Welcome to Sophos Managed Detection and Response
Congratulations on your subscription to Sophos MDR, our fully managed, 24/7 detection and response service, designed to monitor your environment for cyberattacks.
As your security partner, our team - the Sophos Managed Detection and Response (MDR) team - will be working alongside you as an extension of your organization. Our goal is to help you not only achieve your security goals but surpass them. This guide will introduce the service, explain how the MDR Operations team detects and investigates suspicious activity, and provide detail on what actions are taken to neutralize cyber threats to your organization.
Meet the Sophos MDR Ops Team
The MDR Operations team, known as MDR Ops, is a group of security professionals - analysts, researchers, engineers and inventors, ethical hackers, and incident responders – who work together, across the globe, 24/7, to stop cyber attacks that cannot be detected by technology solutions alone. Our backgrounds are comprised of armed forces, law enforcement, intelligence, and public and private enterprise.
We’re not merely collecting alerts across your estates. We’re actively defending your business. Our objective is not to clean up the damage following an attack. It’s to stop attacks before they start.
Working With the MDR Ops Team
The complexity of modern operating environments and the speed of cyberthreats make it increasingly challenging for most organizations to successfully manage detection and response on their own. Partnering with Sophos allows your team to focus on your own strategic business initiatives and lets us do what we do best - protecting you from attack. Our work includes:
- Proactively hunting for and validating potential threats
- Correlating all available information to determine threat scope and severity
- Assessing the appropriate business impact
- Providing actionable advice for addressing the root cause of recurring threat activity
- Taking actions on your behalf to disrupt, contain, and neutralize threats1
Actions depend on service tier and Threat Response Mode ↩