Cybersecurity company Sophos has partnered with Tenable, an Exposure Management firm, in a strategic move to launch a new vulnerability and attack protection service known as Sophos Managed Risk. This service combines the exposure management technology of Tenable with the specialist knowledge of security operations experts from Sophos Managed Detection and Response (MDR). The partnership aims to provide comprehensive visibility of the attack surface, continuous risk monitoring, enhanced priority-based vulnerability coverage, along with proactive notifications to fend off cyber-attacks.

Sophos Managed Risk, an extension to Sophos MDR that shields over 21,000 global organisations, intends to address the growing concerns over the widened attack surface of organisations. The service is specially designed to understand and tackle the vulnerabilities organisations are unknowingly exposed to, aiding to reduce occurrences of hostile intrusions that lead to ransomware or similar forms of attacks. As per the latest Sophos Active Adversary Report, tackling such risky exposures including unpatched Remote Desktop Protocol access, establishing multi-factor authorisation, and patching vulnerable servers, can significantly reduce cybersecurity threats.

Rob Harrison, senior vice president for endpoint and security operations product management at Sophos, said, "Sophos and Tenable, as security industry leaders, share a common goal of resolving urgent, pervasive security challenges that organisations struggle to control. We aim to help organisations identify and prioritise remediation efforts on overlooked external assets, devices, and software vulnerabilities. Our data reveals that 32% of ransomware attacks begin with an unpatched vulnerability which is the most expensive to remediate."

Greg Goetz, vice president of global strategic partners and MSSP, Tenable, reiterated, "Despite the dominating headlines of the latest zero day, known vulnerabilities—that already have available patches still prove to be a significant threat to organisations. A successful strategy involves a risk-based prioritisation with context-driven analytics to address exposures before they become problematic."

The Sophos Managed Risk service offers features such as advanced identification and classification of internet-facing assets, proactive notifications for new critical vulnerabilities in an organisation’s internet-facing assets, and swift detection of high-risk zero-day vulnerabilities. Craig Robinson, research vice president of Security Services at IDC, lauded the solution stating, "Solutions like Sophos Managed Risk can differentiate themselves by enabling overloaded teams to adopt a more holistic approach to continuous monitoring and threat management."

The service is Tenable-certified and works in close alliance with Sophos MDR to furnish crucial information on zero-days, known vulnerabilities, and exposure risks. Regular interaction with Sophos experts equips organisations with insights into the current threat landscape, remediation recommendations, and priority action plans. This invaluable assistance helps organisations to stay abreast of potential security risks and safeguard themselves against cyber-attacks.

Marketed through Sophos' global network of channel partners and Managed Service Providers (MSPs), Sophos Managed Risk is be available with a term license alongside a tailored Sophos MSP Flex version expected to launch in 2024.