Fortra | Sophos | ThreatLocker | Zero Networks
Q1. What drove Fortra's recent acquisition of Lookout’s Cloud Security business? How will it benefit customers of both companies?
Before diving into the Lookout Cloud Security acquisition, let me briefly explain how Fortra has grown over the past four to five years. Since 2019, Fortra has pursued a bold vision to lead in cybersecurity and automation through a focused strategy built on three pillars: delivering exceptional security outcomes across the cyber lifecycle, simplifying fragmented security stacks, and disrupting the attacker’s kill chain. Through a combination of strategic acquisitions and organic innovation, Fortra has rapidly scaled a unified platform of offensive and defensive capabilities. This hybrid growth model has resulted in a cohesive, trusted ecosystem that reduces risk, improves efficiency, and delivers real customer outcomes. The strategy is working—and our momentum continues to accelerate.
Staying true to this strategy, the acquisition of Lookout’s Cloud Security business was a natural fit. As generative AI transforms how organizations think about data, Fortra is committed to building a truly holistic Data Protection solution. Lookout’s strong Secure Service Edge (SSE) platform—including CASB, ZTNA, and SWG—perfectly complements Fortra’s existing data classification and protection portfolio. Together, these capabilities enable a more complete, integrated solution that secures data across the full spectrum of hybrid environments.
Existing Lookout customers now have the opportunity to benefit from Fortra’s broader cybersecurity and automation portfolio. We’re excited to partner with them and help shape their security strategy through consolidation—maximizing value and efficiency with integrated Fortra solutions. At the same time, existing Fortra customers looking to expand their cloud and SaaS footprint can now take advantage of a more robust, end-to-end Data Protection suite. Our vision is simple but powerful: define policies once and apply them seamlessly across hybrid environments—delivering consistent protection, streamlined management, and stronger outcomes.
Q2. What were the main takeaways for organizations from Fortra's 2025 Email Threat Report? What, if anything, was surprising or unexpected in the data?
Fortra analyzed over one million email threats from 2024 to understand evolving attacker tactics. The report found that 99% of threats were either credential theft or social engineering, with only 1% delivering malware—highlighting the limited effectiveness of traditional malware-focused defenses. A growing tactic involves "docuphishing", where phishing links are embedded in attachments to evade detection.
Hybrid vishing attacks—emails prompting users to call fake support numbers—rose sharply, comprising 40% of response-based threats in Q4. QR code phishing also grew, exploiting user behavior to lure victims into less secure mobile environments. Attackers increasingly abused trusted services like DocuSign, YouSign, and Cloudflare’s developer tools to host and deliver threats, taking advantage of their credibility and ease of use.
Cybercriminals also leveraged the massive volume of breached personal data to personalize phishing and extortion attempts, making scams more believable and harder to detect. For 2025, Fortra predicts a rise in generative AI-powered phishing, enhanced abuse of legitimate infrastructure, and large-scale personalized attacks.
Surprising insights in the report:
Together, these trends mark a seismic shift in email threat strategy—from complex code to complex deception.
Q3. What are Fortra's objectives at Black Hat USA 2025? What do you want attendees to take away from your company's presence at the event?
At Fortra, we know that our brand is still new to some—but it’s built on a powerful legacy of proven cybersecurity solutions. As we step onto the Black Hat stage, our focus is clear: establish Fortra as a trusted name among the practitioners shaping tomorrow’s defenses.
We also want to share the mission that drives us: Break the Attack Chain. This is not just marketing—it is how our platform and our offensive and defensive solutions are engineered to work together, disrupting threat actors before they can succeed. Fortra is built to deliver real-world, measurable outcomes.
And most importantly, we want the world to think of Fortra when it matters most:
At Black Hat 2025, come see how Fortra is earning that seat—through expertise, through outcomes, and through a mission that matters.
Q1. Sophos recently closed its acquisition of Secureworks. How are you leveraging the company's technologies and capabilities? What strategic advantage does the acquisition bring for Sophos and its customers?
The acquisition of Secureworks back in February was an exciting moment for us—it’s a big leap forward, especially when it comes to expanding our presence in the enterprise space. By bringing the innovative technology and operational excellence of Secureworks Taegis XDR and MDR into the Sophos portfolio, we’ve now become the leading pure-play MDR provider, supporting over 30,000 organizations of all sizes around the world.
