Shopping Cart

No products in the cart.

Sophos MDR integrates third-party telemetry data

Sophos MTR Standard and Advanced has disappeared from our website. The empty seat is taken by the new Sophos MDR Service, a worthy successor with a decisive advantage. In this article, we’ll take a closer look at what this is, what it costs, and what license packages the service is divided into.

What happens to existing customers who previously used MTR Standard or Advanced, we have explained in the following blog post: Sophos MTR becomes MDR and gets new features

Briefly explained: What is Sophos MDR?

Managed Detection and Response is a fully managed service delivered around the clock (24/7) by Sophos experts. Since MDR is backed by a human team of analysts, programmers and threat hunters, the service excels especially in advanced types of attacks that cannot be detected by technological solutions alone. And this is exactly the supreme discipline in this day and age if you want to survive against ransomware attacks.

When MDR services became popular, there was previously a choice between the following two models: “Bring your own Technology” and “Single Vendor”.

Bring your own Technology MDR

In this offer, the MDR provider uses the customer’s existing tools, in which he has probably already invested a lot of money. Here, the MDR vendor provides its own people to operate these tools for the end customer, thereby providing them with a managed detection and response service.

However, this type of service has its weaknesses. In most cases, the MDR provider’s staff does not know the customer’s tools well enough, and is very limited in terms of the level of response. Most of the response tends to focus on providing guidance to the customer, who must implement it themselves.

Single Vendor MDR

The second category includes providers that have their product portfolio and sell MDR services as a kind of add-on package. As a result, they can respond to dangerous incidents or attacks much more quickly and accurately because the service is built on their tools, which they know inside and out.

The big drawback to the single-vendor model, however, is that it doesn’t offer integrations for third-party products. Thus, existing investments of the end customer cannot be used. To gain large-scale visibility across the corporate network, existing hardware and software must be replaced.

Does this sound familiar to you? Probably so because with the “Sophos MTR Standard and Advanced” offer, Sophos also belonged to this category so far.

Sophos MDR – The best of both worlds

With the new extended MDR service, Sophos is breaking out of the “single vendor model” and meeting customers where they are at the moment. So if investments have already been made in cybersecurity tools, they don’t necessarily need to be replaced. Instead, Sophos can use the security data from these tools with its MDR service. At the same time, however, the benefits of consolidation can be advanced. This relies on a unified toolset designed for collaboration.

So, Sophos offers the best of both worlds with its MDR service. Customers don’t have to compromise when it comes to whether they need more response time or want to use their existing tools. With Sophos MDR, you get both. 🤩

The Sophos MDR licenses

Sophos offers three levels of service to cover each of a customer’s use cases.

Sophos MDR Complete

The most popular option, Sophos MDR Complete (far right in the chart), offers comprehensive incident response capabilities that other vendors cannot provide without additional fees. You also have the opportunity to get in touch directly with the analysts of the MDR team. For example, if you need help or specific instructions (or just want some advice). Communication takes place either by email or via the direct hotline. There will always be someone available when it matters most (and not just during business hours).

Sophos MDR

The next level of service is Sophos MDR. Here, however, Sophos offers nothing that the vast majority of MDR vendors don’t already do today – 24/7 network monitoring, reporting, and threat intelligence. In doing so, the MDR team focuses on threat containment and seeks to disrupt and isolate active attacks. This buys time to take further action without causing additional damage to the company. Sophos MDR is an excellent offering for organizations that can act themselves after the threat has been contained.

Sophos Thread Advisor

The final tier is Sophos Thread Advisor and is only recommended for customers who already operate their own Service Operation Center (SOC) or purchase this service from a leading company. With the Thread Advisor service level, Sophos collects alerts from your network, merges them, and prioritizes them. You will then receive detailed instructions on what measures to take to combat these threats. Sophos Thread Advisor can be an incredibly valuable support for a SOC because you get another set of eyes to monitor.

By the way, we do not offer this product through our website because the pricing is individual and is not available to us through the price list. If you are interested, just ask us, and we will get a quote from Sophos for you.

Included integrations in Sophos MDR

Hands down, what makes MDR so much better than the earlier MTR product are the third-party integrations. These distinguish Sophos MDR and are indispensable for gaining a complete overview of a customer’s network so that the best possible responses and measures can be taken. Let’s take a look at what integrations are included in Sophos MDR for free.

Sophos product integrations

It is obvious that the connection of existing Sophos products are included. This includes “XDR” and “Sophos Endpoint Protection” completely. Note, however, that “Sophos Firewall”, “Sophos Email” and “Sophos Cloud” only include integration to analyze data from these products. The products themselves must be purchased separately if you want to use them.

One change that has also been implemented at no additional cost in Sophos MDR is the extension of the data retention period. Previously with MTR, only 30 days were included. As of today, Sophos has increased this to 90 days. This allows the MDR team a larger and more comprehensive study period.

Integrations from Microsoft

Of course, it has not escaped Sophos’s attention that Microsoft plays a role in practically every company and that various security tools are even included in some license packages. However, instead of picking a fight with Microsoft here, Sophos is much more trying to add value to Microsoft technologies. Thanks to the APIs that Microsoft provides for its products, security events can be stored in the data lake and used by the MDR team for analysis. In my view, this is a fantastic opportunity to make better decisions because you can now do this based on Microsoft and Sophos technologies.

Third-party integrations

At the bottom right of the top graph, you can see that Sophos MDR is also compatible with a variety of third-party endpoint technologies. This means that you can also run devices with Trend Micro, McAfee, SentinelOne, etc., for example, without having to exchange this software with the Sophos Endpoint Agent.

Add-on integration packages

In addition to the free integrations, which are already very extensive at this point, Sophos offers much more with paid add-on packages! 🤯

In addition to Sophos NDR, there are packages for “Firewalls”, “Identity Providers”, “Public Cloud”, “Emal” and “Network”. If the data retention period increased to 90 days is still not enough for you, you can extend it to one year with the add-on pack.

If you are interested in these add-on packages, just reach out to us, and we will make you an offer. Currently, there are no plans for us to add these products to our online store.

Now benefits from better detection and response

I hope I could show you in this article that Sophos MDR is a great service that is definitely worth the investment. If you’re looking for a comprehensive security solution that can detect even the most sophisticated threats and protect a business of any size from ransomware, phishing attacks and other online threats, Sophos MDR is the answer.

If you are already using other Sophos security products, such as Sophos XGS Firewall or Intercept X Advanced, then upgrading to MDR will give you even better protection. Existing customers with still active Central Endpoint or Server licenses are welcome to request a quote for an upgrade to MDR. All others will find the prices and information as usual on our product pages:

Do you have any questions about Sophos MDR that have not been answered in this article? Then get in touch with us today and let us know how we can make it even easier for you to get started with this important security solution.


David is responsible for order processing in our online store so that products and licenses are delivered quickly and efficiently. He provides our customers with comprehensive support in selecting the right Sophos product. David has in-depth knowledge of all Sophos products and provides specialized support for the Sophos Central segment.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.