Sophos MTR (Managed Threat Response) is a fully-managed threat hunting, detection and response service that fuses machine learning with human analysis for an evolved approach to proactive security protection. It combines Sophos’ consistently top-rated endpoint and intelligent EDR with a world-class team of experts to neutralize the most sophisticated and complex threats that can go undetected.
This article show guide 4 steps to deploying Sophos MTR for organizations.
How to configure
Step 1: Create Sophos Central account.
This link below show how to create a Sophos Central account.
Step 2: Apply license MTR.
At the Sophos Central dashboard move to the upper left corner, click the drop-down arrow at the email used to create an account. Select Licensing.
Click Apply License Key
License MTR after apply will show in License Detail.
Step 3: Configure Sophos MTR.
Next, you must provide information about Authorized Contacts (Email, Name, Phone number) so that Sophos MTR can contact when detects threats and takes action. You can provide up to 3 contacts, sorted by Primary> Secondary> Tertiary priority.
Srcoll down Threat Response Mode: You can choose how Sophos MTR responds to threats.
+ Notify: Sophos MTR notify you about the detection and provide details to help you with prioritization and response.
+ Collaborate: Sophos MTR work with your internal team or external point of contact to respond to the detection.
+ Authorize: Sophos MTR handle containment and neutralization actions and inform you of the action taken.
You can change the Authorize Contacts and Threat Response Mode by go to Global Settings > General > Managed Threat Response Preferences.
Step 4: Deploy Sophos MTR.
Go to Device Protection. In Endpoint Protection, click Download Complete Windows / macOS Installer to install for computer.
For Servers go to Server Protection, click on Download Windows / Linux Server Installer.
After the installation is complete on the Computer and Server to check you go to the Devices. Select the Computer and Server tab all computer and server name you install show in list below.
Here you can see that the computer with the user is katelyn just applied the Endpoint license, to apply the Intercept X and MTR license, click icon “+” below the MTR.
In Intercept X, select katelyn computer name in the Eligible Computer table, click the arrow “>” to switch to Assigned Computer table.
Moving down to Managed Threat Response do the same thing Intercept X. Click Save.
Results: Computer katelyn have been applied with Intercept X and MTR licenses.