SECURITY
NEWS
Sophos launches Managed Threat
Response service
Joe Levy, Chief
Technology Officer
at Sophos
S
ophos, a global leader in network and
endpoint security, has announced the
availability of Sophos Managed Threat
Response (MTR), a fully managed threat
hunting, detection and response service.
The re-sellable service provides
organisations with a dedicated 24/7 security
team to neutralise the most sophisticated
threats. These types of threats include
active attackers leveraging fileless attacks
and administrator tools such as PowerShell
to escalate privileges, exfiltrate data and
spread laterally.
Attacks like Lemon Duck PowerShell
malware are difficult to detect since they
involve an active adversary using legitimate
tools for nefarious purposes and Sophos
MTR helps eliminate this threat.
“Cybercriminals are adapting their
methods and increasingly launching
hybrid attacks that combine automation
with interactive human ingenuity to more
effectively evade detection. Once they gain
a foothold, they’ll employ ‘living off the land’
techniques and other deceptive methods
requiring human interaction to discover and
disrupt their attacks,” said Joe Levy, Chief
Technology Officer at Sophos.
“For the most part, other MDR services
simply notify customers of potential threats
and then leave it up to them to manage
things from there. Sophos MTR not only
INTELLIGENT TECH CHANNELS
INTELLIGENT
TECH CHANNELS
Issue 27
augments internal teams with additional
threat intelligence, unparalleled product
expertise, and around-the-clock coverage, but
also gives customers the option of having a
highly trained team of response experts take
targeted actions on their behalf to neutralise
even the most sophisticated threats.”
Built on Intercept X Advanced with
endpoint detection and response (EDR),
Sophos MTR fuses Machine Learning with
expert analysis for improved threat hunting
and detection, deeper investigation of alerts,
and targeted actions to eliminate threats.
These innovative capabilities are based
on Sophos’ acquisitions of Rook Security and
DarkBytes technology, and include:
Expert-led threat hunting: Sophos MTR
anticipates attacker behaviour and
identifies new indicators of attack and
compromise. Sophos threat hunters
proactively hunt for and validate
potential threats and incidents, and
investigate casual and adjacent events
to discover new threats that previously
couldn’t be detected
Advanced adversarial detection:
Sophos MTR uses proven investigation
techniques to differentiate legitimate
behaviour from the tactics, techniques
and procedures (TTPs) used by attackers.
Coupled with enhanced telemetry
from Sophos Central, which provides
a detailed, full picture of adversary
activities as part of the service, the
scope and severity of threats can be
determined for rapid response
Machine-accelerated human response: A
highly trained team of world-class experts
generates and applies threat intelligence
to confirm threats, and takes action to
remotely disrupt, contain and neutralise
threats with speed and precision
Asset discovery and prescriptive security
health guidance: Sophos MTR provides
valuable insights into managed and
unmanaged assets, vulnerabilities for
better informed impact assessments and
threat hunts. Prescriptive and actionable
guidance for addressing configuration
and architecture weaknesses enables
organisations to proactively improve their
security posture with hardened defences
Sophos MTR is customisable with
different service tiers and response modes
to meet the unique and evolving needs
of organisations of all sizes and maturity
levels. Unlike many MDR services that
focus on monitoring and threat notification,
Sophos MTR rapidly escalates and takes
action against threats based on an
organisation’s preferences.
Sophos MTR is now available from
registered Sophos Partners worldwide.
13