Cybercriminals are continuously adapting new methods and increasingly launching hybrid attacks that combine automation with interactive human ingenuity to effectively evade detection. Once they gain a foothold, they’ll employ ‘Living off the land’ techniques and other deceptive methods that human interaction to discover and disrupt their attacks.
Such moves require improved managed detection and response [MDR] services that go beyond just notifying users on threats and any suspicious events but a team of skilled threat hunters and response experts who can act on users’ behalf to neutralize even the most sophisticated threats.
Joe Levy, the Chief Technology Officer at Sophos says most MDR services simply notify customers of potential threats and then leave it up to them to manage things from there. Sophos Managed Threat Response (MTR) not only augments internal teams with additional threat intelligence, unparalleled product expertise, and around-the-clock coverage, but also gives customers the option of having a highly trained team of response experts take targeted actions on their behalf to neutralize even the most sophisticated threats.
Sophos’ MTR is a fully managed threat hunting, detection and response service that provides organizations with a dedicated 24/7 security team to neutralize the most sophisticated and complex threats.
These types of threats include active attackers leveraging fileless attacks and administrator tools such as PowerShell to escalate privileges, exfiltrate data and spread laterally, as explained in the SophosLabs Uncut article on Lemon Duck PowerShell malware. Attacks like these are difficult to detect since they involve an active adversary using legitimate tools for nefarious purposes.
Built on Intercept X Advanced with endpoint detection and response (EDR), Sophos MTR fuses machine learning with expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats. These innovative capabilities are based on Sophos’ acquisitions of Rook Security and DarkBytes technology, and include:
- Expert-led threat hunting: Sophos MTR anticipates attacker behavior and identifies new indicators of attack and compromise. Sophos threat hunters proactively hunt for and validate potential threats and incidents, and investigate casual and adjacent events to discover new threats that previously couldn’t be detected
- Advanced adversarial detection: Sophos MTR uses proven investigation techniques to differentiate legitimate behavior from the tactics, techniques and procedures (TTPs) used by attackers. Coupled with enhanced telemetry from Sophos Central, which provides a detailed, full picture of adversary activities as part of the service, the scope and severity of threats can be determined for rapid response
- Machine-accelerated human response: A highly trained team of world-class experts generates and applies threat intelligence to confirm threats, and acts to remotely disrupt, contain and neutralize threats with speed and precision
- Asset discovery and prescriptive security health guidance: Sophos MTR provides valuable insights into managed and unmanaged assets, vulnerabilities for better informed impact assessments and threat hunts. Prescriptive and actionable guidance for addressing configuration and architecture weaknesses enables organizations to proactively improve their security posture with hardened defenses
Sophos MTR is customizable with different service tiers and response modes to meet the unique and evolving needs of organizations of all sizes and maturity levels. Unlike many MDR services that focus on monitoring and threat notification, Sophos MTR rapidly escalates and acts against threats based on an organization’s preferences.