Sophos Cybersecurity as a Service product name is MDR, and we started using it from last year only. It has been one year now.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
496 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Automated threat response has ensured uninterrupted operations and provides clear 24x7 security visibility
What is our primary use case?
What is most valuable?
I use its automated threat response, which is a key feature of the service.
Sophos Cybersecurity as a Service is taking care of the complete cybersecurity, helping to mitigate potential threats by monitoring the logs and the events 24/7. Whatever events are coming, they are sharing the report over the email. Wherever they need our intervention, they give us the instructions on how to fix it. Otherwise, they take care of the complete security on their own. The MDR team takes care of all the events and every log.
It is about visibility, and the value of deep visibility into my network activities provided by Sophos Cybersecurity as a Service is significant. The reason we shortlisted the product is the reports. They keep sharing every event, every log over the email so that my team can check what the critical things are and where their intervention is required. Otherwise, Sophos Cybersecurity as a Service MDR team takes care of everything. We need not get into each and every event and check what issues are going on. Most of the events are taken care of by Sophos Cybersecurity as a Service team. Only the things which are on our part, for example, any system that needs to be patched or any OS to be upgraded, come to us. Otherwise, Sophos Cybersecurity as a Service MDR team takes care of everything.
What needs improvement?
One feature which we would like to have in the product is the inventory. For example, if I have the agent installed on each machine and server, why can't we fetch the inventory details from the console? If you look at the competition products such as CrowdStrike, they give clear visibility into what software is installed, what legitimate tools are installed, and what software is not even licensed or may not be secure to install. Those things are reported back to the concerned team, maybe the systems teams, and they can use it brilliantly. Unfortunately, Sophos Cybersecurity as a Service doesn't provide that kind of visibility into what software or tools are installed on a particular system. There is a feature which requires running what you call an XG script to fetch those kinds of details. However, it is not on the GUI as other competitor companies are providing. That is the one feature we really miss. In terms of service and support, I don't think there is an issue because it is already a brilliant five-star service support.
The visibility feature that I already mentioned is the only primary feature which we are missing. The rest is absolutely fine. I don't think there is anything else which should be there.
For how long have I used the solution?
We started using it from last year only. It has been one year now.
How are customer service and support?
Technical support by Sophos Cybersecurity as a Service is excellent, and I can grade it as a 10. I don't have one issue with the technical support.
Service support has no problems, and as a product, if you talk about it, there are a couple of features which are missing. I may deduct one and a half points, so I will give them an 8.5.
How would you rate customer service and support?
Positive
What other advice do I have?
The enhanced threat hunting and forensics provided by Sophos Cybersecurity as a Service have significantly helped my organization address cyberattacks. Sophos Cybersecurity as a Service takes care of the XDR logs, and any kind of anomalies or threats which they find, they take care of it. Any policies to be updated, any IP to be blocked, or any source or domain to be blocked, they just intimate to us that these are the things we need to take care of. Most of the things are otherwise taken care of by Sophos Cybersecurity as a Service team on their part.
Most of the things are on-premise, and cloud-based operation for centralized management is not important for my organization since we are not a cloud company. We don't have any payloads on the cloud. We have a small data center where we have multiple servers and everything on-premise only. We are not using any of the cloud security, cloud vertical, or cloud features from Sophos Cybersecurity as a Service. Most of the things are on-premise only.
The metrics I use to measure the effectiveness of Sophos Cybersecurity as a Service threat intelligence capabilities are straightforward. My uptime and business continuity are very important. Since the day we started using Sophos Cybersecurity as a Service MDR, there has not been a single incident. Even before something hits us, they get alerted and they take the required measures.
We are not familiar with SophosLabs Intelix as a threat intelligence platform.
I have given Sophos Cybersecurity as a Service an overall review rating of 8.5.
Proactive Threat Hunting and Seamless Integrations
What do you like best about the product?
I appreciate their proactive human-led threat hunting and the ability to integrate with security tools from other vendors.
What do you dislike about the product?
The high cost of premium tiers and the heavy system resource usage on older machines are significant drawbacks.
What problems is the product solving and how is that benefiting you?
It addresses the global cybersecurity skills gap by providing 24/7 expert threat hunting and immediate incident remediation.
Centralized Security and Effortless Threat Isolation
What do you like best about the product?
best thing is that it is centerlized and if any attack or virus detedted it islotae the system then admin can review all log from central port
What do you dislike about the product?
there is no depth of exclusion if want exlude all subdomain can not use *.domian.com need to manualy define all URL and for some custom app or script that you have to define fix path location otherwise MDR blocck and remove that
What problems is the product solving and how is that benefiting you?
all device log are centlized and i can apply policy from a cental point to all endpoints
Total Peace of Mind with Sophos MDR: 24/7 Security and Clear Alerts
What do you like best about the product?
