Sophos Managed

Detection and Response

24/7 Threat Detection and Response
Sophos MDR is a fully managed 24/7 service delivered by experts
who detect and respond to cyberattacks targeting your computers,
servers, networks, cloud workloads, email accounts, and more.

Ransomware and Breach Prevention Services Highlights

The need for always-on security operations has become an imperative. However, the Ì Stop ransomware and other
complexity of modern operating environments and the velocity of cyberthreats make advanced human-led attacks
it increasingly difficult for most organizations to successfully manage detection and with a 24/7 team of threat
response on their own. response experts
With Sophos MDR, our expert team stops advanced human-led attacks. We take action Ì Maximize the ROI of your
to neutralize threats before they can disrupt your business operations or compromise existing cybersecurity
your sensitive data. Sophos MDR is customizable with different service tiers, and can be technologies
delivered via our proprietary technology or using your existing cybersecurity technology Ì Let Sophos MDR execute
investments. full-scale incident response,
work with you to manage
Cybersecurity Delivered as a Service security incidents, or deliver
Enabled by extended detection and response (XDR) capabilities that provide complete detailed threat notifications
security coverage wherever your data reside, Sophos MDR can: and guidance

Ì Detect more cyberthreats than security tools can identify on their own Ì Improve cyber insurance
Our tools automatically block 99.98% of threats, which enables our coverage eligibility with 24/7
analysts to focus on hunting the most sophisticated attackers that monitoring and endpoint
can only be detected and stopped by a highly trained human. detection and response (EDR)
capabilities
Ì Take action on your behalf to stop threats from disrupting your business
Our analysts detect, investigate, and respond to threats in minutes — whether
Ì Free up your internal IT and
you need full-scale incident response or help making accurate decisions.
security staff to focus on
business enablement
Ì Identify the root cause of threats to prevent future incidents
We proactively take actions and provide recommendations that reduce
risk to your organization. Fewer incidents mean less disruption for your
IT and security teams, your employees, and your customers.

Compatible with the Cybersecurity Tools

You Already Have
We can provide the technology you need from our award-wining portfolio, or our analysts
can leverage your existing cybersecurity technologies to detect and respond to threats.

Sophos MDR is compatible with security telemetry from vendors such as Microsoft,
CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services
(AWS), Google, Okta, Darktrace, and many others. Telemetry is automatically consolidated,
correlated, and prioritized with insights from the Sophos Adaptive Cybersecurity
Ecosystem (ACE) and Sophos X-Ops threat intelligence unit.
Sophos Managed Detection and Response

MDR That Meets You Where You Are Direct Call-in Support
Sophos MDR is customizable with different service tiers and Your team has direct call-in access to our Security Operations
threat response options. Let the Sophos MDR operations Center (SOC) to review potential threats and active incidents.
team execute full-scale incident response, work with you The Sophos MDR operations team is available 24/7/365 and
to manage cyberthreats, or notify your internal security backed by support teams across 26 locations worldwide.
operation teams any time threats are detected. Our team Dedicated Incident Response Lead
quickly learns the who, what, when, and how of an attack. We We provide you with a Dedicated Incident Response Lead
can respond to threats in minutes. who collaborates with your internal team and external
partner(s) as soon as we identify an incident and works with
Key Capabilities you until the incident is resolved.
24/7 Threat Monitoring and Response
Root Cause Analysis
We detect and respond to threats before they can
Along with providing proactive recommendations to improve
compromise your date or cause downtime. Backed by six
your security posture, we perform root cause analysis to
global security operations centers (SOCs), Sophos MDR
identify the underlying issues that led to an incident. We give
provides around-the-clock coverage.
you prescriptive guidance to address security weaknesses so
Compatible with Non-Sophos Security Tools they cannot be exploited in the future.
Sophos MDR can integrate telemetry from third-party
Sophos Account Health Check
endpoint, firewall, identity, email, and other security
We continuously review settings and configurations for
technologies as part of Sophos ACE.
endpoints managed by Sophos XDR and make sure they are
Full-Scale Incident Response running at peak levels.
When we identify an active threat, the Sophos MDR
Threat Containment
operations team can execute an extensive set of response
For organizations that choose not to have Sophos MDR
actions on your behalf to remotely disrupt, contain and fully-
perform full-scale incident response, the Sophos MDR
eliminate the adversary.
operations team can execute threat containment actions,
Weekly and Monthly Reporting interrupting the threat and preventing spread. This reduces
Sophos Central is your single dashboard for real-time alerts, workload for internal security operations teams and enables
reporting, and management. Weekly and monthly reports them to rapidly execute remediation actions.
provide insights into security investigations, cyberthreats,
Intelligence Briefings: “Sophos MDR ThreatCast”
and your security posture.
Delivered by the Sophos MDR operations team, the “Sophos
Sophos Adaptive Cybersecurity Ecosystem MDR ThreatCast” is a monthly briefing available exclusively
Sophos ACE automatically prevents malicious activity and to Sophos MDR customers. It provides insights into the latest
enables us to search for weak signals for threats that require threat intelligence and security best practices.
human intervention to detect, investigate, and eliminate.

