Sophos MTR becomes MDR and gets new features
Sophos Managed Threat Response Service from Sophos will get a new name at the end of November – formerly Sophos MTR will become Sophos MDR. Find out what this name change means for existing customers and what new features will be added in this article.
Brief retrospect
In October 2019, Sophos introduced Managed Threat Response (MTR). It was a fully managed, around-the-clock service delivered by a team of Sophos experts. I wrote a blog post about it at the time, which you are welcome to review: Sophos MTR – 24/7 threat hunting by experts
So far, the service has been offered in two different versions – either the Standard or the Advanced variant. We found MTR promising right from the start, and to this day we can’t say anything bad about it. Our customers who use MTR Standard or Advanced are all very satisfied. However, in order not only to express our opinion, I would also like to refer to the statistics from Gartner Peer Insights. There, Sophos achieved an average rating of 4.8 with its MTR service, and 97% of the respondents would recommend the service to others.
No. 1 customer-rated MDR service in Gartner Peer Insights
4.8 average rating + 97% would recommend it to others
Sophos says it has won over 12,100 customers worldwide for Managed Threat Response since launch. The market share of this service has grown by 261% in 2021.
Changes for existing customers
Existing customers who already use MTR Standard or Advanced will only benefit when switching to MDR. Both MTR Standard and Advanced licenses will be upgraded to the new “MDR Complete” package at no additional cost. With this step, Sophos wants to reward the loyalty of customers who have trusted them with MTR so far.
By upgrading to MDR Complete, you’ll keep the same features as before, but you’ll even get additional benefits:
- Compatibility with non-Sophos tools
- Full-environment Detections and Investigations
- Longer data storage in the data lake
- Monthly MDR Webcast
Feature set of Sophos MTR Standard / Advanced compared to the new Sophos MDR Complete. Existing performance is retained, new features are added.
Compatibility with non-Sophos tools
The biggest innovation in MDR is the support for third-party manufacturers. Here, security products from other vendors, such as Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace and many more can be used as data sources for analysis.
I think it goes without saying that the more the Sophos MDR team can see in your network, the greater the likelihood that an attack can be detected and remediated in time. In addition, customers who want to use the Sophos MDR service don’t have to replace all their existing security solutions, but can continue to use a Fortinet firewall, for example.
Extended data storage
Another improvement in MDR is the adjustment of data retention (Sophos Data Lake) from the previous 30 to 90 days. This enables analysts to better determine the cause of incidents and thus provide advice on how to defend against further attacks.
If the 90 days are not enough for you, you can extend the data storage up to one year with an additional license.
Monthly webcast
For MDR customers, Sophos exclusively distributes a so-called “ThreatCast” every month. In this webinar, experts from the MDR team, who work behind the scenes to protect your business, share their latest insights and observations on current threats.
Automatic update to MDR Complete
Once MDR Complete is officially available at the end of November, existing customers with MTR Standard and Advanced will be automatically switched to MDR Complete. So, you don’t have to do anything and can soon benefit from the new features.
More information
