Sophos Managed Risk Expands Capabilities with Internal Attack Surface Management (IASM) to Identify and Guide Organizations to Mitigate Internal Vulnerabilities
Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors.
'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.'
The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers.
Features of IASM for Sophos Managed Risk include:
Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network.
Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts.
Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity.
Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services.
The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments.
IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.
Learn more about the new Internal Attack Surface Management capabilities and Sophos Managed Risk, visit Sophos.com/Managed-Risk.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tahawul Tech
15-07-2025
- Tahawul Tech
Tenable named major player in IDC MarketScape for cloud-native app protection platforms
Tenable recently announced it has been named a Major Player in the debut IDC MarketScape: Worldwide Cloud-Native Application Protection Platform (CNAPP) 2025 Vendor Assessment. Tenable's position as a Major Player in the IDC MarketScape is based on a comprehensive evaluation of its capabilities and strategies. The assessment criteria include structured discussions, interviews with market leaders, and end-user experiences. According to the IDC MarketScape, 'Others described the critical visibility it provides in protecting sensitive data and how cloud workload protection delivered as a part of Tenable Cloud Security CNAPP provides its leaders with clear, actionable insights, reducing noise and focusing on critical vulnerabilities', With a focus on innovation and seamless integration with Tenable One, its flagship exposure management platform, Tenable Cloud Security delivers a complete, out-of-the-box CNAPP solution that empowers organisations to secure their entire cloud stack—across infrastructure, workloads, identities, data and AI—without the need for additional tools or modules. By reducing risk in the cloud with a CNAPP solution, organisations address one of the most critical pieces of their overall exposure profile. The report goes on to say that, 'Tenable Cloud Security provides visibility information tailored to specific cloud providers like AWS, GCP, Azure, and Oracle Cloud, eliminating the need for security personnel to translate findings. Each cloud risk finding is explained with its context, detailing the criticality level based on impact and likelihood of exploitation. Specific remediation guidance is provided'. Tenable Cloud Security provides visibility, context-rich prioritisation and identity-intelligent risk analysis to uncover toxic access combinations that others miss. With fast deployment, automated remediation workflows and unified risk insights spanning cloud and on-prem, Tenable enables security and DevOps teams to collaborate effectively, reduce tool sprawl and accelerate risk reduction. 'We believe being named a Major Player in the first-ever IDC MarketScape for CNAPP is a powerful validation of our strategy and our commitment to helping customers understand and reduce risk across not only their cloud environments, but their entire attack surface', said Eric Doerr, Chief Product Officer, Tenable. 'Reducing risk in the cloud goes a long way to managing exposure for the organisation as a whole. It's about providing the context and intelligence that enables organisations to prioritize what matters and proactively remediate flaws before they can be exploited. This recognition highlights the incredible progress and innovation we're delivering to our customers'. Image Credit: Tenable
Channel Post MEA
10-07-2025
- Channel Post MEA
Sophos Includes Tenable's IASM In Its Managed Risk Capabilities
Sophos has announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors. 'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.' The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers. Features of IASM for Sophos Managed Risk include: Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services. The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.
Web Release
08-07-2025
- Web Release
Untitled-30
Sophos Managed Risk Expands Capabilities with Internal Attack Surface Management (IASM) to Identify and Guide Organizations to Mitigate Internal Vulnerabilities
