Sophos MDR is the world’s most trusted MDR service, with a whole bunch of cybersecurity consultants offering 24-7 monitoring, prevention, detection, and response to greater than 30,000 organizations worldwide.
Whereas Sophos MDR leverages telemetry from throughout our clients’ environments to detect and neutralize threats, one of the vital vital benefits – and a key differentiator of the Sophos MDR service – is our deep integration with Microsoft 365 for all clients whatever the Microsoft license they’re utilizing.
This allows us to see and cease extra threats sooner, whereas growing clients’ return on their Microsoft investments.
A story of two APIs: Graph Safety vs. Administration Exercise
Many MDR suppliers closely depend on Microsoft’s Graph Safety API, which offers sturdy detection worth – however just for clients who’ve invested in a premium E5 license.
For the overwhelming majority of consumers utilizing different Microsoft 365 licenses – reminiscent of Enterprise Primary, Customary, and even Premium licenses – the Graph Safety API offers minimal telemetry.
At Sophos, we take the distinct and extremely efficient method of additionally extensively leveraging Microsoft’s Administration Exercise API, which offers wealthy audit logs from Trade On-line, SharePoint, and different Microsoft options.
Crucially, this API is on the market throughout almost all Microsoft 365 license tiers, that means even Enterprise Primary clients profit.
Higher knowledge, higher outcomes
Sophos MDR ingests these logs and applies proprietary risk detection guidelines developed by our risk intelligence and engineering groups.
These aren’t “off the shelf” detections. They’re custom-built to determine high-risk situations reminiscent of session hijacking, phishing, enterprise electronic mail compromise inbox rule creation, and credential-stuffing.
Quicker responses, 1000’s of instances over
This method operates at scale, with a number of thousand confirmed threats surfaced every month from Microsoft knowledge – threats that may in any other case go undetected with out an E5 license.
Contemplate a typical state of affairs: a person clicks a phishing hyperlink, completes multi-factor authentication, and an attacker hijacks the session.
The attacker then creates hidden inbox guidelines to delete or redirect emails that may in any other case alert the person to suspicious exercise reminiscent of bill fraud.
As a result of the Microsoft Administration Exercise API sends all of the Microsoft 365 audit logs to the Sophos knowledge lake, Sophos detections are in a position to flag this habits primarily based on patterns discovered from the audit logs – patterns reminiscent of a number of working methods utilizing the identical session or identified phishing package indicators of compromise.
Extra than simply detection
Whereas our deep Microsoft integration is a major instance of how Sophos extends protecting capabilities, we don’t cease at detection: Sophos MDR can reply natively throughout the Microsoft atmosphere.
With the shopper’s permission, Sophos MDR analysts can take quick motion to remediate threats in Microsoft 365.
Revoking classes, blocking person sign-ins, and disabling malicious inbox guidelines – all with out requiring buyer interplay.
We conduct many a whole bunch of those automated response actions each month, with a whole bunch extra executed manually when wanted.
Be taught extra
Sophos brings distinctive, impactful, and fast response capabilities to Microsoft environments, even for patrons on Microsoft 365 primary license plans.
It’s higher cybersecurity and a greater return on funding.
Go to Sophos.com/MDR-Microsoft for extra data.