Expert-Led Threat Hunting

Proactive threat hunts performed by highly-trained analysts
uncover and rapidly eliminate more threats than security
products can detect on their own. The Sophos MDR
operations team can also use third-party vendor telemetry
to conduct threat hunts and identify attacker behaviors that
evaded detection from deployed toolsets.
Sophos Managed Detection and Response

Sophos Service Tiers

Sophos Threat Advisor Sophos MDR Sophos MDR Complete

24/7 expert-led threat monitoring and response ✔ ✔ ✔

Compatible with non-Sophos security products ✔ ✔ ✔

Weekly and monthly reporting ✔ ✔ ✔

Monthly intelligence briefing: “Sophos MDR ThreatCast” ✔ ✔ ✔

Sophos Account Health Check ✔ ✔

Expert-led threat hunting ✔ ✔

Threat containment: attacks are interrupted, preventing spread

Uses full Sophos XDR agent (protection, detection, and ✔ ✔
response) or Sophos XDR Sensor (detection and response)

Direct call-in support during active incidents ✔ ✔

Full-scale incident response: threats are fully eliminated ✔

Requires full Sophos XDR agent (protection, detection, and response)

Root cause analysis ✔

Dedicated Incident Response Lead ✔

Integrations Included Free of Charge

Security data from the following sources can be integrated for use by the Sophos MDR operations team free of charge.
Telemetry sources are used to expand visibility across your environment, generate new threat detections and improve the
fidelity of existing threat detections, conduct threat hunts, and enable additional response capabilities.

Sophos XDR Sophos Firewall Microsoft Graph Security

Ì Microsoft Defender for Ì Microsoft Defender for Cloud

The only XDR platform that combines native endpoint, server, Monitor and filter incoming and outgoing network traffic to stop
Endpoint Apps
firewall, cloud, email, mobile, and Microsoft integrations advanced threats before they have a chance to cause harm
Ì Microsoft Defender for Cloud Ì Microsoft Sentinel
Ì Microsoft Defender for Identity Ì Azure Information Protection
Ì Azure Active Directory Ì Microsoft 365

Sophos Network Detection Third-Party Endpoint

Sophos Endpoint Protection
and Response
Compatible with…
Block advanced threats and detect malicious behaviors—including Continuously monitor activity inside your network to detect Ì Microsoft Ì Trend Micro
attackers mimicking legitimate users suspicious actions occurring between devices that otherwise Ì CrowdStrike Ì BlackBerry (Cylance)
are unseen Ì SentinelOne Ì McAfee
Ì Check Point Ì Malwarebytes

Sophos Cloud Sophos Email

90-Days
Stop cloud breaches and gain visibility across your critical cloud Protect your inbox from malware and benefit from advanced AI Data Retention
services, including AWS, Azure, and Google Cloud Platform that stops targeted impersonation and phishing attacks

Sophos XDR and Sophos Endpoint Protection products are included with Sophos MDR service
Sophos Firewall, Sophos Cloud, Sophos Email, and Sophos NDR products must be purchased and deployed prior to integration with Sophos MDR service
Sophos Managed Detection and Response

Add-On Integrations
Security data from the following third-party sources can be integrated for use by the Sophos MDR operations team via the
purchase of Integration Packs. Telemetry sources are used to expand visibility across your environment, generate new threat
detections and improve the fidelity of existing threat detections, conduct threat hunts, and enable additional response
capabilities.

Firewall Cloud Identity

Compatible with… Compatible with… Compatible with…
Ì Palo Alto Networks Ì Cisco Ì AWS Ì Orca Security Ì Okta
Ì Fortinet Ì SonicWall Ì Microsoft Azure Ì Google Cloud Ì Duo
Ì Check Point

Network Security Email

Compatible with…
1-Year
Compatible with…
Ì Darktrace Ì Proofpoint
Data Retention
Ì Forcepoint Ì Mimecast
Ì McAfee (web gateway)

Onboarding Plus Package for Sophos MDR

Our Onboarding Plus offering is a remotely guided onboarding service available to Sophos MDR customers. It gives you access
to a dedicated contact within Sophos’ Professional Services organization for onboarding and scheduling, deployment and
training assistance, and a health check to ensure you can get the most value out of our best practices. Onboarding Plus
includes:
Day 1 - Implementation Planning Day 30 - XDR Training Day 90 - XDR Training
and Execution: Ì Learn how to think and Ì Review your current security
Ì Kick off project act like an SOC policies and update them as needed

Ì Configure Sophos Central Ì Hunt for IOCs Ì Determine which features

(if any) can be used to further
Ì Review Sophos Central features Ì Construct queries for
enhance your cyber protection
future investigations
Ì Build and test deployment process
Ì Receive written documentation
Ì Deploy Sophos Central with recommendations
across your organization from our health check

To learn more, visit

sophos.com/mdr

United Kingdom and Worldwide Sales North American Sales Australia and New Zealand Sales Asia Sales
Tel: +44 (0)8447 671131 Toll Free: 1-866-866-2802 Tel: +61 2 9409 9100 Tel: +65 62244168
Email: [email protected] Email: [email protected] Email: [email protected] Email: [email protected]

© Copyright 2022. Sophos Ltd. All rights reserved.

Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.

22-10-17 DS-EN (DD)