Sophos and Tenable team up to launch new managed risk service

Sophos branding and logo pictured on a vendor stand at a technology conference in Hannover, Germany.
(Image credit: Getty Images)

Cyber security provider Sophos has teamed up with exposure management specialist Tenable to deliver Managed Risk, a new vulnerability and attack surface management service for organizations around the world. 

By leveraging Tenable’s One Exposure Management Platform, the new service aims to help customers thwart cyber attacks through capabilities that include attack visibility, continuous risk monitoring, vulnerability prioritization, investigation, and proactive notification.

A dedicated team will work with Tenable’s exposure management technology as well as collaborate with security operations experts from Sophos Managed detection and Response (MDR) business, sharing information and data around zero-days, known vulnerabilities, and exposure risks to assess potentially exploited environments.

Sophos Managed Risk is available with a term license via the company’s network of channel partners and MSPs, with a Sophos MSP Flex version slated for availability later in the year.

In an announcement, Rob Harrison, Sophos’ senior vice president for endpoint and security operations product management, said the offering will help customers address “urgent, pervasive security challenges” that they consistently struggle to control.

“We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked,” he explained. 

“It is critical that organizations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches.”

Sophos said its latest research highlighted three key tasks that organizations must prioritize in order to minimize their risk: closing exposed remote desktop protocol (RDP) access, enabling multi-factor authorization (MFA), and patching of vulnerable servers.

“We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate,” Harrison added.

“The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24x7 Sophos MDR coverage."

Available as an extended service with Sophos MDR, the new Managed Risk offering will work to assess an organization’s external attack surface, prioritize the riskiest exposures, and deliver tailored remediation guidance to eliminate blind spots.


Sophos said customers will benefit from external attack surface management (EASM) for advanced identification and classification of internet-facing assets such as email servers, web apps, and public-facing API endpoints. Users will also be able to leverage continuous monitoring and proactive notification of high-risk exposures, as well as vulnerability prioritization and identification of new threats.

Additionally, organizations will benefit from regular interaction and scheduled meetings with Sophos experts to review discoveries, insights, and recommendations, as well as initiate enquiries with the Sophos Managed Risk team via the firm’s Central platform.

“While the latest zero day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” commented Greg Goetz, Tenable’s vice president of global strategic partners and MSSP. 

“A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem.

“Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”

Daniel Todd

Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.

A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.

He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.