Cyber security firm Sophos has launched a suite of advisory and testing services aimed at addressing widespread security gaps in organisations.
According to the company, there is a lack of real-time threat detection capabilities and effective incident response plans in many organisations, with common security weaknesses including unpatched vulnerabilities, weak credentials, misconfigurations, and flawed access controls.
With the new suite of advisory services, bundling external and internal penetration testing, wireless network testing, and web application security assessments, Sophos aims to help identify security weaknesses within organisations.
The services leverage insights from Sophos X-Ops Threat Intelligence and are supported by testers with experience in security research, threat intelligence, law enforcement, military and related sectors – many joining via the recent Secureworks acquisition. The team collaborates closely with Sophos X-Ops analysts and research specialists.
Pieter Nel, country manager for South Africa at Sophos, explained: “We refer to this as the “virtuous cycle”. Each year, we deliver thousands of incident response, incident readiness, and security testing engagements across organisations of all sizes, industries, and maturity levels. The insights gained from these real-world engagements are fed into our Sophos X-Ops Threat Intelligence teams, where they are analysed and operationalised to strengthen our broader security offerings– to include our Managed Detection and Response (MDR) service.”
Sophos' State of Ransomware 2025 report found that exploited vulnerabilities remain the top root cause of ransomware attacks. Around 65% of organisations cited known or unknown security gaps as contributing factors in breaches.
Nel attributed delays in patching to operational downtime concerns, resource shortages, legacy system dependencies, and underestimation of risk. “Security teams are stretched thin. Without full asset visibility and vulnerability management, many don’t even know what needs fixing,” he said.
Sophos plans to add more advisory services soon, complementing offerings such as its Emergency Incident Response, which operates on an hourly billing model and helps detect and neutralise active cyber attacks.
Share