Sophos Managed Risk Expands Capabilities with Internal Attack Surface Management (IASM) to Identify and Guide Organizations to Mitigate Internal Vulnerabilities
Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors.
'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.'
The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers.
Features of IASM for Sophos Managed Risk include:
Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network.
Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts.
Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity.
Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services.
The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments.
IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.
Learn more about the new Internal Attack Surface Management capabilities and Sophos Managed Risk, visit Sophos.com/Managed-Risk.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Channel Post MEA
6 hours ago
- Channel Post MEA
Tenable Unveils AI-driven Enhancements To VPR
Tenable has announced the next evolution of its industry-leading Tenable Vulnerability Priority Rating (VPR) to sharpen precision and focus on risks that pose the greatest threat. Powered by generative AI, enriched threat intelligence and context-aware scoring, Tenable VPR enables organizations to quickly understand vulnerability impact, weaponization and precise remediation actions. While static Common Vulnerability Scoring System ( CVSS ) broadly flags 60% of vulnerabilities as high or critical, Tenable VPR narrowed this to a focused 3% at its launch in 2019. With these latest AI-driven enhancements, Tenable VPR delivers twice the clarity and precision by leveraging real-time data to pinpoint the critical 1.6% of vulnerabilities that represent actual business risk. These efficiency gains, combined with enhanced explainability and contextualization, translate to faster mean-time-to-remediation, optimized resources, and strategically aligned security efforts with organizational priorities. 'Our biggest problem was noise. We had thousands of vulnerabilities, and no clear way to know which ones posed a genuine threat,' said Jorge Orchilles, senior director, Readiness and Proactive Security, Verizon. 'Tenable VPR changed that by showing us what attackers are actually exploiting right now. It lets us focus our resources on the handful of issues that truly matter, which has made a real, measurable difference in how quickly we can get critical patches out.' 'We're taking our game-changing Tenable VPR to the next level with these AI-powered enhancements,' said Eric Doerr, chief product officer, Tenable. 'Tenable VPR brings an unmatched precision and depth of threat intelligence, context and explainability to cyber operations. With these critical insights at their fingertips, organizations can clearly visualize why an exposure matters, where they are vulnerable and how to close their priority risks.' In addition to hyper-focused risk prioritization, key enhancements to Tenable VPR include: AI-powered insights and explainability: VPR insights provide instant clarity, helping users quickly grasp why an exposure matters, how it's been weaponized by threat actors, and receive clear, actionable mitigation guidance. AI-generated threat summaries and remediation insights help users quickly understand real-world risks and next steps. VPR insights provide instant clarity, helping users quickly grasp why an exposure matters, how it's been weaponized by threat actors, and receive clear, actionable mitigation guidance. AI-generated threat summaries and remediation insights help users quickly understand real-world risks and next steps. Prioritization with industry and regional context: Enhanced filtering, querying and metadata help organizations understand and prioritize vulnerabilities based on real-world threats to their specific industry and region, ensuring critical exposures relevant to the business are addressed first.
