Posts

Sophos MTR vs Security as a Service. What’s the difference?

sophos MTR vs Security

What is Sophos MTR?

Sophos MTR Standard or Managed Threat Response, provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully managed service. What that means is a dedicated team at Sophos will monitor your environment and act on any threat detections using the EDR technology that we are a massive fan of here at Planet.

IT is offered as an optional service add-on with Sophos Intercept X Advanced with EDR.

Sophos MTR Advanced goes one step further and will actively go looking for potential threats. It proactively improves your security by recommending configuration changes and reporting on vulnerabilities.

How does Planet IT’s Security as a Service (SECaaS) compare with Sophos MTR?

Let me start off by saying that Sophos MTR is a fantastic service, there is no denying that. But you do have options should you want this protection but want to explore different avenues.

Here at Planet IT, we offer an alternative service that will give you the peace of mind of MTR, while being more aware of the fact that many of you will have technologies outside of the Sophos stack.

Alongside this we know that for many of our customers the biggest risk is always the recovery and with Sophos MTR there is quite rightly an end to where Sophos can provide services. With SECaaS we stick with you and can support you to the bitter end.

I have compared the offerings of Sophos MTR with Planet IT’s Security as a Service (SECaaS) in the table below:

 

Feature Sophos MTR Planet IT SECaaS
24/7 support Office Hours
Dedicated Account Manager
Direct Call-In Support
Asset Discovery via Endpoints X
Enhanced Telemetry via Endpoints X
Activity Reporting Sophos Only All Security Vendors
Periodical Health Checks Sophos Only All Security Vendors
Vulnerability Scanning Sophos Only All Security Vendors
Firewall Support Sophos Only All Security Vendors
Completely mitigate through to completion Sophos Only All Security Vendors
Penetration Testing X
Windows Updates X
Phishing Training & Testing X
Email Protection X
Cyber Essentials / Plus X

 

Verdict

Sophos MTR is a great service if you are a large organisation with the requirement for 24/7 support and have the resources to afford it. If you have an internal IT team in place to work in collaboration with Sophos to completely remediate any threats, it really is a top solution.

However, as you can see above Planet IT’s SECaaS offering is more than sufficient to give you the peace of mind you need. We will work with you to recommend and provide the solutions right for your business and support you until any threat is mitigated, no matter what security products you use.

Add in our other services such as Windows Updates as a Service, Vulnerability Scanning (not just for Sophos products) / Penetration Testing and Cyber Essentials as a Service, you can rest assured that SECaaS will keep you safe and updated as much as possible!

About Adam Harrison

My name is Adam, and I am a security-focused Technical Architect. It is my job to provide expert advice on security solutions and assist our customers with protecting their environment from viruses, ransomware, and other nasty attack vectors! My background is in Security as a Service, Infrastructure and Helpdesk Support; I keep myself up to date with the latest threats and security products, so you don’t have to!

If you want to talk to me about how Sophos Intercept X with EDR would fit into your business then please call 01235 433900 or you can reach out to me via DM or at architecture@planet-it.net

What are the benefits of Sophos Intercept X Advanced with EDR?

sophos edr

Over the last few months, you may have heard the word EDR (Endpoint Detection and Response) banded around when talking about security products, but what does EDR really mean for you and your business? In this article I am going to explore EDR and the tangible benefits that you would see from having this product in place.

What is EDR?

Sophos Intercept X Advanced with Endpoint Detection and Response (or EDR) is an award-winning security solution that is built upon the framework of the Sophos product that so many of you use and know.

One of the simplest ways to look at it is like a cake made up of three layers. You may already have two of these in place:

Endpoint Protection – traditional anti-virus that detects and blocks threats in real-time. This is the signature-based piece of the puzzle something that every business should already have even if it’s from another vendor. It is looking at what is happening and checking it off against a list of known attacks.

Intercept X – anti-ransomware protection. This comes in the form of AI and Machine Learning driven technology which knows what your device should look like if you are working as normal. When you’re not, it uses a technology called CryptoGuard and detects any encryption attempt, reversing any encryption that has already taken place. This is your backstop and a way to protect yourself from unwanted changes. This is a technology many of our customers have and saw the value in having after the WannaCry outbreak of 2015.

EDR (Endpoint Detection and Response) – This enhances the ability to analyse an attack and see what happened, whether the threat has spread to other devices and if any data has been lost. This is new and this is less about what is happening and stopping it and more about the validation of how safe you were following an attack. Now this may sound counter intuitive, if the product is protecting you, why would you need to know what happened in an attack? To answer that simply we need to look at GDPR and the requirement to report breaches.

