- “AI is not an add-on—it’s embedded in the security fabric.”
- “Zero Trust is no longer optional; it’s how business is done.”
At Gitex Global 2025, Harish Chib, VP Sales – MEA at Sophos, shares insights on combating AI-led attacks, evolving ransomware trends, and building resilience through zero trust and localized compliance.
Gitex is buzzing with conversations around AI-led attacks and supply chain vulnerabilities. What is Sophos showcasing this year?
For us, Gitex is more than a technology event—it’s a platform to connect with customers, partners, and industry peers. We’re demonstrating our Managed Detection and Response (MDR) leadership, which now serves over 35,000 customers globally.
We’re also showcasing the integration of SecureWorks Taegis platform into Sophos solutions following our recent acquisition. This strengthens our detection and response capabilities significantly.
Another major announcement is our regional investment—we’re setting up a data center in the Middle East to ensure data sovereignty and reduce latency for customers. This commitment reflects our focus on operational efficiency and compliance for enterprises in this region.
“Attackers are using AI for deepfakes and voice cloning—defenders must stay ahead.”
— Harish Chib, VP Sales – MEA, Sophos
Generative AI is accelerating both attacks and defenses. How is Sophos leveraging AI to enhance resilience and detection?
AI isn’t new for us—we started investing in AI back in 2017. Today, AI is deeply embedded in our endpoint security, orchestration platform (Sophos Central), and XDR (Extended Detection and Response) solutions.
For example, our XDR platform uses AI-assisted natural language queries. Customers can type questions like “Show me all attacks of this type” or “Is my network secure against this threat?” AI processes telemetry data and returns human-readable answers.
We’ve also integrated AI into incident investigation workflows, making detection faster and more accurate. AI is not an external layer—it’s part of the security design, providing an additional defense layer across endpoints, networks, and cloud environments.
Sophos has tracked ransomware trends for years. What’s different in 2025 compared to previous years?
Two major shifts:
- Attack sophistication: Malware is now augmented with AI, making it harder to detect. Attackers use AI for voice cloning and deepfake frauds, adding a social engineering dimension to cybercrime.
- Ransom economics: The average ransom demand has jumped from $400,000 to $2 million.
We’re also seeing behavioral changes:
- 9 out of 10 attacks occur outside business hours, often on weekends when IT teams are away.
- Attackers don’t demand ransom immediately—they encrypt data, analyze which systems hold the most value, and then set a customized ransom amount.
This level of precision shows how attackers are using AI to maximize impact.
How is Sophos helping organizations respond to these evolving threats?
Our approach is based on a complete security lifecycle:
- Identify: Assess gaps in security posture.
- Protect: Implement preventive measures.
- Detect: Monitor continuously for anomalies.
- Respond: Act swiftly when incidents occur.
We’ve launched advisory services to help customers understand risks and readiness. Additionally, we introduced Identity Detection and Response (IDR) powered by SecureWorks technology. IDR is critical because identity is the new perimeter in a hybrid world.
Zero Trust is now considered a business imperative. How does Sophos operationalize Zero Trust across hybrid environments?
Zero Trust is no longer a feature—it’s a way of doing business. We embed Zero Trust principles across our solutions:
- Multi-Factor Authentication (MFA) for identity verification.
- Behavioral analytics to detect anomalies in logins and access patterns.
- Granular access controls across endpoints, networks, and cloud workloads.
Our firewalls, endpoint solutions, and cloud security tools all enforce Zero Trust policies, ensuring no request is trusted by default.
Regulatory compliance and data localization are hot topics in this region. How is Sophos addressing these mandates?
We’ve upped our game to meet local compliance requirements. Our new data center in the Middle East ensures data sovereignty and supports regional mandates for data localization.
Customers can be assured that business data, customer information, and configuration policies remain within the region’s perimeter. This is critical for governments and enterprises that prioritize national data security.
Closing Thoughts
Harish sums up Sophos’ vision: “Cybersecurity is no longer about point solutions—it’s about integrated defense powered by AI, Zero Trust, and compliance. Attackers are innovating, and so must we.”
As AI-driven threats escalate and ransomware economics shift, Sophos is doubling down on proactive defense, advisory services, and regional investments to help enterprises stay secure in an unpredictable digital landscape.
