pathdoc -

Sophos adds Rapid Response into the mix for MSPs

Security player moves to fill a gap in the market for customers looking for immediate help with a security attack

Sophos has continued to add enhancements for managed service providers (MSPs), with the security player cutting the ribbon on a Rapid Response service.

The vendor has already cut its teeth in remote service provision with its Managed Threat Response (MTR) offering, which it made available to MSPs last October.

A couple of months ago, the vendor revealed that it had a 1,000-strong customer base taking that service. In the weeks since, that number has grown by strong double digits, with the firm’s partners adding further users.

Sophos Rapid Response provides a way for MSPs to help customers respond to an attack and remedy the situation over the course of a 45-day contract. Once the threat has been neutralised, users switch to the MTR service for the remainder of the contract, with many staying on it after that.

Sophos chief technology officer (CTO) Joe Levy said it had been looking for a while at arming partners with a service that could respond to a customer’s needs.

“Very early on in the process of preparing to launch our current response offering we had this idea for making incident response more consumable, particularly for the mid-market and those businesses served by the channel,” he said.

Rapid Response is available to existing Sophos customers and those using products from other vendors.

“We realised there was a void in the market, that it was a daunting process for [businesses] but they didn’t always know who to call when they were having some sort of a security incident,” he added.

“Many of our Rapid Response engagements have converted into full-term Managed Threat Response engagements following successful neutralisation of the threat”
Joe Levy, Sophos

The Rapid Response offering is designed for customers that are not signed up to the MTR service and are looking for help from a channel partner in an emergency. The service covers a wide range of potential attacks, but ransomware is one of the most prevalent at the moment.

“Although the service is not exclusively designed to deal with [ransomware], it is very good at dealing with that,” said Levy. “We see a lot of ransomware, but we’ve also dealt with active adversaries. We’ve dealt with espionage situations, we’ve dealt with data exfiltration, we’ve dealt with crypto miners, so there’s quite a breadth of different types of causes that we deal with.”

Sophos ran a nine-month pilot programme with a handful of partners to make sure everything ran smoothly prior to launching the service, and is now in a position to open it up to its broad channel base.

The trial showed that many customers followed a pattern of turning to a partner for Rapid Response but then sticking with the MTR programme after the 45-day contract came to an end.

“Many of our Rapid Response engagements have converted into full-term MTR engagements following successful neutralisation of the threat. The way the service works is it’s a term of 45 days, and a component of that is the deployment of the software, the triage of the threat and then we get to the point of neutralisation. Then whatever the remainder of that 45 days is, whether it’s another 30 days or another 20 days, we’ll operate in an MTR mode,” he said.

Read more on Managed IT Services