UK-based cyber security-as-a-service company Sophos has partnered with Tenable, an exposure management company, to introduce Sophos Managed Risk, a global vulnerability and attack surface management service.
The new service includes a dedicated Sophos team that leverages Tenable's exposure management technology and collaborates with the security operations experts from Sophos Managed Detection and Response (MDR).
The partnership aims to provide improved attack surface visibility, risk monitoring, vulnerability prioritisation, investigation, and proactive notification to prevent cyber attacks.
Sophos notes that the modern attack surface has expanded beyond traditional on-premises IT boundaries, with organisations operating frequently unknown numbers of external and internet-facing assets that are unpatched or underprotected, leaving them vulnerable to cyber attackers.
The latest Sophos Active Adversary Report identifies three tasks organisations must prioritise to minimise the risk of brazen intrusions that lead to ransomware or other attacks: closing exposed Remote Desktop Protocol (RDP) access; enabling multi-factor authorisation; and patching vulnerable servers. These were the primary entry points in breaches handled by Sophos Incident Response in 2023.
This same report also found a significant increase in cyber criminals exploiting RDP, which was used in 90% of attacks.
Rob Harrison, senior VP for endpoint and security operations product management at Sophos, said: “We can now help organisations identify and prioritise the remediation of vulnerabilities in external assets, devices and software that are often overlooked. It is critical that organisations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches.”
Harrison referenced Sophos' global survey data, revealing that 32% of ransomware attacks stem from unpatched vulnerabilities, making them the most expensive to address. "The ideal security layers to prevent these issues include an active approach to improving security postures by minimising the chances of a breach,” he said.
Greg Goetz, VP of global strategic partners and MSSPs at Tenable, added, “While the latest zero day may dominate the headlines, the biggest threat to organisations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available. A winning approach includes risk-based prioritisation with context-driven analytics to proactively address exposures before they become a problem.”
Share