SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Sophos releases MDR solution in response to increased threats
Wed, 7th Dec 2022
FYI, this story is more than a year old

Sophos has announced the general availability of Sophos Managed Detection and Response (MDR) with new threat detection and response capabilities.

According to a statement from the company, Sophos is the first endpoint security provider to integrate vendor-agnostic telemetry from third-party security technologies into its MDR offering, providing unprecedented visibility and detection across diverse operating environments.

Sophos also introduced the Sophos Marketplace and $1 million Sophos Breach Protection Warranty.

The need for MDR services and specialised defenders has never been greater, as shown in new research titled, LockBit 3.0 Black Attacks and Leaks Reveal Wormable Capabilities and Tooling, from from Sophos X-Ops, the company's cross-domain threat intelligence unit.

The research analyses tactics, techniques and procedures (TTPs) used by LockBit, one of today's most prolific ransomware gangs, that are similar to BlackMatter, and explains how the latest version of the ransomware, LockBit 3.0, adds wormable capabilities and uses legitimate pentesting tools to evade detection.

In a second article, Detection Tools and Human Analysis Lead to a Security Non-Event, Sophos X-Ops details a recent Sophos MDR use case involving credential theft, another technique that allows adversaries to impersonate legitimate users.

In this case, the Sophos MDR team combined its threat-hunting intelligence with information from the customers third-party security appliance to thwart an attack.

Joe Levy, Chief Technology and Product Officer at Sophos, says, "The only way to reliably detect and neutralise determined attackers who increasingly combine the use of pentesting tools, stolen credentials and other stealthy tactics to manoeuvre undetected is with 24x7 eyes on glass, operating on signals from a diversity of event sources and employing actionable threat intelligence into real-time attacker behaviours.

Levy continues, "Organisations are struggling to keep pace with well-funded adversaries who are continuously innovating and industrialising their ability to evade defensive technologies alone. Sophos MDR can discover and intercept these steps before they result in a data breach, ransomware, or other type of costly compromise.

"Sadly, ransomware persists as one of the greatest cyber crime threats to organisations, as evidenced in the Sophos 2023 Threat Report. We're raising the industry standard for how critical MDR services can be delivered to broaden visibility for better, faster detection and response."

According to the company, Sophos is the first leading endpoint security provider delivering MDR across both its own product portfolio as well as end users existing security deployments.

To support this effort, Sophos launched the Sophos Marketplace, an open ecosystem of more than 75 technology integrations, including Amazon Web Services (AWS), Check Point, CrowdStrike, Darktrace, Fortinet, Google, Microsoft, Okta, Palo Alto Networks, Rapid7, and others.

Expanded visibility across these integrations and diverse operating environments enable Sophos MDR experts to better detect and remediate attacks with speed and precision, regardless of customers existing security solutions.

In addition to Sophos MDR, Sophos Marketplace provides third-party integrations for Sophos portfolio of services, products, and technologies. Telemetry is automatically consolidated, correlated and prioritised with insights from the Sophos Adaptive Cybersecurity Ecosystem and the Sophos X-Ops threat intelligence unit.