Sophos has integrated its Endpoint protection product into all Taegis Extended Detection and Response (XDR) and Managed Detection and Response (MDR) subscriptions. The change means customers automatically receive prevention, detection and response capabilities in a single platform.
The move follows Sophos’ acquisition of Secureworks in February 2025. By combining endpoint protection with Taegis, the company aims to streamline security operations, reduce licensing costs, and improve threat response.
Endpoint protection continues to play a central role in cybersecurity, providing both frontline prevention and the telemetry required for investigation. With the inclusion of Sophos Endpoint, Taegis customers gain ransomware defences, adversary disruption features, and expanded response actions directly within the platform.
Taegis will remain open to other endpoint products, meaning organisations can continue to use alternatives such as CrowdStrike, Microsoft Defender, SentinelOne or Carbon Black. Non-Sophos solutions are supported either through native integrations or detection-only sensors.
Key changes for customers:
-
Cost savings: Sophos Endpoint is included by default in all Taegis subscriptions.
-
Choice preserved: Taegis remains open to third-party endpoint providers.
-
Expanded protection: Features such as CryptoGuard ransomware defence and Adaptive Attack Protection.
-
Workflow continuity: Telemetry feeds directly into existing Taegis detection and response processes.
-
Simplified management: Deployment and policy controls available through the Taegis console.
Customers now have three deployment options:
-
Sophos Endpoint – full native integration with prevention, detection and response.
-
Other native integrations – telemetry ingestion from third-party products.
-
Detection-only sensor – for non-Sophos endpoint solutions.
