Verdict: Sophos Intercept X Endpoint protection is the solution with AI, Anti-ransomware, EDR & MDR, and exploits prevention. Sophos XG Firewall is a Next-Gen firewall for secure remote workers, free remote-access VPN, cloud management, and unmatched protection. Other managed detection and response (MDR) services simply notify you of attacks or suspicious events. Then it’s up to you to manage things from there. With Sophos MTR, your organization is backed by an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralize even the most sophisticated threats. In a Sophos survey of 5,000 IT Managers across 26 countries, 51% of respondents revealed that they were hit by ransomware in the last year. Find out how you can implement these endpoint best practices to stop ransomware. Read White Paper (PDF) Managed Threat Response and Rapid Response.
- Sophos Cyber Security
- Sophos Edr Mtr
- Sophos Mdr Mac
- Sophos Mdr Vs
- Sophos Mdr
- Sophos Mtr Threat Responders
by Joe Panettieri • Jun 3, 2019
Sophos has acquired Rook Security, a Top 20 MDR (managed detection and response) company that employs a team of 24/7 team cyberthreat hunters and incident response experts. Financial terms were not disclosed.
In some ways, Sophos has been evolving into a master MSSP of sorts — providing managed security services and MDR capabilities to VARs, MSPs and MSSPs worldwide. Building on that strategy, Sophos has vowed to offer Rook Security’s MDR services via channel partners worldwide.
The message reinforces similar channel-centric themes that VP Kendra Krause shared after Sophos acquired DarkBytes — another MDR specialist — earlier this year.
Sophos Executives Explain MDR Partner Opportunity
In a prepared statement today, Sophos said:
“As a channel-first, channel-best security provider, Sophos will deliver the new MDR services through its network of approximately 47,000 channel partners worldwide.”
Rook Security CEO JJ Thompson
Sophos CTO Joe Levy
Added Sophos CTO Joe Levy: “With MDR, Sophos’ channel partners will be able to provide businesses of all sizes with expert services that continuously detect, hunt for and respond to security incidents.”
Rook Security founder and CEO J.J. Thompson is now senior director of managed threat response at Sophos, according to his LinkedIn profile. Rook, founded in 2008, was privately held and headquartered in Indianapolis, Indiana.
Sophos Pumps Cybersecurity Services Via the Channel
Generally speaking, Sophos has a solid reputation within and across the MSP (managed IT services provider) ecosystem. The company remains in growth mode, though a lengthly list of cloud, network and endpoint protection companies have opened their arms to MSPs in recent months.
Competition within the MDR market has also escalated, as MSPs, CSPs and MSSPs each take a crack at such services.
Related Content
Few organizations have the resources in house to effectively manage their security programs while proactively defending against new and emerging threats.
As a result, organizations are looking to managed detection and response (MDR) services to run their security operations programs.
However, the security services marketplace is relatively new and it’s filled with false claims and confusing jargon.
Our MDR Buyers Guide is available as a PDF or in audio format and provides clarity by walking you through the key considerations when choosing an MDR service. It also enables you to see how MDR providers stack up against one another.
Evaluating MDR providers: 12 questions to ask
When evaluating an MDR provider, we recommending asking the following:
- How many customers does the MDR service have?
The current customer count will give you an idea of how many other organizations trust the service provider, and how well-versed they are at responding to suspicious activity.
- What is the scope of the service? Is threat response included?
Most vendors focus on threat identification and notification, leaving response and remediation to the customer. Effective MDR services go far beyond this. Ask for clarity on what is offered.
- Is the service 24/7/365? If an issue arises at 2AM on a Sunday, who will respond?
Ensure the MDR service truly monitors your environment and is able to respond any time, day or night.
- Which technologies does the service utilize? Are they included in the price?
Ask if the technology used by the operators is included in the price of the service or if you must purchase your own tools separately.
- Is the service being provided proactive or reactive?
MDR is a proactive discipline. Ensure you’re not being offered digital forensics and incident response services, typically used to deal with an existing crisis.
- How will you interact with the MDR team?
Is there direct call-in support? Can you communicate via email? Speak directly with SOC analysts, or through an intermediary?
- What is the security operations threat detection and response (TDR) methodology?
MDR providers should have a well-defined TDR methodology. If not, they’ll likely struggle to scale as their business grows and will be more likely to miss important indicators of suspicious activity.
- How fast is the service?
In security, seconds matter. MDR providers should be able to estimate the average times to detect, respond, and resolve.
- What types of remediation actions can the MDR operators take? Can they take active response for you?
Find out what happens when the service detects suspicious activity. Many will simply monitor and notify you. They should be able to act on your behalf and provide response.
- Is threat hunting lead-driven (responding to alerts), lead-less (looking for new indicators of attack without alerts), or both?
Some vendors refer to automated alert generation as threat hunting (it’s not). Understand if the MDR operators will proactively hunt to detect adversaries in your environment regardless of whether or not they’ve detected a strong indicator of activity or compromise.
Sophos Cyber Security
- What data sources are used to provide visibility? Is the service just “managed EDR”?
While endpoint data is critical for a security operation program, some MDR providers don’t have any additional visibility beyond the endpoint. These are not true MDR providers but rather “managed EDR” services.
- Does the MDR provider have access to threat intelligence and threat researchers?
MDR providers should have a level of expertise that goes beyond what most organizations can build independently: skilled security analysts, access to proprietary threat intelligence, and collaboration with threat researchers when something novel is detected.
Sophos Edr Mtr
Sophos Mdr Mac
These questions and a comprehensive vendor comparison are covered in our MDR Buyers Guide – available as a PDF or in audio format.
Give your organization the best protection with Sophos Managed Threat Response (MTR)
Sophos MTR provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. Beyond simply notifying you of attacks or suspicious behaviors, the Sophos MTR team takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats.
Sophos Mdr Vs
The Sophos MTR team of threat hunters and response experts:
Sophos Mdr
- Proactively hunt for and validate potential threats and incidents
- Use all available information to determine the scope and severity of threats
- Apply the appropriate business context for valid threats
- Initiate actions to remotely disrupt, contain, and neutralize threats
- Provide actionable advice for addressing the root cause of recurring incidents
Visit Sophos.com/MTR today to learn more.