Automatic Upgrade to Sophos MDR Complete for Existing Customers

We’ve expanded our Managed Detection and Response service (originally called Sophos MTR) and given it a new name: Sophos MDR. Recognizing their commitment to Sophos, Sophos MTR customers will be upgraded–at no additional charge–to Sophos MDR Complete, our top-tier of service, later this year.  Customers will enjoy the same great level of service, plus a host of new capabilities including extended data retention and a new monthly threat landscape webcast.

Delivering the No. 1 customer request: compatibility with non-Sophos tools

With Sophos MDR Complete, analysts can detect and respond to threats across the cybersecurity ecosystem by leveraging security data from both Sophos and non-Sophos security tools. Customers can take advantage of:

Free integrations with Sophos next-gen technologies, including our endpoint, firewall, cloud, and email protection solutions as well as the new Sophos Network Detection and Response (NDR) solution.
Compatibility to run alongside 3rd party endpoint protection solutions
Free integration with the Microsoft portfolio through Graph Security
3rd party integrations, available for purchase with add-on licenses for virtually any other security tool that generates threat detection data, including Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace, and many others

The more we can see, the more we can detect and the faster we can respond. With each additional data source, our analysts gain deeper visibility as they begin to see around corners and into the actions taking place beyond the endpoint. By automatically correlating data from Sophos and non-Sophos tools, we can see higher fidelity detections and reduce manual investigation times.  And customers get more out of the tools they already have.

There are so many benefits to expanding your detection and response ecosystem to include your existing security solutions. For example:

Firewall and network telemetry can identify rogue assets and unprotected devices, as well as insider threats and novel attacks
Email alerts can pinpoint initial entry into the network and attempts to steal account names and passwords
Identity data can point to unauthorized network entry and attempts to move through higher levels of permissions
Cloud alerts can indicate unauthorized network access, efforts to steal account names and passwords, and access to proprietary data

Plus much more!

To learn more about our third-party integrations and discuss extending your security defences with full-environment threat detection and response, reach out to your Sophos account team or Sophos partner.

Extended data storage and monthly webcast

For all Sophos MDR service tiers, including Sophos MDR Complete, we are increasing standard data storage to 90 days at no additional cost. With the median dwell time for intrusions not involving ransomware coming in at 34 days*, this extended data storage will better enable analysts to determine the root cause of incidents and, in turn, better advise on how to harden defenses to prevent further attacks. Customers who require a longer data retention period, for example to meet compliance or regulatory requirements, can take advantage of an add-on license for a full year of data storage.

It can be challenging to keep up with the fast pace of security threats. We are excited to introduce an exclusive monthly webcast for MDR Complete customers, the Sophos MDR ThreatCast, where we’ll share observations on recent threat activity across our 12,000+ customer base. Attendees will get to know the team of threat analysts and researchers working behind the scenes to protect their organizations and deepen their understanding of the threat landscape.

Scale incident response

Like Sophos MTR Advanced, with MDR Complete, once suspicious activity is detected, the MDR operations team contains and eradicates the threat. Their systematic approach enables them to identify the root cause and then use these insights to elevate protection across the entire customer base.

We’ll take care of the upgrade for you

All Sophos MTR customers will be automatically upgraded to Sophos MDR Complete later this year. We’ll take care of everything for you – no need to do anything.

Not yet using Sophos MDR?

Sophos MDR meets you where you are. Our expert analysts detect and respond in minutes to threats across your entire environment, 24/7/365, whether you need full-scale incident response or assistance making more accurate decisions. To learn more, visit or speak with an adviser today.

* The Active Adversary Playbook 2022, Sophos

Latest Posts