Providing 24/7 threat hunting with Sophos Managed Threat Response

Few organisations have the right tools, people and processes in-house to effectively manage their security programme around-the-clock, while proactively defending against new and emerging threats. When responding to an active threat, it is imperative that the time between the initial indicator of compromise and full threat mitigation be as brief as possible. As an adversary progresses through the kill chain, it is a race against time to ensure they are unable to achieve their objectives. 

“Sophos Rapid Response gets you out of the danger zone fast with its 24/7 team of remote incident responders, threat analysts and threat hunters. Onboarding starts within hours, and the majority of customers are triaged in 48 hours,” says Ross Anderson, Sophos Product Development Manager at Duxbury Networking.

The Sophos Rapid Response service is available for both existing Sophos customers as well as non-Sophos customers and can:

• Eject adversaries from your estate to prevent further damage to your assets.
• Perform ongoing 24/7 monitoring and response to enhance your protection.
• Recommend real-time preventative actions to address the root cause.
• Quickly deploy Sophos cloud-based technology stack across your estate.
• Analyse supplementary data from third-party technologies.
• Provide a detailed post-incident threat summary that describes our investigation.

Some of the benefits provided by the Sophos Rapid Response service include:

• Incident response and always-on monitoring for 45 days.
• VIP treatment – work with a dedicated point of contact and response lead.
• Predictable pricing – upfront, fixed cost with no hidden fees.
• Rapid identification and neutralisation of active threats.
• Designed to be insurance reimbursable.
• Seamlessly transition into a subscription with Sophos Managed Threat Response (MTR) after Rapid Response.

“Going beyond simply notifying you of attacks or suspicious behaviors, the Sophos MTR team takes targeted actions on your behalf to neutralise even the most sophisticated and complex threats,” says Anderson.

With Sophos MTR, your organisation is armed with a 24/7 team of threat hunters and response experts who will:

• Proactively hunt for and validate potential threats and incidents.
• Use all available information to determine the scope and severity of threats.
• Apply the appropriate business context for valid threats.
• Initiate actions to remotely disrupt, contain and neutralise threat.
• Provide actionable advice for addressing the root cause of recurring incidents.

Built on its Intercept X Advanced with XDR technology, Sophos MTR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. This fusion of Sophos’s consistently top-rated endpoint protection and intelligent XDR, with a world-class team of security experts results in what Sophos refers to as ‘machine-accelerated human response’.

“With Sophos MTR, you own the decisions and control how and when potential incidents are escalated, what response actions (if any) you want Sophos to take, and who should be included in communications. Sophos MTR features three response modes so you can choose the best way for our MTR team to work alongside you during incidents:

1. Notify: You are notified you about the detection and provided with detail to help you in prioritisation and response.
2. Collaborate: Sophos works with your internal team or external point(s) of contact to respond to the detection.
3. Authorise: Sophos handles containment and neutralisation actions and will inform you of the action(s) taken.

Features of the Sophos MTR include:

• Advanced threat hunting, detection and response capabilities delivered as a fully- managed service.
• Collaborate with a 24/7 response team that takes action to remotely contain and neutralise threats.
• You decide and control what actions the MTR team takes and how incidents are managed.
• Combines top-rated machine learning technology with a highly-trained team of experts.
• Two tiers of service (Standard and Advanced) provide a comprehensive set of capabilities for organisations of all maturity levels.

For more information, contact Duxbury Networking, (+27) 011 351 9800, info@duxnet.co.za, www.duxbury.co.za.