Latest news with #StateofRansomware2025
Channel Post MEA
6 days ago
- Business
- Channel Post MEA
Sophos Includes Tenable's IASM In Its Managed Risk Capabilities
Sophos has announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors. 'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.' The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers. Features of IASM for Sophos Managed Risk include: Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services. The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.
Web Release
08-07-2025
- Business
- Web Release
Sophos Managed Risk Expands Capabilities with Internal Attack Surface Management (IASM) to Identify and Guide Organizations to Mitigate Internal Vulnerabilities
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors. 'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.' The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers. Features of IASM for Sophos Managed Risk include: Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services. The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console. Learn more about the new Internal Attack Surface Management capabilities and Sophos Managed Risk, visit
India Gazette
02-07-2025
- Business
- India Gazette
Indian companies paid USD 481,636 on average for cyber attack demands: Report
New Delhi [India], July 2 (ANI): Indian companies paid a median payment of USD 481,636 (over Rs 4 crore), spending an average of USD 1.01 million on recovery, highlighting the broader financial toll of ransomware cyber attacks, says a report by UK-based global security solution firm Sophos. It stated that the median ransom demand fell by 52 per cent, from USD 2 million to USD 961,289, while the median payment dropped even more sharply by 79 per cent. The report said that about 41 per cent of Indian organisations paid less than the original demand, nearly half paid the full amount, and 12 per cent paid even more, underscoring the unpredictable outcomes many face during ransomware incidents. The report, whose findings are based on a survey, claimed that nearly 53 per cent of Indian companies paid the ransom to get their data back, which is a considerable drop from the 65 per cent reported last year. The sixth annual State of Ransomware 2025 report surveyed around 3,400 IT and cybersecurity leaders across 17 countries, including 378 organisations in India that were hit by ransomware in the last year. The report added that exploited vulnerabilities were the most common technical root cause of attack, used in 29 per cent of attacks. These are followed by compromised credentials, which were the start of 22 per cent of attacks. Malicious emails were used in 21 per cent of attacks, the report said. The report said that from an operational perspective, 41 per cent of organisations cited a lack of people or capacity and/or poor-quality protection as common root causes, while 39 per cent acknowledged that not having the necessary cybersecurity products or services played a factor in their organisation falling victim to ransomware. According to the survey, which was conducted between January and March this year, 31 per cent of Indian organisations reported data theft in attacks involving encrypted data, representing a modest decrease from 34 per cent the previous year. The report claimed USD 1 million or more was demanded in ransom for 49 per cent of Indian organisations, down from 62 per cent the previous year. (ANI)