These components combined provide you with the whole protection cake. You have the ability to protect your data (these are the sponge top and bottom made up of Endpoint Protection and Intercept X) and then you have the knowledge that if something happens you can clearly report on what took place (this is the jam filling that completes your cake). Protection like this is second to none when coming up against today’s attackers, in a threat landscape that is every changing.

Sophos Planet IT

How does it work?

Sophos Intercept X Advanced with EDR combines proven endpoint threat protection with the power of advanced machine learning to identify and block malicious processes. Intercept X uses AI that detects malware without relying on signatures and monitors system behaviour for any changes that could mean a malware attack. SophosLabs then provides the knowledge to back it up.

Take a targeted ransomware attack as an example. Bad actors will try to brute force their way into a externally facing RDP server. Once in they will drop an encryption package onto the system and start to encrypt files. Intercept X will detect the behaviour, CryptoGuard will stop the encryption and EDR will be able to fully report on the events chain (source, root cause, beacon, when it was detected and if it has been cleaned) providing complete analysis. Additionally, EDR customers will have access to a SophosLabs Threat Intelligence report that further aids you in your decision whether to allow the suspicious file or not.

How does this benefit you?

Sophos Intercept X Advanced with EDR will increase your security footprint without the need for additional resources to look after the solution. You can be safe in the knowledge that the solution you have chosen is the best in the business. With EDR you will have all the tools you need to make sure that any detected threat has been stopped in its tracks!

I’m sure you know that if there is a breach and data is compromised, the Information Commissioner’s Office (ICO) have to be informed. As a result of this, if your security solution is deemed to be inadequate you will be subject to a substantial fine! Throw GDPR into the mix and you have the potential to be in serious trouble. With Sophos Intercept X accompanied by EDR, not only will you have an industry-leading security product, but also EDR ensures all details are captured for reference later.

So, should you become a target you will be able to prove where exactly the threat has come from, where it has been and if it has been dealt with completely.

From a resourcing view, investigating all detected threats and tracing their actions to ensure nothing has been compromised is a full-time role; EDR does this automatically and comprehensively so you don’t have to. You can search through 90 days so even if you have only been made aware of a threat you can wind back the clock and quickly see how it was dealt with.

How good is Sophos compare to the competition?

As you can see, Sophos Intercept X with EDR is industry-leading when put up against the competition:

sophos comparison

Security as a Service (SECaaS)

Now sometimes it is all well and good having the tools yourself, but you may not have the inhouse skills or the time to make proper use of them, this is where our Security as a Service offering comes in – with SECaaS we will provide further peace of mind by monitoring your Sophos solution and remediating any alerts within an agreed timeframe. We will also provide you with periodical reports at an interval of your choosing showing the health status of your estate, complete with our recommendations to make sure you are as protected as you can be.

 

About Adam Harrison

My name is Adam, and I am a security-focused Technical Architect. It is my job to provide expert advice on security solutions and assist our customers with protecting their environment from viruses, ransomware, and other nasty attack vectors! My background is in Security as a Service, Infrastructure and Helpdesk Support; I keep myself up to date with the latest threats and security products, so you don’t have to!

If you want to talk to me about how Sophos Intercept X with EDR would fit into your business then please call 01235 433900 or you can reach out to me via DM or at architecture@planet-it.net

Again, big changes coming with macOS Big Sur – be careful for now

macos big sur

macOS Big Sur is about to release to the public and as we have highlighted across several of our blog posts in the last few months, this brings large scale changes.

If you are running any of the following on your macOS device;

  • Antivirus or Antimalware software
  • Encryption Management software (File Vault Management)
  • Virtualization Applications
  • Dual Booting / Boot Camp
  • Containerized Applications

The we strongly recommend you hold off updating when the update is released, this follows several press statements from major software vendors like this one from Sophos. In which they detail the challenges of the short time frame and moving to Apples new API approach.

If you have any concerns of about your business software or upgrading we recommend that you speak to your Planet IT account manager who will be able to assist you with compatibility guides and information from the vendors specific to your business. If you’re not already a Planet IT client, then feel free to reach out to me directly on james.dell@planet-it.net

The landscape and support for macOS Big Sur WILL improve. We do not expect this to happen in the next few weeks but do expect most vendors to have support by the end of 2020.

To read more on this story you can see our previous blog posts on the subject here:

This might sound controversial, but resist that big MacOS update, for now!

macOS the big change with Big Sur

We know this goes against the usual advice you might hear from us or other IT experts, so in the meantime if you would like to discuss with myself or any of the highly skilled team here at Planet IT about how to keep your business operating, secure and safe in the changing world of the Mac you can reach us using the contact details below;

Contact me at – LinkedIn Message James Dell or Email : james.dell@planet-it.net

Talk to the rest of the team – Call 01235 433900 or Email : enquires@planet-it.net

Looking for a technology partner?
Let’s talk