Skip to content
Avanet
Sophos MTR becomes MDR and gets new features

Sophos MTR becomes MDR and gets new features

The Sophos Managed Threat Response service will receive a new name at the end of November: Sophos MTR will become Sophos MDR. In this post, you will learn what this name change means for existing customers and which new features will be added.

A brief review

In October 2019, Sophos introduced Managed Threat Response (MTR). This was a fully managed, round-the-clock service provided by a team of experts from Sophos. I wrote a blog post about it back then, which you are welcome to read again: Sophos MTR – 24/7 Threat Hunting by Experts

Until now, the service has been offered in two versions: Standard and Advanced. We found MTR promising from the start and still have nothing negative to say about it today. All of our customers using MTR Standard or Advanced are very satisfied. To avoid relying only on our own opinion, I also like to point to the statistics from Gartner Peer Insights. There, Sophos achieved an average rating of 4.8 for its MTR service, and 97% of respondents would recommend it.

No. 1 customer-rated MDR Service in Gartner Peer Insights

4.8 average rating + 97% would recommend it

According to Sophos, more than 12,100 customers worldwide have adopted Managed Threat Response since its launch. The market share of this service grew by 261% in 2021.

Changes for existing customers

Existing customers who already use MTR Standard or Advanced will only benefit from the switch to MDR. Both MTR Standard and Advanced licenses will be upgraded to the new “MDR Complete” package at no additional cost. With this step, Sophos wants to reward the loyalty of customers who have placed their trust in MTR so far.

With the upgrade to MDR Complete, you will retain the existing functionality but also gain additional benefits:

  • Compatibility with non-Sophos tools
  • Full exploration and investigation in the network
  • Longer data retention in the Data Lake
  • Monthly MDR Webcast
Comparison table for Sophos MTR Standard / Advanced and MDR Complete
Feature scope of Sophos MTR Standard / Advanced compared with the new Sophos MDR Complete. Existing service capabilities remain, and new features are added.

Compatibility with non-Sophos tools

The biggest new feature in MDR is support for third-party vendors. Security products from other providers, such as Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace, and many others, can be used as data sources for analysis.

I think it goes without saying: the more the Sophos MDR team can see in your network, the greater the likelihood that an attack can be detected and eliminated in time. In addition, customers who want to use the Sophos MDR service do not have to replace all existing security solutions and can, for example, continue using a Fortinet firewall.

Extended data retention

Another improvement with MDR is the adjustment of data retention (Sophos Data Lake) from the previous 30 to 90 days. This allows analysts to better determine the root cause of incidents and thus provide advice on how to defend against further attacks.

If 90 days are not enough for you, you can extend data retention up to one year with an additional license.

Monthly Webcast

For MDR customers, Sophos provides an exclusive monthly “ThreatCast”. In this webinar, experts from the MDR team who protect your company behind the scenes share their latest findings and observations on current threats.

Automatic update to MDR Complete

As soon as MDR Complete is officially available at the end of November, existing customers with MTR Standard and Advanced will automatically be switched to MDR Complete. So you don’t have to do anything and can soon benefit from the new features.

More information

David

David

David is responsible for content, structure, and digital implementation at Avanet. His focus is on making complex technical topics clear, precise, and search-friendly.