Sophos launches new services to help plug organisational cyber gaps
Sophos has announced the launch of Advisory Services, a suite of cybersecurity testing services aimed at identifying security weaknesses within organisations.
The Advisory Services suite includes External Penetration Testing, Internal Penetration Testing, Wireless Network Penetration Testing, and Web Application Security Assessment. These services are informed by threat intelligence from Sophos X-Ops and are delivered by professionals with expertise in a range of security disciplines.
Testing services
External Penetration Testing simulates attempts by attackers to breach an organisation's perimeter from the outside. Internal Penetration Testing focuses on threats from inside the network, including attackers who have already gained access, and examines vulnerabilities in internal systems, applications, and data. Wireless Network Penetration Testing evaluates the security of organisational Wi-Fi networks and infrastructure, measuring compliance with relevant security mandates. Web Application Security Assessment reviews web applications for vulnerabilities and weaknesses in their design.
The goal of these offerings is to help organisations strengthen their cyber defences and optimise current security investments, according to the company.
Addressing security gaps
Recent data highlighted by Sophos underscores the urgency of such measures. The Sophos State of Ransomware 2025 report found that exploited vulnerabilities remain the number one cause of ransomware attacks. Additionally, 65% of organisations affected by ransomware cited a known or unknown security gap as the reason they were exposed to an attack.
"Adversaries are increasingly skilled at exploiting the smallest cracks in an organisation's security program. With Sophos Advisory Services, we give customers a proactive advantage - helping them find and fix weaknesses before attackers can exploit them. Backed by real-time insights from Sophos X-Ops threat intelligence, our experts enable organisations to strengthen resilience, meet compliance requirements, and build lasting trust with stakeholders," Jake Dorval, Senior Director, Sophos Advisory Services.
The Advisory Services suite is supported by dedicated testers whose experience covers security research, threat intelligence, law enforcement, military, and related sectors. Many of these specialists joined Sophos through the recent acquisition of Secureworks and collectively hold a wide range of security certifications. The team also works alongside Sophos X-Ops analysts, threat intelligence experts, and research specialists.
Expanding portfolio
Sophos plans to introduce additional Advisory Services in the coming months as part of its expanding security services portfolio. The new suite complements other services, including Sophos Emergency Incident Response, which provides organisations experiencing an active cyberattack with rapid detection and neutralisation of threats. This emergency service merges the incident response capabilities of both Sophos and Secureworks and operates on an hourly billing model.
The company emphasises that regardless of organisational size or security maturity, regularly assessing cybersecurity posture is crucial for staying ahead of evolving threats, demonstrating regulatory compliance, and maintaining trust with stakeholders and partners.
Sophos reports that its security offerings are aimed at providing organisations with access to real-time expertise and tools necessary for identifying security gaps, thereby helping them bolster proactive cyber resilience.
