Cybersecurity company Sophos built Sophos X-Ops which links together its units, SophosLabs, Sophos SecOps, and Sophos AI, to help organizations against increasing complex cyberattacks.
As a cross-operational unit, Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities.
“We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise,” said Joe Levy, chief technology and product officer, Sophos. “Joined as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”
Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos.
Sophos is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families. Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to contain and neutralize the adversaries quickly.
Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining each group’s expertise, Sophos is pioneering the concept of an artificial intelligence-assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise.