Sophos today announced the availability of Sophos Rapid Response, an industry-first, fixed-fee remote incident response service that identifies and neutralizes active cybersecurity attacks throughout its entire 45-day term of engagement. Sophos Rapid Response provides organizations with a dedicated 24/7 team of incident responders, threat hunters and threat analysts to quickly stop advanced attacks and remove adversaries from their networks, minimizing damage and costs, and reducing recovery time.
Sophos Rapid Response has been instrumental in identifying the first known use of the Buer malware dropper to deliver ransomware.
“When you’re hit with an attack, time is of the essence. Every minute between initial compromise and neutralization counts as adversaries race through the attack lifecycle,” said Joe Levy, chief technology officer at Sophos. “Advanced attacks can quickly halt business operations and IT managers who have experienced ransomware first hand know this all too well, reporting the need to spend proportionately more time on incident response and less time on threat prevention than those who haven’t been hit. Sophos Rapid Response disrupts active attacks, eliminating the complex and time-consuming process of stopping determined attackers, so organizations can get back to their normal operations faster.”
Sophos Rapid Response neutralizes a wide range of security incidents, including ransomware, network breaches, hands-on keyboard adversaries, and more. The Sophos Rapid Response team can be onboarded and activated within hours, and the majority of attacks triaged within 48 hours.
Sophos Rapid Response is part of Sophos Managed Threat Response (MTR), a global team that provides proactive, fully-managed threat hunting, detection and response services.
Once immediate threats are neutralized during a Rapid Response engagement, the Sophos Rapid Response program shifts to continuous monitoring with around-the-clock proactive threat hunting, investigation, detection, and response from the Sophos MTR team. A threat investigation report details discoveries made, actions are taken and other remediation recommendations, helping organizations understand attack origination as well as what assets were compromised, and data accessed and exfiltrated.
Sophos Rapid Response is available now to both existing and non-Sophos customers. Unlike traditional incident response and forensic services that require complex and protracted deployments with hourly pricing structures, Sophos Rapid Response is a remote offering with a fixed pricing model based on an organization’s number of users and servers. Sophos Rapid Response is also structured to accommodate businesses of all sizes, including smaller organizations, which until now have not been able to easily leverage a service such as this without requiring a retainer.