Sophos Managed Risk: Introducing Internal Attack Surface Management (IASM)

ProductsSophos Managed Risk

Enhanced vulnerability management to strengthen your customers’ cyber resilience

Jun 16 2025 By

Cyber threats continue to evolve, and organizations must stay ahead by fortifying their defenses.

While external attack surface management (EASM) identifies vulnerabilities that could be exploited from outside the network, many organizations face an internal blind spot: hidden vulnerabilities within their environments.

Sophos Managed Risk is expanding its capabilities with Internal Attack Surface Management (IASM) to address this challenge.

 

Why IASM matters

Without visibility into internal vulnerabilities, organizations risk leaving critical gaps in their security posture. Threat actors who gain access to the network often move laterally to exploit internal weaknesses.

The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This helps organizations identify and mitigate high-risk vulnerabilities, such as open ports, exposed services, and misconfigurations, that are accessible and potentially exploitable by attackers.

Key features and benefits

  • Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network.
  • AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize patching and remediation efforts.
  • Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity.
  • The Sophos advantage: Unlike vendors that separate EASM and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by the world’s leading MDR service.

 

Available now

The new IASM capabilities are available today for all new and existing Sophos Managed Risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.

 

Learn more

The following resources have been updated to help you get up to speed with this powerful new enhancement:

*Partner Portal login required

 

Marketing launch

As the cybersecurity landscape grows more complex, internal visibility is essential for organizations to achieve a more resilient security posture. With Sophos Managed Risk, businesses can now close security gaps affecting their internal and external assets and take a proactive approach to vulnerability management.

To help you sell Sophos Managed Risk to your customers, the Sophos.com website and the Sophos Managed Risk asset library will be refreshed on July 7, 2025, with updated marketing collateral, including an updated solution brief and brochure.

About the Author

Paul Murray is a Senior Product Marketing Director at Sophos with a focus on Endpoint Security and Security Operations. Paul has over twenty-five years’ experience across Product Management, Product Marketing and Product Design disciplines and, prior to joining Sophos in 2015, held product positions at Symantec, 1&1 Internet, Sky and BT.