Joint Collaboration Enables Real-Time Intelligence Sharing and Mutual Anti-Tamper Protections to Accelerate Ransomware Detection and Response

BLACK HAT USA, LAS VEGAS — août 4, 2025 —

Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced a strategic threat intelligence sharing partnership with Halcyon, the leading anti-ransomware solution provider. This collaboration brings together two of the most experienced teams in ransomware defense to accelerate detection, enhance protection, and improve response capabilities for more than 300,000 organizations worldwide.

The collaboration between Sophos and Halcyon will exchange threat intelligence in real time, including indicators of compromise (IOCs), adversary behaviors, and attack patterns, to enhance ransomware prevention and accelerate response time. Following Halcyon’s recent announcement of a community-focused Ransomware Research Center, this data-sharing initiative will inform defenses across both Sophos’ and Halcyon’s solutions. It will benefit customers using Sophos Endpoint powered by Intercept X, as well as Sophos Managed Detection and Response (MDR), Sophos XDR, Halcyon’s Anti-Ransomware Platform, and other joint capabilities.

As part of the collaboration, Halcyon and Sophos will also implement mutual anti-tamper protections that allow each platform to monitor and safeguard the other’s agents in customer environments. This helps ensure that organizations using both solutions benefit from added resilience, reducing the risk of ransomware interfering with security defenses and preserving the integrity of their overall protection strategy.

The threat intelligence collaboration is part of Sophos’ broader strategy to expand the reach and speed of its threat response through strategic partnerships. Sophos X-Ops, the company’s cross-functional threat intelligence unit, will work closely with Halcyon’s research and engineering teams to share and operationalize ransomware-related insights across a wide array of attack surfaces.

“Ransomware tools and tactics are evolving constantly, and the best defense is timely, relevant intelligence that enables defenders to act quickly and with confidence,” said Simon Reed, chief research and scientific officer, Sophos. “By sharing insights with Halcyon, we’re improving signal fidelity and accelerating detection across our systems, which strengthens protection for all the organizations we serve.”

“Halcyon is honored to partner with Sophos. Over the last four years, based on our telemetry, Sophos has time and time again proven to be one of the most effective endpoint security platforms we have encountered, reliably performing and disrupting attackers at a level that simply outperforms the majority of the players in the next-generation antivirus and endpoint detection and response (EDR) space. Their dedication to innovate and roll out industry-leading and unique features continues to put their customers at an everyday advantage over the most sophisticated attacks affecting enterprises today,” said Jon Miller, CEO and co-founder of Halcyon.

Key benefits of the collaboration between Sophos and Halcyon include:

  • Real-time ransomware intelligence: Sophos and Halcyon will share timely threat intelligence, including indicators of compromise (IOCs), attacker behaviors, and tools used in active ransomware campaigns. This intelligence supports earlier detection, broader visibility, and more informed responses.
  • Strengthened defenses across products and services: Shared intelligence will enhance threat detection models, enrich contextual telemetry, and accelerate protection updates within each company’s solutions, including Sophos Central and Halcyon’s Anti-Ransomware Platform.
  • Mutual anti-tamper protections: Each solution actively monitors the other’s agents to prevent tampering or disablement during ransomware attacks, helping ensure that security defenses remain intact and effective throughout an incident.

This collaboration highlights Sophos’ and Halcyon’s continued commitment to cybersecurity innovation, industry cooperation, and the mission to defeat cybercriminals. Together, Sophos and Halcyon are delivering the intelligence needed to stay one step ahead of attackers.

About Halcyon

Halcyon, the leading anti-ransomware solution provider, is purpose-built to defeat ransomware and stop data extortion attacks. Our platform and services enable operational resilience, eliminate downtime, and reduce risk from ransomware threats. With protection engines trained on ransomware signals, features, and tools, Halcyon detects and proactively disrupts ransomware threats before damage occurs. Bolstered by a ransomware warranty and a 24/7/365 virtual team, Halcyon guarantees no ransom is paid and no downtime is tolerated. Learn more at halcyon.ai.

À propos de Sophos

Sophos est un leader mondial innovant dans le domaine des solutions de sécurité avancées qui neutralisent les cyberattaques. La Société a fait l’acquisition de Secureworks en février 2025, réunissant ainsi deux pionniers qui ont redéfini l’industrie de la cybersécurité grâce à leurs services, technologies et produits innovants, optimisés par l’intelligence artificielle native. 
Sophos est désormais le plus grand fournisseur spécialisé de services de détection et réponse managées (MDR) protégeant plus de 30,000 organisations à travers et d’autres services, son portefeuille complet comprend les solutions de sécurité de pointe pour les endpoints, les réseaux, les emails et le cloud, qui interagissent et s’adaptent dynamiquement pour assurer une défense efficace via la plateforme Sophos Central.  
Secureworks apporte à cette alliance ses technologies innovantes et leaders sur le marché, notamment Taegis XDR/MDR, la détection et réponse aux menaces sur l’identité (ITDR), des capacités SIEM nouvelle génération, la gestion des risques ainsi qu’un ensemble complet de services de conseil en cybersécurité.  
Sophos commercialise l’ensemble de ces solutions à travers un réseau mondial de revendeurs, de fournisseurs de services managés (MSP) et de fournisseurs de services de sécurité managés (MSSP), protégeant plus de 600 000 entreprises contre le phishing, les ransomwares, le vol de données et d’autres cybermenaces, qu’elles soient quotidiennes ou menées par des Etats-nations.  
Toutes les solutions sont alimentées par des renseignements sur les menaces en temps réel et historiques issus de Sophos X-Ops et de la Counter Threat Unit (CTU) récemment intégrée.  
Le siège social de Sophos est situé à Oxford, au Royaume-Uni. Pour plus d’informations, consultez le site sophos.fr.