SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Sophos links three expert security teams together with X-Ops
Mon, 25th Jul 2022
FYI, this story is more than a year old

Sophos has announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organisations better defend against constantly changing and increasingly complex cyber attacks.

Sophos X-Ops leverages the predictive, real-time, real-world and researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities.

In addition to this announcement, Sophos is issuing 'OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks', research about increased attacks against unpatched Microsoft SQL servers, and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families.

Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analysed them, and took action to quickly contain and neutralise the adversaries, the company states.

Joe Levy, chief technology and product officer at Sophos, says, “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specialisations have emerged.

"Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organisational structure that avoids silos.

"We've unified three globally recognised and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response.

"Attackers are often too organised and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.

Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, "We're disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.

"Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimising the harms of ransomware, espionage or other cyber crimes that can befall organisations of all types and sizes, and working with law enforcement to neutralise attacker infrastructure.

"While Sophos internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries."

Michael Daniel, president and CEO Cyber Threat Alliance, comments, “Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyse and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.

Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organised cyber crime, the company states.

By intertwining the expertise of each group, Sophos states the company is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Centre (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos states this approach can dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise.

Craig Robinson, IDC research vice president, Security Services, says, “The adversary community has figured out how to work together to commoditise certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it.

"The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants tactics by allowing cross-collaboration amongst different internal threat intelligence groups. Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organisations to better predict and prepare for imminent and future attacks.