across North America managing sprawling, decades-old security stacks, and for the fast-scaling IT estates going up across the UAE and Saudi Arabia as cloud and AI infrastructure programs expand, the underlying argument is the same. Tool sprawl was a rational response to a threat landscape that kept adding new categories of risk, one product at a time. What Sophos is betting is that the next phase of that fight will not be won by adding another tool to the pile, but by finally connecting the ones already there, and by proving, in its own operations before asking anyone else to trust it, that a system built this way can move as fast as the attacks it is built to stop.

Related Articles:

The AI Systems Enterprises Are Deploying Have Become the New Attack Surface

IBM and Red Hat Launch Lightwell to Automate Open Source Vulnerability Fixes for Enterprises

How Outpost24's New CyberFlex Program Helps Security Teams Keep Pace With AI-Era Risk

Share this article

Related Articles