Sophos MDR is the world’s most trusted MDR service, with lots of of cybersecurity specialists offering 24-7 monitoring, prevention, detection, and response to greater than 30,000 organizations worldwide.
Whereas Sophos MDR leverages telemetry from throughout our prospects’ environments to detect and neutralize threats, one of the crucial vital benefits – and a key differentiator of the Sophos MDR service – is our deep integration with Microsoft 365 for all prospects whatever the Microsoft license they’re utilizing.
This permits us to see and cease extra threats quicker, whereas growing prospects’ return on their Microsoft investments.
A story of two APIs: Graph Safety vs. Administration Exercise
Many MDR suppliers closely depend on Microsoft’s Graph Safety API, which supplies sturdy detection worth – however just for prospects who’ve invested in a premium E5 license.
For the overwhelming majority of consumers utilizing different Microsoft 365 licenses – corresponding to Enterprise Fundamental, Normal, and even Premium licenses – the Graph Safety API supplies minimal telemetry.
At Sophos, we take the distinct and extremely efficient strategy of additionally extensively leveraging Microsoft’s Administration Exercise API, which supplies wealthy audit logs from Trade On-line, SharePoint, and different Microsoft options.
Crucially, this API is accessible throughout almost all Microsoft 365 license tiers, which means even Enterprise Fundamental prospects profit.
Higher information, higher outcomes
Sophos MDR ingests these logs and applies proprietary menace detection guidelines developed by our menace intelligence and engineering groups.
These aren’t “off the shelf” detections. They’re custom-built to determine high-risk eventualities corresponding to session hijacking, phishing, enterprise e mail compromise inbox rule creation, and credential-stuffing.
Sooner responses, 1000’s of occasions over
This strategy operates at scale, with a number of thousand confirmed threats surfaced every month from Microsoft information – threats that will in any other case go undetected with out an E5 license.
Think about a typical state of affairs: a consumer clicks a phishing hyperlink, completes multi-factor authentication, and an attacker hijacks the session.
The attacker then creates hidden inbox guidelines to delete or redirect emails that will in any other case alert the consumer to suspicious exercise corresponding to bill fraud.
As a result of the Microsoft Administration Exercise API sends all of the Microsoft 365 audit logs to the Sophos information lake, Sophos detections are capable of flag this habits based mostly on patterns realized from the audit logs – patterns corresponding to a number of working programs utilizing the identical session or identified phishing equipment indicators of compromise.
Extra than simply detection
Whereas our deep Microsoft integration is a major instance of how Sophos extends protecting capabilities, we don’t cease at detection: Sophos MDR can reply natively inside the Microsoft surroundings.
With the shopper’s permission, Sophos MDR analysts can take rapid motion to remediate threats in Microsoft 365.
Revoking classes, blocking consumer sign-ins, and disabling malicious inbox guidelines – all with out requiring buyer interplay.
We conduct many lots of of those automated response actions each month, with lots of extra executed manually when wanted.
Study extra
Sophos brings distinctive, impactful, and speedy response capabilities to Microsoft environments, even for purchasers on Microsoft 365 primary license plans.
It’s higher cybersecurity and a greater return on funding.
Go to Sophos.com/MDR-Microsoft for extra info.
