Sophos has officially announced its new Sophos Incident Response Retainer, which aims to provide organisations with speedy access to Sophos’ industry-first fixed-cost incident response service that includes 45 days of 24/7 Managed Detection and Response (MDR).

According to the company, the retainer allows Sophos incident responders to jump into active cyber attacks to investigate and remediate them. External vulnerability scanning and critical preparedness guidance are also included in the retainer, enabling organisations to proactively improve their existing security resilience by pinpointing and resolving issues that reduce the likelihood of a breach in the first place. 

At a time when attacker dwell time is steadily shortening, as revealed in a new 2023 Active Adversary Report for Tech Leaders by Sophos, time to locate and evict adversaries is critical in limiting damage and completely stopping nefarious endgames, such as data breaches and ransomware.

The report indicates that median adversary dwell time continued to plummet, from 10 days in 2022 to eight days in the first half of 2023; for ransomware alone, the time between initial access and impact dropped from nine days to just five.

Adversaries also preferentially carried out attacks during targets’ night and weekend hours, with only 9.6% of ransomware incidents taking place during the targets’ daytime business hours. The single most common attack times were Fridays between 11 p.m. and midnight in the targets’ local time zones, Sophos finds.

Rob Harrison, Vice President, Product Management at Sophos, says, “Incident response retainers help organisations prepare in advance for the fastest response time possible to defend against active cyber attacks."

"Due to today’s complex and mixed-vendor computing environments, skills shortages, evolving attacker behaviors, and cyber insurance requirements, it’s critical that all organisations have pre-determined incident response plans in place. Tangible ‘readiness’ is now a key component for cyber resilience."

Harrison continues, “Adversaries will often abuse the same weakness in a single system, and it’s not unusual for multiple, different attackers to go after the same target if there’s potential exposure. Sophos’ goal is to immediately stop active attacks and make sure complete remediation is achieved, regardless of how many hours it takes. We are the only security vendor that offers this caliber of retainer services for urgent security incidents.”

Chris Kissel, Research Vice President, Security and Trust Products, IDC, comments, “65% of organisations suffered a significant breach event in the last 12 months despite considerable investments in cybersecurity tools, according to IDC ransomware research."

“Dealing with unexpected cyber attacks is time sensitive, stressful and a large financial commitment. The only way to save time, reduce costs and mitigate the impact of a breach is to have an experienced incident response team in place and lined-up ready to go – before attackers strike.”

The Sophos Incident Response Retainer is available in three tiers through Sophos partners worldwide. With Sophos’ ability to threat hunt, respond to and remediate attacks within multi-vendor environments, the retainer is available to non-Sophos customers, in addition to customers already using Sophos’ robust portfolio of innovative endpoint, network, email, and other security products, or Sophos MDR Essentials.

Endpoint configuration health checks and device audits are also included in the retainer for existing Sophos customers. Organisations that prefer broader services in one package can purchase Sophos MDR Complete, which automatically includes full-scale incident response.