Posts

WEBINAR RECAP: Ransomware in the real world. Is your IT Department ready to be attacked?

Ransomware in the real world

Last week, we hosted a Webinar to ask businesses if their IT department is really ready for a ransomware attack.

Over 50% of businesses will be victim of Ransomware in 2022, and the average bill to rectify an attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more… will be over £1.3m!

Did you miss it? Or would you like to watch it again? Well, the good news is that we recorded it and you can check it out here:

 

Your Questions, Answered.

A sign of a good webinar is the quality of the questions asked at the end. We had too many questions to be able to answer them all in the time allowed so James and Kosta have answered anything we didn’t have time for during the session.

Remember, if you you would like to find out more about Sophos MTR, have any questions around cybersecurity or need advice for your IT team, please reach out to James directly, [email protected], or call one of the team 01235 433900

 

What about false positives within Powershell and ps1 files, repositories like PSGet, NuGet etc – these constantly get flagged in our org with Defender Endpoint!

We would suggest if these are trusted internal tools they should be excluded from Scanning based on their HASH values or path. If these are dynamic libraries then in Sophos central we would create a policy for staff allowed to use these system tools and restrict all other user access to these tools.

 

How much Sophos will be responsible in case of a Ransomware attack?

If your business only has the Sophos Endpoint products, firewalls or email products in the case of an attack Sophos will provide remote support but hold no responsibility as the configuration and management of the platform is the responsibility of the business. However if the MTR service is in use then the business does have a level of protection from Sophos and the remediation services are covered under your contract.

 

How do we get the board to take cybersecurity seriously? We’ve covered the basics in terms of controls, but anytime I try to increase budget to add additional controls – it gets pushed back.

The best option to get senior management / board to take ownership of cyber security and cyber insurance is to use the scare factor of examples like our cyber victim where all senior management, directors and the board where removed from their posts under gross negligence as part of the work that took place to recover the business. Many of these have struggled to get new roles following the merger of the business because of the legacy association with such a large scale failure.

Michael Davey

What are the biggest cybersecurity threats right now?

The biggest threat remains ransomware and this continues to appear in different forms and flavours but ultimately the goal remains the same and that is to disrupt system usage.

 

Am I spending enough, appropriately on information security-related tools and controls? (Is there a network security or information security tool I should buy?)

There is no golden figure for how much to spend on protection but what you need to do is take a risk based assessment on what protection you have in place and make sure you are covering the full stack and have a solution in place for every risk in the system.

 

Not convinced that cyber insurance provides any real cover

Cyber Insurance is only going to work for you and your business if you have the right tools in place to protect the business in the first place as with car insurance they wont pay out if you are negligent , it is up to you and your business to make sure you have the correct protection in place.

 

Who would you recommend in terms of cyber security insurance providers?

We don’t directly recommend providers.

Cybersecurity health check

If you have someone in your team who is a disgruntled Employee and may be leaving the company and they leave a logic bomb on your network without you knowing it would Cyber Security Insurance cover this or would it then be void as its happened within your own team? What would be the legal response to this?

This is a very loaded question. In most cases, Cybersecurity Insurance will protect against this provided you have all other requirements in place. If however this disgruntled employee was part of your security team, that may raise questions around your employee vetting process and you may need to lean on your employee terms and conditions, specifically your computer misuse act should you need to follow up with legal proceedings.

 

Is the standard Sophos Endpoint not enough either?

We would recommend Sophos Intercept X as a minimum for protection in 2022.

 

Are there any courses that you would recommend for Cyber Security specialisation?

We would recommend you look at CISSP and then anything linked to business solutions you have in place.

 

Are the MTR team UK based?

Sophos MTR is a global follow the sun team. There is a UK team as part of this but to enable truly 24/7 support this is covered by a global team.

 

How do we get the board to take cybersecurity seriously? We’ve covered the basics in terms of controls, but anytime I try to increase budget to add additional controls – it gets pushed back.

