Tenable and Sophos Address Unpatched Vulnerabilities with New Managed Service

Tenable and Sophos Address Unpatched Vulnerabilities with New Managed Service

By Greg Tavarez

Organizations are nowadays more susceptible to cyber attacks due to a vast (and often poorly secured) modern attack surface. This extends far beyond traditional on-premises IT infrastructure; it's affecting a growing number of external and internet-facing assets, as well.

The Sophos Active Adversary Report identified three critical steps to mitigate the risk of cyber attacks, including ransomware.

The first is to restrict remote desktop protocol, or RDP, access: Leaving RDP – a protocol for remote device control – exposed creates a prime entry point for attackers. The second is to enable MFA because MFA adds an extra layer of security beyond passwords, which makes unauthorized access more difficult.

Third is to patch vulnerable servers. Unpatched vulnerabilities in server software are a common exploit for attackers. Consistent patching is essential for maintaining a secure environment.

By prioritizing these measures, organizations reduce their attack surface and bolster their defenses against cyber attacks. And Sophos has a solution that can do all three thanks to a strategic partnership with Exposure Management company Tenable. Through the partnership, the two will provide Sophos Managed Risk, a worldwide vulnerability and attack surface management service.

Sophos Managed Risk offers several key benefits to help organizations manage their external attack surface.

It provides External Attack Surface Management. This means it identifies and classifies internet-facing assets, including web and email servers, web applications and public-facing API endpoints. This creates a clear picture of an organization's digital footprint.

Sophos Managed Risk offers continuous monitoring and proactive notification. The service will actively monitor these assets and promptly notify the organization when a new critical vulnerability is discovered. This allows for swift action to address the threat before it can be exploited.

Lastly, Sophos Managed Risk prioritizes vulnerabilities. It quickly identifies high-risk vulnerabilities and zero-day threats. The service then provides real-time notification to make certain that critical internet-facing assets are addressed in order of importance. This helps organizations focus their resources on the most pressing threats.

“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control,” said Rob Harrison, Senior Vice President for Endpoint and Security Operations Product Management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint and 24x7 Sophos MDR coverage.”

The new service features a dedicated Sophos team that leverages Tenable's exposure management technology and collaborates with the security operations experts from Sophos Managed Detection and Response to provide attack surface visibility, continuous risk monitoring, vulnerability prioritization, investigation and proactive notification designed to prevent cyber attacks.

“A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem,” said Greg Goetz, Vice President of Global Strategic Partners and MSSPs, Tenable. “Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”

Sophos Managed Risk is available with a term license through Sophos’ global network of channel partners and MSPs. A Sophos MSP Flex version will be available in 2024.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

SonicWall Powers Secure Access for Missouri MSP, Improving Cybersecurity and Network Access for Clients

By: Erik Linask    6/27/2025

With SonicWall, Stronghold Data delivers a modern, secure remote access solution that ensures access to networks and resources and improves cybersecur…

Read More

Guardz Unleashes AI-Driven ITDR to Combat Escalating Identity-Based Threats

By: Erik Linask    6/26/2025

The launch of Identity Threat Detection and Response (ITDR) gives MSPs the tools to defend SMBs against increasingly sophisticated attacks targeting u…

Read More

Barracuda Managed Vulnerability Security: A Proactive Shield Against Escalating Cyber Threats

By: Erik Linask    6/26/2025

Barracuda's Managed Vulnerability Security is a fully managed scanning and risk assessment service powered by its global SOC.

Read More

Can MSPs Cut Microsoft Teams Incident Management Time by 50%? Martello Says Yes

By: Erik Linask    6/18/2025

New research shows MSPs can achieve a 50% reduction in labor required for Microsoft Teams incident management by using proactive monitoring and advanc…

Read More

Supercharging Your MSP with AI at SuperSummit 2025 in Dallas

By: Erik Linask    6/18/2025

SuperSummit 2025 features targeted content and education to help MSPs capitalize on the AI revolution to improve there businesses models and operation…

Read More