What I appreciate most about Sophos MDR is that, essentially, I have a team of cybersecurity experts watching my network 24/7, without needing to hire my own staff. Let's be honest: I don't have the budget or the knowledge to maintain a security team that is alert at 3 in the morning monitoring threats.
What really gives me peace of mind is that they not only detect suspicious activities, but they also act immediately. I've been through a couple of situations where they notified me that they had blocked something suspicious and had already taken action before I even found out. It's like having a digital bodyguard that never rests.
Moreover, something that seems simple but is extremely valuable: the alerts I receive make sense. It's not a bombardment of incomprehensible technical notifications that only overwhelm. They clearly explain what happened, what actions they took, and if I need to do anything on my part. For someone who doesn't work in cybersecurity all day, that's priceless. It allows me to focus on my business, knowing that aspect is in the hands of professionals.
What really gives me peace of mind is that they not only detect suspicious activities, but they also act immediately. I've been through a couple of situations where they notified me that they had blocked something suspicious and had already taken action before I even found out. It's like having a digital bodyguard that never rests.
Moreover, something that seems simple but is extremely valuable: the alerts I receive make sense. It's not a bombardment of incomprehensible technical notifications that only overwhelm. They clearly explain what happened, what actions they took, and if I need to do anything on my part. For someone who doesn't work in cybersecurity all day, that's priceless. It allows me to focus on my business, knowing that aspect is in the hands of professionals.
What do you dislike about the product?
Honestly, what impacts me the most is the price. It's not cheap at all, and for a small or medium-sized company like ours, it represents a considerable investment that really affects the monthly budget. Sometimes I question whether we really need such a high level of protection or if we're overpaying, although then I remember the scares we've had and my doubts fade away.
Another thing that frustrates me is the feeling of being too dependent on them. I feel like I've lost some direct control over our own infrastructure. If I want to make any changes or adjust the security settings, I have to request it from their team. Although they usually respond quickly, it's not the same as being able to do it myself at the moment I need it.
Also, at the beginning, the learning curve was quite steep. We had to modify some internal processes and there was some friction with the IT team, as they felt they were being "replaced" or supervised. That created tensions that we had to resolve with a lot of diplomacy.
Lastly, the monthly reports are sometimes too technical. When I have to present them to the board of directors, they don't want to see terms like "IOCs" or "lateral movement"; what they want to know, in clear and simple Spanish, is whether we are protected or not.
Another thing that frustrates me is the feeling of being too dependent on them. I feel like I've lost some direct control over our own infrastructure. If I want to make any changes or adjust the security settings, I have to request it from their team. Although they usually respond quickly, it's not the same as being able to do it myself at the moment I need it.
Also, at the beginning, the learning curve was quite steep. We had to modify some internal processes and there was some friction with the IT team, as they felt they were being "replaced" or supervised. That created tensions that we had to resolve with a lot of diplomacy.
Lastly, the monthly reports are sometimes too technical. When I have to present them to the board of directors, they don't want to see terms like "IOCs" or "lateral movement"; what they want to know, in clear and simple Spanish, is whether we are protected or not.
What problems is the product solving and how is that benefiting you?
Sophos MDR solves my biggest problem: not having the staff or specialized knowledge to defend my company from real cyber attacks. Before hiring them, I slept poorly thinking "what if we get hacked tomorrow and we don't even realize it until it's too late?" We had basic antivirus, firewall, the usual, but I knew that was no longer enough with how sophisticated attacks are nowadays.
The direct benefit is that now I have an expert team actively hunting threats in my network. They don't wait for an alarm to go off - they are looking for strange behaviors, suspicious patterns, things I would never know how to identify. A few months ago they detected a ransomware attempt that was silently moving through the network. They neutralized it before it encrypted anything. If we had relied solely on our internal team, we probably would have realized it when everything was already encrypted and with a ransom note on the screen.
It also solves the problem of regulatory compliance. I work with sensitive customer data and need to demonstrate that I have serious security measures. Sophos MDR gives me the documentation and reports I need for audits and certifications.
And perhaps the most valuable: it gives me time. Before, my IT manager spent his time putting out security fires. Now he can focus on projects that really grow the business, while Sophos takes care of keeping us protected. That's a return on investment that doesn't appear on any spreadsheet but that I feel every day.
The direct benefit is that now I have an expert team actively hunting threats in my network. They don't wait for an alarm to go off - they are looking for strange behaviors, suspicious patterns, things I would never know how to identify. A few months ago they detected a ransomware attempt that was silently moving through the network. They neutralized it before it encrypted anything. If we had relied solely on our internal team, we probably would have realized it when everything was already encrypted and with a ransom note on the screen.
