New Fully Managed Solution Provides Visibility, Risk Monitoring, Prioritization, Investigation, and Proactive Notification to Prevent Cyberattacks

OXFORD, U.K. — 四月 3, 2024 —

Sophos, a global leader of innovative security solutions that defeat cyberattacks, today announced a strategic partnership with Tenable®, the Exposure Management company, to provide Sophos Managed Risk, a worldwide vulnerability and attack surface management service. The new service features a dedicated Sophos team that leverages Tenable's exposure management technology and collaborates with the security operations experts from Sophos Managed Detection and Response (MDR) to provide attack surface visibility, continuous risk monitoring, vulnerability prioritization, investigation, and proactive notification designed to prevent cyberattacks.

The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organizations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under protected, leaving them vulnerable to cyberattackers. This is evident in the newest Sophos Active Adversary Report, also released today, which identifies three tasks that organizations must prioritize to minimize the risk of brazen intrusions that lead to ransomware or other types of attacks. These include closing exposed Remote Desktop Protocol (RDP) access, enabling multi-factor authorization and patching vulnerable servers, all of which were top entry points in breaches handled by Sophos Incident Response in 2023. The Sophos Managed Risk service can assess an organization’s external attack surface, prioritize the riskiest exposures, such as open RDP, and provide tailored remediation guidance to help eliminate blind spots and stay ahead of potentially devastating attacks.

“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control. We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked. It is critical that organizations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24x7 Sophos MDR coverage."

“While the latest zero day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” said Greg Goetz, vice president of global strategic partners and MSSP, Tenable. “A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”

Specific key benefits of Sophos Managed Risk include:

  • External Attack Surface Management (EASM): Advanced identification and classification of internet-facing assets, such as web and email servers, web applications, and public-facing API endpoints
  • Continuous monitoring and proactive notification of high-risk exposures: Proactive notification when a new critical vulnerability is identified in an organization’s internet-facing assets
  • Vulnerability prioritization and identification of new risks: Swift detection of high-risk and zero-day vulnerabilities, followed by real-time notification to ensure critical internet-facing assets are promptly identified, investigated and responded to by order of importance

"One of the biggest challenges organizations face when improving their security posture is prioritizing what to handle first. This type of guidance helps solve that issue and reduces the workload for security teams tasked with tackling vulnerability and exposure management," said Craig Robinson, research vice president of Security Services, IDC. "Solutions such as Sophos Managed Risk can be a differentiator by enabling overwhelmed teams to take a more holistic approach to continuous monitoring and threat management."

Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects more than 21,000 organizations globally. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments.

“Sophos Managed Risk simplifies the difficult and resource consuming task of identifying vulnerabilities, really understanding the extent of risk exposure, and prioritizing necessary remediations,” said Kieron Stone, cybersecurity business development manager at Phoenix Software Ltd. “As a trusted managed service provider (MSP), this is a service we’re proud to stand behind, and nearly all our customers using it have already discovered significant vulnerabilities that they were previously unaware of. For organizations that don’t already have a well-defined vulnerability patching cadence, this is a must-have service for the identification of vulnerabilities and building that schedule; and for organizations that are already managing vulnerabilities, it’s a second set of eyes for added peace of mind that they’re not missing anything.”

Organizations benefit through regular interaction, including scheduled meetings with Sophos experts to review recent discoveries, insights into the current threat landscape, and recommendations for remediation and prioritizing actions. Additionally, organizations can initiate inquiries via the Sophos Central platform, allowing users to directly engage with the Sophos Managed Risk team for tailored support, reports and to review their latest prioritized alerts.

“You can’t fix what you can’t see. Sophos Managed Risk is shining a light on areas of exposure that require remediation in order to keep customers protected. Combining Sophos’ elite MDR experts with Tenable’s industry-leading exposure management technology gives us a full picture view of vulnerabilities with the guidance we need to minimize risk,” said Brooks Roy, president at Communications Consulting, Inc. “The real value add for us as a channel partner is having the ability to easily manage Sophos Managed Risk’s prioritized alerts across our customer base on the Sophos Central dashboard.”

Sophos Managed Risk is available with a term license through Sophos’ global network of channel partners and Managed Service Providers (MSPs). A Sophos MSP Flex version will be available in 2024.

Please visit Sophos.com/Managed-Risk to learn more.

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。