The best option to get senior management / board to take ownership of cyber security and cyber insurance is to use the scare factor of examples like our cyber victim where all senior management, directors and the board where removed from their posts under gross negligence as part of the work that took place to recover the business. Many of these have struggled to get new roles following the merger of the business because of the legacy association with such a large scale failure

 

For us, the major deficiency we see today is not with attacks via known end points or servers but the chances of unknown devices being attached to our networks. This is an area which I feel very few companies or vendors are addressing well and cost effectively so I’d love to know if this is an area you guys both Planet and Sophos are investigating/investing in?

There are a number of NAC product’s that have surfaced over the years to try and fill this gap. What we are seeing the the solution for most business now is to terminate all VLAN’s on the firewall and use the synchronised security aspects of the Sophos XGS firewall to remove unwanted network traffic in controlled sectors, with only trusted devices being able to route traffic.

 

Is webinar recorded?

Yes, you can watch it here: https://youtu.be/qLPPw4kndy4

 

 

Webinar Recap: Microsoft New Commerce Experience – Big changes are coming!

Microsoft NCE changes

This week, we hosted a Live Webinar where we outlined the upcoming changes to how Microsoft sell their licences and it affects organisation of all kinds – what Microsoft are calling their New Commerce Experience (NCE).

🚨 As a Microsoft Gold Partner. we were one of the first in the UK to present this. We were so early in fact, that only a couple of short hours after the webinar, Microsoft announced that they will be pushing back the release date for New Commerce Experience from October 14 2021 to January 2022! 🚨

The reality is, that it is still happening. This just gives us a little more time to decide on the licences that best suit your organisation.

So please still watch the webinar recording below. All the information is still key to making the right decision for your business. To ask any specific questions about your situation, reach out to your Planet IT account manager or email [email protected].

On the webinar, our resident Accredited Microsoft Experts, James Dell & Adam Harrison covered:

✅ The price increases for CSP licences.

✅ Open licensing is moving to CSP. How will this affect you?

✅ How the Enterprise Agreement resizing will affect you.

✅ How CSP licensing terms are changing.

✅ How these changes effect your existing licensing

 

Did you miss it? Or would you like to watch it again? Well, the good news is that we recorded it and you can check it out here:

Your Questions, Answered.

We received lots of questions throughout the webinar and did our best to answer them. Watch the recording to see if your questions would be answered at the end, however if you have any more, please reach out to James himself on 01235 433900 or email directly: [email protected].

Remember to ask him about our Microsoft 365 health Checks!

 

 

 

 

Virtual Roundtable Recap: Facing and Overcoming IT Challenges In Education

Education IT Event

This week, our panel of special guests came together for an educational virtual round table event. Our panellists discussed the challenges they have faced in their education provider and how as IT professionals, they overcame these challenges.

We also opened the floor up to our selected guests so that the panel could try to help them with their challenges.

Our panel included:

David Higgs, Security and Service Experience Centre Lead at Imperial College London

Mike Pearce, ICT Network Manager at St. Cuthbert’s Roman Catholic Academy Trust

Graham Rivers, ICT Network Manager Moulsford Prep School

James Dell, Head of Technical Architecture and Education specialist at Planet IT

 

Discussion Points included:

  • The challenges encountered when delivering IT solutions to their organisation
  • How our guests overcame these challenges and turned them into successes
  • New trends & technologies critical for educational IT in the next 12 months
  • The ever increasing threat of cyber attack
  • BYOD (Bring Your Own Device)
  • Hiring and building a team on a budget

 

Did you miss it? Or would you like to watch it again? Well, the good news is that we recorded it and you can check it out here:

Remember, if you you have any questions or challenges that you dafe in your Education IT career, then please reach out to James Dell and he would be more than happy to talk you through the solutions he found to any similar obstacles. Call 01235 433900 or email [email protected]

 

Internet Explorer is Dead – What you need to do now

Internet explorer

Internet explorer is finally coming to the end of its long slow walk to its grave. As of the 15th of June 2022, all devices not running an LTSC or Long Terms Servicing Channel version of Windows 10 or Windows Server will lose the application as part of the 15th of June update.

