Sophos has announced a strategic partnership with Tenable to provide Sophos Managed Risk, a worldwide vulnerability and attack surface management service.
The new service features a dedicated Sophos team that leverages Tenable’s exposure management technology and collaborates with the security operations experts from Sophos Managed Detection and Response (MDR) to provide attack surface visibility, continuous risk monitoring, vulnerability prioritization, investigation, and proactive notification designed to prevent cyberattacks.
The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organisations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under protected, leaving them vulnerable to cyberattackers.
This is evident in the newest Sophos Active Adversary Report, which identifies three tasks that organizations must prioritize to minimise the risk of brazen intrusions that lead to ransomware or other types of attacks. These include closing exposed Remote Desktop Protocol (RDP) access, enabling multi-factor authorization and patching vulnerable servers, all of which were top entry points in breaches handled by Sophos Incident Response in 2023.
The Sophos Managed Risk service can assess an organization’s external attack surface, prioritize the riskiest exposures, such as open RDP, and provide tailored remediation guidance to help eliminate blind spots and stay ahead of potentially devastating attacks.
“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organisations continuously struggle to control,” says Rob Harrison, senior vice-president for endpoint and security operations product management at Sophos. “We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked.
“It is critical that organisations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches.
“We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimising the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24×7 Sophos MDR coverage.”
Greg Goetz, vice-president of global strategic partners and MSSP at Tenable, comments: “While the latest zero day may dominate the headlines, the biggest threat to organisations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available.
“A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”