{"id":5143,"date":"2022-07-20T15:25:44","date_gmt":"2022-07-20T13:25:44","guid":{"rendered":"https:\/\/testing.eight25sites.com\/en-us\/?p=5143"},"modified":"2024-06-25T13:13:54","modified_gmt":"2024-06-25T11:13:54","slug":"california-msp-turns-to-sophos-to-provide-enhanced-incident-response-and-remediation","status":"publish","type":"post","link":"https:\/\/testing.eight25sites.com\/en-us\/2022\/07\/resources\/california-msp-turns-to-sophos-to-provide-enhanced-incident-response-and-remediation\/","title":{"rendered":"California MSP Turns to Sophos to Provide Enhanced Incident Response and Remediation"},"content":{"rendered":"<p>This partner case study covers how the partner Endsight<\/p>\n<ul>\n<li>Deployed advanced solutions that would enable a proactive rather than reactive approach to security<\/li>\n<li>Extended internal security team capabilities with rapid incident response and threat-hunting<\/li>\n<li>Found the right solutions that would help move the business to a 24\/7 SOC model<\/li>\n<li>Established an enduring partnership with a trusted security vendor who understands MSPs and helps grow their business.<\/li>\n<\/ul>\n<h2>What recourse does an MSP have when there\u2019s a sudden rash of breaches?<\/h2>\n<p>In business since 2004, Endsight had an admirable track record. Over a period of 17 years, they were involved in remediating fewer than 10 breach incidents for their clients. Then COVID-19 gripped the world and work-from-home became the norm, opening up a whole new set of security issues. In 2021, Endsight was impacted directly, when four clients experienced major breaches in rapid succession within a three-month timeframe. These breaches sent the MSP down a new path. The team knew it was time to step up their security and started looking into how they could take a more proactive approach. They began by looking at the endpoint solutions offered by five top-tier vendors.<\/p>\n<h2>How does Sophos foster longstanding partnerships with its MSPs?<\/h2>\n<p>Chief Operating Officer, Josh Carroll, points out that in the course of Endsight\u2019s vendor evaluation process, every single vendor met the MSP\u2019s technical requirements. But there was another factor that was just as important to them: the ability of a vendor to cultivate a collaborative and productive partnership. That\u2019s where Sophos exceeded all expectations.<\/p>\n<p>\u201cSince all the top five providers satisfied us on a technical level, we had to look at the business relationship and ask the question: Will this vendor be easy to work with?<\/p>\n<blockquote><p>Sophos excelled on the partner side. Sophos made it really easy to get started, with no barriers to push through.<\/p><\/blockquote>\n<p>We didn\u2019t have to sign up for long-term contract or purchase a high volume of licenses,\u201d remarks Carroll.<\/p>\n<h2>When there\u2019s a breach and your antivirus fails, what\u2019s the alternative?<\/h2>\n<p>After signing up with Sophos, Endsight\u2019s security team enthusiastically plunged into learning about and experimenting with both the endpoint and server versions of Sophos Intercept X Advanced with XDR and MTR\u2014and that was fortunate for Endsight and its affected clients, who immediately experienced the value of these solutions first-hand.<\/p>\n<p>As Jefferson Dolphin, NOC Manager, explains, Endsight\u2019s legacy antivirus package was based on older technology, and though it was superior to out-of-the-box solutions, it had no intelligence forming the foundation of the technology. Alerting was also generally poor. As a result, it did not detect activities associated with the breaches. Dolphin knew it was time to up the game on endpoint protection by bringing in solutions with advanced detection and response, along a managed service with an expert threat-hunting and remediation team.<\/p>\n<p>Sophos Intercept X Advanced with XDR and MTR turned out to be the right choice. The solution uses artificial intelligence (AI)-driven analysis and rich data sets for automatic detection, investigation, and prioritized response to a broad scope of potential threats\u2014from ransomware to known and unknown malware. Another key component of the solution is managed threat response, a 24\/7 service which draws on the knowledge and experience of an elite team of threat hunters and analysts who not only track down security issues but also act swiftly to neutralize threats. These combined capabilities enabled Endsight to augment their capabilities and extend their team.<\/p>\n<h2>How does Sophos shut down a breach and enable faster recovery?<\/h2>\n<p>One of the breaches occurred at an insurance company: it affected nine servers and involved data exfiltration. Once the Sophos MTR team detected the breach, the servers were isolated from the network and shut down, and the threat was contained in just a matter of a few hours\u2014before any more damage was done.<\/p>\n<p>\u201cIt was all hands on deck on a Friday afternoon for Endsight and Sophos. Sophos MTR was indispensable, enabling us to isolate, perform forensics, and retrieve files. It opened up a whole new toolset for us.\u201d says Dolphin. \u201cAs our team rebuilt and restored the servers, we were able to maintain business continuity for our client.\u201d<\/p>\n<p>After Endsight completed reconstruction and restoration of the servers, they redeployed Sophos MTR to make sure there were no traces left of the threat.<\/p>\n<p>\u201cWhen the Hafnium group of threat actors compromised our clients, our existing antivirus was dormant\u2014it didn\u2019t detect anything,\u201d he says.<\/p>\n<blockquote><p>\u201cSophos Intercept X Advanced with XDR and MTR, on the other hand, makes a lot of noise when it detects things\u2014and this helped us turn the corner and evolve into more of a proactive security group.