Joint Collaboration Enables Real-Time Intelligence Sharing and Mutual Anti-Tamper Protections to Accelerate Ransomware Detection and Response

BLACK HAT USA, LAS VEGAS — août 4, 2025 —

Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced a strategic threat intelligence sharing partnership with Halcyon, the leading anti-ransomware solution provider. This collaboration brings together two of the most experienced teams in ransomware defense to accelerate detection, enhance protection, and improve response capabilities for more than 300,000 organizations worldwide.

The collaboration between Sophos and Halcyon will exchange threat intelligence in real time, including indicators of compromise (IOCs), adversary behaviors, and attack patterns, to enhance ransomware prevention and accelerate response time. Following Halcyon’s recent announcement of a community-focused Ransomware Research Center, this data-sharing initiative will inform defenses across both Sophos’ and Halcyon’s solutions. It will benefit customers using Sophos Endpoint powered by Intercept X, as well as Sophos Managed Detection and Response (MDR), Sophos XDR, Halcyon’s Anti-Ransomware Platform, and other joint capabilities.

As part of the collaboration, Halcyon and Sophos will also implement mutual anti-tamper protections that allow each platform to monitor and safeguard the other’s agents in customer environments. This helps ensure that organizations using both solutions benefit from added resilience, reducing the risk of ransomware interfering with security defenses and preserving the integrity of their overall protection strategy.

The threat intelligence collaboration is part of Sophos’ broader strategy to expand the reach and speed of its threat response through strategic partnerships. Sophos X-Ops, the company’s cross-functional threat intelligence unit, will work closely with Halcyon’s research and engineering teams to share and operationalize ransomware-related insights across a wide array of attack surfaces.

“Ransomware tools and tactics are evolving constantly, and the best defense is timely, relevant intelligence that enables defenders to act quickly and with confidence,” said Simon Reed, chief research and scientific officer, Sophos. “By sharing insights with Halcyon, we’re improving signal fidelity and accelerating detection across our systems, which strengthens protection for all the organizations we serve.”

“Halcyon is honored to partner with Sophos. Over the last four years, based on our telemetry, Sophos has time and time again proven to be one of the most effective endpoint security platforms we have encountered, reliably performing and disrupting attackers at a level that simply outperforms the majority of the players in the next-generation antivirus and endpoint detection and response (EDR) space. Their dedication to innovate and roll out industry-leading and unique features continues to put their customers at an everyday advantage over the most sophisticated attacks affecting enterprises today,” said Jon Miller, CEO and co-founder of Halcyon.

Key benefits of the collaboration between Sophos and Halcyon include:

  • Real-time ransomware intelligence: Sophos and Halcyon will share timely threat intelligence, including indicators of compromise (IOCs), attacker behaviors, and tools used in active ransomware campaigns. This intelligence supports earlier detection, broader visibility, and more informed responses.
  • Strengthened defenses across products and services: Shared intelligence will enhance threat detection models, enrich contextual telemetry, and accelerate protection updates within each company’s solutions, including Sophos Central and Halcyon’s Anti-Ransomware Platform.
  • Mutual anti-tamper protections: Each solution actively monitors the other’s agents to prevent tampering or disablement during ransomware attacks, helping ensure that security defenses remain intact and effective throughout an incident.

This collaboration highlights Sophos’ and Halcyon’s continued commitment to cybersecurity innovation, industry cooperation, and the mission to defeat cybercriminals. Together, Sophos and Halcyon are delivering the intelligence needed to stay one step ahead of attackers.

About Halcyon

Halcyon, the leading anti-ransomware solution provider, is purpose-built to defeat ransomware and stop data extortion attacks. Our platform and services enable operational resilience, eliminate downtime, and reduce risk from ransomware threats. With protection engines trained on ransomware signals, features, and tools, Halcyon detects and proactively disrupts ransomware threats before damage occurs. Bolstered by a ransomware warranty and a 24/7/365 virtual team, Halcyon guarantees no ransom is paid and no downtime is tolerated. Learn more at halcyon.ai.

À propos de Sophos

Sophos est un leader mondial de la cybersécurité qui protège 600000organisations à travers le monde grâce à une plateforme optimisée par l’IA et à des services fournis par des experts. Sophos accompagne les entreprises, quel que soit leur niveau de maturité en matière de cybersécurité, et évolue avec elles pour déjouer les cyberattaques. Ses solutions offrent une combinaison optimale entre apprentissage automatique, automatisation et renseignements sur les menaces en temps réel, à laquelle s’ajoute l’expertise humaine de l’équipe Sophos X-Ops, qui travaille en première ligne pour assurer la surveillance, la détection et la réponse aux menaces 24h/24 et 7j/7.
Sophos propose des services managés de détection et de réponse (MDR) de pointe, ainsi qu’un portefeuille complet de technologies de cybersécurité, parmi lesquelles des solutions de sécurité Endpoint, réseau, email et cloud, ainsi que des solutions de détection et de réponse étendues (XDR), de détection et de réponse aux menaces liées à l’identité (ITDR) et de SIEM de nouvelle génération. Associées à des services de conseil spécialisés, ces capacités aident les entreprises à réduire leurs risques de manière proactive et à répondre plus rapidement, tout en bénéficiant de la visibilité et de l’évolutivité nécessaires pour garder une longueur d’avance sur les menaces en constante évolution.
Sophos commercialise ses produits via un écosystème mondial de partenaires, comprenant des fournisseurs de services managés (MSP), des fournisseurs de services de sécurité managés (MSSP), des revendeurs et distributeurs, une marketplace d’intégrations et des partenaires spécialisés dans les cyber risques. Cette stratégie offre aux entreprises la flexibilité nécessaire pour choisir des partenaires de confiance pour protéger leurs opérations.  Le siège de l’entreprise est basé à Oxford, au Royaume-Uni. Plus d’informations sont disponibles sur www.sophos.fr.