Cyber security provider Sophos has partnered with exposure management specialist Tenable to offer Managed riska new vulnerability and attack surface management service for organizations around the world.
Leveraging Tenable's One Exposure Management platform, the new service aims to help customers thwart cyber attacks through capabilities including attack visibility, continuous risk monitoring, vulnerability prioritization, investigation and proactive notification.
A dedicated team will work with Tenable's exposure management technology and collaborate with security operations experts from Sophos' Managed Detection and Response (MDR) business, sharing insights and data on zero-days, known vulnerabilities, and exposure risks to assess potentially exploited environments.
Sophos Managed Risk is available on a temporary license through the company's network of channel partners and MSPs, with a Sophos MSP Flex version scheduled to be available later this year.
In an announcement, Rob Harrison, senior vice president of security and endpoint operations product management at Sophos, said the offering will help customers address “urgent and pervasive security challenges” that they constantly struggle to control.
“We can now help organizations identify and prioritize remediation of vulnerabilities in external assets, devices and software that are often overlooked,” he explained.
“It is critical that organizations manage these exposure risks, because if left unaddressed, they only lead to more costly and time-consuming problems and are often the root cause of major breaches.”
Sophos said its latest research highlighted three key tasks that organizations should prioritize to minimize their risk: closing exposed Remote Desktop Protocol (RDP) access, enabling multi-factor authorization (MFA), and patching vulnerable servers.
“We know from Sophos global survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate,” Harrison added.
“The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint and Sophos MDR's 24×7 coverage.”
Available as an expanded service with Sophos MDR, the new Managed Risk offering will work to assess an organization's external attack surface, prioritize the riskiest exposures, and provide tailored solution guidance to eliminate blind spots.
Sophos said customers will benefit from external attack surface management (EASM) for advanced identification and classification of Internet-connected assets, such as email servers, web applications, and public API endpoints. Users will also be able to take advantage of continuous monitoring and proactive notification of high-risk exposures, as well as vulnerability prioritization and identification of new threats.
Additionally, organizations will benefit from regular interaction and scheduled meetings with Sophos experts to review findings, insights and recommendations, as well as initiate consultations with the Sophos Managed Risk team through the company's core platform.
“While the latest zero-day may dominate the headlines, the biggest threat to organizations, by a wide margin, remains known vulnerabilities, or vulnerabilities for which patches are available,” said Greg Goetz, vice president of global strategic partners and Tenable MSSP. .
“A winning approach includes risk-based prioritization with context-based analytics to proactively address exposures before they become a problem.
“Sophos Managed Risk, powered by the Tenable One Exposure Management platform, delivers outsourced preventative risk management, enabling organizations to anticipate attacks and reduce cyber risk.”