MSSP, Risk Assessments/Management

Sophos Adds Internal Scanning to Managed Risk for MSSPs

Credit: Adobe Stock Images

Sophos has expanded its Managed Risk service to include internal attack surface management (IASM), giving MSSPs a broader view of customer environments, Channel Futures reports. Powered by Tenable, the new internal scanning capability complements existing external monitoring, allowing MSSPs to detect risks from both outside and within a network.

The addition of IASM means MSSPs can now uncover internal vulnerabilities like misconfigurations, open ports, legacy systems, and weak authentication that attackers could exploit post-breach. It’s a natural extension of threat exposure management, especially valuable in multi-tenant environments where visibility and prioritization are critical.

For MSSPs already offering vulnerability management or detection and response, this unlocks a new layer of service. It enables continuous internal scans without credentials, supports asset discovery, and feeds directly into remediation workflows, giving MSSPs the tools to shift from reactive support to proactive risk reduction.

IASM is now available to all existing and new Sophos Managed Risk customers without any license changes. For MSSPs, that means faster time to value and a stronger pitch for bundled security services that address real-world attack paths from the inside out.

You can skip this ad in 5 seconds