Expands Visibility of Internal Exposures within an Organization’s Environment

OXFORD, U.K. — Julho 7, 2025 —

Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable.

Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors.

“With Sophos Managed Risk, organizations gain an attacker’s-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,” said Rob Harrison, Senior Vice President, Product Management at Sophos. “This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.”

The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers.

Features of IASM for Sophos Managed Risk include:

  • Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network.
  • AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts.
  • Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity.
  • The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world’s leading MDR services.

The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments.

IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.

Learn more about the new Internal Attack Surface Management capabilities and Sophos Managed Risk, visit Sophos.com/Managed-Risk.

Sobre a Sophos

Líder em segurança cibernética, a Sophos trabalha na defesa de 600.000 organizações mundialmente com uma plataforma impulsionada por IA e serviços conduzidos por peritos. A Sophos atende às organizações em qualquer estágio de sua maturidade em segurança e acompanha o seu crescimento para vencer a luta cibernética. Suas soluções combinam Machine Learning, automação e inteligência de ameaça em tempo real com a perícia humana do Sophos X-Ops na linha de frente para prestar 24 horas diárias de serviços avançados de monitoramento, detecção e resposta.
A Sophos oferece serviço gerenciado de detecção e resposta (MDR) líder do setor, acompanhado de um extenso portfólio de tecnologias de segurança cibernética — incluindo segurança de endpoint, rede, e-mail e nuvem, detecção e resposta estendidas (XDR), detecção e resposta a ameaças à identidade (ITDR) e SIEM Next-Gen. Em conjunto com serviços de consultoria especializada, esses recursos ajudam as organizações a reduzir riscos e acelerar respostas proativamente, com a visibilidade e escalabilidade necessárias para ficar à frente das ameaças.
A Sophos se coloca no mercado com um ecossistema de parcerias globais, incluindo Provedores de serviços gerenciados (MSPs), Provedores de serviços de segurança gerenciados (MSSPs), revendas e distribuidores, integrações no Marketplace e parceiros de risco cibernético, dando flexibilidade às organizações para escolher relações de confiança ao proteger seus negócios.  A Sophos está sediada em Oxford, no Reino Unido. Mais informações se encontram disponíveis no site www.sophos.com.