Sophos Strengthens Security with Internal Attack Surface Monitoring
Cybersecurity firm Sophos has announced the integration of Internal Attack Surface Management (IASM) into its Sophos Managed Risk service. The newly added feature leverages technology from Tenable, a well-known name in vulnerability management.
In a statement released on Sunday, July 20, Sophos explained that many organizations are unaware of the internal weaknesses within their systems. “With this new feature, internal flaws and risks can now be identified more effectively,” the company noted.
According to the Sophos State of Ransomware 2025 report, 40% of organizations affected by ransomware in the past year fell victim due to vulnerabilities within their own infrastructure. To address this, the enhanced Sophos Managed Risk service will now monitor both external and internal threat surfaces, enabling better preparedness against potential cyberattacks.
Describing the advantage of the IASM feature, Sophos added that it allows organizations to analyze system risks just like an external hacker would—without requiring any credentials or privileged access. This proactive capability enables institutions to detect and address internal vulnerabilities before they can be exploited.
