Sophos has announced a strategic partnership with Tenable to launch Sophos Managed Risk. This new global service aims to enhance vulnerability and attack surface management, featuring a dedicated Sophos team that leverages Tenable's technology and collaborates with Sophos Managed Detection and Response (MDR) experts.
The service addresses the challenges posed by the modern attack surface, which has expanded beyond traditional IT boundaries. Organizations often operate with external and internet-facing assets that are unpatched or underprotected, making them vulnerable to cyberattacks. The Sophos Active Adversary Report highlights the need for organizations to prioritize closing exposed Remote Desktop Protocol (RDP) access, enabling multi-factor authorization, and patching vulnerable servers to minimize the risk of intrusions.
"Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control," said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. "We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked."
Greg Goetz, vice president of global strategic partners and MSSP at Tenable, emphasized the importance of risk-based prioritization, stating, "A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem."
Key benefits of Sophos Managed Risk include External Attack Surface Management (EASM), continuous monitoring and proactive notification of high-risk exposures, and vulnerability prioritization. The service aims to simplify the complex task of identifying vulnerabilities and prioritizing necessary remediations.
Craig Robinson, research vice president of Security Services at IDC, highlighted the importance of guidance in prioritizing security tasks. "Solutions such as Sophos Managed Risk can be a differentiator by enabling overwhelmed teams to take a more holistic approach to continuous monitoring and threat management," he said.
Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects over 21,000 organizations globally. The service benefits organizations through regular interaction with Sophos experts, insights into the current threat landscape, and recommendations for remediation and prioritizing actions.
Kieron Stone, cybersecurity business development manager at Phoenix Software Ltd., praised the service, saying, "Sophos Managed Risk simplifies the difficult and resource-consuming task of identifying vulnerabilities and really understanding the extent of risk exposure."
Sophos Managed Risk is available with a term license through Sophos' global network of channel partners and Managed Service Providers (MSPs), with a Sophos MSP Flex version set to be available in 2024.