Sophos Managed Detection and Response (MDR) is a service that monitors and responds to security threats in a network. It involves using artificial intelligence (AI) and a team of security experts to monitor your network, servers, and computers 24/7, with the goal of protecting your organization from cyber threats. This service works with existing tools and processes, so there’s no need for a complete overhaul of your current systems. It is also compatible with major cybersecurity vendors and offers a powerful API for deeper integration if needed. The Sophos Central platform provides complete visibility over your security landscape.
The MDR service is performed by the Sophos Security Services Team, which conducts security investigations, threat hunting, response actions, and incident response. The team uses a combination of manual and semi-automated activities to identify signals and indicators of malicious activity that may have bypassed existing prevention and detection controls. This process is known as Threat Hunting. The team also performs a process known as Threat Response, which includes the methods, processes, communications, and response actions utilized to contain or disrupt malicious activity. The service also includes Incident Response, which is the technical process performed remotely to investigate, mitigate, and neutralize confirmed compromises or unauthorized access to systems that pose an imminent threat.
During the onboarding process, customers need to provide contact information, determine their communication preferences, and determine the Threat Response Mode. The Threat Response Mode choices are “Collaborate,” where the Security Services Team conducts investigations but no response actions are taken without the customer’s prior consent or active involvement, and “Authorize,” where the Security Services Team performs Threat Response independently of the customer and the customer is notified of response actions taken.
Sophos MDR service also includes a Health Check on all applicable Managed Endpoints as part of the onboarding process. This is to identify configurations and settings that may negatively impact the security of a Managed Endpoint. The customer will be notified of any configurations that could diminish the security posture, along with the required steps to remediate the issues identified by Health Check.
All monitoring, investigation, and response actions are provided on a 24/7/365 basis. The service level target for case creation is 2 minutes from detection, and the target time for initial response action is 30 minutes from case creation.
Threat Hunting is also included as part of the service, where the Security Services Team will conduct proactive searches for threats that may have evaded existing detection controls based on threat intelligence and relevant indicators of compromise observed in incident response engagements and investigations.
SOPHOS MDR AWARDS
Sophos has received multiple awards and recognition for its Managed Detection and Response (MDR) solutions from Gartner
1. In 2021, Sophos was named a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms
2. In 2022, they were named a Leader in the Gartner Magic Quadrant for Managed Detection and Response. Sophos is also the first endpoint security vendor to deliver MDR across its endpoint offerings as well as end users’ existing security deployments
3. Additionally, Sophos MDR was awarded a 2023 MSP Today Product of the Year
4. Sophos has also received other awards and recognition for its innovative cybersecurity solutions and services from various organizations