Sophos has added Internal Attack Surface Management (IASM) to its Managed Risk service, using technology from Tenable.
The new feature gives organisations better visibility into weaknesses inside their networks, often overlooked areas. According to Sophos’ State of Ransomware 2025 report, 40% of ransomware victims in the past year were breached through exposures they didn’t know existed.
With IASM, Sophos now offers internal and external attack surface monitoring under a single service. The goal is to help teams find and fix vulnerabilities before attackers can use them.
The latest update includes unauthenticated internal scanning. This simulates an external attacker’s view by identifying exposed ports, misconfigurations and other weaknesses without requiring login credentials or admin access.
Key features include:
- Regular automated scanning to detect internal vulnerabilities.
- Risk-based prioritisation to flag the most serious issues for faster remediation.
- Scanning technology powered by Tenable Nessus, widely used for vulnerability detection.
Unlike other vendors that split internal and external monitoring into separate tools, Sophos bundles both under the same managed service. The IASM feature is part of Sophos Managed Risk and works alongside its MDR service.
The team behind Sophos Managed Risk is certified to use Tenable tools and shares intelligence with the MDR team. This helps identify and respond to active threats linked to known vulnerabilities or zero-day issues.
The IASM features are now live for all existing and new customers. No licensing changes are required. Organisations can use the latest tools by deploying Tenable Nessus scanners and configuring scans through the Sophos Central dashboard.