However, this is much larger than many would initially perceive. Many custom-built or 3rd Party applications use the IE framework to deliver content and allow users to interact with their platforms. The removal of internet explorer, which long advertised and overdue, will affect many businesses adversely.

To make your life a little easier there are actions you can complete now to engage the Microsoft Edge support for many of these legacy programs, and to make life easier, you can follow the steps on page 5 and 6 of this document, from Microsoft that will help you make your business Microsoft Edge ready.

Does It Matter?

For many of you, this won’t be an issue, but remember now is the time to be testing this; if you have any application that opens on IE11 session by default on Windows 10 or Windows Server, you need to ensure it runs in Microsoft Edge before the 15th or move the server/ desktop to the long-term servicing channel if you cannot support the application.

As a side note, it is worth noting that Office 365 and all Microsoft services will not support Internet Explorer from the 17th of August in any form, so while you can use IE on LSTC to support custom applications, you will struggle to use the product for anything outside of these products and Microsoft. Many other vendors are moving fast to drop Internet Explorer from their supported browsers lists.

If you have 3rd party applications which rely on Internet Explorer, now is the time to be reaching out to my team at Planet IT to start looking at how you move away as not only is this issue going to become worse but with no updated Internet Explorer is likely to be a source for vulnerabilities we see when scanning people’s networks.

If you want to talk to one of our team about how we can help you move away from Internet Explorer and associated 3rd party applications. Then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly, you can reach out to me via DM or at [email protected].

IE death

 

Education in Focus: Biggest IT Refresh Year Ever

Education IT

There comes a point in the academic year where exams ramp up, teachers, lectures and support staff are focused on getting student’s through their end of year exams and keeping the momentum up until the summer break.

Meanwhile in the cool dark of the server room, the IT Support teams across all academic settings are preparing for the calm before the storm.

This year, while we may not be seeing exams like we previously would, the IT Teams in our educational establishments are preparing for their busiest summer refreshes ever. The woes of 2020 are behind us and the shift to classroom learning returning for 2021/22, the push is on to make the infrastructure improvements that were put off during COVID.

Saying all that, budgets are likely to also be tighter than ever. So how can IT teams get the absolute most out of their IT projects?

To help we have put together 5 top tips for smashing your summer projects in 2021

Plan Early

When it comes to any form of IT project the further ahead you are planning the better chance of success you have, so start early!

Engage vendors and technology partners. Test the market and understand your options. If you are looking 6 months ahead of where you need to be, then when do you have to make the choice on the technology or the vendors you are going to use? Be armed with all the information you need so you can overcome the challenges the project throws at you.

School ITHave a contingency plan

As you begin to plan your project, look at the what if’s…

For example, if you are replacing a server infrastructure, what happens if the new servers fail? Or before you have moved the data, if the old servers fail, do you have a backup? Have you tested it?

By implementing a rock-solid contingency plan you are positioning yourselves in such a way that you can overcome whatever challenges come your way.

Choose a partner you can trust

Remember you are not in this alone.

Whatever the chosen project you are undertaking there are partners who will help you achieve the goals of your organisation. However not all partners are equal. Not all partners have the same approach.

Find a partner who has the certifications and accreditations with the vendors you want to work with, i.e Dell Gold Partner or Microsoft Gold Partner with certified engineers. Don’t settle for “the local firm” as 9 times out of 10 they will get out of their depth very quickly. They’ll can end up making the challenges of delivering IT in education much worse.

So, pick a partner you can trust, and you know when you’re up against it, will have your back!

Only choose best of breed technology and don’t settle for last generation.

Lots of companies see education as an opportunity to move stock which the corporate world no longer wants – for example, servers which are now end of sale or software which has been pushed into its last few operational years.

You should never settle for anything other than the best in breed technology for your establishment. If budgets constrain that, reduce the scope of the project or limit the technology used. Don’t settle for old, refurbished or reconditioned equipment just to hit a financial goal. In the long term, you will pay the price when the equipment cannot be serviced and needs replacing before the business has got the full value from the solution.

Maximise gains using operations leasing

When making purchases in education, you have a great opportunity to access low cost or even free finance offerings for all of your large purchases. So, leverage these deals to extend your budget.

