Skip to content

Active incidents and Sophos MDR

Sophos Managed Detection and Response is a fully managed service delivered by experts who detect and respond to cyberattacks targeting your computers, servers, networks, cloud workloads, email accounts, and more.

When we identify an active incident, the Sophos MDR operations team will investigate and respond in minutes, whether you need full-scale incident response (exclusive to MDR Complete customers) or help making accurate decisions.

Direct Call-in Support

Your team has direct call-in access to our Security Operations Center (SOC) to review potential threats and active incidents. The Sophos MDR operations team is available 24/7/365 and backed by support teams across 26 locations worldwide.

Threat Containment

Sophos MDR Complete includes full-scale incident response. For organizations that opt for Sophos MDR without full-scale incident response, the Sophos MDR operations team work to stop the attack and prevent it from spreading. The MDR Ops team will also provide guidance on neutralization. This reduces workload for internal security operations teams and enables them to rapidly execute remediation actions.

How to open an MDR case

Services provided by Sophos Support and Sophos MDR

Services provided Sophos Support Sophos MDR Sophos MDR Complete
“How to” questions for Sophos products
Troubleshooting product issues
Sample file submissions
Product best practice advice
Endpoint installation failures
24/7 expert-led monitoring and response
Weekly and monthly reporting
Monthly intelligence briefing "Sophos MDR ThreatCast"
Sophos Account Health Check
Expert-led threat hunting
Threat containment: threats prevented from spreading
Direct call-in support during incidents
Full-scale incident response: threats fully eliminated
Root Cause Analysis to prevent future recurrence
Dedicated incident response lead