\u201d<\/p><\/blockquote>\n<p>He further points out that Sophos solutions has helped the Endsight security team formulate a response plan. Not only does the team receive meaningful and actionable insights, they have the Sophos MTR team of experts on hand 24\/7 to respond to issues when they arise.<\/p>\n<p>\u201cThe Sophos MTR managed services team responds much faster than we can. They immediately detect threats and suspicious activities, block them, and then let us know what remediation steps we needed to take,\u201d he observes.<\/p>\n<h2>How has Sophos reshaped Endsight\u2019s business?<\/h2>\n<p>Sophos endpoint solutions have enabled Endsight to take a quantum leap toward their goal of scaling up to a 24\/7 security operations center (SOC). Thanks to Sophos, Endsight now offers reliable and ongoing incident response, which enables them to fully move their business from an MSP model to a managed security services provider (MSSP) model in the near future.<\/p>\n<p>To promote these new capabilities, Endsight worked closely with the Sophos team to present its clients with a webinar that outlined the benefits of Sophos Intercept X Advanced with XDR and MTR and how it would fit into their organizations. Hundreds of people participated in the live event, and those who missed it, signed up to watch the recording.<\/p>\n<p>\u201cSophos helped us explain to our clients that this is something we have to do for everybody\u2014and it went over very well. Our client could see the strength of the partnership we have with Sophos, which gave them a high degree of confidence in us and in Sophos solutions. Once the message was communicated, we were able to start deploying the Sophos MTR across the board very quickly. We feel good about that decision\u2014and we haven\u2019t had a major breach since,\u201d says Carroll.<\/p>\n<p>Carroll further remarks that Sophos MTR is a great fit for clients who are eager to step up their security. They like the idea of Endsight having a third-party component.<\/p>\n<p>\u201cSomething we conveyed to customers is that breaches tend to happen after hours or on the weekend when folks aren\u2019t working,\u201d said Carroll. \u201cThe Sophos MTR team works 24\/7 to contain threats, and then we come in to clean them up with Sophos Support always in the background to help us.\u201d<\/p>\n<p>As Carroll says, times have changed. Threats frequently hit before patches are even released, so it\u2019s critical to have the ability to react in real time.<\/p>\n<p>\u201cBefore Sophos, I don\u2019t think we could responsibly say that we were providing adequate security. Now that 80% of our customers are running Sophos MTR, and 100% are running other components of the Sophos endpoint solution, we don\u2019t have those weekend breaches,\u201d he adds. \u201cWe can execute an immediate response in a client\u2019s environment and lock things down as events are occurring to prevent further harm.\u201d<\/p>\n<h2>How does Sophos keep an MSP\u2019s security team productive and prevent burnout?<\/h2>\n<p>On the heels of the breaches experienced in 2021, Endsight\u2019s internal security team immediately got on board with Sophos and promoted the endpoint solution to clients. Knowing that these serious breaches were thwarted, the team sees that Sophos is doing its job\u2014and that gives them confidence and peace of mind.<\/p>\n<p>\u201cIn keeping with our core values, we want everyone to thrive. Our team\u2019s stress level is much lower if we can eliminate breaches from occurring rather than having fire drills every weekend, where team members give up family time and clients\u2019 businesses are in jeopardy,\u201d says CEO Mike Chaput. \u201cWe have no interest in churning and burning through the great people on our team. Now, with Sophos, the amount of effort required on the part of our team to get issues corrected is greatly minimized.\u201d<\/p>\n<p>Carroll confirms this, noting that internal resources can now spend time on critical preventative activities, such as patching firmware and software in a timely fashion and maintaining infrastructure hygiene, such as ensuring that all tools are running the latest versions in optimal fashion. \u201cRight now, we\u2019re in a really happy place\u2014we\u2019re on an upward spiral,\u201d he says.<\/p>\n<h2>How does Sophos support MSP business growth and expansion?<\/h2>\n<p>Endsight has always regarded its vendors as long-term partners\u2014and that\u2019s especially true for Sophos.<\/p>\n<blockquote><p>\u201cWhat really attracted us to Sophos was its go-to-market strategy. It made a lot of sense to us, allowing us to get the margins we need while enabling us to roll out the solutions in a way that worked for us. Sophos understands the MSP model better than any competing vendors, and this led to a natural partnership,\u201d asserts Chaput.<\/p><\/blockquote>\n<p>He points out that Sophos MTR and EDR technologies provide Endsight with additional revenue\u2014and their clients don\u2019t have a problem paying a small premium for the extra assurance. \u201cAs a trusted advisor to our clients, we want to keep our clients successful by having a strong security posture from the start. We want to put them in a situation where they actually win.\u201d<\/p>\n<p>Sophos has also brought Endsight new business. \u201cNo other vendor has given us leads, and there hasn\u2019t been much alignment with other vendors on go-to-market. We did not choose Sophos because of this, but as it turns out, we have gotten some new clients because of Sophos\u2014and this has been awesome. It\u2019s been a real gift, an unexpected bonus\u2014and a really good one!