Limit the capex spend and get the best solution you can and prevent the project delays of stretching upgrades over 2-3 years which really need to be done today.

Using these top tips, your organisations should be able to avoid the pitfalls of so many education providers in the past and make sure you take step in the right direction when making your upgrade this summer.

Just remember you are not alone. At Planet IT we have a team of specialists who can not only support you with the decision making and selection of new equipment, but can support with the role out, implementations and upgrades to your systems.

If you want to talk to one of our educational team about how we can help you with your summer projects then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

 

Backup Webinar Recap: The Uncomfortable Truths

Backup webinar recap

This week, we hosted a Live Webinar based all around the Uncomfortable Truths about your Backups.

Our resident Backup guru, Michael Davey was joined by Arcserve expert, Steve Butterfield and between them they covered

✅ Microsoft 365 data protection

✅ Immutable storage & Ransomware Protection

✅ How are you storing your data & the 3-2-1 rule

✅ Scaling your infrastructure with Backup & DR

✅ How to combat storage creep

 

Did you miss it? Or would you like to watch it again? Well, the good news is that we recorded it and you can check it out here:

Your Questions, Answered.

We received lots of questions throughout the webinar. Unfortunately we weren’t able to answer them all during the live session so we have compiled them all and asked Michael and Steve to answer them again.

Remember, if you you would like to find out more about backup in general or speak about your own backups specifically, get in reach out to your Planet IT account manager, call 01235 433900 or email [email protected]

 

Would cycled tapes not be immutable being out of the drive most of the time?

Tape and especially WORM tape were the original air-gapped / immutable storage

While out of the drive then tapes are largely immutable outside of extremes involving strong magnets, But you do have to put them in the libraries to use them which brings two issues,

1. They are available to be overwritten while in the library.

2. They require manual intervention to remove/replace.

However, definitely a big improvement over no airgap.

 

What is the licensing model? Is it based upon per user for 365 and per source TB for onsite storage?

Universal licensing which runs on your own hardware or VM covers all data sources including O365 and so is

licensed per TB of protected data, no limits on retention and can be any mix of Physical machines, Virtual machines and O365

Per user licensing is also available and may be of interest if you are adding it to existing Arcserve licensing.

Per user or per TB licensing is available from our cloud (SAS Offering )subject to a max of 100 users per TB for capacity based licensing )

 

The reason people do Full backups is because incremental backups all depend on the previous ones , isn’t that a disaster waiting to happen with incremental forever ?

Our Incrementals act and restore like Full backups, they do not depend on any other incremental backup therefore one “Broken” incremental affects neither the incremental before or after it.

 

What is the most common security breach you see that can also impact backups?

I think Michael answered this but a stat for you from Sophos “The state of Ransomware 2021”

37% of the 5400 respondents surveyed were hit by Ransomware in the last year

Ransomware is still the major threat

 

 

A pretty bold statement was made “Completely Ransomware Safe” Can you back this claim with something factual?

Like Unsinkable ships, Completely ransomware safe is conditional on the type of attack i.e. Nothing is completely safe if Physical access is allowed for instance , however we believe that our Ransomware capability is the strongest and most complete in the industry and we are the only backup vendor to offer a Money Back Guarantee.

For 0365 backup only do we need an onsite appliance?

You have choice, You can purchase Arcserve UDP and have it protect O365 in the following ways

  1. An Appliance running on Prem or in hosted Colo
  2. Software running on your own hardware, VM or in your own public or private cloud instance
  3. Software as a service running from our Cloud based from our Datacentre in Manchester or AWS in London ( Other Geo’s are available )

While On-Prem may seem an odd choice to some for a cloud based service, do remember the 3-2-1 rule and the fact that even in the event of an Internet or Azure outage you could still access your data locally. The main thing is it is held elsewhere so we would always caution against any service backing up O365 which is hosted in Azure

 

 

What is Conditional Access, and why is it an essential part of your security posture?

