Home
Sophos Rapid Response - Immediate help for active threats
Sophos Central

Sophos Rapid Response - Immediate help for active threats

David - January 13, 2021

How do you think an IT administrator or CEO (who doesn't have an IT administrator) reacts when he realizes that a malware is just spreading in the company network and the whole operation is slowly coming to a halt?

Person who gets frightened

When such a situation occurs, every second counts to stop the attack as quickly as possible and limit the damage. And this is exactly where Sophos wants to make its contribution with Rapid Response.

What exactly is Rapid Response?

Sophos Rapid Response provides lightning-fast help when you find yourself in the situation of an active threat. The service is aimed at all customers, regardless of whether they already use a Sophos product or not.

The only ones among you who will never need Rapid Response are those who have a Sophos Central Intercept X Advanced with EDR and MTR license. With this, an elite security team is already taking care of threat detection in your organization 24/7 and will take immediate action in critical situations.

Available for you 24/7

Since every second counts in an attack, the cybersecurity analysts, as well as the onboarding team, work 24/7 to get customers out of the awkward situation directly. The high availability is absolutely necessary for such a service because such attacks usually don't happen at 9:00 on a Monday morning, but rather at 9:00 in the evening on a Friday, or even on Christmas Eve. 😬

Stopping the damage is the first priority

Fittingly in times of a pandemic, the service is performed entirely remotely. The goal is always to stop the damage, not to restore the original environment. You have to think of it like a fire department operation. If there is a fire in a house, Sophos would be the fire department, making sure that the fire is brought under control and extinguished. But Sophos is not responsible for rebuilding the house at the end.

Quick onboarding

In order for the Rapid Response Team to stop the attack on your organization, you first go through an onboarding process. This involves rolling out the Intercept X Advanced with EDR agent on all endpoints and servers to have the initial data available as quickly as possible to evaluate the situation. 

For customers who previously relied on another security vendor, the software will be temporarily deactivated or removed.

During the entire time the Rapid Response Team is working to contain the threat on your network and stop the attack, you will enjoy VIP status with a dedicated contact person. Note, however, that the service is currently only available in English.

Fixed price without hidden costs

Rapid Response is provided for 45 days at a fixed price. The price is calculated based on the number of users and the number of servers in the company.

For the 45 days, the customer is covered by the MTR Advanced Service. It does not matter if the unauthorized accesses could already be brought under control after two days. The "patient" still remains under constant surveillance for the remaining 43 days.

After these 45 days, the customer is free to decide whether he wants to continue protecting his computers and servers with the MTR Advanced License or switch back to his previous security vendor. However, the latter is probably only seriously considered in the fewest cases. 😅

Of course, it would also be possible to switch to a lower license, such as MTR Standard or Intercept X Advanced with EDR. However, I would not recommend anything below that.

Bottom line

I don't think anyone would like to get into the situation of being hit by a nasty malware that is not detected by the installed endpoint protection and can happily collect data undisturbed for months. And this is just one example of the behavior of a modern malware. When faced with such a disaster, there is nothing more reassuring than having an expert take care of the situation and get it under control as quickly as possible. So with Rapid Response, Sophos now has a solution.

But just because there's a service like this now, it doesn't mean you should be careless about protecting your network. You don't light a fire in your home thinking, "The fire department will be there if it gets out of control."

The goal must be to never have to call on the Sophos rapid response service. So for customers who already protect their computers and servers with Sophos Central, they should license at least Intercept X Advanced with EDR. Only EDR gives you professional tools to detect suspicious activity on the network that is not directly detected by Intercept X Advanced.

If you don't have the time to regularly check your network for suspicious activity, the MTR license lets you relax and let Sophos's team of experts do the work for you, 24/7! You get the same service as with Rapid Response. The only difference is that you can count on Sophos's best protection now, before it's already too late. 😎


More information

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential
Newsletter

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.