\u201d Chaput exclaims.<\/p>\n<p>On the technical side, Dolphin appreciates the value he and his team members derive from the weekly calls with the Sophos Account Manager. These regular check-ins provide him and his team with updates on the Sophos product line-up and future roadmap, along with an opportunity to provide constructive feedback.<\/p>\n<p>\u201cWe have a lot of relationships where the account management doesn\u2019t add much value. That\u2019s not at all the case at Sophos. Our account manager created a relationship unlike any relationship we have with a partner right now. That occurred early on and continues to this day,\u201d asserts Carroll.<\/p>\n<h2>What\u2019s on the table for the near future?<strong><br \/>\n<\/strong><\/h2>\n<p>Endsight looks forward to evolving and broadening the scope of its security services and sees immense value in establishing a solid relationship with a vendor like Sophos that offers a comprehensive portfolio of solutions that work together seamlessly.<\/p>\n<p>Sophos Phish Threat is also part of Endsight\u2019s security offering. It helps raise awareness among Endsight\u2019s clientele about today\u2019s highly targeted phishing attacks. Phish Threat enables clients to test their users through customizable phishing attack simulations based on the latest threats. Reporting metrics help clients determine their level of security awareness and identify areas that may need improvement.<\/p>\n<p>\u201cThe number one thing we look for when we evaluate a vendor is integrations, as we have several tools we work with. Sophos does integrations really well. On the technical side, there\u2019s an opportunity for other tools to make it into our main offering\u2014data loss prevention, web protection, and other Sophos products,\u201d says Dolphin.<\/p>\n<blockquote><p>\u201cThe more we explore Sophos, the more we discover tools that are useful for us and our clients\u2014and adding those to our security suite has made it even sweeter.\u201d<\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<p><strong>About the Partner<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5148 alignright\" src=\"https:\/\/testing.eight25sites.com\/en-us\/wp-content\/uploads\/sites\/3\/2022\/07\/Endsight-Logo-2018_1800-w-bk.png\" alt=\"\" width=\"268\" height=\"96\" \/>Located in Northern California, Endsight is a privately held, founder-led IT managed services provider (MSP) with a team of approximately 140 computer enthusiasts and experts who are deeply committed to helping small and medium-size businesses and organizations with 20 to 200 employees thrive with technology. The company also has a presence in Southern California and in Hawaii.<\/p>\n<p>In 2021, Endsight was listed for the 7<sup>th<\/sup> time on the Inc. 5000 list, the most prestigious ranking of the fastest-growing private companies in the U.S.\u00a0Endsight serves more than 400 customers across the commercial and not-for-profit sectors, which amounts to over 10,000 users. While the MSP serves clients across all industries, the primary targeted verticals are law firms and all aspects of the wine business in the Napa and Sonoma regions.<\/p>\n<p>Endsight typically manages the entire IT operation for their clients\u2014from strategy to security to backup and storage. Prior to engaging with Sophos, the MSP\u2019s primary security offerings were antivirus, business continuity with backup, anti-spam, firewall, multifactor authentication, and other custom processes.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Sophos Solutions<\/strong><\/p>\n<p><strong>Next-Generation Endpoint:<\/strong><\/p>\n<ul>\n<li>Sophos Intercept X Advanced with XDR and MTR: 4,220 licenses<\/li>\n<li>Sophos Intercept X Advanced with XDR and MTR for Server: 689 licenses<\/li>\n<li>Sophos Intercept X: 1,322 licenses<\/li>\n<li>Sophos Intercept X Advanced for Server: 185 licenses<\/li>\n<\/ul>\n<p><strong>Next-Generation Firewall:<\/strong><\/p>\n<ul>\n<li>Sophos XG Firewall XGS430: 17 appliances<\/li>\n<\/ul>\n<p><strong>Security Awareness Training:<\/strong><\/p>\n<ul>\n<li>Sophos Phish Threat: 469 licenses<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Endsight is a privately held, founder-led IT managed services provider (MSP) with a team of approximately 140 computer enthusiasts and experts who are deeply committed to helping small and medium-size businesses and organizations with 20 to 200 employees thrive with technology. <\/p>\n","protected":false},"author":11,"featured_media":5147,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[37,298,18,209],"coauthors":[64],"class_list":["post-5143","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources","tag-msp","tag-partner-case-study","tag-partner-program","tag-references"],"_links":{"self":[{"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/posts\/5143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/comments?post=5143"}],"version-history":[{"count":6,"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/posts\/5143\/revisions"}],"predecessor-version":[{"id":5159,"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/posts\/5143\/revisions\/5159"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/media\/5147"}],"wp:attachment":[{"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/media?parent=5143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/categories?post=5143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/tags?post=5143"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/testing.eight25sites.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=5143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}