Sophos launches Managed Threat Response service

Sophos expanded its product portfolio today with a new threat detection and response service called Sophos Managed Threat Response. The service offers a 24/7 human security team to solve complex threats and is resellable through Sophos' partners and managed service providers.

Organizations can let Sophos' security team take remote actions on their behalf to respond to an attack as the platform identifies it.

Sophos Managed Threat Response (MTR) is built upon the Intercept X Advanced, a machine learning endpoint security platform by Sophos. It combines machine learning and human analysis to investigate alerts and fight off attacks, the company said. Sophos' demands for recent acquisitions of Rook Security and DarkBytes enable the new capabilities of the service, including:

• Threat hunting: Anticipates attacker behaviors; searches for new indicators of attacks; identifies, validates threats and investigates related events to discover undetected threats.
• Adversarial detection: Distinguishes legitimate behaviors from the tactics, techniques and procedures used by attackers; and determines the scope and impact of threats to provide appropriate threat response.
• Threat response: Provides trained security personnel who would apply threat intelligence from Intercept X to validate threats and can take remote actions needed to contain an attack.
• Asset discovery and prescriptive security health guidance: Enables organizations to discover managed and unmanaged assets, as well as vulnerabilities through impact assessments and threat hunts, and provides guidance for addressing configuration and architecture weaknesses.

Organizations can customize Sophos MTR in different tiers and response modes according to their size and needs. Sophos MTR's pricing is based on employee count, service tier and response mode.

Identifying and containing a data breach is costly. The Ponemon Institute's "2019 Cost of a Data Breach Report" identifies that the global average cost of a data breach is $3.9 million, a 1.5% increase from 2018. The report also found that organizations take an average of 279 days to identify and contain a breach and the longer a breach's lifecycle is, the more expensive it becomes.

In the managed detection and response services market, Sophos competitors include AT&T, Cisco and SentinelOne. AT&T introduced its Managed Threat Detection and Response in July, the platform touts 24/7 security monitoring, automated incident response, as well as regular vulnerability assessments and health checks, intended to reduce security risks. Cisco's Active Threat Analytics provides, among other features, a network of security operations centers with trained personnel providing on-demand analysis of a customer's network. SentinelOne's Vigilance also promises constant support reviewing security alerts and taking appropriate actions to speed up threat response.