Companies of all sizes are more and more reliant on productiveness instruments like Microsoft 365 — and attackers are utilizing this to their benefit.
Enterprise e-mail compromise and account takeover assaults are prevalent, with adversaries accessing M365 environments utilizing strategies which will evade detection by know-how alone.
Organizations want 24/7 visibility and a completely staffed safety operations heart (SOC) to successfully defend in opposition to such assaults — which is a significant problem for a lot of resource-constrained companies.
Sophos MDR supplies the folks, processes, and know-how to detect, examine, and successfully reply to threats focusing on Microsoft 365.
Our turnkey integrations and proprietary detection guidelines recognized and thwarted virtually 5,000 assaults on our clients’ Microsoft 365 environments final quarter alone.
We regularly innovate and improve Sophos MDR to increase and fortify your defenses. And now, the service is getting even stronger with the introduction of latest response capabilities.
New analyst response actions for Microsoft 365
The flexibility to reply shortly to a cyber incident is essential — the quicker the assault will be detected, contained, and neutralized, the much less harm the attacker can inflict.
This contains minimizing monetary losses, reputational harm, and disruptions to enterprise operations. A swift response may help forestall additional knowledge breaches and restrict the publicity of delicate info.
When an assault is detected in your Microsoft 365 setting, Sophos MDR analysts can now execute a variety of response actions in your behalf — quickly containing the menace and releasing up your group to concentrate on what you are promoting.
Microsoft 365 response actions now out there
Block/allow person sign-in
Sophos MDR analysts can lock down a person’s account to stop an adversary from accessing Microsoft 365 companies and Azure assets utilizing stolen credentials. Following clean-up, entry to the person’s account will be restored in seconds.
Terminate present person classes
By instantly revoking all presently energetic classes for a selected person, Sophos MDR analysts can shortly eject an attacker who has already gained entry to an account and take away their capacity to reuse any stolen session tokens.
Disable suspicious inbox guidelines
Attackers routinely arrange inbox guidelines in Microsoft 365 for enterprise e-mail compromise assaults with a view to transfer, obfuscate, or delete emails that might in any other case alert the person. Sophos MDR analysts can disable particular inbox guidelines to regain management.
Simple setup and versatile response modes
The Sophos MDR service is customizable to fulfill your wants, with totally different service tiers and menace response modes. We are able to execute full-scale incident response in your behalf or collaborate with you to handle safety incidents with detailed menace notifications and steering.
The brand new response capabilities for Microsoft 365 are included with all Sophos MDR service tiers at no further value and enabled via a easy setup wizard within the Sophos Central cloud administration console.
Alternative of menace response modes
Sophos MDR permits you to management how our group will work together with you when a cyber incident requires a response. Merely choose your most well-liked menace response mode based mostly in your group’s wants and needs:
- “Authorize” mode: Our specialists carry out menace response in your behalf with out your energetic involvement — and notify you of the actions taken. As soon as the brand new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will instantly execute these actions when wanted to supply probably the most environment friendly response.
- “Collaborate” mode: Our specialists conduct investigations, however don’t carry out response actions with out your prior consent or energetic involvement. As soon as the brand new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will execute these actions in your behalf — as soon as consent has been obtained. You may also select to permit Sophos MDR to function in “Authorize” mode if we’re unable to achieve you for consent.
Probably the most sturdy MDR service for Microsoft environments
Sophos MDR companies shield over 30,000 organizations worldwide – greater than some other MDR service supplier. In Gartner’s 2024 Voice of the Buyer Report for Managed Detection and Response Companies, Sophos as soon as once more had the best variety of evaluations amongst all distributors and scored a 4.9/5.0 ranking based mostly on buyer evaluations.
Many of those companies have additionally invested in Microsoft instruments, leveraging Sophos MDR to defend in opposition to refined assaults that know-how alone can’t cease.
Get better ROI out of your Microsoft funding in the present day with Sophos MDR:
Microsoft Licensed specialists
Lengthen your group with Microsoft Licensed Safety Operations Analysts specializing in detecting and responding to cyberattacks utilizing customized Microsoft response playbooks.
Microsoft-specific menace detections
Sophos makes use of proprietary menace detection guidelines and world-class intelligence to establish and cease threats that might bypass Microsoft safety options. We are able to precisely establish suspicious inbox guidelines, unauthorized person entry patterns, and extra.
NEW Analyst response actions for Microsoft 365
Sophos MDR analysts can now execute a variety of further response actions in your behalf, enabling fast containment of threats with no motion required by you. Disable person sign-in, terminate energetic person classes, and extra.
Complete help for Microsoft options
Included at no further value, our turnkey integrations help a broad vary of Microsoft options. Knowledge from Microsoft 365, Defender for Endpoint, Defender for Identification, Defender for Cloud Apps, and extra, is collected, analyzed, correlated, and prioritized.
To be taught extra about Sophos MDR and the way it can strengthen your Microsoft defenses, go to our web site or communicate with a safety professional.
Gartner, Voice of the Buyer for Managed Detection and Response, Peer Contributors, 28 November 2024.
GARTNER is a registered trademark and repair mark, and the GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge and PEER INSIGHTS are logos and repair marks, of Gartner, Inc. and/or its associates within the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content material consists of the opinions of particular person finish customers based mostly on their very own experiences with the distributors listed on the platform, shouldn’t be construed as statements of truth, nor do they characterize the views of Gartner or its associates. Gartner doesn’t endorse any vendor, services or products depicted on this content material nor makes any warranties, expressed or implied, with respect to this content material, about its accuracy or completeness, together with any warranties of merchantability or health for a selected function.