What does that mean in practice? It means we’re now able to offer one of the most comprehensive and scalable security operations platforms out there. With over 350 built-in integrations, we deliver stronger detection and response for our customers, while safeguarding their current and future technology investments, providing greater operational efficiencies and return on cybersecurity spend. Our customers now benefit from next-gen SIEM capabilities, identity threat detection and response, vulnerability management, and managed risk services—all through a single, open platform that’s built to handle the complexity of modern IT environments.
Secureworks also brings a rich portfolio of advisory services to our customers with award-winning incident response, adversarial testing, and resiliency services, which opens new ways for us to support our partners and customers with a more comprehensive set of offerings.
And then there’s the Sophos X-Ops threat intelligence group, renowned for its intelligence and research into advanced persistent threats (APT) and state sponsored attackers. By integrating the Secureworks Counter Threat Unit (CTU) into Sophos X-Ops, we’ve significantly expanded our ability to track and respond to state-sponsored threat actors. We’re now working with a broader set of signals and telemetry, which helps us build and deliver faster, smarter, AI-driven protection.
Ultimately, this acquisition gives our customers a strategic edge—helping them protect investments, streamline workflows, and stay ahead of advanced threats.
Q2. Sophos serves a broad SMB and mid-market customer base. What are the biggest cybersecurity gaps you see in this segment, and how is Sophos helping them address these gaps?
One of the biggest challenges we see in the SMB and mid-market space is that most organizations simply don’t have dedicated security teams or mature cybersecurity frameworks or strategies in place. A lot of the solutions out there assume you’ve got in-house experts managing everything—but the reality is, over 99% of these businesses don’t have the expertise and operational capabilities necessary to manage cyber risk. That leaves them especially vulnerable as environments become more complex with cloud adoption and remote work, and attackers become more predatory.
At Sophos, we’re focused on making cybersecurity proactively accessible and effective—no matter the size or maturity of the organization. That’s where our adaptive, AI-native platform, Sophos Central, comes in. It brings together a prevention-first approach, advanced threat intelligence, AI-enhanced detection, and real human expertise to deliver strong, manageable protection to security teams that are increasingly overtaxed irrespective of their size or budgets.
We also work closely with our partners—resellers, MSPs, and MSSPs—to make sure even the smallest businesses can access enterprise-grade security. Regardless of whether an organization wants to manage security themselves, or have their security managed by one of our partners, we have the products and services portfolio to enable either approach. Our goal is to help our customers understand and manage risk and deliver better outcomes, so our customers can stay focused on growing their business, achieving resilience, and thriving.
Fundamentally, we believe cybersecurity shouldn’t be a luxury for the “cyber rich.” We want to usher in a world where that’s a right, not a privilege. That’s why we’re committed to leveling the playing field and helping every organization defend against today’s most advanced threats.
Q3. What new technologies or services does Sophos plan on unveiling/highlighting at Black Hat USA 2025? How does Sophos plan on engaging with the hacker and researchers' community at the event?
In addition to milestones on the convergence of the Sophos and Secureworks portfolio and other updates our products and services roadmap, we are very excited about plans at Black Hat and will be engaging with the community through this research presentation by two of our senior data scientists, Ben Gelman and Sean Bergeron :
We are also delivering a presentation from our development team that will discuss SOC team composition in the age of Agentic AI. Many teams are wondering how many of security analysts in the future will have a pulse, so we’ll detail our thoughts on this direction.
As noted, given the recent acquisition of Secureworks and the global demand from prospects and customers to see what the new Taegis XDR platform looks like, we will be demonstrating those capabilities in our booth. In addition, we will be discussing and previewing our vision of democratizing the CISO for every organization.
Q1. At Zero Trust World 2025 ThreatLocker introduced several new additions to its Zero-Trust Endpoint Protection Platform. How exactly do these additions make Zero-Trust more accessible, practical and easier to manage?
During Zero Trust World 2025, ThreatLocker introduced five brand-new solutions: Web Control, Patch Management, User Store, Cloud Control, Insights and new Detect reporting capabilities. As a company, our goal has always been to deliver the most robust Zero Trust cybersecurity tools, built to be agile, powerful and easy to use. Every new addition is driven by customer feedback and one core question: “How can we make the customer’s life easier while helping them harden their environment?”
