Managed Threat Response
24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service
Threat Notification Isn’t the Solution – It’s a Starting Point
Other managed detection and response (MDR) services simply notify you of attacks or suspicious events. Then it’s up to you to manage things from there.
With Sophos MTR, your organization is backed by an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralize even the most sophisticated threats.
Complete Control and Transparency
We do the work, but you own the decisions. This means you control how and when potential incidents are escalated, what response actions (if any) you want us to take, and who should be included in communications. Weekly and monthly reports let you know what is happening in your environment and what steps have been taken to keep you safe.
Features | Intercept X Advanced | Intercept X Advanced with XDR | Intercept X Advanced with MTR Standard | Intercept X Advanced with MTR Advanced |
|---|---|---|---|---|
| ATTACK SURFACE | ||||
| Web Security | ||||
| Download Reputation | ||||
| Web Control / Category-based URL Blocking | ||||
| Peripheral Control | ||||
| Application Control | ||||
| BEFORE IT RUNS ON DEVICE | ||||
| Deep Learning Malware Detection | ||||
| Anti-Malware File Scanning | ||||
| Live Protection | ||||
| Pre-execution Behavior Analysis (HIPS) | ||||
| Potentially Unwanted Application (PUA) Blocking | ||||
| Intrusion Prevention System | ||||
| STOP RUNNING THREAT | ||||
| Data Loss Prevention | ||||
| Runtime Behavior Analysis (HIPS) | ||||
| Antimalware Scan Interface (AMSI) | ||||
| Malicious Traffic Detection (MTD) | ||||
| Exploit Prevention | ||||
| Active Adversary Mitigations | ||||
| Ransomware File Protection (CryptoGuard) | ||||
| Disk and Boot Record Protection (WipeGuard) | ||||
| Man-in-the-Browser Protection (Safe Browsing) | ||||
| Enhanced Application Lockdown | ||||
| DETECT | ||||
| Live Discover (Cross Estate SQL Querying for Threat Hunting & IT Security Operations Hygiene) | ||||
| SQL Query Library (pre-written, fully customizable queries) Suspicious Events Detection and Prioritization | ||||
| Suspicious Events Detection and Prioritization | ||||
| Fast Access, On-disk Data Storage (up to 90 days) | ||||
| Cross-product Data Sources e.g. Firewall, Email (Sophos XDR) | ||||
| Cross-product Querying (Sophos XDR) | ||||
| Sophos Data Lake Cloud Storage | 30 days | 30 days | 30 days | |
| Scheduled Queries | ||||
| INVESTIGATE | ||||
| Threat Cases (Root Cause Analysis) | ||||
| Deep Learning Malware Analysis | ||||
| Advanced On-demand SophosLabs Threat Intelligence | ||||
| Forensic Data Export | ||||
| REMEDIATE | ||||
| Automated Malware Removal | ||||
| Synchronized Security Heartbeat | ||||
| Sophos Clean | ||||
| Live Response (remotely investigate and take action) | ||||
| On-demand Endpoint Isolation | ||||
| Single-click “Clean and Block” | ||||
| HUMAN-LED THREAT HUNTING AND RESPONSE | ||||
| 24/7 Lead-driven Threat Hunting | ||||
| Security Health Checks | ||||
| Data Retention | ||||
| Activity Reporting | ||||
| Adversarial Detections | ||||
| Threat Neutralization & Remediation | ||||
| 24/7 Lead-less Threat Hunting | ||||
| Threat Response Team Lead | ||||
| Direct Call-in Support | ||||
| Proactive Security Posture Management | ||||