Post summary:
- With the launch of XG Firewall v18, we are also introducing the first Connector for Sophos Managed Threat Response (MTR)
- MTR Connectors aggregate telemetry from multiple sources beyond the endpoint and programmatically serve it to MTR analysts
- The XG Firewall v18 Connector enhances the MTR team’s ability to prevent, detect, and respond to threats across the network and endpoint
- MTR Connectors are available to Advanced tier customers only; all that’s required of customers is to have XG Firewall v18 managed in Central and use XG Central Firewall Reporting
The Sophos MTR success story
For the past several months since its launch, Sophos Managed Threat Response (MTR) has been changing the way organizations of all sizes manage and respond to cyber threats. While other managed detection and response (MDR) services simply send notifications for potential threats or suspicious events – leaving it up to the customer to manage things from there – Sophos MTR arms organizations with an elite, 24/7 team of threat hunters and response experts who take targeted actions on their behalf to neutralize even the most sophisticated threats. The work our MTR Team does includes:
- Proactively hunting for and validating potential threats and incidents
- Using all available information to determine the scope and severity of threats
- Applying the appropriate business context for valid threats
- Providing actionable advice for addressing the root cause of recurring incidents
- Taking actions on customers’ behalf to disrupt, contain, and neutralize threats
With the launch of XG Firewall v18, Sophos MTR becomes an even more powerful managed service with the introduction of MTR Connectors. Now, Sophos MTR Advanced customers who have their XG Firewalls managed in Sophos Central and use Central Firewall Reporting will also benefit from the MTR team’s ability to leverage the actionable intelligence needed to prevent, detect, and respond to threats across the network and endpoint.
What are Connectors and why are they important?
One of the most prevalent challenges security is that siloed and poorly integrated tools make it difficult for security operators to achieve enterprise-wide visibility. Operators are then forced to pivot from console to console to verify threats, which makes threat investigations more complicated and slows down response efforts.
MTR Connectors aggregate telemetry from multiple sources and programmatically serve it to our team of security operators when and how they need it, extending visibility beyond the endpoint to provide a more complete picture of adversary activities. With the introduction of the XG Firewall v18 Connector, MTR Operators now have network telemetry (such as ATP and IPS events) readily available to identify new indicators of compromise (IoC) and Indicators of Attack (IoA) associated with a customer’s environment.
In the coming months, we will be introducing more MTR Connectors that will further strengthen Sophos’ unique Synchronized Security approach, which empowers Sophos’ entire portfolio of next-generation cybersecurity solutions to work together for real-time information sharing and automatic protection.
To take advantage of MTR Connectors, customers must:
- Be an MTR Advanced customer (Connectors are not available through the MTR Standard tier)
- Have XG Firewall v18 managed in Central
- Use XG Central Firewall Reporting