The typical enterprise runs more than 45 separate security products. Sophos is betting that number is unsustainable, and that the remedy is a unified architecture rather than another layer added to the stack.
Sophos Fusion, announced today, is the company's answer: a cybersecurity defence system that pulls endpoint, network, identity, email, cloud, and security operations into one open architecture. It absorbs Secureworks Taegis analytics following the 2025 acquisition, which Sophos says gives its detection engine thousands of additional detectors and a rebuilt analyst experience inside a shared data layer.
The company already runs what it describes as the world's largest agentic SOC, covering more than 40,000 customers. In that operation, 52% of cases are resolved entirely by AI, and the average time from alert to fully automated response sits at 89 seconds. Sophos is presenting those metrics as proof of concept for the broader Fusion system now offered to the 625,000 organisations it serves globally.
The architecture is open rather than closed. More than 500 third-party integrations can feed the same shared data layer, so existing endpoint, firewall, or identity tools operate alongside native Sophos controls. The intent is that every new signal from any source compounds into stronger detection for every customer on the system.
Gartner is set to publish a new category for integrated cybersecurity defence systems in November, a development Sophos says validates its direction. The Futurum Group forecasts the Security Operations segment will double from $18 billion to $37 billion by 2029, making it the fastest-growing area in cybersecurity.
Fusion ships with a phased capability rollout through the rest of 2026. Sophos Next-Gen SIEM reaches general availability on 15 August, priced by users and servers rather than data volume. Sophos XDR, rebuilt on the Secureworks Taegis engine, and expanded MDR with continuous AI-enabled threat hunting also arrive on that date. Sophos AI Defense, covering shadow AI and AI tool policy enforcement, enters early access in August with general availability in October. Sophos CISO Advantage, which gives organisations without a full-time CISO access to continuous control validation and peer benchmarking, is planned for October.
The partner model is central to Sophos' go-to-market: the company distributes through a global ecosystem of MSPs and MSSPs, and Fusion is designed so partners sell and operate one system rather than assembling point products. CISO Advantage is explicitly designed for the MSP model, positioning partners as strategic security advisors rather than tool integrators.
Headquartered in Oxford, Sophos operates in more than 100 countries.
To stay across the latest in cloud, AI and enterprise tech analysis from Compare the Cloud, subscribe to our weekly newsletter at https://www.comparethecloud.net/newsletter