Skip to content
Avanet
Sophos Rapid Response – Immediate Help for Active Threats

Sophos Rapid Response – Immediate Help for Active Threats

How do you think an IT administrator or CEO (who doesn’t have an IT administrator) reacts when they realize that malware is spreading through the company network and operations are slowly coming to a standstill?

Jim Carry OMG Gif

When such a situation occurs, every second counts to stop the attack as quickly as possible and limit the damage. And this is exactly where Sophos wants to make a contribution with Rapid Response.

What exactly is Rapid Response?

Sophos Rapid Response offers lightning-fast help if you find yourself facing an active threat. The service is aimed at all customers, regardless of whether they already use a Sophos product or not.

The only ones among you who will never need Rapid Response are those who have a Sophos Central Intercept X Advanced with EDR and MTR licence. With this, an elite security team is already taking care of threat detection in your company 24/7 and will intervene immediately in critical situations.

Available for you 24/7

Since every second counts during an attack, the cyber security analysts, as well as the onboarding team, work 24/7 to get customers out of a critical situation as quickly as possible. This level of availability is absolutely essential for such a service, because attacks like these usually do not happen at 9:00 AM on a Monday morning, but rather at 9:00 PM on a Friday, or quite possibly on Christmas Eve. 😬

Stopping the damage is the first priority

In keeping with the times during a pandemic, the service is delivered entirely remotely. The goal is always to stop the damage, not to restore the original environment. Think of it like a fire department response: if a house is burning, Sophos is, in a sense, the fire department that brings the fire under control and puts it out. Sophos is not responsible for rebuilding the house afterwards.

Fast Onboarding

So that the Rapid Response Team can stop the attack on your company, you first go through an onboarding process. The Intercept X Advanced with EDR agent is rolled out to all endpoints and servers in order to have the initial data available for assessing the situation as quickly as possible.

For customers who have previously relied on another security vendor, that software is temporarily disabled or uninstalled straight away.

Throughout the time the Rapid Response Team is working to contain the threat in your network and stop the attack, you enjoy VIP status with a dedicated contact person. Note, however, that the service is currently only available in English.

Fixed price with no hidden costs

Rapid Response is provided for 45 days at a fixed price. The price is calculated based on the number of users and the number of servers in the company.

For the 45 days, the customer is covered by the MTR Advanced Service. It does not matter if the unauthorized access could be brought under control after just two days. The “patient” still remains under constant observation for the remaining 43 days.

After these 45 days, the customer is free to decide whether they want to continue protecting their computers and servers with the MTR Advanced licence in the future, or switch back to their previous security vendor. However, the latter will likely rarely be seriously considered. 😅

Of course, it would also be possible to switch to a lower licence, such as MTR Standard or Intercept X Advanced with EDR. However, I would not recommend anything below that.

Conclusion

I think no one wants to end up in a situation where nasty malware slips past the installed endpoint protection and quietly collects data undisturbed for months. And that is just one example of how modern malware behaves. When you are facing that kind of mess, there is probably nothing more reassuring than having an expert take care of it and get the situation under control as quickly as possible. With Rapid Response, Sophos now has a solution for exactly that.

But just because such a service now exists doesn’t mean you should be negligent with the protection of your network. You don’t light a fire in your apartment thinking: “The fire department will be there if it gets out of control.”

The goal must be to never have to call upon the Sophos Rapid Response Service if possible. For customers who already protect their computers and servers with Sophos Central, they should therefore license at least Intercept X Advanced with EDR. Only with EDR do you get professional tools to discover suspicious activities in the network that are not directly detected by Intercept X Advanced.

Anyone who doesn’t have the time to regularly hunt for suspicious activity in their network can sit back with the MTR licence and let the Sophos expert team do this work – 24/7! This gives you the same service as with Rapid Response. The only difference is that you can already count on the best protection from Sophos before disaster strikes. 😎

More information

David

David

David is responsible for content, structure, and digital implementation at Avanet. His focus is on making complex technical topics clear, precise, and search-friendly.