Web Release
5 days ago
- Web Release
Sophos Named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced that it has been named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP), marking the 16th consecutive time the company has received this recognition. Sophos has been recognized in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP) since the inaugural publication for this category in 2007. Sophos' market-leading endpoint security solutions include Sophos Endpoint powered by Intercept X, Sophos Extended Detection and Response (EDR/XDR), and Sophos Managed Detection and Response (MDR). Over 300,000 organizations trust Sophos endpoint security solutions to defend against cyberthreats, including advanced remote ransomware attacks and active adversaries. Unique to Sophos, the solution includes adaptive defenses that automatically disrupt attackers by dynamically adjusting protection levels based on threat context. 'Sophos' strength lies in its prevention-first strategy, designed to stop breaches before they start, adapt defenses in real time, and strengthen detection and response when it matters most,' said Kyle Falkenhagen, SVP, Product Management, Sophos. 'We believe that receiving this recognition in the highly competitive endpoint security market for 16 consecutive reports reflects our relentless focus on developing innovative solutions that stay ahead of the global threat landscape and the adversaries we face every day.' Sophos and Secureworks: The future of protection, detection, and response Following Sophos' acquisition of Secureworks in February 2025, combining two leading and complementary portfolios to offer a comprehensive suite of solutions for small, midmarket and enterprise organizations. Secureworks Taegis XDR customers can use Sophos Endpoint to elevate their cyber defenses — at no additional charge — delivering both improved protection and return on investment. The integration of Secureworks also adds a new Counter Threat Unit (CTU) to the Sophos X-Ops advanced threat response joint task force, further expanding the rich threat intelligence that informs all customers' defenses. Backed by Sophos' advanced security technologies and a broad network of intelligence contacts and partners, the CTU plays a critical role in identifying and tracking threat actors and analyzing anomalous activity, uncovering new attack techniques, threats, and major shifts in the threat landscape. Additional Sophos Recognitions In addition to this most-recent recognition, Sophos has also been named a 'Customers' Choice' vendor in the 2025 Gartner® Peer Insights™ Voice of the Customer Report for Endpoint Protection Platforms for the fourth consecutive year and in the inaugural Voice of the Customer Report for Extended Detection and Response. This makes Sophos the?only vendor?to be named a 'Customers' Choice' in both reports. For more about Sophos' recognition in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms, visit our blog, read the full report, or check out Sophos Endpoint Protection Platform website. Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Deepak Mishra, Franz Hinner, 14 July 2025 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
Channel Post MEA
5 days ago
- Channel Post MEA
Sophos Named Leader In 2025 Gartner Magic Quadrant For Endpoint Protection Platforms
Sophos has been named a Leader in the 2025 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP), marking the 16th consecutive time the company has received this recognition. Sophos has been recognized in the Gartner Magic Quadrant for Endpoint Protection Platforms (EPP) since the inaugural publication for this category in 2007. Sophos' market-leading endpoint security solutions include Sophos Endpoint powered by Intercept X, Sophos Extended Detection and Response (EDR/XDR), and Sophos Managed Detection and Response (MDR). Over 300,000 organizations trust Sophos endpoint security solutions to defend against cyberthreats, including advanced remote ransomware attacks and active adversaries. Unique to Sophos, the solution includes adaptive defenses that automatically disrupt attackers by dynamically adjusting protection levels based on threat context. 'Sophos' strength lies in its prevention-first strategy, designed to stop breaches before they start, adapt defenses in real time, and strengthen detection and response when it matters most,' said Kyle Falkenhagen, SVP, Product Management, Sophos. 'We believe that receiving this recognition in the highly competitive endpoint security market for 16 consecutive reports reflects our relentless focus on developing innovative solutions that stay ahead of the global threat landscape and the adversaries we face every day.' Sophos and Secureworks: The future of protection, detection, and response Following Sophos' acquisition of Secureworks in February 2025, combining two leading and complementary portfolios to offer a comprehensive suite of solutions for small, midmarket and enterprise organizations. Secureworks Taegis XDR customers can use Sophos Endpoint to elevate their cyber defenses — at no additional charge — delivering both improved protection and return on investment. The integration of Secureworks also adds a new Counter Threat Unit (CTU) to the Sophos X-Ops advanced threat response joint task force, further expanding the rich threat intelligence that informs all customers' defenses. Backed by Sophos' advanced security technologies and a broad network of intelligence contacts and partners, the CTU plays a critical role in identifying and tracking threat actors and analyzing anomalous activity, uncovering new attack techniques, threats, and major shifts in the threat landscape. Additional Sophos Recognitions In addition to this most-recent recognition, Sophos has also been named a 'Customers' Choice' vendor in the 2025 Gartner Peer Insights Voice of the Customer Report for Endpoint Protection Platforms for the fourth consecutive year and in the inaugural Voice of the Customer Report for Extended Detection and Response . This makes Sophos the only vendor to be named a 'Customers' Choice' in both reports.