Cybercriminals are relentless, and all it takes is one successful attempt—one slip—and you’re dealing with a data breach. That’s why the new solutions are focused on simplifying tech stacks and minimizing the need for additional third-party tools. Every additional product introduces potential vulnerabilities, headaches and more dashboards to manage. ThreatLocker wants to reduce that noise and risk.
So, we scrutinized our existing suite of solutions and found ways to evolve our platform, making it stronger, broader and more agile. The result: new solutions that integrate directly with the ThreatLocker agent, enabling seamless deployment, centralized visibility and a more unified, comprehensive security posture.
Web Control offers a smooth user experience while limiting web-based risks. Patch Management is now effortless, helping you stay ahead of vulnerabilities. Our new User Store makes Zero Trust faster and more agile to implement. Cloud Control delivers token theft prevention and phishing attacks protection, and Insights leverages data from millions of endpoints to help you make safer, faster decisions.
As for Detect, we enhanced it with new graphs, charts, and drill-down capabilities, so you can take action quickly when something’s off. Together, these updates make Zero Trust more accessible, practical and easier to manage, without compromising on power or protection.
Q2. What steps is ThreatLocker taking to ensure its Zero Trust approach remains accessible and effective for smaller businesses that may lack the dedicated cybersecurity resources required to implement the approach on its own?
While our first customer was an enterprise business, we’ve always been deeply committed to making our solutions accessible to small businesses. And there’s a reason for that. The concept of ThreatLocker was born from a firsthand experience with a devastating ransomware attack on a small business. The owner called me for help [after] the attack crippled his operations. After days of recovery work, he called again—on the verge of breaking down, asking if his business could be saved. I didn’t know if it could. I was watching someone’s life’s work hang by a thread because of a single email.
We managed to recover most of it, but that moment stuck with me. It made me determined to create something better. At the time, Zero Trust sounded great in theory, but it was complex, expensive, and out of reach for most small businesses. So, I set out to build something different: a Zero Trust solution that was strong, practical, easy to implement, and easier to manage. Plus, building a solution for small businesses meant ensuring it was easy to manage without a large team while also integrating with managed service providers for seamless delivery. We accomplished that.
Since launching the ThreatLocker Protect Platform with Allowlisting, Ringfencing and Network Control, over 50,000 businesses around the world have adopted our solutions. Learning Mode in Allowlisting is a game-changer, and our Ringfencing solution is unmatched when it comes to stopping the weaponization of trusted tools.
But the cyber solutions stack alone isn’t what makes us great. It’s the support behind it. We are just as committed to our customers today as we were on day one. No matter how big ThreatLocker gets, our Cyber Hero® team will always be there—24/7, with real humans responding in about 60 seconds. Regardless of the business size and location in the world, everyone deserves world-class cybersecurity with world-class support. And we are here to make that possible.
Q3. What does Threatlocker plan to highlight at Black Hat USA 2025? What is your main messaging at the event?
There are a few key things I want to highlight at Black Hat USA 2025.
On Thursday at 10:15 a.m. during Black Hat 2025, I’ll be speaking about how to simplify cybersecurity. Trying to keep up with evolving threats can feel overwhelming. What started with simple, embarrassing malware emails like the "ILOVEYOU" bug quickly escalated into worms like Blaster, botnets, ransomware, and now, highly coordinated attacks causing billions in damage.
So how do you keep your business secure without grinding operations to a halt or burning yourself out in the process?
In my session I will walk through practical, real-world strategies to help IT and security professionals take control. I’m bringing a ton of actionable advice that you can apply right away, no matter the size or complexity of your environment. My goal is for everyone to walk out with clear, manageable steps to boost their defenses and reduce risk without adding more stress to their day-to-day.
ThreatLocker is committed to helping businesses keep cybercriminals out, whether you’re a customer or not. We launched the “100 Days to Secure Your Environment” webinar series to deliver practical, vendor-neutral advice, and introduced Cyber Hero Frontline, our new magazine packed with cybersecurity insights and wellness tips. Zero Trust is the future; it’s how you stay ahead of relentless attackers without adding complexity. Stronger security doesn’t have to mean more stress. With the right approach, you can protect your environment and breathe easier.
