Shopping Cart

No products in the cart.

Sophos MTR becomes MDR and gets new features

Sophos Managed Threat Response Service from Sophos will get a new name at the end of November – formerly Sophos MTR will become Sophos MDR. Find out what this name change means for existing customers and what new features will be added in this article.

Brief retrospect

In October 2019, Sophos introduced Managed Threat Response (MTR). It was a fully managed, around-the-clock service delivered by a team of Sophos experts. I wrote a blog post about it at the time, which you are welcome to review: Sophos MTR – 24/7 threat hunting by experts

So far, the service has been offered in two different versions – either the Standard or the Advanced variant. We found MTR promising right from the start, and to this day we can’t say anything bad about it. Our customers who use MTR Standard or Advanced are all very satisfied. However, in order not only to express our opinion, I would also like to refer to the statistics from Gartner Peer Insights. There, Sophos achieved an average rating of 4.8 with its MTR service, and 97% of the respondents would recommend the service to others.

No. 1 customer-rated MDR service in Gartner Peer Insights

4.8 average rating + 97% would recommend it to others

Sophos says it has won over 12,100 customers worldwide for Managed Threat Response since launch. The market share of this service has grown by 261% in 2021.

Changes for existing customers

Existing customers who already use MTR Standard or Advanced will only benefit when switching to MDR. Both MTR Standard and Advanced licenses will be upgraded to the new “MDR Complete” package at no additional cost. With this step, Sophos wants to reward the loyalty of customers who have trusted them with MTR so far.

By upgrading to MDR Complete, you’ll keep the same features as before, but you’ll even get additional benefits:

  • Compatibility with non-Sophos tools
  • Full-environment Detections and Investigations
  • Longer data storage in the data lake
  • Monthly MDR Webcast
Comparison table for Sophos MTR Standard / Advanced and MDR Complete

Feature set of Sophos MTR Standard / Advanced compared to the new Sophos MDR Complete. Existing performance is retained, new features are added.

Compatibility with non-Sophos tools

The biggest innovation in MDR is the support for third-party manufacturers. Here, security products from other vendors, such as Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace and many more can be used as data sources for analysis.

I think it goes without saying that the more the Sophos MDR team can see in your network, the greater the likelihood that an attack can be detected and remediated in time. In addition, customers who want to use the Sophos MDR service don’t have to replace all their existing security solutions, but can continue to use a Fortinet firewall, for example.

Extended data storage

Another improvement in MDR is the adjustment of data retention (Sophos Data Lake) from the previous 30 to 90 days. This enables analysts to better determine the cause of incidents and thus provide advice on how to defend against further attacks.

If the 90 days are not enough for you, you can extend the data storage up to one year with an additional license.

Monthly webcast

For MDR customers, Sophos exclusively distributes a so-called “ThreatCast” every month. In this webinar, experts from the MDR team, who work behind the scenes to protect your business, share their latest insights and observations on current threats.

Automatic update to MDR Complete

Once MDR Complete is officially available at the end of November, existing customers with MTR Standard and Advanced will be automatically switched to MDR Complete. So, you don’t have to do anything and can soon benefit from the new features.

More information


David is responsible for order processing in our online store so that products and licenses are delivered quickly and efficiently. He provides our customers with comprehensive support in selecting the right Sophos product. David has in-depth knowledge of all Sophos products and provides specialized support for the Sophos Central segment.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.