Conditional Access

By now, you should be aware that the modern digital landscape is full of threat actors. That are always looking for any opportunity to find a weakness in a business’s security posture and then leverage this to gain unauthorised access to data for malicious reasons.

To protect against these attacks, we often look at antivirus and anti-ransomware technology and products like MFA or Two-factor authentication. The truth is that MFA is part of much larger protection that can be afforded a system through an approach known as Conditional Access.

How does Conditional Access work?

Conditional Access (CA) is the process of defining entry vectors and criteria; in its most simplistic form, consider CA to be a door that only opens if you are wearing the right clothes, have arrived in the right vehicle, and are holding your ID. In real terms, CA allows a business to define controls around what can be accessed by who, from where and under what circumstances.

I feel that conditional access is an underutilised part of any defence arsenal. This is partly due to a lack of understanding in the IT community about the technology and a misconception about its limitations. These beliefs and options come from a legacy of Software as a Service (SaaS) and on-premises infrastructure being integrated minimally, however with modern SaaS, IaaS, PaaS and on-prem working in a heavily integrated way. Conditional Access allows you to take advantage of the proper protection that can be afforded a system without comprise.

Is it widely used?

All the major SaaS, IaaS and PaaS vendors support conditional access, and an optimum way to deploy the technology is as such.

  • Limit access to login to Geo Locations that are trusted and used by the business
  • Allow internal networks or trusted networks to have fast passed authentication
  • Only allow data access from trusted and complaint enrolled devices
  • Require MFA in any location that is not inside a trusted network
  • Remove support for legacy authentication methods
  • Deploy true Single Sign-on across all platforms and devices
  • Limit access to the data and services a user needs based on the roles of that user
  • Only allow devices that have Antivirus and Anti-ransomware installed and up to date
  • Only enable devices that have the latest operating system updates
  • Integrate all systems into a single platform, use Conditional Access and MFA to protect the whole network, not just cloud services.

By undertaking this approach, you can reduce the attached surface of your infrastructure and protect data while not limiting your staff’s functionality by placing unwanted security barriers in place.

The diagram below shows how the conditional access approach works.

Conditional Access Explained

Conditional Access

Do you think your business could benefit from the technologies of conditional access? Do you want to know more? Then please reach out to a member of the Architecture team at Planet IT via [email protected] or call 01235 433900, and we can talk to you about the options available that work with your more comprehensive technologies.

4 Steps to the Perfect Backup Plan

World Backup Day

Today is World Backup Day, for many it’s a day to be celebrated, but for just as many, it’s a stark reminder of the dark omen that is an uncertain backup environment or plan.

We all know the basics of backup right? The things we all want to achieve

  • Retention
  • Redundancy
  • Recovery

I could happily go on for far longer than any of you would care to read on each of these topics!

Today however, I want to talk about the practical elements of making sure your backups and overall disaster recovery plan are the best they can be. Starting with some basic questions.

  • Are you backing up your whole environment?
  • Are you running your backups daily?
  • Are your backups retained for the right amount of time?
  • Do you take backups off-site?
  • Are your backup sets fully automated?
  • Are your backup jobs encrypted?
  • If you have cloud resources (Microsoft 365, Azure, AWS) are these backed up?
Back up servers

In an ideal world, you would want each of the above to be a confident and resounding YES! However, this is not always the case – we often hear the ill-fated “I don’t know”.

So, what can we do to be certain on the above and confidently rest knowing our backups will be there for us should the worst occur?

Step 1 – Check the List 

Firstly, I would start by checking your infrastructure or approach your IT Team to get the answers to the above questions. Understand that if the answer to any of them is no, in this first step, it’s less important to know why, just to understand the position you are currently in. Once you’ve established that, let’s move on to step 2.

Step 2 – Check the Kit 

Once you have a firm understanding of your overall backup integrity, it’s time to push past the smoke and mirrors and figure out exactly what you are working with. Check your storage, check your software and make sure it isn’t letting you down. There are so many options available in today’s market, but a quick search of your products and the competition should help you understand if you need to make any changes.

Step 3 – Make your Plan

At this point, you’re either happily relishing in confidence… or you’re not.

