Cybersecurity vendor Sophos has introduced Sophos Fusion, a new defense system that combines security operations, endpoint protection, network, identity, email and cloud security in a shared architecture. The goal is to detect, investigate and respond to threats faster using AI.

According to the company, Sophos Fusion is the industry’s most comprehensive AI-native cybersecurity defense system to date, representing a new product category: a single, open architecture in which every control point, data source and analyst functions as a unit — regardless of whether the component comes from Sophos or a third-party vendor.

The company points to a changing threat landscape as the driver: attacks increasingly unfold as coordinated operations, it says, shortening the time from initial access to damage from days to hours. At the same time, organizations use an average of more than 45 different, often siloed security products, which the company says drives up costs, administrative overhead and the number of dashboards in use.

Sophos names four core characteristics of the new system: a shared context data lake in which signals from all control points converge in real time; a function called “Synchronized Security,” in which a detection at one point triggers action across all others; agentic autonomy with human oversight, in which the system investigates and responds independently within defined guardrails while analysts retain control; and cumulative threat intelligence, in which each detected attack is meant to strengthen defenses for all customers.

Sophos Fusion builds on Sophos Central, which the company says is used by around 625,000 organizations worldwide. Following the 2025 acquisition of Secureworks, the platform was rebuilt on a unified, open architecture and extended with Secureworks’ Taegis analytics. Within what Sophos describes as the world’s largest agentic security operations center, serving more than 40,000 customers, 52 percent of cases are said to be resolved entirely by AI, with an average time of 89 seconds from alert to fully automated response.

“As AI increases the speed, scale and complexity of attacks, organizations need a connected, intelligent and adaptive defense,” Sophos CEO Joe Levy is quoted as saying in the announcement. Sophos Fusion, he said, was designed as a defense system built for collaboration between humans and AI.

According to Sophos, the system combines endpoint protection, EDR, XDR, next-generation SIEM, ITDR, MDR, network security, email protection, cloud security and advisory services. Alongside the control points Sophos develops itself, more than 500 third-party integrations are meant to feed into the same shared data layer.

Between August and October 2026, Sophos plans to expand the system with several new capabilities. Starting August 15, 2026, Sophos Next-Gen SIEM, Sophos MDR with expanded AI-driven threat hunting, and Sophos XDR powered by Secureworks are set to become generally available. Sophos AI Defense, intended to provide visibility into AI applications in use — including so-called shadow AI — enters early access in August 2026 and is scheduled for general availability in October. Also planned for October is Sophos CISO Advantage, which is meant to give customers access to continuous control validation, compliance mapping and risk assessment.

Sophos works with a large ecosystem of managed service providers, resellers, distributors and technology partners. Through Sophos Fusion, partners are meant to be able to offer a single integrated system rather than individual products.

The system’s expansions are set to roll out gradually through October 2026. Further information is available on Sophos’s website.

By Jakob Jung

Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM. Contact via Mail: jakob.jung@security-storage-und-channel-germany.de

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Cookie Notice by Real Cookie Banner