Sophos launches new Rapid Response service to identify and neutralize active cybersecurity attacks

SOPHOS

Rapid response to incidents minimizes attack damage and reduces recovery time

The Sophos  (LSE: Soph), the global leader in next-generation cybersecurity solutions, today announced the availability of Sophos Rapid Response a remote answering service that identifies and neutralizes active cyber attacks. Sophos Rapid Response provides organizations with a dedicated 24/7 team, comprised of incident response services, threat hunters and analysts, to quickly stop advanced attacks and eliminate opponents from their networks, minimizing damage and costs while reducing downtime. recovery.

Sophos Rapid Response identified the first use of the well-known malware dropper Buer as a mechanism for distributing ransomware attacks. In a new investigation called “ Hacks for Sales: Inside Buer Loader’s Malware-as-a-Service” , Sophos Rapid Response and SophosLabs detail compromises Windows computers, allowing attackers to deposit their paylod (executable load). Sophos Rapid Response made this discovery while fighting a recent Ryuk ransomware attack, which was detected and detained as part of a series of Ryuk attacksusing new tools, techniques and procedures. In this incident, attackers insistently used a new form of Buer in an attempt to launch a Ryuk ransomware attack, increasing their efforts by combining the use of Buer with other types of malware loaders .

“When you are attacked, time is of the essence. Every minute between the initial danger and neutralization counts, in the same way that cyber attackers operate at full speed during the life cycle of the attack, ” says Joe Levy, Chief Technology Officer at Sophos . “Advanced attacks can quickly halt commercial operations. The IT managers who experienced ataaques of ransomware firsthandthey know it too well. That is why ransomware victims highlight the need to spend proportionately more time in responding to incidents and less time in preventing threats, than those responsible for IT who were not affected. Sophos Rapid Response stops active attacks, eliminating the complex and time-consuming process of detecting certain attacks, so that organizations can return to normal operations more quickly. ”

Sophos Rapid Response neutralizes a wide variety of security incidents, including ransomware, network security breaches, “hands on keyboard” attackers and more. The Sophos Rapid Response team can be integrated and activated in a few hours, and most attacks are classified in less than 48 hours.

“This year, devastating ransomware attacks have unfortunately been a kind of“ gold rush ”for cybercriminals, creating a situation unlike anything the cybersecurity industry has ever experienced. Almost 85% of the attacks that Sophos Rapid Response has stopped so far have been ransomware – particularly Ryuk , Revil and Maze – and I can safely say that most of the remaining attacks would also have resulted in ransomware if we hadn’t acted so quickly, ” says Peter Mackenzie, Sophos Incident Response Manager . “The tools of easy accessthey allow attackers to receive more money in a week’s work than most people can do in a lifetime. Criminals infiltrate networks and plan their attacks in the background, before strategically launching the ransomware attack as the final payload – often overnight, when no one is watching, to execute them on as many devices as possible. Sophos Rapid Response takes immediate steps to extinguish the fire. In the case of a hospital that we helped this month after being hit by the Ryuk ransomware and forced to close, this meant the difference between life and death. ”

Sophos Rapid Response is part of Sophos Managed Threat Response (MTR), an international team that offers proactive and fully managed threat search , detection and response services. As one of the most widely used managed detection and response (MDR) services on the market, with more than 1,400 customers, Sophos MTR is distinguished by its ability to act proactively on behalf of an organization and mitigate threats in real time.

Once the immediate threats were neutralized during a Rapid Response intervention, the new Sophos program starts to carry out continuous monitoring with threat hunting , investigation, detection and proactive response to threats by the Sophos MTR team 24 hours a day. A threat investigation report details the discoveries made, the actions taken and other remedial recommendations, helping organizations to understand the source of the attacks, as well as to know which assets were compromised and the data accessed and exfiltrated.

Sophos Rapid Response is now available to Sophos customers and also to non-customer companies. Unlike traditional forensics and incident response services, which require complex and lengthy implementations with hourly pricing structures, Sophos Rapid Response is a remote offering with a fixed pricing model, based on the number of users and servers in an organization . Sophos Rapid Response is also structured to provide services to companies of all sizes, including the smallest ones, that until now have not been able to easily take advantage of a service like this, without the need for a long contract.

What Channel partners say:

“Cyber ​​attacks are becoming more dangerous and sophisticated. As we saw this year, nobody is outside the danger zone, including in times of crisis. Companies need to prepare, as more than 85% of security professionals report to IDC that they have suffered at least one security breach in the past two years that has involved the disbursement of important resources to rectify it, ” says Frank Dickson, Vice- President of the IDC program.“Sophos Rapid Response is a service that nobody wants, until they need it. Many companies are simply not prepared to fight an active attack or want to respond more quickly and aggressively than their own internal resources allow. With a fixed and predictable price and the possibility of activation on the same day, Sophos Rapid Response offers certainty when customers need it most. ”

“A charitable organization that provides accommodation and support services to thousands of vulnerable adults has been hit by ransomware that has prevented operations at its more than 40 facilities. The organization asked for help, and we immediately mobilized Sophos Rapid Response. Working together with the team, we were able to get them up and running quickly, so they could continue to serve those who need it most, ” says Steve Weeks, President of Netcetera .“Netcetera customers who are already running Sophos’ next generation security product suite are well protected, and we have not seen a ransomware incident in our customer base for many years. When we receive a request for help from new customers, I always propose Sophos Rapid Response. The highly responsive team has a very solid capacity to work and also to remove committed organizations from the danger zone. Ultimately, it helps us to secure new business opportunities. ”

“Sophos Rapid Response perfectly complements our existing internal incident response services, improving our ability to provide proactive preparedness plans and immediate support in the worst scenarios. We are not just selling a transactional service – with Sophos Rapid Response we are solving long-term problems and preventing them from happening again, ” comments Jeremy Weiss, Cybersecurity Practice Lead at CDW .“I saw in the first person how the Sophos Rapid Response team is able to overcome all barriers to remedy security incidents in a few hours, and customer feedback has been nothing short of exceptional. Sophos Rapid Response is an essential offering that takes our customers’ security posture to the next level. ”

When a company experiences a security breach, time runs out against it and a quick fix is ​​needed. Sophos Rapid Response appears as a managed solution so that you can act quickly in critical moments. Tomorrow at 9:30 am Sophos Iberia will host a Sophos Rapid Response presentation webinar, in which Sophos cybersecurity experts will explain how this service works and share practical examples of companies that have been freed from attacks thanks to it.

Let's talk

If you want to get a free consultation without any obligations, fill in the form below and we'll get in touch with you.