Sophos Managed

Detection and Response

24/7 Threat Detection and Response
Sophos MDR is a fully managed 24/7 service delivered by experts
who detect and respond to cyberattacks targeting your computers,
servers, networks, cloud workloads, email accounts, and more.

Ransomware and Breach Prevention Services Highlights

The need for always-on security operations has become an imperative. However, the Ì Stop ransomware and other
complexity of modern operating environments and the velocity of cyberthreats make advanced human-led attacks
it increasingly difficult for most organizations to successfully manage detection and with a 24/7 team of threat
response on their own. response experts
With Sophos MDR, our expert team stops advanced human-led attacks. We take action Ì Maximize the ROI of your
to neutralize threats before they can disrupt your business operations or compromise existing cybersecurity
your sensitive data. Sophos MDR is customizable with different service tiers, and can be technologies
delivered via our proprietary technology or using your existing cybersecurity technology Ì Let Sophos MDR execute
investments. full-scale incident response,
work with you to manage
Cybersecurity Delivered as a Service security incidents, or deliver
Enabled by extended detection and response (XDR) capabilities that provide complete detailed threat notifications
security coverage wherever your data reside, Sophos MDR can: and guidance

Ì Detect more cyberthreats than security tools can identify on their own Ì Improve cyber insurance
Our tools automatically block 99.98% of threats, which enables our coverage eligibility with 24/7
analysts to focus on hunting the most sophisticated attackers that monitoring and endpoint
can only be detected and stopped by a highly trained human. detection and response (EDR)
capabilities
Ì Take action on your behalf to stop threats from disrupting your business
Our analysts detect, investigate, and respond to threats in minutes — whether
Ì Free up your internal IT and
you need full-scale incident response or help making accurate decisions.
security staff to focus on
business enablement
Ì Identify the root cause of threats to prevent future incidents
We proactively take actions and provide recommendations that reduce
risk to your organization. Fewer incidents mean less disruption for your
IT and security teams, your employees, and your customers.

Compatible with the Cybersecurity Tools

You Already Have
We can provide the technology you need from our award-wining portfolio, or our analysts
can leverage your existing cybersecurity technologies to detect and respond to threats.

Sophos MDR is compatible with security telemetry from vendors such as Microsoft,
CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services
(AWS), Google, Okta, Darktrace, and many others. Telemetry is automatically consolidated,
correlated, and prioritized with insights from the Sophos Adaptive Cybersecurity
Ecosystem (ACE) and Sophos X-Ops threat intelligence unit.
Sophos Managed Detection and Response

MDR That Meets You Where You Are Direct Call-in Support
Sophos MDR is customizable with different service tiers and Your team has direct call-in access to our Security Operations
threat response options. Let the Sophos MDR operations Center (SOC) to review potential threats and active incidents.
team execute full-scale incident response, work with you The Sophos MDR operations team is available 24/7/365 and
to manage cyberthreats, or notify your internal security backed by support teams across 26 locations worldwide.
operation teams any time threats are detected. Our team Dedicated Incident Response Lead
quickly learns the who, what, when, and how of an attack. We We provide you with a Dedicated Incident Response Lead
can respond to threats in minutes. who collaborates with your internal team and external
partner(s) as soon as we identify an incident and works with
Key Capabilities you until the incident is resolved.
24/7 Threat Monitoring and Response
Root Cause Analysis
We detect and respond to threats before they can
Along with providing proactive recommendations to improve
compromise your data or cause downtime. Backed by six
your security posture, we perform root cause analysis to
global security operations centers (SOCs), Sophos MDR
identify the underlying issues that led to an incident. We give
provides around-the-clock coverage.
you prescriptive guidance to address security weaknesses so
Compatible with Non-Sophos Security Tools they cannot be exploited in the future.
Sophos MDR can integrate telemetry from third-party
Sophos Account Health Check
endpoint, firewall, identity, email, and other security
We continuously review settings and configurations for
technologies as part of Sophos ACE.
endpoints managed by Sophos XDR and make sure they are
Full-Scale Incident Response running at peak levels.
When we identify an active threat, the Sophos MDR
Threat Containment
operations team can execute an extensive set of response
For organizations that choose not to have Sophos MDR
actions on your behalf to remotely disrupt, contain and fully-
perform full-scale incident response, the Sophos MDR
eliminate the adversary.
operations team can execute threat containment actions,
Weekly and Monthly Reporting interrupting the threat and preventing spread. This reduces
Sophos Central is your single dashboard for real-time alerts, workload for internal security operations teams and enables
reporting, and management. Weekly and monthly reports them to rapidly execute remediation actions.
provide insights into security investigations, cyberthreats,
Intelligence Briefings: “Sophos MDR ThreatCast”
and your security posture.
Delivered by the Sophos MDR operations team, the “Sophos
Sophos Adaptive Cybersecurity Ecosystem MDR ThreatCast” is a monthly briefing available exclusively
Sophos ACE automatically prevents malicious activity and to Sophos MDR customers. It provides insights into the latest
enables us to search for weak signals for threats that require threat intelligence and security best practices.
human intervention to detect, investigate, and eliminate.
Breach Protection Warranty
Expert-Led Threat Hunting Included with Sophos MDR Complete one-, two-, and
Proactive threat hunts performed by highly-trained analysts three-year licenses, the warranty covers up to $1 million in
uncover and rapidly eliminate more threats than security response expenses. There are no warranty tiers, minimum
products can detect on their own. The Sophos MDR contract terms, or additional purchase requirements.
operations team can also use third-party vendor telemetry
to conduct threat hunts and identify attacker behaviors that
evaded detection from deployed toolsets.
Sophos Managed Detection and Response

