Tracking and addressing cybersecurity vulnerabilities, in order of risk, is an increasingly difficult challenge for MSPs and their customers. A new partnership between cybersecurity vendors Sophos and Tenable aims to help MSPs and MSSPs make risk-based security decisions.
The new Sophos Managed Risk combines Tenable’s exposure management technology with Sophos Managed Detection and Response (MDR). The solution helps providers prioritize and mitigate their customers’ areas of exposure, starting with the most serious risks.
“Organizations get overwhelmed with vulnerabilities and which ones they should prioritize, which ones they should remediate,” says Rob Harrison, senior vice president for endpoint and security operations product management at Sophos.
“What we’re going to be able to do is to say, ‘If there’s one thing you should patch today, your most critical vulnerability, here’s what it is. Here’s the guidance on how to do it.’ It’s taking away the noise of an overwhelming number of vulnerabilities that you’re unsure how to prioritize,” Harrison tells MSP Success.
Sophos Managed Risk delivers attack surface visibility, ongoing risk monitoring, investigation, and proactive notification aimed at preventing cyberattacks. Sophos has created a new team to leverage the Tenable technology and collaborate with the Sophos security operations experts to provide the service.
Top Three Risks
Sophos Managed Risk aims to address three major areas of risk, as outlined in the company’s newly released Sophos Active Adversary Report. Those risks are exposed Remote Desktop Protocol (RDP) access, lack of multifactor authentication, and server vulnerabilities.
RDP is a common method of establishing remote access on Windows. With the advent of work-at-home and hybrid work models, it has been instrumental in connecting remote workers with their companies’ networks.
Cybercriminals are well aware of this, however, and abuse RDP connections in 90% of cyberattacks handled by the Sophos Incident Response team, according to the report. Often, threat actors leverage stolen user credentials to break into networks. Compromised credentials were the root cause of more than half of incident response cases handled by Sophos in 2023, and the number one root cause since 2020, according to the report.
Ongoing Issues
The risks highlighted in the report are ongoing issues, not new problems, notes John Shier, field CTO, Commercial, at Sophos. And the solutions are readily available, he said. They include patching servers and implementing multifactor authentication. However, organizations often don’t implement them.
As a result, some become victims of cyberattacks that could have been prevented with the right controls. For instance, multifactor authentication can substantially reduce instances of compromised credentials. Yet, in 43% of cases handled by Sophos Incident Response, organizations were not using multifactor authentication, the report said.
Risks often go unaddressed for a number of reasons, Shier says. It could be a lack of resources or budget. Sometimes organizations lack the understanding of the risks to take decisive steps against them, he notes. And perhaps in some cases the IT provider hasn’t succeeded in explaining the dangers to management, he added.
And then, there’s the issue of knowing how to prioritize the vulnerabilities, which the Sophos/Tenable offering aims to address. “We’re giving organizations the data they need to make better security decisions based on the actual risks that are present within their organizations,” Shier says.
Continuous Risk Assessment
Sophos Managed Risk leverages context-driven analytics to proactively address areas of exposure before they become a problem. This enables organizations “to anticipate attacks and reduce cyber risk,” Greg Goetz, Tenable’s vice president of global strategic partners and MSSP, said in a statement.
The service makes it easier to protect customers’ environments by making information about vulnerabilities, and how to address them, readily available. This is a relief for organizations strapped for resources, Harrison notes.
“Customers and partners don’t need to invest so much on training and retaining talent. We’re taking a lot of that burden away and putting the expertise there so they can focus on what’s really important for their organization,” he explains.
Harrison calls the collaboration with Tenable an important partnership that will grow in time as the companies add more services offerings.
