SYDNEY, AUS – Aug. 24, 2023 – Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced its new Sophos Incident Response Retainer, which provides organisations with speedy access to Sophos’ industry-first fixed-cost incident response service that includes 45 days of 24/7 Managed Detection and Response (MDR). The retainer cuts red tape, allowing Sophos incident responders to quickly jump into active cyberattacks to investigate and remediate them. External vulnerability scanning and critical preparedness guidance are also included in the retainer, enabling organisations to proactively improve their existing security resilience by pinpointing and resolving issues that reduce the likelihood of a breach in the first place.

At a time when attacker dwell time is steadily shortening, as revealed in a new 2023 Active Adversary Report for Tech Leaders that Sophos published today, time to locate and evict adversaries is critical in limiting damage and completely stopping nefarious endgames, such as data breaches and ransomware. The report indicates that median adversary dwell time continued to plummet, from 10 days in 2022 to eight days in the first half of 2023; for ransomware alone, the time between initial access and impact dropped from nine days to just five. Adversaries also preferentially carried out attacks during targets’ night and weekend hours, with only 9.6% of ransomware incidents taking place during the targets’ daytime business hours. The single most common attack times were Fridays between 11 p.m. and midnight in the targets’ local time zones.

“Incident response retainers help organisations prepare in advance for the fastest response time possible to defend against active cyberattacks. Due to today’s complex and mixed-vendor computing environments, skills shortages, evolving attacker behaviors, and cyber insurance requirements, it’s critical that all organisations have pre-determined incident response plans in place. Tangible ‘readiness’ is now a key component for cyber resilience,” said Rob Harrison, vice president, product management at Sophos. “Adversaries will often abuse the same weakness in a single system, and it’s not unusual for multiple, different attackers to go after the same target if there’s potential exposure. Sophos’ goal is to immediately stop active attacks and make sure complete remediation is achieved, regardless of how many hours it takes. We are the only security vendor that offers this caliber of retainer services for urgent security incidents.”

“Sixty-five percent of organisations suffered a significant breach event in the last 12 months despite considerable investments in cybersecurity tools, according to IDC[1] ransomware research,” said Chris Kissel, research vice president, security and trust products, IDC. “Dealing with unexpected cyberattacks is time sensitive, stressful and a large financial commitment. The only way to save time, reduce costs and mitigate the impact of a breach is to have an experienced incident response team in place and lined-up ready to go – before attackers strike.”

The Sophos Incident Response Retainer is available in three tiers through Sophos partners worldwide. With Sophos’ unique ability to threat hunt, respond to and remediate attacks within multi-vendor environments, the retainer is available to non-Sophos customers, in addition to customers already using Sophos’ robust portfolio of innovative endpoint, network, email, and other security products, or Sophos MDR Essentials. Endpoint configuration health checks and device audits are also included in the retainer for existing Sophos customers. Organisations that prefer broader services in one package can purchase Sophos MDR Complete, which automatically includes full-scale incident response.

“The Sophos incident response retainer is the perfect tool for partners to help customers take a proactive approach to improving their cyber defenses, and it will enable us to more quickly respond and take necessary immediate action in a worst-case attack scenario when every minute counts,” said Jonny Scott, vendor alliance manager at Phoenix Software. “Sophos Incident Response’s fixed-cost pricing is genius, especially considering how every attack scenario is different and how quickly costs can rack up. The sheer breadth of resources included with the retainer – from scanning for vulnerabilities to patch and prevent breaches, to having a team of experts on standby 24/7 ready to battle head-to-head with adversaries – make it an absolute must have.”

For more information, go to Sophos.com.

— END

Additional Resources

• The Sophos 2023 Active Adversary Report for Tech Leaders, based on Sophos incident response cases in 2023 (released August 2023)
• The Sophos 2023 Active Adversary Report for Business Leaders, based on Sophos incident response cases in 2022 (released April 2023)
• The importance of tracking threat activity clusters
• A triple ransomware attack involving Hive, Lockbit and BlackCat
• How companies are falling victim to multiple ransomware attacks
• The State of Ransomware 2023
• Sophos X-Ops and its groundbreaking threat research and news in the Sophos X-Ops blogs

About Sophos

Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organisations defeat cyberattacks. As one of the largest pure-play cybersecurity providers, Sophos defends more than 500,000 organisations and more than 100 million users globally from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through its cloud-based Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimises the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralised data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organisations needing fully managed, turnkey security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.