Sophos expands the Managed Risk platform with internal vulnerability scans. This allows companies to perform introspection to gain insight into risks in the IT environment.
Sophos expands its Managed Risk service with an Internal Attack Surface Management tool (IASM). This expansion is designed to help organizations detect and address internal vulnerabilities more quickly. The technology behind IASM comes from Tenable and enables thorough examination of the internal network for weak spots.
A recent report by Sophos shows that in 40 percent of organizations affected by a cyberattack, an unknown vulnerability turned out to be the culprit. Sophos responds to this by scanning internal systems with IASM.
The service provides an overview of all vulnerabilities found and prioritizes them based on risk. Administrators also receive advice on how to address the weaknesses.
Through the Eyes of a Hacker
The internal security scan takes on the role of a hacker and looks at your systems as an external attacker would, without login credentials. This reveals open ports, exposed services, and misconfigurations. This helps organizations eliminate potential entry points for cybercriminals.
Sophos uses Tenable’s Nessus scanners to perform internal scans. The team managing Sophos Managed Risk is certified by Tenable. It also works closely with Sophos’ own MDR team. This allows for faster detection and investigation of new vulnerabilities and zero-day threats.
IASM is part of the Managed Risk platform and does not require a separate license. The technology is immediately available to all current and new Sophos Managed Risk customers. By activating and scheduling scanners through the central management console, the functionality can be put to work immediately. With this expansion, Sophos aims to help organizations maintain visibility of both internal and external risks, even with a limited team.