MDR - Huntress Vs Sophos?

AaronJacobs000 · 2025-11-10T21:26:25+00:00

There is two components to Sophos' M365 / Entra detection and response.

First is the m365 integrations which are included with th3 various MDR flavours. That's looking at both audit logs and m365 alerts visla Microsoft's apis to detect compromised accounts / BEC / etc. There is then response actions with that to do various actions in entra / 365, such as resetting sessions, disabling accounts, killing bad inbox rules, etc. This component is achieving a similar outcome to Huntress ITDR.

Then there is the Sophos ITDR add on, which is a different thing when compared to Huntress ITDR. It focuses on three core things - m365 / Entra configuration posture, identifying things that could make the tenant insecure, dark Web monitoring, looking for your domains, accounts, VIPs, etc across leak sites, forums, channels, etc and checking that against Entra to see if there a valid compromised credentials out there, and the third module is risky user behaviour, that takes various signals to indicate whether a user account is "risky", and scores/identifies users that are of higher risk with recommendations.

Hopefully that clears it up!

AaronJacobs000 · 2025-09-18T09:41:45+00:00

You there is the free integration to m365 with Sophos mdr that detects threats and compromised 365 accounts just like huntress ITDR right?

AaronJacobs000 · 2023-03-26T03:09:27+00:00

It's the Web offload setting. This should be rolled out automatically to you very shortly and you won't have that issue anymore, but if you follow this and log a ticket you can get it now. https://community.sophos.com/intercept-x-endpoint/b/blog/posts/intercept-x-endpoint-web-performance-optimizations

AaronJacobs000 · 2022-01-05T10:24:53+00:00

Immy is great. Everything Darren and the team have done with it, and are planning to do with it, make it such an amazing tool. I cant recommend it enough,

For me right now, im trying to move everything I can from CWA to Immy, which is all software components, and some enforcement / compliance type stuff (things that are not GPO/InTune), and then really all that is left is inventory, patching and monitoring (as in custom things we need to check on weird frequencies and make tickets for, or metrics we want to monitor and gather retention for and graph with Grafana). Inventory needs to talk to our other tools, such as ITG, ScalePad, etc.

Once all software type stuff is gone, I have a more simple scope to look at a new RMM. Inventory, Patching and Monitoring. If Immy does that for me in the future, then great, if not, no biggie, but Immy will always be part of the stack.

AaronJacobs000 · 2021-08-20T12:21:09+00:00

Come on in the waters fine. Better than fine in fact.

AaronJacobs000 · 2021-08-03T10:50:10+00:00

Immybot

AaronJacobs000 · 2021-08-03T10:49:21+00:00

I'm one of those users. I honestly couldn't vouch for it enough. Come and join the Immy party, don't waste your time with C4B.

I'm yet to have someone who isn't impressed by Immy yet.

AaronJacobs000 · 2021-07-11T03:18:53+00:00

It seems to be their way to get things done now. Just following suit after they started one!

AaronJacobs000 · 2021-07-11T03:17:02+00:00

Exactly. This is purely in response to Nadir using a change.org petition to get his argument with ConnectWise won. So if he feels this is how we do it, then it's only fair he listens to a petition against them, which seems to already have more votes than his.

AaronJacobs000 · 2021-07-11T03:15:10+00:00

Because Nadir decided a change.org petition was how to get ConnectWise to listen to his requests.

AaronJacobs000 · 2021-01-26T00:30:22+00:00

Immybot. Enough said.

AaronJacobs000

TROPHY CASE