Cybersecurity firm Sophos Group plc and network security company Tenable Inc. today announced a strategic partnership to provide a new security solution that leverages technology from both companies.

The solution, called Sophos Managed Risk, is a vulnerability and attack surface management service that uses Tenable’s exposure management technology in collaboration with the security operations experts from Sophos Managed Detection and Response. The solution provides attack surface visibility, continuous risk monitoring, vulnerability prioritization, investigation and proactive notification designed to prevent cyberattacks.

The two companies argue that as the modern attack surface has expanded beyond traditional on-premises information technology boundaries, organizations frequently have to deal with increasing numbers of external and internet-facing assets that are unpatched or underprotected, leaving them vulnerable to cyberattackers.

The issue was highlighted in a new Sophos Active Adversary Report released today, which identifies three tasks that organizations must prioritize to minimize the risk of brazen intrusions that lead to ransomware or other types of attacks. These include closing exposed Remote Desktop Protocol access, enabling multifactor authorization and patching vulnerable servers, all of which were the top entry points in breaches detailed in the report.

The Sophos Managed Risk service can assess an organization’s external attack surface, prioritize the riskiest exposures, such as open RDP, and provide tailored remediation guidance to help eliminate blind spots and stay ahead of potentially devastating attacks.

Key features of Managed Risk include external attack surface management that identifies and classifies internet-facing assets, such as web and email servers, web applications and public-facing application programming interface endpoints. The service is complemented with continuous monitoring and proactive notification of high-risk exposures, with notifications warning users when a new critical vulnerability is identified in an organization’s internet-facing assets.

Managed Risk also offers vulnerability prioritization and identification of new risks, including the swift detection of high-risk and zero-day vulnerabilities. When vulnerabilities are detected, users receive real-time notifications to ensure critical internet-facing assets are promptly identified, investigated and responded to by order of importance.

“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked.”

Harrison added that “it is critical that organizations manage these exposure risks because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches.”

Image: Sophos