Tenable and Sophos Address Unpatched Vulnerabilities with New Managed Service

By Greg Tavarez

Organizations are nowadays more susceptible to cyber attacks due to a vast (and often poorly secured) modern attack surface. This extends far beyond traditional on-premises IT infrastructure; it's affecting a growing number of external and internet-facing assets, as well.

The Sophos Active Adversary Report identified three critical steps to mitigate the risk of cyber attacks, including ransomware.

The first is to restrict remote desktop protocol, or RDP, access: Leaving RDP – a protocol for remote device control – exposed creates a prime entry point for attackers. The second is to enable MFA because MFA adds an extra layer of security beyond passwords, which makes unauthorized access more difficult.

Third is to patch vulnerable servers. Unpatched vulnerabilities in server software are a common exploit for attackers. Consistent patching is essential for maintaining a secure environment.

By prioritizing these measures, organizations reduce their attack surface and bolster their defenses against cyber attacks. And Sophos has a solution that can do all three thanks to a strategic partnership with Exposure Management company Tenable. Through the partnership, the two will provide Sophos Managed Risk, a worldwide vulnerability and attack surface management service.

Sophos Managed Risk offers several key benefits to help organizations manage their external attack surface.

It provides External Attack Surface Management. This means it identifies and classifies internet-facing assets, including web and email servers, web applications and public-facing API endpoints. This creates a clear picture of an organization's digital footprint.

Sophos Managed Risk offers continuous monitoring and proactive notification. The service will actively monitor these assets and promptly notify the organization when a new critical vulnerability is discovered. This allows for swift action to address the threat before it can be exploited.

Lastly, Sophos Managed Risk prioritizes vulnerabilities. It quickly identifies high-risk vulnerabilities and zero-day threats. The service then provides real-time notification to make certain that critical internet-facing assets are addressed in order of importance. This helps organizations focus their resources on the most pressing threats.

“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control,” said Rob Harrison, Senior Vice President for Endpoint and Security Operations Product Management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint and 24x7 Sophos MDR coverage.”

The new service features a dedicated Sophos team that leverages Tenable's exposure management technology and collaborates with the security operations experts from Sophos Managed Detection and Response to provide attack surface visibility, continuous risk monitoring, vulnerability prioritization, investigation and proactive notification designed to prevent cyber attacks.

“A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem,” said Greg Goetz, Vice President of Global Strategic Partners and MSSPs, Tenable. “Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”

Sophos Managed Risk is available with a term license through Sophos’ global network of channel partners and MSPs. A Sophos MSP Flex version will be available in 2024.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

The Next SOC Shift Is Here: Autonomous Identity Response for MSPs

By: Erik Linask    7/8/2026

Blackpoint Cyber's new AI SOC Agent for Identity Threat Detection and Response gives MSPs an autonomous, human-guided way to contain high-confidence c…

Read More

Identity Is the New Perimeter and MSPs Are on the Front Line

By: Erik Linask    7/8/2026

Barracuda's acquisition of Evo Security expands BarracudaONE with MSP-focused IAM and PAM capabilities, highlighting how identity resilience is becomi…

Read More

MSPs: The Network Is No Longer Someone Else's Problem

By: Erik Linask    6/30/2026

Reinvent's new MyCloud SecureLink offering gives MSPs and resellers a partner-ready way to deliver managed SD-WAN, network security, and resilient con…

Read More

Why the Fastest-Growing MSPs Are Saying "No" More Often

By: Special Guest    6/30/2026

The fastest-growing MSPs in the U.S. are boosting margins, reducing cyber risk, and scaling more sustainably by adopting stricter customer qualificati…

Read More

The AI ROI Problem Was Never About the Model; It's About Integration

By: Erik Linask    6/24/2026

Xurrent's new built-in iPaaS is designed to help AI agents move from recommendation to execution by connecting ITSM workflows directly to systems like…

Read More