Skip to content
Avanet
Sophos MDR Integrates Third-Party Telemetry Data

Sophos MDR Integrates Third-Party Telemetry Data

Sophos MTR Standard and Advanced have disappeared from our website. Their place has been taken by the new Sophos MDR service, a worthy successor with one decisive advantage. In this article, we take a closer look at what that advantage is, what costs are involved, and how the service has been divided into license packages.

We explained what happens to existing customers who currently use MTR Standard or Advanced in the following blog post: Sophos MTR becomes MDR and gets new features

Briefly explained: What is Sophos MDR?

Managed Detection and Response is a fully managed service delivered around the clock (24/7) by Sophos experts. Because MDR is backed by a human team of analysts, developers, and threat hunters, the service is especially strong against advanced attacks that cannot be detected by technology alone. Today, that is the top discipline if you want to stand up to ransomware attacks.

When MDR services became popular, customers typically had to choose between two models: “Bring Your Own Technology” and “Single Vendor”.

Sophos MDR is the best of both worlds

Bring your own Technology MDR

With this offering, the MDR provider uses the customer’s existing tools, in which the customer has probably already invested a lot of money. The MDR provider supplies its own staff to operate these tools for the end customer and provide a Managed Detection and Response service.

However, this type of service has weaknesses. In most cases, the MDR provider’s staff do not know the customer’s tools well enough and are very limited when it comes to response depth. Most of the response is focused on giving the customer instructions that they then have to implement themselves.

Single Vendor MDR

The second category includes providers with their own product portfolio who sell MDR services as a kind of add-on package. This enables them to respond much faster and more precisely to dangerous incidents or attacks, because the service is built on their own tools, which they know inside out.

The major disadvantage of the single-vendor model, however, is that it offers no integrations for third-party products. Existing customer investments cannot be used. To gain broad visibility across the corporate network, existing hardware and software must be replaced.

Does that sound familiar? Probably, because with the “Sophos MTR Standard and Advanced” offering, Sophos previously belonged to this category as well.

Sophos MDR – The Best of Both Worlds

With the new extended MDR service, Sophos breaks out of the “single-vendor model” and meets customers where they are today. If they have already invested in cybersecurity tools, those tools do not necessarily have to be replaced. Instead, Sophos can use its MDR service to process security data from them. At the same time, customers can still pursue the benefits of consolidation by moving toward a unified toolset designed to work together.

Sophos MDR offers industry-leading openness and flexibility

With its MDR service, Sophos offers the best of both worlds. Customers do not have to compromise between faster response and continued use of their existing tools. With Sophos MDR, you get both. 🤩

The Sophos MDR Licenses

Sophos offers three service tiers that cover every customer use case.

Sophos MDR service tiers

Sophos MDR Complete

The most popular option, Sophos MDR Complete, shown on the far right of the graphic, offers comprehensive incident response capabilities that other providers cannot deliver without charging additional fees. You also have the option of contacting the analysts in the MDR team directly. For example, if you need help, precise instructions, or simply want some advice. Communication takes place either by email or via the direct hotline. Someone will always be available when it matters most, not just during business hours.

Sophos MDR

The next service tier is Sophos MDR. Here, however, Sophos does not offer anything that the vast majority of MDR providers are not already doing today: 24/7 network monitoring, report creation, and the provision of threat intelligence. The MDR team focuses on containing threats and attempts to interrupt and isolate active attacks. This buys time for further action to be taken without additional damage to the company. Sophos MDR is an excellent fit for organizations that are able to take action themselves once a threat has been contained.

Sophos Threat Advisor

The final tier is Sophos Threat Advisor and is recommended only for customers who already operate their own Security Operations Center, or SOC, or purchase this service from a leading provider. With the Threat Advisor service tier, Sophos collects alerts from your network, correlates them, and prioritizes them. You then receive detailed guidance on which measures should be taken to combat these threats. Sophos Threat Advisor can be incredibly valuable support for a SOC because it gives you another pair of eyes for oversight.

By the way, we do not offer this product through our website, as pricing is individual and not available to us through the price list. If you are interested, please contact us and we will obtain a quote from Sophos for you.

Included Integrations in Sophos MDR

No question: what makes MDR so much better than the previous MTR product is the integration of third-party products. These integrations define Sophos MDR and are essential for gaining a complete overview of a customer’s network and taking the best possible response measures. Let’s take a look at which integrations are included free of charge in Sophos MDR.

Sophos MDR included integrations

Integrations of Sophos Products

It goes without saying that integration with existing Sophos products is included. “XDR” and “Sophos Endpoint Protection” are fully included. Please note, however, that for “Sophos Firewall,” “Sophos Email,” and “Sophos Cloud,” only the integration for analyzing data from these products is included. The products themselves must be purchased separately if you want to use them.

Another change implemented in Sophos MDR at no additional cost is the extension of the data retention period. Previously, MTR included only 30 days. Sophos now increases this to 90 days, giving the MDR team a larger and more comprehensive investigation window.

Integrations from Microsoft

Of course, Sophos has not missed the fact that Microsoft plays a role in practically every company and that various security tools are even included in some license packages. Rather than starting a fight with Microsoft, Sophos is trying to add additional value to Microsoft technologies. Thanks to the APIs Microsoft provides for its products, security events can be stored in the Data Lake and used by the MDR team for analysis. From my point of view, this is a fantastic way to make better decisions, because they can now be based on both Microsoft and Sophos technologies.

Third-party integrations

At the bottom right of the graphic above, you can see that Sophos MDR is also compatible with a wide range of endpoint technologies from other vendors. This means you can, for example, run devices with Trend Micro, McAfee, SentinelOne, and others without having to replace that software with the Sophos Endpoint Agent.

Add-on Integration Packs

In addition to the free integrations, which are already very extensive at this point, Sophos offers much more with paid add-on packages! 🤯

Sophos MDR Add-ons (additional costs)

In addition to Sophos NDR, there are packages for “Firewalls”, “Identity Providers”, “Public Cloud”, “Email”, and “Network”. If the data retention period extended to 90 days is still not enough for you, you can extend it to one year with the add-on pack.

If you are interested in these add-on packages, please contact us and we will prepare an offer for you. At present, we do not plan to add these products to our online shop.

Benefit now from better detection and response

I hope I was able to show you in this article that Sophos MDR is a great service that is definitely worth the investment. If you are looking for a comprehensive security solution that can detect even the most sophisticated threats and protect a company of any size from ransomware, phishing attacks, and other online threats, then Sophos MDR is the right answer.

If you are already using other Sophos security products, such as the Sophos XGS Firewall or Intercept X Advanced, then an upgrade to MDR offers even better protection. Existing customers with active Central Endpoint or Server licenses can contact us for an upgrade offer to MDR. All others can find prices and information as usual on our product pages:

Do you still have questions about Sophos MDR that were not answered in this article? Then contact us today and let us know how we can make it even easier for you to get started with this important security solution.

David

David

David is responsible for content, structure, and digital implementation at Avanet. His focus is on making complex technical topics clear, precise, and search-friendly.