Sophos, a company that delivers cybersecurity as a service, recently launched new third-party security technology compatibilities with Sophos Managed Detection and Response (MDR) to better detect and remediate attacks with speed and precision across diverse customer and operating environments.

The service with more than 12,000 customers now integrates telemetry from third-party endpoints, firewalls, cloud, identity, email, and other security technologies as part of the Sophos Adaptive Cybersecurity Ecosystem.

“As with a shield, cyber-risk mitigation technology can aid in defense, yet unless you use that protection to react, the system will eventually fail; a determined attacker will eventually defeat technology alone,” said Joe Levy, chief technology and product officer at Sophos. “Our teams of experts can now detect and remediate threats across a broad range of environments, including complex, multi-vendor scenarios, before those threats turn into something more damaging, like ransomware or a wide-scale data breach. MDR is often the difference between defense success and failure in real-world situations.”

Sophos unveils cloud workload protection updates
Sophos X-Ops links firm’s three units to bolster cybersecurity response

Sophos MDR is now compatible with security telemetry from vendors such as Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace, and many others. Telemetry can be automatically consolidated, correlated, and prioritized with insights from the Sophos Adaptive Cybersecurity Ecosystem and the Sophos X-Ops threat intelligence unit. Sophos MDR’s expansive set of third-party security integrations is enabled by technology that Sophos acquired through SOC.OS in April 2022.

Threat visibility

Leveraging bespoke data processing and correlation techniques across this broad set of telemetry, the Sophos MDR operations team is able to quickly understand the who, what, when, and how of an attack, and is capable of responding to threats across customers’ entire ecosystems within minutes. The Sophos MDR operations team can also use third-party vendor telemetry to conduct threat hunts and identify attacker behaviors that evaded detection from deployed toolsets.

“The approach that many cybersecurity technology providers have taken with their Extended Detection and Response, and their resulting MDR offerings, is to focus on integrating only their own proprietary hardware and software products, resulting in a closed and limited ecosystem offering. The challenge of this approach is that attributes of existing IT architectures may not be negotiable, given the realities of commercial contracts, technical debt, or IT complexity,” said Frank Dickson, group vice president for IDC’s Security and Trust research practice. “By expanding its MDR offering to include compatibility with third-party cybersecurity products, Sophos is delivering a more technology-agnostic managed service that truly meets customers where they are and the realities they are forced to embrace.”

Sophos MDR is customizable with different service tiers and threat response options. Customers can choose whether to have the Sophos MDR operations team execute full-scale incident response, provide collaborative assistance for confirmed threats, or deliver detailed alert notifications for their security operations teams to manage themselves.

Sophos MDR is available now through Sophos’ global channel of reseller partners and Managed Service Providers (MSPs). Integrations with select third-party security technologies will be generally available at no charge by year end. Customers can also purchase additional integration packs for other compatibility, with pricing based on the number of seats.