Sophos Service Tiers

Sophos Threat Advisor Sophos MDR Sophos MDR Complete

24/7 expert-led threat monitoring and response ✔ ✔ ✔

Compatible with non-Sophos security products ✔ ✔ ✔

Weekly and monthly reporting ✔ ✔ ✔

Monthly intelligence briefing: “Sophos MDR ThreatCast” ✔ ✔ ✔

Sophos Account Health Check ✔ ✔

Expert-led threat hunting ✔ ✔

Threat containment: attacks are interrupted, preventing spread

Uses full Sophos XDR agent (protection, detection, and ✔ ✔
response) or Sophos XDR Sensor (detection and response)

Direct call-in support during active incidents ✔ ✔

Full-scale incident response: threats are fully eliminated ✔

Requires full Sophos XDR agent (protection, detection, and response)

Root cause analysis ✔

Dedicated Incident Response Lead ✔

Breach Protection Warranty ✔

Covers up to $1 million in response expenses

Sophos MDR Included Integrations

Security data from the following sources can be integrated for used by the Sophos MDR operations team at no additional cost.
Telemetry sources are used to expand visibility across your environment, generate new threat detections and improve the
fidelity of existing threat detections, conduct threat hunts, and enable additional response capabilities.

Sophos XDR Sophos Firewall Microsoft Graph Security

The only XDR platform that combines native endpoint, server, Monitor and filter incoming and outgoing network traffic to stop Ì Microsoft Defender for Endpoint Ì Identity Protection (Azure AD)
firewall, cloud, email, mobile, and Microsoft integrations advanced threats before they have a chance to cause harm Ì Microsoft Defender for Cloud Ì Microsoft Azure Sentinel
Ì Microsoft Defender Ì Office 365 Security and
Included in Sophos MDR and Sophos MDR Complete Pricing Product sold separately; integrated at no addtional charge for Cloud Apps Compliance Center
Ì Microsoft Defender for Identity Ì Azure Information Protection

Office 365 Management

Sophos Endpoint Sophos Email
Activity
Block advanced threats and detect malicious behaviors— Protect your inbox from malware and benefit from advanced Provides information on user, admin, system, and policy actions
including attackers mimicking legitimate users AI that stops targeted impersonation and phishing attacks and events from Office 365 and Azure Active Directory logs

Included in Sophos MDR and Sophos MDR Complete Pricing Product sold separately; integrated at no addtional charge

Third-Party Endpoint
Sophos Cloud 90-Days Data Retention
Protection
Stop cloud breaches and gain visibility across your critical cloud Compatible with…
Retains data from all Sophos products and any third-party
services, including AWS, Azure, and Google Cloud Platform (non-Sophos) products in the Sophos Data Lake Ì Microsoft Ì Trellix
Ì CrowdStrike Ì BlackBerry (Cylance)
Product sold separately; integrated at no addtional charge Ì SentinelOne Ì Symantec (Broadcom)
Ì Trend Micro Ì Malwarebytes
Sophos Managed Detection and Response

Add-On Integrations
Security data from the following third-party sources can be integrated for use by the Sophos MDR operations team via the
purchase of Integration Packs. Telemetry sources are used to expand visibility across your environment, generate new threat
detections and improve the fidelity of existing threat detections, conduct threat hunts, and enable additional response
capabilities.

Sophos Network Detection

Firewall Identity
and Response
Continuously monitor activity inside your network Compatible with… Compatible with…
to detect suspicious actions occurring between Ì Palo Alto Networks Ì Cisco Ì Okta
devices that otherwise are unseen Ì Fortinet Ì SonicWall Ì Duo
Ì Check Point Ì ManageEngine
Compatible with any network via SPAN port mirroring

Public Cloud Email Network

Compatible with… Compatible with… Compatible with…

Ì AWS Security Hub Ì Orca Security Ì Proofpoint Ì Darktrace
Ì AWS CloudTrail Ì Google Cloud Platform Security Ì Mimecast Ì Tinkst Canary
Ì Skyhigh Security

1-Year Data Retention

Sophos MDR Guided Onboarding

For an additional purchase, Sophos MDR Guided Onboarding is available for remote onboarding assistance. The service
provides hands-on support for a smooth and efficient deployment, ensures best practice configurations, and delivers training
to maximize the value of your MDR service investment. You are provided a dedicated contact from the Sophos Professional
Services organization who will be with you through your first 90 days to make sure your implementation is a success. Sophos
MDR Guided Onboarding includes:
Day 1 - Implementation Day 30 - XDR Training Day 90 Security Posture
Ì Project kickoff Ì Learn to think and act like a SOC Assessment
Ì Review current policies for best
Ì Configure Sophos Central Ì Understand how to hunt for
practice recommendations
and review of features indicators of compromise
Ì Discuss features that are
Ì Build and test deployment process Ì Gain an understanding of
not in use that could provide
using our XDR platform for
Ì Configure MDR integrations additional protection
administrative tasks
Ì Configure Sophos NDR sensor(s) Ì Security assessment
Ì Learn to construct queries
Ì Enterprise-wide deployment following NIST framework
for future investigations
Ì Receive summary report with
recommendations from our review

To learn more, visit

sophos.com/mdr

United Kingdom and Worldwide Sales North American Sales Australia and New Zealand Sales Asia Sales
Tel: +44 (0)8447 671131 Toll Free: 1-866-866-2802 Tel: +61 2 9409 9100 Tel: +65 62244168
Email: [email protected] Email: [email protected] Email: [email protected] Email: [email protected]

© Copyright 2022. Sophos Ltd. All rights reserved.

Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.

22-11-29 DS-EN (DD)