Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Share
Sophos has expanded its managed detection and response (MDR) service to 26,000 customers worldwide,
Managed detection service now protects 26,000 organisations as demand rises for round-the-clock threat monitoring and incident response capabilities

The shift to remote work and cloud-based systems has created gaps in traditional cybersecurity defences, driving organisations toward managed security services. These services have become essential as cybercrime groups develop methods to bypass standard security tools, and companies struggle to maintain in-house security teams amid a global shortage of cybersecurity professionals.

In this context, Sophos, the Oxford-based cybersecurity firm that develops AI-powered security solutions, has expanded its managed detection and response (MDR) service to 26,000 customers worldwide, marking a 37% increase in its customer base during 2024.

MDR services combine human expertise with technology to monitor networks for cyber threats. The service operates continuously to identify and respond to security incidents, offering organisations protection against ransomware - malicious software that encrypts data and demands payment for its release - and business email compromise, where attackers impersonate legitimate business contacts to conduct fraud.

Sophos MDR extends Microsoft security capabilities

The company has introduced proprietary detection capabilities for Microsoft Office 365, which function regardless of customers’ Microsoft licence levels. These additions target business email compromise and adversary-in-the-middle attacks, where criminals position themselves between communicating parties to intercept data.

Rob Harrison, Senior Vice President of Product Management at Sophos

Rob Harrison, Senior Vice President of Product Management at Sophos, says: “Attackers are continuously advancing their tactics to outmanoeuvre traditional security defences. Our customers rely on Sophos MDR to help their organisations tackle today’s threats 24/7 with full-scale incident response to remove active adversaries and conduct root cause analysis to identify the underlying issues that led to an incident.”

Sophos MDR introduces AI-powered incident response

The service now includes AI-assisted workflows to reduce response times to security incidents. This development allows security analysts to focus on threat hunting – the proactive search for security threats – and detection engineering, which involves creating and refining ways to identify threats.

Key facts
  • 26,000 organisations protected globally by Sophos MDR, following 37% customer growth in 2024
  • 51% increase in attacks abusing trusted applications detected in first half of 2024
  • $1 million warranty coverage for incident response expenses offered to Complete tier customers

The company has integrated new backup and recovery capabilities through partnerships with Acronis, Rubrik and Veeam, three firms that specialise in data protection software. These integrations aim to strengthen defences against ransomware attacks by ensuring data can be restored if systems are compromised.

New dashboard reveals threat hunting metrics

Sophos has launched a proof of value dashboard that displays metrics about the MDR team's activities. The system shows human hours spent on threat hunting and detection tuning, alongside details of tactics identified using the MITRE ATT&CK framework - a globally-accessible knowledge base of adversary tactics and techniques.

Youtube Placeholder

The dashboard includes case investigation summaries and account health checks, providing customers with visibility into the service's operations. A new managed risk service, powered by vulnerability management firm Tenable, offers attack surface monitoring capabilities.

Recent cyber threats target trusted applications

Recent threat intelligence from Sophos indicates changes in attacker behaviour. The company's December 2024 Active Adversary Report, which analysed nearly 200 incident response cases, found a 51% increase in attacks abusing trusted applications, known as “Living off the Land” binaries.

The company's threat researchers have also identified an increase in Akira ransomware attacks, with eight cases detected since November 2024. The ransomware group has claimed 127 victims in the past six months.

Attackers are continuously advancing their tactics to outmanoeuvre traditional security defences

Rob Harrison, Senior Vice President of Product Management, Sophos

In June 2024, Sophos MDR uncovered a cyber espionage campaign targeting a government entity in Southeast Asia. The operation, named Crimson Palace, involved activity linked to Chinese state-sponsored threat groups over a two-year period.

Market recognition reflects service expansion

The service includes unlimited incident response hours and offers a warranty covering up to US$1m in incident response expenses for customers of its Complete tier. More than 9,000 customers now use the Microsoft Office 365 Management Activity integration, which monitors security alerts across Microsoft systems.

IDC, the technology market research firm, has named Sophos as a leader in its worldwide and European MDR market assessments for 2024. The company has also received recognition from Frost & Sullivan and the SC Awards for its MDR service.

Rob says: “We’re consistently evolving our solutions with new offerings and integrations, just like attackers are constantly evolving their tactics, so customers can disrupt threats before they escalate into destructive attacks.”


Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Netskope Data Shows Phishing Success Rate Tripled in 2024

Enterprise security firm Netskope reveals surge in cloud-based attacks as Gen AI adoption grows, with 94% of organisations now using AI tools in workplace

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security

Gartner: How to Align Risk Management and Governance in 2025

Operational Security

The Cyber Year in Stories: Autumn 2024

Operational Security