Sophos is significantly improving its service portfolio

Last month, PAC had the opportunity to get a detailed briefing on Sophos’ latest developments and future planning.

While its software and hardware portfolio is widely recognized, its services are currently less well known, at least in Europe.

Sophos was founded in the UK in 1985; today it has 3,500 employees, 470,000 customers, and 100+ million users worldwide. Its comprehensive security portfolio consists of products (software and hardware) and services. It pursues a clear channel-first strategy, with currently 59,000 channel partners around the globe.

Beside interesting developments in the software part of the portfolio, e.g. the launch of EDR 3.1 in late 2020, Sophos also started its own service offering in late 2019.

Currently, Sophos’ services focus on threat response, with three related services:

  • Rapid Response – incident response for organizations under active attack, making sure to mitigate the attack as fast as possible.
  • Managed Threat Response – 24/7 threat detection and response, with 3 levels of response:
    • Notify – Sophos notifies clients of the detection and provides details to help with prioritization and response. This is especially suitable for large enterprises with a large security operations unit.

    • Collaborate – Sophos works with its clients’ internal teams or external point(s) of contact to respond to detections. This is especially suitable for medium-sized organizations and for mission-critical IT systems.

    • Authorize – Sophos handles containment and neutralization actions, and informs its clients of the action(s) taken. This is especially suitable for medium-sized organizations with small security units, which are unable to run 24/7 operations.

In the next few months, we expect further improvements in Sophos’ portfolio in areas such as:

  • Sophos XDR will extend visibility across Sophos’ next-generation portfolio of solutions. Sophos XDR will synchronize critical information from Intercept X, Intercept X for Server, Sophos Firewall, and Sophos Email. Sophos Cloud Optix and Sophos Mobile will also feed into the data repository later this year.
  • A new version of Sophos EDR that introduces scheduled queries and customizable contextual pivoting capabilities, making it faster and easier for security analysts and IT administrators to identify, investigate, and respond to security issues.
  • Sophos XDR and EDR are part of the Sophos adaptive cybersecurity ecosystem (ACE), a new security architecture that optimizes threat prevention, detection, and response. Sophos ACE is built upon the data lake, correlating actionable insights from Sophos solutions and services as well as threat intelligence from SophosLabs, Sophos AI, and the Sophos Managed Threat Response team.
  • New XGS Series firewall appliances featuring enhanced Transport Layer Security (TLS) inspection, including native support for TLS 1.3.
  • Sophos Zero Trust Network Access (ZTNA), a cloud-delivered, cloud-managed product that makes it easy to securely connect users to applications. ZTNA is an alternative to remote access VPN, offering greater control, better security, and easier management.