If you’re not… bear with me, I promise, we’ve just ripped off the worst of the band-aids and from here… the only way is up. When making your plan, it’s important to work out what you need first, what you want second and then figure out the cost implications (if any) your business will need to work towards. Everyone loves a good deal (or better, a free deal!) but sometimes investment is required to ensure you have the right infrastructure for your plan. When making your plan, make sure you are referencing the list from Step 1 and work out the following:

  • How long do I want to keep my backups?
  • What is my off-site storage plan?
  • Do I have Cloud Resources that need to be backed up?
  • How efficient do I want my backups to be?
  • How long can I afford to be offline in the event of a disaster?
  • How much data can I afford to lose in the event of a disaster?

The answers to these questions will help you to understand how much storage you need, whether you need a cloud or second-site storage plan, if you need high performance equipment and your Recovery Point/Time Objectives. Know that even if the plan is loose, it’s more than you had at Step 1 and it will help you enormously when collaborating with your teams, suppliers and peers to achieve the best outcome.

disaster recovery plan

Step 4 – Reach Out 

At this point, we’ve gone from scratching our heads, to having a clear understanding of the potential issues, a goal to aim for and a plan to get there. Now it’s time to reach out.

Speak to your team and your suppliers and get them on board with your plan. From this point forward, you’re taking control of your backup & disaster recovery plan. You’ve worked out what you want to achieve and you’re making it happen. That, or you were happy from Step 1 – either way, grab a coffee and your favourite lockdown biscuit, you’ve earned it!

Remember, if you ever have any questions, just ask. I, or one of the team here at Planet IT, are always happy to be used as a sounding board and can offer our expertise for your specific situation.

Feel free to reach out to me via LinkedIn or email me at [email protected].

HAFNIUM and Exchange Vulnerabilities – What To Do Now…

Hafnium Attack

There has been lots of noise in the press and on social media about the HAFNIUM threat actors and the current vulnerability that has been detected in all current versions of Exchange on premise.

If you haven’t read up on the attack and the risks you can do so here;

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/

https://www.kaspersky.co.uk/blog/exchange-vulnerabilities/22385/

https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

These articles have been leaving a lot of IT managers and CTO running around looking for solutions. They need a way to quickly patch up the servers and cover over a hole that has been there since at least last November, when as far as the first reported case of an attack using this vulnerability. However, what do you need to be doing next?

We all know that Microsoft issued patches on a non-standard update to Windows or a (out-of-band) update. For those out of the know, this means this Hafnium vulnerability is bad! Microsoft rarely break their patch cycle but when they do as with the SMB vulnerabilities with WannaCry. When they do it means you need to be act fast.

By the time these latest OoB updates where released, Microsoft made it clear that these attacks where already happening, which means for some of you who are readying this article thinking you are safe because you ran the patch, you may not be.

The four most dangerous vulnerabilities already being exploited allow attacks to pull off a three stage attack on compromised systems.

The attack chain is simple;
  1. First, access a compromised Exchange server (one missing the patch) this can even be an Exchange Management point for Office 365, it doesn’t need to be a full running system.
  2. Then they create a Web shell for remote server access
  3. They then use this to harvest data from the network and systems associated with this Exchange server, essential using it like an open front door.

So how do you protect against the Hafnium threat?

This is where you need to be looking at having a product in place as your antivirus/antimalware which uses EDR or XDR technology and has up to date behaviour and exploit prevention and detection.

Watch out for the following detections

  • Exploit.Win32.CVE-2021-26857.gen
  • HEUR:Exploit.Win32.CVE-2021-26857.a
  • HEUR:Trojan.ASP.Webshell.gen
  • HEUR:Backdoor.ASP.WebShell.gen
  • UDS:DangerousObject.Multi.Generic

So what should you do next?

As Microsoft has already released an update to fix all these vulnerabilities, we strongly recommend updating Exchange Servers as soon as possible, Microsoft have even gone as far as releasing a quick install roll up which should work for most Exchange servers. For more complex deployments like DAG’s, then Planet IT can support you with this process.

