Exploited unpatched vulnerabilities are the leading root cause of successful attacks, as reported in Sophos’ 2024 Ransomware Report.
The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organizations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under protected, leaving them vulnerable to cyberattackers.
Given this pressing need, we are excited to introduce Sophos Managed Risk, powered by Tenable. This new service enables organizations to find and eliminate blind spots and stay ahead of potential attacks by clearly understanding and prioritizing the highest risk exposures, with expert guidance from Sophos’ dedicated team.
Sophos Managed Risk delivers:
- Attack surface visibility
The modern attack surface continues to grow beyond the borders of traditional IT, and most organizations now have internet-facing assets they don’t realize they own, providing easy targets for threat actors. Sophos Managed Risk discovers the organization’s internet-facing assets and analyzes their external attack surface. - Continuous monitoring
In-house IT and security teams may lack the deep knowledge and experience of the exploitation landscape needed to fully understand the security posture of their organization’s attack surface. Sophos Managed Risk provides expert guidance and helps set remediation priorities. - Risk-based vulnerability prioritization
New vulnerabilities are discovered faster than most organizations can fix them. Understanding which ones are relevant and in which order to patch them is a significant challenge. Sophos Managed Risk identifies and prioritizes exposures using extensive vulnerability coverage and risk-based prioritization technology from Tenable. - Proactive notification of high-risk exposures
Attackers look for weaknesses in the environment long before organizations know they’re there. Identifying high-risk exposures quickly is crucial. Sophos Managed Risk provides proactive notification when new critical vulnerabilities are discovered that affect the organization’s assets.
“One of the biggest challenges organizations face when improving their security posture is prioritizing what to handle first. This type of guidance helps solve that issue and reduces the workload for security teams tasked with tackling vulnerability and exposure management,” said Craig Robinson, research vice president of Security Services, IDC. “Solutions such as Sophos Managed Risk can be a differentiator by enabling overwhelmed teams to take a more holistic approach to continuous monitoring and threat management.”
The Sophos-Tenable Alliance
Sophos Managed Risk combines industry-leading technology from Tenable with threat expertise from Sophos, delivered as a proactive attack surface management service. This unique partnership brings together two highly respected cybersecurity market leaders to deliver superior security outcomes for customers and partners.
“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control. We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked. It is critical that organizations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24×7 Sophos MDR coverage.”
“While the latest zero day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” said Greg Goetz, vice president of global strategic partners and MSSP, Tenable. “A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”
Collaborates with the world’s most trusted MDR service
Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects more than 21,000 organizations globally. The dedicated Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. Organizations benefit through regular interaction, including scheduled meetings with Sophos experts to review recent discoveries, insights into the current threat landscape, and recommendations for remediation and prioritizing actions.
For example, when Sophos discovers a new high-risk zero-day vulnerability that could leave an organization exposed, Sophos Managed Risk scans their assets for the possibility of an exploit and proactively notifies the customer. Organizations can connect with the Sophos Managed Risk team and conveniently manage vulnerability escalation cases alongside MDR investigations in one unified Sophos console.
Available soon
With Sophos Managed Risk experts providing insights into attack surface vulnerabilities, organizations of all sizes can reduce cyber risk, accelerate their patching programs, and improve insurability. The new service will be available at the end of April 2024.
To learn more about Sophos Managed Risk and how it can support you, visit our website or speak with a security expert today.
Source: Sophos