Skip to content
Avanet
Sophos Compromise Assessment – Was I attacked?

Sophos Compromise Assessment – Was I attacked?

Today I would like to introduce you to a new service from Sophos called “Sophos Compromise Assessment”. We will look at exactly what the service includes, who it is intended for, and how it differs from Rapid Response and MDR.

The Sophos Incident Response Services

Sophos currently offers two Incident Response Services: Rapid Response and Managed Detection and Response (MDR).

While Rapid Response provides immediate assistance in the event of an active threat, MDR gives you an elite security team that handles threat detection in your company 24/7 and is immediately available in critical situations.

The Sophos Service Offerings: Compromise Assessment (New), Rapid Response, and MDR.
The Sophos Service Offerings: Compromise Assessment (New), Rapid Response, and MDR.

Without question, for any company that wants to protect itself with Sophos software, the Sophos MDR service would be the safest and strongest option. Nevertheless, customers often struggle at first with the price. That is why many choose a variant without the service and rely on Intercept X Advanced for Deep Learning detection, or try to act as threat hunters themselves using the tools in XDR. This can work for long periods, but can you really be sure that your company has not already been attacked without you noticing? This is exactly where the new Sophos Compromise Assessment Service comes in.

Sophos Compromise Assessment Service

With Rapid Response, the incident has already happened. With CA (Compromise Assessment), on the other hand, you can gain clarity about whether your company has become the victim of an attack. A targeted assessment is carried out by the Incident Response Team and should take no longer than 7 days. The Sophos Compromise Assessment Service can save a company a great deal of time, resources, and money by helping to avoid major security gaps, extensive data loss, possible downtime, or even damage to the brand.

A CA is suitable for companies of all sizes:

  • who do not yet use Sophos MDR Service,
  • who suspect that a cyber incident has occurred and need experts to investigate it,
  • who want a routine examination to determine the health status of devices,
  • who require an IT audit due to compliance with regulations.

Provisioning and Onboarding

The Sophos Compromise Assessment Service is designed to investigate a smaller, targeted number of devices. It is a fast assessment process intended to quickly determine the risk level of a larger outbreak. For this reason, a CA does not require the MDR agent to be installed on every device in the company. In the first coordination meeting, the Sophos Incident Response Team will work with you to determine the number of devices of interest that need to be investigated. Sophos provides the following three options:

  • up to 5 devices
  • 6 - 10 devices
  • 11 - 20 devices

After the initial consultation, Sophos will prepare a cost estimate. To start with the CA, you must accept it and will then be supported by a team of experts with threat hunters and specialists at every stage of the investigation.

If you are interested in this service, unfortunately, you cannot order it directly via our website. It is best to contact us via the contact form or by phone so that we can connect you with the Sophos MDR Sales Desk. Please note that the Compromise Assessment Service is currently only available in English.

What happens after the Compromise Assessment?

As already mentioned, the CA should not last longer than 7 days. Afterwards, there will be a final discussion and a written report.

If the Incident Response Team can demonstrate with the collected data and analysis that one or more attackers have gained access to your network, the next step would be to engage Sophos Rapid Response to neutralize the threats as quickly as possible.

If no signs of a security breach are found, you can of course breathe a sigh of relief and enjoy that good feeling for a brief moment. 😄

Afterwards, you are free to continue with your existing protection concept or to consider switching directly to Sophos Managed Detection and Response (MDR). This equips your company with a 24/7 detection and response service that continuously reviews suspicious activity.

Conclusion

If your company has not yet been attacked, or at least you have not noticed it so far, the Sophos Compromise Assessment Service is certainly a good starting point for having experts analyse the current state precisely. It is a bit like a dental check-up. 😅 You may not notice any signs of tooth decay yourself. But only the check-up by the dentist can give you certainty as to whether all your teeth are healthy or whether tooth decay has already started without you noticing.

I think you’ll agree with me that a check-up is always more pleasant than having to react in an emergency. Therefore, the path to Sophos MDR via the new Compromise Assessment Service is certainly preferable to having to call the emergency number of Rapid Response during an attack.

More information

David

David

David is responsible for content, structure, and digital implementation at Avanet. His focus is on making complex technical topics clear, precise, and search-friendly.