Sophos, a security solutions provider, has expanded its Sophos Managed Risk service with the launch of Internal Attack Surface Management (IASM), powered by technology from Tenable.
The enhancement aims to help organizations identify and fix internal vulnerabilities that attackers could exploit. According to Sophos’ State of Ransomware 2025 report, 40% of ransomware victims in the past year were compromised through exposures they did not know about.
“The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,” said Rob Harrison, senior vice president of product management at Sophos. “This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.”
Sophos Managed Risk now combines internal and external attack surface management in one service. The latest release introduces unauthenticated internal scanning, which simulates an external attacker’s perspective without requiring credentials or privileged access. This helps uncover risks such as open ports, exposed services, and misconfigurations.
Key features of IASM include automated internal vulnerability scanning, AI-powered risk prioritization to guide remediation efforts, and the use of Tenable Nessus scanners to detect and assess vulnerabilities. Unlike some vendors that offer separate internal and external management products, Sophos integrates both into a single managed service.
IASM is now available to all new and existing Sophos Managed Risk customers at no additional cost. Organizations can deploy Tenable Nessus scanners and set up automated scans through the Sophos Central console to start using the new capabilities immediately.
The Sophos Managed Risk team, certified by Tenable, also works closely with Sophos’ Managed Detection and Response (MDR) team to assess and investigate environments for possible exploitation of vulnerabilities and zero-day threats.
Follow Back End News on LinkedIn, Facebook, X, YouTube, and TikTok for updates and in-depth coverage across the tech and security landscape.
