Highlights –

  • To help organizations better defend against cyberattacks, Sophos X-Ops brings together the three established teams of cybersecurity experts at Sophos: SophosLabs, Sophos SecOps, and Sophos AI.

Sophos, a global leader in next-generation cybersecurity, announced the launch of Sophos X-Ops. It is a new cross-operational unit linking SophosLabs, Sophos SecOps, and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly evolving and more complex cyberattacks. Sophos X-Ops combines predictive, real-time, in-the-field, and well-researched threat intelligence from each group, which in turn collaborate to produce more potent, cutting-edge protection, detection, and response capabilities.

In addition, Sophos also released a study titled, “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks” that details an increase in attacks against unpatched Microsoft SQL servers and how attackers used a phony downloading site and grey-market remote access tools to spread various ransomware families. Sophos X-Ops was able to identify and thwart the attacks because the teams pooled their knowledge of the incidents, jointly assessed them, and swiftly took action to confine and neutralize the adversaries.

Speaking about the FBI partnership with the private sector to fight cyber threats at the Detroit Economic Club, Christopher Wray, FBI Director, said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back to the hackers’ computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal, and block shots aren’t going to get the job done.”

“We’re disrupting three things: the threat actors, infrastructure, and money. And we have the most durable impact when we work with all of our partners to disrupt all three together.”

Sophos X-Ops is taking similar measures, gathering and acting on threat intelligence from its multidisciplinary groups to help stop attackers earlier; preventing or minimizing the damage posed by ransomware, espionage or other cybercrimes that can affect organizations of all types and sizes; and collaborating with law enforcement to neutralize attacker infrastructure. Even though Sophos’ internal teams routinely share information, the official establishment of Sophos X-Ops advances a quicker, more efficient procedure required to fend off equally quick-moving enemies.

Michael Daniel, president and CEO of Cyber Threat Alliance, said, “Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.”

Sophos X-Ops also offers a solid cross-operational base for innovation, a crucial element of cybersecurity because of the advancements in organized cybercrime. By fusing each group’s expertise, Sophos is developing the idea of an AI-assisted Security Operations Center (SOC), which predicts the objectives of security analysts and proposes appropriate defensive actions. According to the company, this strategy will significantly speed up security workflows and make it easier to find and react to new, high-priority indicators of compromise in the SOC of the future.

Craig Robinson, IDC research vice president, Security Services, said, “The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups. Combining the ability to cut across a wide breadth of threat intelligence expertise with AI-assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.”

Experts’ Take

Joe Levy, Chief Technology and Product Officer of Sophos, said, “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering, and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos. We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter, and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response, and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”