New IASM Capabilities Deliver Unified Visibility into Internal and External Vulnerabilities
Sophos has announced a major enhancement to its Sophos Managed Risk service with the launch of Internal Attack Surface Management (IASM), powered by Tenable technology. This new capability provides organizations with unprecedented visibility into internal vulnerabilities, helping them proactively identify and mitigate risks before they are exploited.
The expansion comes at a critical time. According to the Sophos State of Ransomware 2025 report, 40% of ransomware victims were compromised through unknown exposures. Sophos Managed Risk now offers both internal and external attack surface management, giving organizations a comprehensive view of their cyber risk landscape.
“With Sophos Managed Risk, organizations gain an attacker’s-eye view to identify and prioritize remediation of risks before adversaries can exploit them.”
— Rob Harrison, SVP, Product Management, Sophos
IASM introduces unauthenticated internal scanning, simulating an attacker’s perspective without requiring credentials. This allows organizations to detect high-risk vulnerabilities such as open ports, exposed services, and misconfigurations that could be exploited by threat actors.
Key Features of IASM for Sophos Managed Risk:
- Comprehensive Vulnerability Management: Automated internal scans to uncover weaknesses across the network.
- AI-Powered Prioritization: Smart risk scoring to help teams focus on the most critical vulnerabilities.
- Powered by Tenable: Uses industry-leading Nessus scanners for accurate detection and severity assessment.
- Integrated Service Model: Unlike competitors, Sophos offers a unified managed service combining internal and external risk visibility, backed by its world-class MDR team.
The IASM capabilities are available immediately to all new and existing Sophos Managed Risk customers at no additional cost. Organizations can activate the feature by deploying Tenable Nessus scanners and scheduling scans through the Sophos Central console.
This enhancement further solidifies Sophos’ position as a global leader in cybersecurity, following its acquisition of Secureworks earlier this year. With over 30,000 MDR customers and a portfolio that spans endpoint, network, cloud, and identity security, Sophos continues to redefine proactive cyber defense.
