Skip to content
Avanet
Managed Threat Detection - 24/7 monitoring and detection

Managed Threat Detection - 24/7 monitoring and detection

In this blog post, I would like to introduce you to Managed Threat Detection (MTD) for endpoints and servers, which has been available since the end of July 2021. With MTD, Sophos primarily targets customers who are (still) not ready to replace their existing endpoint and server solution from a third-party vendor with the Sophos agent. For all other customers who already have the Sophos agent installed on their computers and servers and are using at least Intercept X Essentials, Managed Threat Detection is not relevant.

The success story of Managed Threat Response (MTR)

Sophos recently announced that Managed Threat Response (MTR) now protects more than one million devices. The Managed Threat Response Standard and Advanced products are the two most expensive options for protecting computers and servers, but they also offer the highest level of security and detection. You get a team of experts made up of analysts, developers, and threat hunters who work around the clock (24/7) to protect you and your employees from cyberattacks.

Parallel operation with third-party vendors was previously not possible

“Sophos Managed Threat Response” requires the MTR client, which cannot be operated in parallel with solutions from third-party vendors such as Microsoft, Symantec, Kaspersky, McAfee, or others. The new “Managed Threat Detection” service, on the other hand, has been developed specifically for parallel use with third-party solutions and is intended to address an additional target group, helping Sophos get a foot in the door.

Anyone who now thinks that Managed Threat Detection lets them keep their third-party protection and, without the MTR client, still receive the same benefits as customers with Managed Threat Response is unfortunately mistaken.

Limitations

Doing without the powerful Sophos MTR client naturally comes with certain limitations. The following comparison table shows which functions you have to do without:

Sophos Central MTR & MTD comparison table

Notification as the only response option

With Managed Threat Response Standard and Advanced, you can choose between three response levels:

  1. Notification: If the Sophos MTR team identifies a threat event or an attack, it will inform you but will not take independent action. You receive a report covering the cause and the detection, together with practical steps you can take yourself to eliminate the threat.
  2. Collaboration: The Sophos MTR team works together with your internal IT team or, if desired, with an external IT provider and responds jointly to the relevant threats.
  3. Authorization: The MTR team independently handles containment and neutralization actions and only informs you about the measures that were taken.

With Managed Threat Detection, by contrast, only the “Notification” response option is available. You do receive an alert via the Central dashboard or by email when a threat has been identified by the MTR team, but you are responsible for neutralizing and removing it yourself. If it is an active threat where every second counts, the MTR team will at least give you a brief phone call, although really only in the case of active threats.

Sophos Rapid Response as a last resort

In the event of an active threat, you are effectively on your own with Managed Threat Detection when it comes to stopping an attack. The MTR team unfortunately cannot help here, as the in-house Sophos MTR client is not installed on the computers and servers. This is precisely where the protection from the third-party solution you use should really shine. If it does not, there is still the option of using the Sophos Rapid Response service. This gives you lightning-fast support from a Sophos expert team that disables the existing protection software on all computers and servers and installs the MTR client.

Important! Sophos Rapid Response is not part of Managed Threat Detection and must be purchased separately for a fixed price.

Final thoughts

With Managed Threat Detection, Sophos has created a service that makes the expertise of its MTR team available even to customers who have not built their network security on Sophos solutions. From a strategic perspective, this makes perfect sense. Even if an IT administrator decides today to equip the corporate network with solutions from Sophos in future, this cannot always be implemented at short notice. Existing contracts may get in the way, or active licenses may already have used up the budget for the next three years.

With Managed Threat Detection, Sophos has created exactly the kind of “add-on service” that can be considered in the short term to strengthen the security concept in such scenarios. The MTR team’s resources for detecting threats are thus made available to a much larger target group, which can only benefit Sophos. The more data that is available for analysis, the better the algorithms can be tuned, and it does not matter whether this data comes from customers with the MTR or the MTD agent.

As a general rule, we would always recommend the MTR variant to customers who want to protect their endpoints and servers with Sophos. We are also aware, however, that this solution is not designed for every budget. It is still better to orient yourself from the most expensive product with the highest level of security downward, because security solutions are just like insurance: you only regret saving money once the damage has been done. 😜

For everyone else who, for whatever reason, does not want or is not able to overhaul the entire infrastructure right away, Sophos Central Managed Threat Detection for endpoints and servers is certainly a strong addition. It is definitely advisable to have network activities monitored by a team of experts.

David

David

David is responsible for content, structure, and digital implementation at Avanet. His focus is on making complex technical topics clear, precise, and search-friendly.