It also solves the problem of regulatory compliance. I work with sensitive customer data and need to demonstrate that I have serious security measures. Sophos MDR gives me the documentation and reports I need for audits and certifications.
And perhaps the most valuable: it gives me time. Before, my IT manager spent his time putting out security fires. Now he can focus on projects that really grow the business, while Sophos takes care of keeping us protected. That's a return on investment that doesn't appear on any spreadsheet but that I feel every day.
Peace of Mind with Proactive Human Oversight
What do you like best about the product?
What I like best is peace of mind. The human layer on top of software detection so that if something is off, its investigated instead of juust generating noise.
What do you dislike about the product?
Obviously cost is an isssue, it's much more pricey than some other services. Also, there's a pretty big learning curve especially if you're not already in the Sophos ecosystem.
What problems is the product solving and how is that benefiting you?
Sophos MDR solves the problem of limited time and expertise to monitor and respond to threats around the clock. We're able to deploy enterprise level protection to smaller businesses and it adds a credibility to my team.
Quick Response and 24/7 Monitoring that Provide Peace of Mind
What do you like best about the product?
What I value most about Sophos MDR is the speed with which it identifies and responds to incidents. The team conducts constant monitoring 24 hours a day, 7 days a week, and maintains clear communication, which gives me a lot of peace of mind and helps reduce risks.
What do you dislike about the product?
The only thing that doesn't convince me is that certain notifications are somewhat technical, and to understand all the details, it's necessary to check the console. It would be better if it were more accessible for those who don't have technical knowledge.
What problems is the product solving and how is that benefiting you?
Sophos MDR has allowed us to identify and respond to threats in real time, something we couldn't achieve as quickly internally. Thanks to this, we have reduced risks, avoided serious incidents, and can operate more securely without the need for our own SOC.
Effortless 24/7 Cybersecurity Monitoring for Our Clients
What do you like best about the product?
It helps us keep eyes on our clients' cybersecurity 24/7 without actually having to use internal staff to do so.
What do you dislike about the product?
No real downsides that I've noticed. There's a little extra setup involved but nothing major.
What problems is the product solving and how is that benefiting you?
It essentially monitors our clients for us, using actual humans and not just predefined alert systems, which gives us more peace of mind for our clients' cybersecurity.
Solid Security Integration with High Resource Usage
What do you like best about the product?
I truly appreciate the seamless integration Sophos MDR offers with our existing Sophos products, making deployment hassle-free and straightforward. The 24/7 security coverage provides continuous monitoring and alerts us promptly to any suspicious activity, ensuring our network's safety and allowing us to track and resolve issues efficiently. The daily custom email reports further enhance our operational efficiency by keeping us regularly informed. Additionally, Sophos MDR's ability to lock down machines quickly when needed adds an extra layer of security and peace of mind.
What do you dislike about the product?
I don't like how resource-intensive the product is, as the agent seems to use a lot of resources on machines.
What problems is the product solving and how is that benefiting you?
I find Sophos MDR provides necessary security posture and alerts us to user activities, enhancing our security operations and giving us confidence in monitoring and threat detection.
Efficient and Responsive MDR Solution
What do you like best about the product?
Sophos MDR is easy to use and set up. It works in the background all the time to watch for any threats, and the support team is always ready to help. It keeps our systems safe without us having to worry about security all the time
What do you dislike about the product?
We haven’t encountered any major drawbacks. The service has been reliable and effective in protecting our environment
What problems is the product solving and how is that benefiting you?
Sophos MDR continuously monitors our systems and responds immediately to any suspicious activity, ensuring our network stays secure and letting us focus on business without worrying about cyber threats.
Sophos MDR: Expert Security You Can Trust
What do you like best about the product?
I like that Sophos MDR provides round-the-clock monitoring by real experts who not only detect threats but also take action to stop them. It feels like having a full security operations center on my side, without the need to hire one in-house. What impressed me the most about Sophos MDR is how seamlessly it blends human expertise with technology-driven insights. Instead of only relying on automated alerts, their team actively investigates unusual activities, which eliminates the typical "alert fatigue" many IT teams face. It feels less like outsourcing a service and more like extending your security team with highly skilled professionals.
What do you dislike about the product?
Honestly, there’s very little to dislike about Sophos MDR. If I had to mention one thing, it would be that sometimes the detailed reports can be very technical for non-IT stakeholders. However, this is a minor point, as the team always provides clear explanations and guidance
What problems is the product solving and how is that benefiting you?
Sophos MDR solves the problem of alert overload and limited visibility into threats. Instead of my team chasing false positives, Sophos experts investigate and respond immediately. This reduces downtime, improves security confidence, and allows us to focus on business growth instead of chasing incidents.
showing 1 - 10