IT and Business Insights for SMB Solution Providers

Sophos Introduces Incident Response Service

Called Sophos Rapid Response, the new offering provides flat-rate assistance with ransomware strikes, deeply embedded malware, and other urgent threats for 45-day periods without ongoing contracts or retainers. By Rich Freeman

Sophos has introduced a flat-rate incident response service designed to help businesses address ransomware strikes, deeply embedded malware, and other urgent threats.

Sold through partners and delivered by Sophos analysts and threat hunters, Sophos Rapid Response gives end users and channel pros an easy, affordable way to get expert short-term security assistance at predictable rates and without retainers or long-term contracts, according to Sophos CTO Joe Levy.

“We realized that there was a need in the market for having a version of incident response that was channel friendly and that was mid-market friendly,” he says.

Customers or partners can initiate a Rapid Response engagement any time cyberattacks occur. Immediately afterwards, Sophos will help the victim deploy the software stack associated with its Managed Threat Response (MTR) service, including the company’s Intercept X application and the endpoint detection and response add-on for that product. The installation process is usually finished within hours, according to Sophos.

“Speed is of the essence when it comes to these sorts of things,” Levy observes.

Triaging a threat typically takes up to 48 hours, he continues, and neutralizing it requires about 10 days on average. Sophos then monitors the customer environment for several weeks to ensure the attack is fully resolved. 

Each incident response engagement lasts 45 days total. At that point, customers can either purchase an MTR subscription or have Sophos remove the MTR software. “What we see happening after most of the engagements is that the customer elects to become a Managed Threat Response customer,” says Levy, referring to a recently completed trial period for the new service. 

Either way, Sophos provides a summary report about the incident after its conclusion. “We basically reconstruct a timeline of the sequence of events that led up to the attack itself [and deliver] a full description of the neutralization and remediation steps that were performed in the course of the engagement and a set of recommended actions that the customer could take to help to harden their environment and prevent these kinds of things from happening again in the future,” Levy says.

All of the work Sophos performs happens remotely, Levy emphasizes, adding that both end users and their partners appreciate that aspect of the program amidst the ongoing coronavirus pandemic. “Nobody really likes the idea of having to do things on prem,” he says.

Users, who needn’t have any prior or ensuing relationship with Sophos, pay a fixed fee for each engagement, quoted in advance, based on the number of servers and endpoints impacted by the incident. 

“The customer knows exactly what it’s going to cost them, so they don’t have to deal with the kind of unpredictability that these kinds of engagements might have exposed them to in the past,” Levy notes. Rates, he adds, are designed to fit within a typical midsize company’s budget.

“We believe that we have something that’s very competitively priced based on our understanding of competing services that are available on the market today,” Levy says. 

The complete package, he further asserts, offers a compelling set of benefits. “It’s fast, it’s predictable, and it’s conclusive, meaning that we will ensure in the course of the engagement that we’ve actually remediated the threat on behalf of the customer.”

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.