Shopping Cart

No products in the cart.

Sophos Compromise Assessment – Have I been breached?

Today I would like to introduce you to a new service from Sophos called “Sophos Compromise Assessment”. In doing so, we’ll look at exactly what the service entails, who it’s for, and where the differences are with Rapid Response and MDR.

The Sophos Incident Response Services

Sophos currently offers two incident response services: Rapid Response and Managed Detection and Response (MDR).

While Rapid Response comes into play as an immediate response to active threats, with MDR an elite security team takes care of threat detection in your organization 24/7 and is immediately on hand to deal with critical situations.

Sophos service offerings: Compromise Assessment (New), Rapid Response and MDR.
Sophos service offerings: Compromise Assessment (New), Rapid Response and MDR.

Undoubtedly, for any company that wants to be protected with Sophos software, the Sophos MDR service would be the most secure and best product. Nevertheless, customers initially find it tough to pay the price. That’s why most people opt for a variant without the service and rely on detection with deep learning with Intercept X Advanced or try their hand at being a threat hunter themselves with the help of the tools in XDR. This can work quite well for a long time, but can you really be sure that your company has not already been attacked without you realizing it? This is where Sophos’s new Compromise Assessment Service comes in.

Sophos Compromise Assessment Service

While with Rapid Response the disaster has already happened, with CA (Compromise Assessment) you can get clarity on whether your organization has been the victim of an attack. This will involve a targeted assessment by the Incident Response Team, which will take no longer than 7 days. Sophos’s Compromise Assessment Service can save a company a lot of time, resources and money by preventing major security breaches, extensive data loss, potential downtime or even brand damage.

A CA is suitable for companies of any size:

  • who are not yet using a Sophos MDR service,
  • who suspect that a cyber incident has occurred and need experts to verify it,
  • Who want a routine examination to determine the health status of equipment,
  • that require an IT audit due to regulatory compliance.

Deployment and Onboarding

Sophos’s Compromise Assessment Service is designed to investigate a smaller, targeted number of devices. It is a rapid assessment procedure to quickly determine the level of risk of a major outbreak. Therefore, it is not necessary for a CA to install the MDR agent on all devices in the enterprise. The Sophos incident response team will work with you during the initial coordination meeting to determine the number of devices of interest that need to be investigated. Sophos provides for the following three variants here:

  • up to 5 devices
  • 6 – 10 devices
  • 11 – 20 devices

After the initial site meeting, Sophos will prepare a cost estimate. To start with the CA, you’ll have to accept it and then you’ll be assisted by a team of experts with threat hunters and specialists at every stage of the investigation.

If you are interested in this service, unfortunately you cannot order it directly from our website. The best way to get in touch is via the contact form or by phone, so we can connect you with the Sophos MDR Sales Desk. Please note that the Compromise Assessment Service is currently only available in English.

What happens after the Compromise Assessment?

As already mentioned, the CA should not last longer than 7 days. Afterwards, there is a final interview and a written report.

If the incident response team is able to use the data and analysis collected to show that one or more attackers have entered your network, the next step would be to call on Sophos Rapid Response to neutralize the threats as quickly as possible.

If no signs of a security breach were found, you can of course breathe a sigh of relief and enjoy the good feeling for a short moment. 😄

After that, you are free to continue with your current protection plan or consider switching to Sophos Managed Detection and Response (MDR) right away. This equips your company with a 24/7 detection and response service, which means that suspicious activity is checked continuously.


If your company has not yet been attacked, or at least you have not noticed it until now, the Sophos Compromise Assessment Service is certainly a good start to have the experts analyze the current state in detail. It’s a little like having your teeth checked at the dentist. 😅 You may not be able to detect any signs of tooth decay yourself. However, only a check-up by the dentist can give you certainty whether all your teeth are healthy or whether an attack of caries has already taken place – which you have not yet noticed.

I think you agree with me that a control is in any case more pleasant than if an emergency response is already required. Therefore, going to Sophos MDR via the new Compromise Assessment Service is certainly preferable to having to dial the Rapid Response emergency number during an attack.

More information


David is responsible for order processing in our online store so that products and licenses are delivered quickly and efficiently. He provides our customers with comprehensive support in selecting the right Sophos product. David has in-depth knowledge of all Sophos products and provides specialized support for the Sophos Central segment.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.