Sophos partners three teams of security experts with X-Ops
Sophos has announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against evolving cyberattacks and more and more complex.
Sophos X-Ops leverages predictive, real-time, real-world and researched threat intelligence from each group, which in turn works together to deliver stronger and more innovative protection, detection and response capabilities.
In addition to this announcement, Sophos is publishing “OODA: Sophos X-Ops Tackles Booming SQL Server Attacks”, a research on the increase in attacks against unpatched Microsoft SQL servers and how attackers used a fake download site and gray market remote access tools to distribute multiple ransomware families.
Sophos X-Ops identified and thwarted the attacks because Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize adversaries, the company says.
Joe Levy, Chief Technology and Product Officer at Sophos, says, “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, the necessary specializations in analysis, engineering and investigation have emerged.
“Scalable end-to-end operations must now include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, engineers and data scientists and many other experts, and they need an organizational structure that avoids silos.
“We have unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject and process expertise. United as Sophos X-Ops, they can leverage each other’s strengths, including global telemetry analysis from over 500,000 customers, search, response and remediation capabilities industry-leading threats, and rigorous artificial intelligence to measurably improve threat detection and response.
“Attackers are often too organized and too advanced to fight without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”
Speaking in March 2022 to the Detroit Economic Club about the FBI’s partnership with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “We disrupt three things: threat actors, their infrastructure and their money. And we have the most lasting impact when we work with all of our partners to disrupt all three together.
“Sophos X-Ops takes a similar approach: collecting and leveraging threat intelligence from its own cross-functional groups to help stop attackers sooner, prevent or minimize damage from ransomware, espionage or other cybercrimes that can affect organizations of all types and sizes. , and working with law enforcement to neutralize hacker infrastructure.
“While internal Sophos teams are already sharing information as a matter of course, the formal creation of Sophos X-Ops advances a faster, more streamlined process needed to counter equally fast adversaries.”
Michael Daniel, President and CEO of Cyber Threat Alliance, comments: “Effective cybersecurity requires strong collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors quickly and at scale. The combination of these separate teams in Sophos X-Ops shows that Sophos understands this principle and acts accordingly.
Sophos X-Ops also provides a stronger cross-operational foundation for innovation, a critical component of cybersecurity due to aggressive advances in organized cybercrime, the company says.
By blending the expertise of each group, Sophos says the company is pioneering the concept of an artificial intelligence (AI)-enabled security operations center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos says this approach can significantly speed up security workflows and the ability to detect and respond to new and high-priority indicators of compromise more quickly.
Craig Robinson, research vice president at IDC, Security Services, said, “The adversarial community has figured out how to work together to trivialize parts of attacks while simultaneously creating new ways to evade detection and leveraging weaknesses of any software to exploit it en masse. .
“The Sophos X-Ops umbrella is an outstanding example of stealing a page from cyber miscreants’ tactics by enabling cross-collaboration between different internal threat intelligence groups. Combining the ability to cover a wide range of expertise in threat intelligence with AI-assisted functionality in the SOC enables organizations to better predict and prepare for imminent and future attacks.