Sophos has just elevated its cybersecurity offerings with a significant enhancement to its Managed Risk service: the addition of Internal Attack Surface Management (IASM), powered by Tenable’s Nessus scanner technology. As of July 7, 2025, this upgrade equips organizations with a comprehensive view of both internal and external vulnerabilities, enabling proactive hardening before attackers can exploit critical weaknesses. The integration supports both existing and new customers at no additional cost or licensing change, marking a strategic advance in threat exposure management.
Why Internal Attack Surface Management Matters
Organizations today often overlook the risks within their own networks. According to Sophos’s State of Ransomware 2025 report, nearly 40% of ransomware incidents stemmed from vulnerabilities already present in environments that security teams did not track . Attackers may breach the perimeter and then navigate laterally across unprotected systems, exploiting misconfigurations, open ports, outdated servers, or weak authentication.
IASM fills this visibility gap. Unlike external scans, internal unauthenticated scanning treats the system as if it were an external threat, probing without credentials. This style of scanning reveals what can be accessed at the network-level—exposed services, configuration flaws, and legacy endpoints—empowering security teams to take immediate remediation .
All-in-One Risk Visibility
What sets Sophos’s IASM apart is its integration into the existing Managed Risk service. Instead of purchasing separate External Attack Surface Management (EASM) and internal tools, organizations now benefit from a unified dashboard delivering prioritized risk insights, contextual guidance, and seamless data sharing with Sophos Managed Detection and Response (MDR) analysts .
Sophos leadership emphasizes this tight coupling: customers can view vulnerabilities in one console, and MDR teams can include them in incident response. This holistic approach ensures that both internal issues and internet-facing exposures receive coordinated attention and remediation efforts .
Sophisticated AI Prioritization
Built-in AI models classify vulnerabilities not just by severity, but by context—likelihood of exploit, asset value, and threat landscape. This intelligence-driven prioritization guides teams to focus remediation where it matters most, rather than chasing every low-threat finding .
Powered by Nessus, the IASM feature offers continuous automated scans scheduled from Sophos Central. Scans run without credentials, requiring only the deployment of scanners within the environment. The result: consistent and real-time visibility without burdening internal resources .
No Hidden Costs, Immediate Access
Organizations with existing Sophos Managed Risk licenses can immediately deploy IASM at no additional cost. By installing Tenable Nessus scanners and enabling scheduled scans, teams unlock internal scanning capabilities via Sophos Central. This means quicker onboarding and faster access to coverage without financial or technical trade-offs .
For channel partners and Managed Service Providers (MSPs), this enhancement unlocks added value. MSPs can deliver layered risk monitoring—identifying internal and external threats—and upsell remediation or consulting services. The unified platform helps partners differentiate their offerings and foster longer customer relationships .
Real-World Impact and Future Direction
Security analysts report that internal scanning like this dramatically reduces ‘blind spot risk.’ It’s easier to misconfigure a forgotten database port or expose a legacy file-sharing service than to miss a public-facing vulnerability. With IASM, teams can discover dormant, high-risk systems before they are weaponized .
Sophos has also emphasized future enhancements: reducing GPU memory use via smarter caching, enabling GPU compute for path rasterization (relevant to user interface performance), and expanding platform reach to encompass Windows, Linux, and cloud-native systems . For continued growth, Sophos will likely evolve this model to include credentialed scanning, automated patch orchestration, and deeper cloud environment integration.
What This Means for Your Organization
If you already use Sophos Managed Risk or Sophos MDR, deploying Nessus-based IASM infrastructure can be done in days. Once operational, teams gain real-time insight into internal exposures alongside perimeter risk, with intelligent dashboards and guided remediation advice.
Protecting modern infrastructure means acting on threats before they manifest. With IASM, Sophos empowers clients to detect, prioritize, and neutralize internal vulnerabilities—closing critical avenues of attack.
Conclusion
Sophos’s integration of Internal Attack Surface Management into its Managed Risk service represents a strategic leap forward for integrated cybersecurity. By combining internal vulnerability scanning with existing perimeter risk intelligence and MDR capabilities, organizations can now achieve 360-degree visibility into their threat landscape.
This update delivers real-world benefits without added cost—greater security coverage, streamlined remediation, and better alignment between risk identification and response. As cybersecurity threats grow more complex, measures like IASM will be essential in defending modern networks against sophisticated attackers.
