Sophos has announced Sophos X-Ops, a new cross-operations unit that links SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against increasingly cyberattacks. complex and constantly changing.
Sophos X-Ops harnesses researched, real-time, real-world and predictive threat intelligence from each group, which in turn collaborates to deliver stronger and more innovative protection, detection and response capabilities.
In addition to this announcement, Sophos publishes ‘OODA: Sophos X-Ops Meets Rising SQL Server Attacks’, an investigation into the rise in attacks against unpatched Microsoft SQL servers and how attackers used a fake download site and gray market remote access tools to distribute various families of ransomware.
Sophos X-Ops identified and thwarted the attacks because Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize adversaries, the company says.
Joe Levy, chief technology and product officer at Sophos, says: “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, the necessary specializations in analytics, engineering and research have emerged.
“Scalable end-to-end operations must now include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and many other experts, and they need an organizational structure avoid silos.
“We have unified three mature and globally recognized teams within Sophos to provide this breadth of critical subject matter and process expertise. Together as Sophos X-Ops, they can leverage each other’s strengths, including analyzing global telemetry from over 500,000+ customers, industry-leading threat detection, response, and remediation capabilities, and rigorous AI to measurably improve threat detection and response.
“Attackers are often too organized and too advanced to fight without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”
Speaking in March 2022 to the Detroit Economic Club about the FBI’s partnership with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “We’re disrupting three things: threat actors, their infrastructure, and their money.” And we have the most lasting impact when we work with all of our partners to disrupt all three together.
“Sophos X-Ops is taking a similar approach: collecting and operating on threat intelligence from its own multidisciplinary groups to help stop attackers sooner, preventing or minimizing the damage from ransomware, espionage or other cybercrimes that can affect organizations of all types and sizes and work with law enforcement to neutralize infrastructure from attackers.
“While internal Sophos teams already share information on a regular basis, the formal creation of Sophos X-Ops drives a faster, more streamlined process needed to counter equally fast-moving adversaries.”
Michael Daniel, President and CEO of the Cyber Threat Alliance, comments: “Effective cybersecurity requires strong collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed and scale. Combining these separate teams into Sophos X-Ops demonstrates that Sophos understands this principle and is acting accordingly.”
Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity given aggressive advances in organized cybercrime, the company says.
By weaving together the expertise of each group, Sophos says the company is pioneering the concept of an artificial intelligence (AI)-assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. . In the SOC of the future, Sophos claims this approach can dramatically speed up security workflows and the ability to more quickly detect and respond to new and priority indicators of compromise.
Craig Robinson, IDC Research Vice President, Security Services, says, “The adversary community has figured out how to work together to commercialize certain parts of attacks while creating new ways to evade detection and exploit security weaknesses. any software to exploit it en masse. .
“The Sophos X-Ops umbrella is a notable example of stealing a page from the tactics of cyber evildoers by enabling cross-collaboration between different internal threat intelligence groups. Combining the ability to encompass a wide range of threat intelligence expertise with AI-assisted features in the SOC enables organizations to better predict and prepare for imminent and future attacks.”