Q1. What is automated microsegmentation? What's driving the need for it?
Everyone in cyber agrees that microsegmentation is the gold standard in network security because it blocks lateral movement at the source, quickly isolating and containing threats. But only 5% of companies have implemented it, because microsegmentation has historically been too complex to deploy and scale. That’s why we built Zero.
Zero automates all of the manual tasks of legacy tools – asset tagging, grouping, policy creation – making it easy to enforce true zero trust controls. We implement in days, not years, and provide a much more powerful solution that’s effortless to manage and actually segments entire networks. We’re providing defenders with a level of control that represents a fundamental shift in cybersecurity – one where defenders move from a reactive stance to a proactive posture built on powerful identity- and network-driven controls. The burden of effort no longer falls on defenders reacting to threats, but on attackers – leaving them stranded, penniless, and paralyzed in networks where lateral movement is impossible.
Q2. What are the top three questions every board should be asking their CISO's today? How does Zero Networks help answer them?
Are we prepared to respond to a significant cyberattack, and do we have an effective incident response and recovery plan in place?
We manage third-party and vendor risk by making sure outsiders never get free rein inside our network. Automated microsegmentation isolates vendors to only the segments they need—nothing more. If a third party is compromised, the threat stays contained. Lateral movement? Blocked.
We enforce multi-factor authentication for every logon, consolidate vendor access to cut out unnecessary tools, and audit every action. This approach covers security, compliance, and data privacy—without the usual complexity.
Bottom line: We make segmentation simple and scalable, so third-party risk doesn't become your next breach. If attackers get in, they go nowhere. That's how you stay ready for whatever's next.
How are we managing and mitigating third-party and vendor risks, and are we prepared to respond to new or emerging threats?
We manage third-party and vendor risk by giving them access to only what they need – and nothing more. Automated microsegmentation creates isolated security zones, so if a third party is compromised, the threat is contained and lateral movement is blocked. That means attackers can't use a vendor as a launchpad to move through our network.
We consolidate remote access, enforce multi-factor authentication on every logon, and keep a full audit trail of every action vendors take. No more juggling multiple tools or hoping for the best – just tight, granular control that meets security, compliance, and privacy requirements.
With Zero Trust controls and automated segmentation, we make sure third-party risk doesn't become your next breach. If new threats emerge, they're stopped at the source and unable to move laterally.
How are we quantifying cyber risk in terms of dollars and business impact?
We quantify cyber risk in dollars by looking at what actually matters: business impact. Microsegmentation shrinks the attack surface and blocks lateral movement, making it nearly impossible for a hacker to spread ransomware. If they get into the network, they're isolated and contained with nowhere to go and no crown jewels to take.
The result that matters for the board is this domino effect: less data lost, minimized downtime, no ransoms to pay, fewer headlines (if any) – which translates to minimal incident response costs and greatly reduced risk of regulatory fines.
It's not just about stopping attacks. By isolating sensitive data and blocking lateral movement, we cut the chance of a widespread breach – and the massive costs that come with it. We also save on hardware and simplify compliance, which means less time and money spent filling out audits and paying for point solutions. Microsegmentation isn't just a security upgrade – it's a cost saver and a business enabler. Every dollar you invest reduces your exposure, streamlines your stack, and protects your bottom line. That's real risk reduction you can measure.
Q3. What are your company's plans at Black Hat USA 2025? What products or technologies do you plan on highlighting at the event?
At Black Hat 2025, Zero Networks will demonstrate how automated microsegmentation makes deployment fast, scalable, and practical – removing the legacy complexities that have blocked security teams for years. Our goal is to prove that blocking lateral movement and building a resilient network isn’t just possible, it’s practical and achievable for any organization.
We’re hosting a session called “The Zen Security Playbook: How to Build a Self-Defending Network,” led by Amir Frankel, our Co-Founder and CTO, and Nicholas DiCola, our VP of Customers. This technical, no-nonsense discussion will cover real-world challenges and how to overcome them – no sales pitch, just proven strategies for stopping attackers and reducing operational overhead.
After a year of record growth and strong customer feedback, our message is simple: microsegmentation doesn’t have to be a never-ending project. We’re here to take the burden off your team, block lateral movement once and for all, and let security professionals focus on more fun things.
