Cybersecurity firm Sophos Group plc today announced a new service that helps organizations better defend against constantly changing and increasingly complex cyberattacks.
Called Sophos X-Ops, the service is a cross-operational unit that links SophosLabs, Sophos SecOps and Sophos AI, the company’s three established teams of cybersecurity experts. According to the company, Sophos X-Ops leverages each group’s predictive, real-time, real-world threat intelligence to deliver stronger, more innovative protection, detection and response capabilities.
Sophos X-Ops is said to provide a stronger cross-operational foundation for innovation, an essential component of cybersecurity given the aggressive advancements in organized cybercrime. By combining each group’s expertise, Sophos is pioneering the concept of an artificial intelligence-assisted security operations center that anticipates the intentions of security analysts and provides relevant defensive actions. Sophos believes that by using this approach, the SOC of the future will dramatically accelerate security workflows and the ability to detect and respond to novel and priority indicators of compromise more quickly.
“The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it,” Craig Robinson, IDC research vice president of security services, said in a statement, “The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups.”
Sophos also delivered new research on SQL Server attacks along with the launch. The “Learn, Protect, Learn: Sophos X-Ops Takes On Burgeoning SQL Server Attacks” research report details increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and gray-market remote access tools to distribute multiple ransomware families.
Sophos X-Ops identified and thwarted the SQL server attacks through the combined knowledge of the incidents. The three sections of Sophos under Sophos X-Ops jointly analyzed the issue and took action to contain and neutralize the adversaries quickly. Sophos notes that though the three teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined approach necessary to counter equally fast-moving adversaries.
“We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise,” said Joe Levy, chief technology and product officer at Sophos. “Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities and rigorous artificial intelligence to measurably improve threat detection and response.”