You then need to focus on your defence strategy on detection lateral movements and data exfiltration to the internet. For this we recommend that you pay special attention to outgoing traffic to detect cybercriminal connections.

As always you should ensure that you are backing-up regularly and make sure you can quickly access it in an emergency, if you have questions on this then Michael Davey – [email protected] and his Back Up Services team will be more than happy to help.

Make sure you have an Endpoint Detection and Response product in place. If you don’t reach out to your Planet IT account manager who can provide you with details of what is available and works with your security landscape.

Finally make sure you are using a reliable endpoint security solution such as Kaspersky or Sophos that has included in it Exploit Prevention, Behaviour Detection, a Remediation engine. It would also be beneficial to ensure that your product has a Vulnerability and Patch Management capabilities.

If you would like to discuss with myself or any of the cyber security team at Planet IT about how you can better protect you business, should that be with new technology, strategies or even better back ups you can reach us using the contact details below;

Contact me at – LinkedIn Message James Dell or Email : [email protected]

Call 01235 433900 or Email : [email protected]

Sophos MTR vs Security as a Service. What’s the difference?

sophos MTR vs Security

What is Sophos MTR?

Sophos MTR Standard or Managed Threat Response, provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully managed service. What that means is a dedicated team at Sophos will monitor your environment and act on any threat detections using the EDR technology that we are a massive fan of here at Planet.

IT is offered as an optional service add-on with Sophos Intercept X Advanced with EDR.

Sophos MTR Advanced goes one step further and will actively go looking for potential threats. It proactively improves your security by recommending configuration changes and reporting on vulnerabilities.

How does Planet IT’s Security as a Service (SECaaS) compare with Sophos MTR?

Let me start off by saying that Sophos MTR is a fantastic service, there is no denying that. But you do have options should you want this protection but want to explore different avenues.

Here at Planet IT, we offer an alternative service that will give you the peace of mind of MTR, while being more aware of the fact that many of you will have technologies outside of the Sophos stack.

Alongside this we know that for many of our customers the biggest risk is always the recovery and with Sophos MTR there is quite rightly an end to where Sophos can provide services. With SECaaS we stick with you and can support you to the bitter end.

I have compared the offerings of Sophos MTR with Planet IT’s Security as a Service (SECaaS) in the table below:

 

Feature Sophos MTR Planet IT SECaaS
24/7 support Office Hours
Dedicated Account Manager
Direct Call-In Support
Asset Discovery via Endpoints X
Enhanced Telemetry via Endpoints X
Activity Reporting Sophos Only All Security Vendors
Periodical Health Checks Sophos Only All Security Vendors
Vulnerability Scanning Sophos Only All Security Vendors
Firewall Support Sophos Only All Security Vendors
Completely mitigate through to completion Sophos Only All Security Vendors
Penetration Testing X
Windows Updates X
Phishing Training & Testing X
Email Protection X
Cyber Essentials / Plus X

 

Verdict

Sophos MTR is a great service if you are a large organisation with the requirement for 24/7 support and have the resources to afford it. If you have an internal IT team in place to work in collaboration with Sophos to completely remediate any threats, it really is a top solution.

However, as you can see above Planet IT’s SECaaS offering is more than sufficient to give you the peace of mind you need. We will work with you to recommend and provide the solutions right for your business and support you until any threat is mitigated, no matter what security products you use.

Add in our other services such as Windows Updates as a Service, Vulnerability Scanning (not just for Sophos products) / Penetration Testing and Cyber Essentials as a Service, you can rest assured that SECaaS will keep you safe and updated as much as possible!

About Adam Harrison

My name is Adam, and I am a security-focused Technical Architect. It is my job to provide expert advice on security solutions and assist our customers with protecting their environment from viruses, ransomware, and other nasty attack vectors! My background is in Security as a Service, Infrastructure and Helpdesk Support; I keep myself up to date with the latest threats and security products, so you don’t have to!

If you want to talk to me about how Sophos Intercept X with EDR would fit into your business then please call 01235 433900 or you can reach out to me via DM or at [email protected]

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.