What is our primary use case?
We use it for managed services, primarily for customers who lack resources. MDR is a tool that not only identifies and shows the impact of viruses but also requires no technical staff for operation.
So, the user doesn't need a technician; it offers 24/7 support to identify and manage your infrastructure and take complete care of any technological incidents.
We don't need to invest in manpower. For example, if we are investing in an IT guy for endpoint solution security, we are investing our money in a guy. And the ROI will not be much because they will only do analytics parts. But what happens when the engine has a ransomware attack is that they will not be able to resolve the ransomware, which Sophos MDR will help you resolve very quickly.
How has it helped my organization?
Sophos MDR is very flexible. It works on top of existing EDR and XDR solutions. You don't need to buy Sophos's EDR or XDR products specifically. It can integrate with other EDR, XDR, and even Application Firewalls from other vendors. That's a big advantage in terms of compatibility.
Secondly, Sophos MDR offers a high degree of automation for cyber threat activity. They also provide cyber insurance for system downtime, but that's a separate service.
When it comes to the incident response processes, their response time is 38 minutes. They also have a three-step process, with the first tier being called "Rapid Response Services." This means for incidents that happen very quickly, they will prioritize those.
Sophos MDR integrates well with various tools, including Sophos firewalls, Microsoft products, and other third-party solutions, ensuring seamless authentication. It offers straightforward integration, whether it's with another firewall or different data authentication needs. The process is quite simple.
What is most valuable?
What I really like is the centralized management console. It is a single management console. You don't have to deal with multiple management tools. Even if you have firewall support, you can just use the same console to access your firewall, MDR, EDR, encryption, and NDR – everything can be managed in a single dashboard.
You don't need to jump between multiple tools. That's one of the best things I like and something I would definitely recommend to customers.
Sophos MDR also offers 24/7 monitoring features. But 24/7 is part of a package. Sophos MDR has two service tiers, I forget the exact names, but one is a basic option. It integrates with other EDR/XDR solutions a customer might have, along with standard Sophos support. The other tier is a complete MDR service, with rapid response and full cybersecurity protection.
What needs improvement?
One aspect I'm examining is the MDR network detection with Sophos Firewall, which works well. I understand it can also integrate with other firewalls, but it's optimal with Sophos products, given the slight drawbacks when using non-Sophos solutions.
Buyer's Guide
Sophos MDR
April 2024
Learn what your peers think about Sophos MDR. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
771,170 professionals have used our research since 2012.
For how long have I used the solution?
I've worked with Sophos Encryption and Sophos MDR.
What do I think about the stability of the solution?
I haven't faced any issues with its stability.
What do I think about the scalability of the solution?
It is a scalable product. Our customers typically look for solutions like Sophos that can grow with their needs. Many wonder about the necessity of investing in a separate security operations center (SOC) or a third-party vendor for management.
They question what tools are available to protect their devices from various threats, including those from the internet and specific applications. Sophos MDR, with its automation capabilities, often emerges as the best fit for their needs.
How are customer service and support?
The customer service and support are very good.
How would you rate customer service and support?
How was the initial setup?
The setup process is straightforward and not complex for us.
What about the implementation team?
We have a small team of four or five people who manage the deployment.
The deployment involves a careful preparation process, where we gather all necessary product information and follow specific technical procedures. We ensure our customers are well-informed about the process before beginning. The steps involve coordination with our team to ensure everything is uploaded and configured correctly.
The deployment process currently doesn't require many resources. The deployment timeframe varies but is not extensive. It generally takes three to four hours. We spend time gathering detailed information from the customer to ensure a comprehensive implementation plan.
Depending on the complexity and the need for third-party integrations, the process can take from two to five days, though most tasks are completed within two days. Delays may occur if specific files or integrations are required and not immediately available. For example, sometimes, when we need Fortinet integration and it is not available, it might delay things.
Maintenance is minimal and manageable.
What was our ROI?
There are cost savings when it comes to Sophos MDR. For example, a ransomware attack happens, and you're completely locked out. Your IT people don't know when or where it happened. They have to research it, which can take an hour or even a day. They might not be specialists in handling incidents. MDR takes care of that. Any suspicious activity or attack triggers their monitoring. They investigate, resolve it, and even isolate infected systems. This saves you completely.
I use this analogy: Imagine you invest in four IT staff who can't resolve an incident. It takes them hours, and they might not be trained in analytics. That investment could cost more than MDR. I tell managers that buying four resources is a higher cost in the long run, even though MDR is a recurring cost. They can resolve your issue 24/7, and it's a mid-range cost compared to potentially failing to resolve an incident.
Therefore, the ROI is definitely there.
What other advice do I have?
It's good, the offer and everything about it is satisfactory. I would definitely recommend using it.
Overall, I would rate the solution a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner