With Microsoft Defender now bundled into Microsoft’s enterprise (E3/E5) licensing, organizations are evaluating the risk trade-off of “good enough” security that is perceived to be free vs. opting for superior protection. While customers will always have superior cybersecurity outcomes by using Sophos endpoint security as part of MDR Complete for detection and response, when a customer has opted for Defender on the endpoint, we are enabling partners to sell a new complementary service into these environments to provide the best possible outcome for those customers. While Microsoft Defender provides a baseline layer of security, organizations still need to protect against the advanced, human-led attacks that technology alone cannot prevent.
The sheer volume of alerts generated by Microsoft security technologies, together with the complexity of the threat landscape and widespread shortage of in-house expertise and capacity, means that delivering effective security operations is an uphill task for most organizations:
- 71% of security teams struggle to determine which security alerts to investigate among the noise generated by their tools
- 52% of leaders say cyberthreats are now too advanced for their organization to deal with on their own
- The current global shortage of cybersecurity practitioners has reached 3.4 million
- The median threat response time is 16 hours, leaving attackers significant time to operate within the network
The reality is that there will never be enough trained resources. The only way to scale security operations to keep businesses ahead of today’s well-funded adversaries is to adopt a service to supplement and extend in-house capabilities. Which is where Managed Detection and Response (MDR) comes in.
Introducing Sophos MDR for Microsoft Defender
Increasingly, organizations running Microsoft Defender are turning to specialist MDR providers such as Sophos to extend their cyber defenses. Given this pressing need, I am excited to announce the availability of Sophos MDR for Microsoft Defender.
I’m proud to say that as Microsoft use continues to grow, Sophos now provides the most robust MDR service for monitoring, investigating, and responding to Microsoft Security alerts 24/7:
- Detects against a broader set of threats than Microsoft tools can detect on their own
- Performs extensive human-led threat response actions to stop attacks and terminate threats, unlike other providers who send notifications for threats but can’t take action to stop them
- Integrates with a wide range of non-Microsoft tools to expand visibility and accelerate investigation and response, including firewalls, identity solutions, email security tools, NDR platforms, and public cloud security tools
Sophos analysts monitor, prioritize, and respond to Microsoft security alerts 24/7, executing immediate, human-led response actions to stop confirmed threats with an industry-leading average threat response time of 38 minutes—96% faster than the industry benchmark.
Delivered via the Sophos MDR Essentials service tier with our proprietary lightweight sensor, it enables organizations running Microsoft Defender to reduce cyber risk, increase return on their security investments, and improve insurability.
Grab your share of the MDR for Microsoft Defender opportunity
Take advantage of this enormous opportunity and add Sophos MDR for Microsoft Defender to your sales and marketing arsenal today! On the Sophos Partner Portal, you can access sales and marketing resources and sign up for our regional partner briefings on the topic.
True to Sophos’ longstanding commitment to our partners, we provide you with a partner-first MDR service. Whether you’re an MSP, running a SOC or reselling our products and services, Sophos MDR gives you an additional, chargeable service that you can add to your portfolio to complement and enhance your existing offerings.
Unparalleled visibility that delivers accelerated detection and response
The more we see, the faster we act. Unlike other MDR offerings that limit support to Microsoft Defender for Endpoint or Microsoft Sentinel, Sophos MDR leverages signals from the full Microsoft Security suite, including:
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Cloud
- Microsoft Defender for Cloud Apps
- Identity Protection (Azure Active Directory)
- MS O365 Security and Compliance Center
- Microsoft Azure Sentinel
- Office 365 Management Activity
Of course, Microsoft security solutions are only one part of a threat detection stack that typically includes firewalls, identity solutions, email security tools, NDR platforms and public cloud security tools. Sophos MDR for Microsoft Defender provides a holistic approach to cybersecurity operations, integrating with almost any technology investment that generates security alerts – including tools from Microsoft, Sophos, and dozens of other providers.
By consolidating and correlating cross-product and cross-vendor telemetry in the Sophos XDR Data Lake, Sophos MDR increases the detection capability of our customers’ security stacks beyond the sum of its parts while also maximizing ROI on their existing security investments.
Putting the R (Response) into MDR for Microsoft Defender
Identifying a threat is just part of the security operations process; unless you respond in a timely and effective manner, you remain fully exposed to attack. Yet all too often, third-party providers offer only minimal threat response capabilities in Microsoft Defender environments.
Sophos MDR for Microsoft Defender is different. It includes full threat response, containing threats to disrupt malicious activity. The non-exhaustive list of response actions that our analysts are capable of with Sophos MDR for Microsoft Defender includes:
- Terminate processes
- Disable user accounts
- Force log off user sessions
- Isolate host(s) utilizing Sophos Central
- Apply host-based firewall IP blocks
- Remove malicious artifacts
With Sophos MDR you can relax knowing that we are don’t just tell you or your customers about issues, we deal with them for you.
Future-proof your customers’ Microsoft defenses with the world’s most trusted MDR service
Testament to the superior outcomes our customers enjoy, Sophos MDR is the world’s most popular and most reviewed MDR solution, with a 4.8/5 rating on Gartner Peer Insights as of July 10, 2023, and a top rating on G2.
We secure more organizations than any other MDR provider, and this extensive experience across all industries and sectors enables us to provide unique ‘community immunity’ to all our customers.
To learn more about Sophos MDR for Microsoft Defender and the unique sales opportunity, please visit the Sophos Partner Portal.
Gartner® and Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.