Sophos Firewall introduced Active Threat Response in v20, which enabled Sophos MDR and XDR analysts to trigger an automated block response for an active adversary on the network.
Now, Taegis MDR and XDR customers can also take advantage of this capability, which dramatically reduces response times in an active attack.
How it works
If an analyst identifies a new threat communicating out to a command and control server, or a remote attacker, they can push that compromised domain, IP, or URL to Sophos Firewall from the Taegis portal via the Sophos Central backend. The firewall will then start coordinating a defense immediately and automatically, without the need for manual intervention or new firewall rules.
As you can see from this demo, it couldn’t be easier to immediately block suspicious or malicious network communications:
Response times go from hours or days to seconds
As you can imagine, if a new active attack is discovered late on a Friday before a long weekend, in any other situation it could take a few days before someone can log into their firewall and block the threat.
But with Sophos Firewall and Taegis MDR or XDR, analysts can trigger an automated response within seconds. That’s a key benefit of the Sophos platform: enabling information and telemetry sharing between products to facilitate an automated response to active attacks.
How to get it
If you’re not already a Sophos Firewall customer, get started today with a free trial and see first-hand how Sophos Firewall can transform your network security.
Interested in MDR? Learn more about how Sophos MDR services combine easy-to-use, AI-driven technology with world-class security experts who monitor, prevent, detect, and respond to threats 24/7.
