Sophos MTR Service Tiers

Sophos MTR features two service tiers (Standard and Advanced) to provide a comprehensive set of capabilities for organizations of all sizes and maturity levels.

Regardless of the service tier selected, organizations can take advantage of any of our three Response Modes (Notify, Collaborate, or Authorize) to fit their unique needs.

Sophos MTR: Standard

Sophos MTR: Standard

  • 24/7 Lead-Driven Threat Hunting

    Confirmed malicious artifacts or activity (strong signals) are automatically blocked or terminated, freeing up threat hunters to conduct lead-driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected.

  • Adversarial Detections

    Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTPs) used by attackers.

  • Security Health Check

    Keep your Sophos Central products, beginning with Intercept X Advanced with XDR, operating at peak performance with proactive examinations of your operating conditions and recommended configuration improvements.

  • Activity Reporting

    Summaries of case activities enable prioritization and communication, so your team knows what threats were detected and what response actions were taken within each reporting period.

Sophos MTR: Advanced

Sophos MTR: Advanced

Includes all Standard features, plus the following:
  • 24/7 Leadless Threat Hunting

    Applying data science, threat intelligence, and the intuition of veteran threat hunters, we combine your company profile, high-value assets, and high-risk users to anticipate attacker behavior and identify new Indicators of Attack (IoA).

  • Dedicated Threat Response Lead

    When an incident is confirmed, a dedicated threat response lead is provided to directly collaborate with your on-premises resources (internal team or external partner) until the active threat is neutralized.

  • Direct Call-In Support

    Your team has direct call-in access to our security operations center (SOC). Our MTR Operations Team is available around-the-clock and backed by support teams spanning 26 locations worldwide.

  • Enhanced Telemetry

    Threat investigations are supplemented with telemetry from other Sophos Central products, extending beyond the endpoint to provide a full picture of adversary activities.

  • Proactive Posture Improvement

    Proactively improve your security posture and harden your defenses with prescriptive guidance for addressing configuration and architecture weaknesses that diminish your overall security capabilities.

  • Asset Discovery

    For both managed and unmanaged assets, we provide valuable insights during impact assessments, threat hunts, and as part of proactive posture improvement recommendations.

  Intercept X
Intercept X
Advanced with XDR
Intercept X Advanced
with XDR and MTR
per user/per year
per user/per year
per user/per year
Pricing example based on annual MSRP cost for 500-999 users, 36-month contract, and for MTR Standard in North America. Education and Government pricing is available.
Contact us for a custom quote.
Automated malware removal tick tick All the features found in Intercept X Advanced with XDR, plus a 24/7, proactive threat-hunting team that finds, contains, and neutralizes the most sophisticated attacks on your behalf.
Cryptoguard ransomware file protection tick tick
Real-time antivirus, anti-malware protection tick tick
Cloud-based management console tick tick
Sophos Central integration tick tick
Synchronized Security Heartbeat tick tick
Application control tick tick
Web control and URL blocking tick tick
Deep-learning malware detection tick tick
Root-cause analysis tick tick
Exploit prevention tick tick
Active adversary detection and prevention tick tick
Endpoint detection and response   tick
Extended detection and response   tick
Guided investigations   tick
Deep-learning malware analysis   tick
Endpoint Isolation   tick
Live Discover SQL queries   tick
Live Response command line interface   tick