Latest news with #Tenable
Channel Post MEA
3 days ago
- Business
- Channel Post MEA
Sophos Includes Tenable's IASM In Its Managed Risk Capabilities
Sophos has announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors. 'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.' The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers. Features of IASM for Sophos Managed Risk include: Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services. The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.
Bangkok Post
4 days ago
- Business
- Bangkok Post
Cloud security gaps threaten regional businesses
Businesses across Southeast Asia are facing a silent crisis of cloud vulnerabilities, according to the 2025 Cloud Security Risk Report by Tenable, a Nasdaq-listed cybersecurity exposure management company. The report uncovers alarming security gaps in cloud environments, from misconfigured storage exposing sensitive data to embedded secrets in workloads, that could lead to data breaches, financial losses and regulatory repercussions, the company says. The findings are particularly relevant for organisations operating in regulated sectors or managing cross-border data flows. In Singapore, where data protection and cybersecurity are tightly governed under frameworks such as the Cybersecurity Act, Personal Data Protection Act (PDPA) and Monetary Authority of Singapore (MAS) technology risk management guidelines, poor visibility into cloud assets and misconfigurations can have serious compliance repercussions. Similarly, Indonesia's Personal Data Protection Law, the PDPA in Thailand and Malaysia, and the Philippines' Data Privacy Act all impose stringent requirements on data protection, cross-border transfers and cloud security. "Together, these regulations highlight the urgent need for organisations across Southeast Asia to prioritise strong cloud governance and security to meet evolving compliance and cybersecurity demands," said the report. The research reveals a significant and widespread risk, finding that 9% of all analysed cloud storage resources contain restricted or confidential information. In environments housing vast volumes of data, this seemingly small percentage translates to millions of sensitive records potentially exposed. Even more alarming, nearly one in 10 publicly accessible storage locations holds sensitive data, driven by common misconfigurations, weak access controls and limited visibility. This can expose organisations across industries to serious security and compliance threats in line with local or regional data residency expectations. The risks do not end there. Tenable's findings show that 54% of organisations with AWS ECS (Amazon Web Services Electronic Clearing Services) task definitions have a secret embedded within them, exposing businesses to the threat of full cloud environment takeovers or exploitation activities like unauthorised crypto mining. Even within AWS EC2 instances, 3.5% contain credentials embedded in user data, giving attackers a clear pathway to escalate privileges and compromise environments. "Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures," said Ari Eitan, director of cloud security research at Tenable. "In today's threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches." With Singapore continuing to scale up cloud adoption, supported by national initiatives like the Infocomm Media Development Authority's Cloud Outage Incident Response framework and regional efforts to enable secure digital economies, the report highlights the urgent need for a proactive, risk-driven security strategy. "The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures," Mr Eitan said. "Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority."
Web Release
5 days ago
- Business
- Web Release
Sophos Managed Risk Expands Capabilities with Internal Attack Surface Management (IASM) to Identify and Guide Organizations to Mitigate Internal Vulnerabilities
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors. 'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.' The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers. Features of IASM for Sophos Managed Risk include: Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services. The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console. Learn more about the new Internal Attack Surface Management capabilities and Sophos Managed Risk, visit
Zawya
5 days ago
- Business
- Zawya
Sophos managed risk expands capabilities with Internal Attack Surface Management
Expands Visibility of Internal Exposures within an Organization's Environment Dubai, United Arab Emirates – Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors. 'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.' The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers. Features of IASM for Sophos Managed Risk include: Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services. The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console. Learn more about the new Internal Attack Surface Management capabilities and Sophos Managed Risk, visit About Sophos Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 30,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at
Al Bawaba
5 days ago
- Business
- Al Bawaba
Sophos Managed Risk Expands Capabilities with Internal Attack Surface Management (IASM) to Identify and Guide Organizations to Mitigate Internal Vulnerabilities
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors.'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.'The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by of IASM for Sophos Managed Risk include: • Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. • AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. • Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. • The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.
