Sophos launches Managed Threat
Response service
ophos, a global leader in
network and endpoint security,
has announced the availability
of Sophos Managed Threat Response
(MTR), a fully managed threat hunting,
detection and response service.
S
The re-sellable service provides
organisations with a dedicated 24/7
security team to neutralise the most
sophisticated threats.
These types of threats include active
attackers leveraging fileless attacks and
administrator tools such as PowerShell
to escalate privileges, exfiltrate data
and spread laterally. Attacks like Lemon
Duck PowerShell malware are difficult
to detect since they involve an active
adversary using legitimate tools for
nefarious purposes and Sophos MTR
helps eliminate this threat.
“Cybercriminals are adapting their
methods and increasingly launching
hybrid attacks that combine automation
with interactive human ingenuity to
more effectively evade detection. Once
they gain a foothold, they’ll employ
‘living off the land’ techniques and other
deceptive methods requiring human
interaction to discover and disrupt
their attacks,” said Joe Levy, Chief
Technology Officer at Sophos.
“Sophos MTR not only augments
internal teams with additional threat
intelligence, unparalleled product
expertise, and around-the-clock
coverage, but also gives customers the
www.intelligentciso.com
|
Issue 22
option of having a highly trained team of
response experts take targeted actions
on their behalf to neutralise even the
most sophisticated threats.”
Built on Intercept X Advanced with
endpoint detection and response (EDR),
Sophos MTR fuses Machine Learning
with expert analysis for improved
threat hunting and detection, deeper
investigation of alerts, and targeted
actions to eliminate threats. These
innovative capabilities are based on
Sophos’ acquisitions of Rook Security
and DarkBytes technology, and include:
• Expert-led threat hunting: Sophos
MTR anticipates attacker behaviour
and identifies new indicators of
attack and compromise. Sophos
threat hunters proactively hunt for
and validate potential threats and
incidents, and investigate casual
and adjacent events to discover
“For the most part, other MDR services
simply notify customers of potential
threats and then leave it up to them to
manage things from there.
Joe Levy, Chief Technology Officer
at Sophos
new threats that previously couldn’t
be detected.
• Advanced adversarial detection:
Sophos MTR uses proven
investigation techniques to
differentiate legitimate behaviour
from the tactics, techniques
and procedures (TTPs) used by
attackers. Coupled with enhanced
telemetry from Sophos Central,
which provides a detailed, full
picture of adversary activities as
part of the service, the scope
and severity of threats can be
determined for rapid response.
• Machine-accelerated human
response: A highly trained team of
world-class experts generates and
applies threat intelligence to confirm
threats, and takes action to remotely
disrupt, contain and neutralise
threats with speed and precision.
• Asset discovery and prescriptive
security health guidance: Sophos
MTR provides valuable insights
into managed and unmanaged
assets, vulnerabilities for better
informed impact assessments
and threat hunts. Prescriptive and
actionable guidance for addressing
configuration and architecture
weaknesses enables organisations
to proactively improve their security
posture with hardened defences.
Sophos MTR is customisable
with different service tiers and
response modes to meet the unique
and evolving needs of organisations
of all sizes and maturity levels. Unlike
many MDR services that focus on
monitoring and threat notification,
Sophos MTR rapidly escalates and
takes action against threats based on
an organisation’s preferences. u
61