Sophos has
added internal attack surface management (IASM) to its
Managed Risk offering, giving organizations a clearer view of the risks lurking inside their environments. Powered by Tenable, the new capability brings unauthenticated internal scanning into the fold, allowing organizations to detect issues that don’t require credentials to be exploited, like misconfigurations, open ports, and exposed services.
Lisa Washburn, Senior Director of Product Management at Sophos, explains that “the inclusion of Internal Attack Surface Management capabilities as part of
Sophos’ Managed Risk solution expands risk visibility to potentially exploitable vulnerabilities that may exist on their internal assets, such as open ports, misconfigurations, and weak authentication mechanisms.” She adds that IASM also “enables the discovery of legacy servers, workstations and applications that may no longer be managed, but could be used by an attacker for lateral movement or privilege escalation.”
This update addresses a common and costly problem: most businesses don’t know what they can’t see. According to Sophos’ own research, 40% of ransomware victims were blindsided by unknown exposures. The expanded Managed Risk service aims to close that gap by combining internal and external visibility in one place, paired with practical remediation guidance.
What IASM Brings to the Table
With IASM, Sophos Managed Risk now provides deeper and broader vulnerability management. The unauthenticated scanning feature simulates how an attacker would probe a network from the inside, surfacing exploitable weaknesses without relying on access credentials. Once detected, vulnerabilities are prioritized using AI models that factor in severity, exploitability, and impact, guiding IT and security teams toward the most urgent fixes.
“EASM protects organizations from internet-facing threats by identifying and prioritizing security vulnerabilities and weaknesses on exposed assets,” says Washburn. “IASM protects the internal environment against potential insider threats or against adversaries that have gained initial access to the internal network. Combining Sophos Managed Risk EASM and IASM provides a holistic view of risk exposure when investigating and responding to potential security incidents.”
Scanning is automated and ongoing. Once Tenable Nessus scanners are deployed, organizations can schedule internal scans directly through the Sophos Central console. There’s no change in licensing or pricing; existing customers get access to these new capabilities immediately.
One Platform, Unified Risk Insight
Sophos has taken a different route from other vendors that split internal and external attack surface management into separate products. Managed Risk delivers both views through one integrated service. The platform is also backed by Sophos’ MDR expertise and a team certified in Tenable technologies, ensuring tight coordination between risk identification and incident response.
Washburn points out that “Sophos Managed Risk works in conjunction with Sophos MDR to provide relevant vulnerability and exposure information to further protect Sophos MDR customers from threats.” Customers can manage Managed Risk and MDR cases in a shared interface within Sophos Central, making it easier to investigate threats and escalate issues directly to Sophos experts.
For Sophos partners, the combined EASM and IASM capabilities also create a more complete offering. “The expansion of Sophos Managed Risk will provide Sophos’ partners with a comprehensive vulnerability management solution that meets the needs of organizations seeking a solution that fully addresses both external and internal weaknesses,” Washburn says.
