A year ago, Cybersecurity firm
Sophos bought Secureworks for $859 million to bolster its capabilities in a range of areas, including security information and event management (SIEM), vulnerability risk prioritization, and
operational technology (OT) security.
The UK company, with already strong managed detection and response (MDR) and extended detection and response (XDR), at the time said another key capability it wanted to grow via the deal was
identity threat detection and response (ITDR). Sophos wanted to enhance its ability to protect identities, a key target of threat actors.
Twelve months after announcing the Secureworks acquisition, Sophos officials unveiled its own ITDR solution, which they pointed to as another milestone enabled by the deal.
“We’ve made transformative progress, unifying technologies, expertise, and services from across our expanded organization to further elevate defenses and cybersecurity outcomes for our customers worldwide,” Sophos Chief Product Officer
Raja Patel wrote in a blog post.
Patel noted other steps the vendor has made in the wake of the acquisition, including rolling out its Sophos Advisory Services earlier this month and the folding of Secureworks’ Counter Threat Unit into Sophos X-Ops unit, pairing its threat expertise with adversary tracking, dark web intelligence, and collaboration with law enforcement and government agencies.
'A Major Milestone'
“The Secureworks acquisition was a major milestone for Sophos, expanding our capabilities and accelerating our strategy to meet organizations wherever they are on their cybersecurity journey,”
Chris Bell, senior vice president of global channels, alliances, and corporate development for Sophos, told MSSP Alert. “It strengthens our ability to deliver stronger outcomes for customers and helps ensure businesses continue operating securely in the face of tomorrow’s threats.’
Bell said Sophos ITDR is the first solution from the deal to be fully integrated into Sophos Central, the company’s cloud-based cybersecurity management platform, giving organizations faster visibility into identity risks and protection against identity-based attacks.
Attackers Target Identities
“We’re seeing identity emerge as one of the most common entry points for attackers,” he said, noting that Sophos X-Ops saw a 106% increase in stolen credentials for sale on the dark web between June 2024 and June.
In addition, the
Sophos Active Adversary Report also found that compromised credentials were the top cause of attacks across Sophos MDR and incident response cases for the second consecutive year. In 56% of security incidents, threat actors gained access by logging in using valid accounts before exploiting misconfigurations in the target’s identity infrastructure to elevate privileges and access customer data.
“This trend shows how critical it is for organizations to understand and manage their identity attack surface,” Bell said. “Identity has become the new security perimeter, serving as the connective tissue across customer systems and enterprise infrastructure.”
Identities will continue to be targeted as organizations continue to shift to the cloud and support for remote work, such attacks will continue, he added.
AI and ITDR
Bell said that with ITDR, Sophos uses large language models (LLMs) to generate descriptions and recommendations for particular findings, which makes the results easier to interpret and act on.
AI plays a role in our ITDR solution, though it’s applied in specific areas. We use large language models (LLMs) to generate descriptions and recommendations for specific findings, making results easier to interpret and act on.
Well-Designed for MSSPs
The design of Sophos’ ITDR offering is well-suited for MSSPs, which Bell called “the frontline of cybersecurity, helping to democratize enterprise-grade protection for organizations that may never build that capability in-house.”
“We enable MSSPs to deliver measurable outcomes, not just manage alerts, with full visibility across endpoint, network, email, and cloud through the Sophos XDR,” he said. “The addition of integrated ITDR extends that protection to identity and addresses one of the most common attack vectors.”
The architecture is multi-tenant and delivers automation and threat intelligence, which will give MSSPs the scale, efficiency, and resilience to protect their myriad clients.
“Ultimately, our goal is simple: to empower MSSPs with the tools and intelligence to deliver enterprise-grade security outcomes to any customer, anywhere,” Bell said.