Sophos has introduced a managed threat hunting, detection, and response service backed by a 24/7 team of security experts.
Named Sophos Managed Threat Response (MTR), the new offering is designed to augment the capabilities of channel pros who can’t afford to build and maintain a security operations center and then staff it with high-priced analysts.
“With this turnkey service offering, they can leverage Sophos to be able to handle this for them, but still act as that trusted advisor,” says Erin Malone, the vendor’s vice president of North American channel sales.
Available immediately to all Sophos partners, the service draws on technology acquired by Sophos through its purchases of managed detection and response vendors Rook Security and DarkBytes earlier this year.
Users of Sophos MTR must also deploy the advanced version of Intercept X, the vendor’s deep learning-based, next-generation endpoint security system, plus the endpoint detection and response add-on for that product unveiled last October. Combining those applications with the new MTR service, Sophos says, enables businesses to collect the benefits of both real-time artificial intelligence and skilled human analysis, resulting in faster and more accurate identification, disruption, and remediation of ransomware and other attacks.
According to Malone, the expert-led remediation portion of that value proposition differentiates Sophos MTR from other SOC-as-a-service and managed security offerings. “Where a lot of other companies may focus a little bit more on the alerting, we are very focused on the response and taking actions,” she says.
The new service comes in standard and advanced versions, both of which include threat hunting assistance. That sets it apart from similar offerings that limit threat hunting to buyers of premium tiers, according to J.J. Thompson, senior director of managed threat response and Sophos and formerly CEO of Rook Security.
“We think that threat hunting is something that is really important for everybody,” he says.
The advanced edition of Sophos MTR provides access to more sophisticated threat hunting techniques than the standard version, as well as enhanced telemetry, a dedicated threat response contact during incidents, and prescriptive security health guidance.
Users can choose between two “response modes” as well. In one, Sophos provides notification and detailed response instructions when it detects a threat. In the other, the vendor contains and neutralizes the threat itself. Partners can pair either response mode with either edition of the service.
“It allows some flexibility in how they like to work with their end user, and how the customer likes to work with their partner as well,” Malone says. “It’s very customizable.”
Sophos MTR integrates with Sophos Central, the vendor’s cloud-based management console, to enable coordinated action across multiple Sophos security products. “Maybe we’re able to see that a PowerShell script was run and had a certain encrypted string in it,” Thompson says. Combining that information with log data from a Sophos firewall would help analysts determine what system or file that script targeted.
“It gives us additional remediation and containment options while we mitigate the active threat,” Thompson says.
Sophos MTR is available at per-employee rates for one-, two-, and three-year terms. Pricing varies by both edition and response mode. Monthly, pay-as-you-go billing through the Sophos MSP Connect Flex program will be available as well by the end of the year.
Sophos is not the only vendor coupling security software with optional services. Acronis, a vendor best known for backup software that is in the early stages of a major push into the security market, recently launched security awareness training, vulnerability scanning, penetration testing, and incident response planning services.