Sophos’ Agentic SOC Compresses Threat Response to 89 Seconds
Sophos MDR grows 39% year-over-year to 40,000 customers, revealing twelve months of production data from the world’s largest SOC
OXFORD, United Kingdom, May 28, 2026 (GLOBE NEWSWIRE) -- Sophos, a global cybersecurity leader, today announced production results from a full year of agentic operation inside Sophos Managed Detection and Response (MDR), now defending 40,000 customers worldwide at 39% growth year-over-year. The results define what an agentic Security Operations Center (SOC) looks like at scale.
The volume of telemetry, complexity of the modern stack, and structural imbalance between cybersecurity demand and available expertise have outpaced what traditional SOC structures can manage, while adversaries adopt AI without procurement cycles or governance friction. Sophos has re-architected the SOC so AI absorbs the volume and senior analysts focus where judgment matters, scaling expert response to organizations that cannot run full security operations in-house. Through Sophos Central—the industry’s first AI-Native Cybersecurity Defense System—endpoint, firewall, identity, SIEM, network, email, cloud, threat intelligence, XDR, and MDR share a unified context lake, integrated AI, and a single workflow. Open by design, it supports 350+ third-party integrations and delivers one of the most complete solutions for Microsoft environments.
For Sophos MDR customers, the outcome is clear: threats neutralized before they disrupt the business, and a defense system that keeps pace with adversaries moving at AI speed.
The production data from the past twelve months sets a new benchmark for managed security operations:
- 89 seconds from case creation to fully automated response. This metric measures how fast the Sophos Central Defense System acts on cases AI is authorized to resolve, translating directly into faster response and stronger resilience against attacks that move at machine speed.
- 52% of MDR cases closed end-to-end by AI, without human intervention required, inside boundaries continuously calibrated by analysts. This metric measures the volume of work AI is doing autonomously, not just alert triage or threat containment.
-
40,000 customers on the agentic model: Every Sophos MDR customer benefits from the same agentic operating model, regardless of size or segment, with intelligence compounding across every threat encountered.
Behind every Sophos MDR case is a Defense System that ingests tens of millions of detections daily, suppresses noise, correlates signals, and surfaces only what warrants action. The result is a sharply narrowed window where AI and human judgment are deployed against threats and the right response is delivered by the right responder.
“The agentic SOC is the new operating model for managed security, and Sophos is defining what it looks like in production,” said Raja Patel, president, Sophos. “When you run the world’s largest SOC, every threat encountered makes every customer’s defense stronger. No other vendor operates with our breadth, from small businesses to global enterprises with tens of thousands of employees, and no other vendor compounds intelligence across that scale. A customer using the Sophos Central Defense System benefits from the learnings of every other customer in it.”
The new operating model for managed security
Sophos operates both a human-on-the-loop (HOTL) and human-in-the-loop (HITL) model within the agentic SOC: human-on-the-loop for the high-volume, well-bounded work where speed matters, and human-in-the-loop for high-stakes decisions where context, business impact, or novel adversary behavior require an analyst’s judgment before action.
AI now handles the volume that previously consumed Tier 1 and much of Tier 2 analyst time. Human analysts have shifted to higher-value work: threat hunting, investigation, customer advisory, and governance of the autonomous systems themselves.
“The 52% gets the attention, but the 48% is just as important,” said Rob Harrison, SVP product management, Sophos. “When AI takes the volume off the human queue, our analysts get the bandwidth to do the work that requires their judgment: the novel attack patterns, the high-stakes decisions, the cases where context and business implications matter. AI speed and human judgment are the two halves of the same operating system, and intelligence compounds across both with every threat we stop.”
Independent validations across the market
Sophos has been recognized as a leader in MDR and across the broader portfolio that supports it:
G2 Summer 2026: ranked #1 across five categories. Sophos was named the top overall solution in Endpoint Protection, EDR, XDR, MDR, and Firewall in the G2 Summer 2026 Reports, which are based entirely on verified customer reviews. No other vendor in the cybersecurity industry has achieved this across all five categories in a single season, and this is the eighth consecutive quarter that Sophos MDR has been named the overall leader.
2026 Gartner® Peer Insights™ Voice of the Customer for Managed Detection and Response (MDR). Sophos was named a 2026 Gartner® Peer Insights™ Customers' Choice in the 2026 Gartner® Peer Insights™ Voice of the Customer for Managed Detection and Response. Sophos had an overall rating of 4.8 / 5.0 based on 290 reviews, making Sophos the most-reviewed vendor in the report.
KuppingerCole Analysts Leadership Compass for Managed Detection and Response 2026. Sophos was recently named an Overall Leader in the KuppingerCole Analysts Leadership Compass for MDR. Sophos was named a Leader in four categories: Overall Leadership, Product Leadership, Innovation Leadership, and Market Leadership.
Extending the agentic model across Sophos’ portfolio
Sophos is extending the agentic operating model across the rest of the company’s portfolio via Sophos Central through 2026. Investments include the integration of XDR and Next-Gen SIEM capabilities into a unified context lake, expansion of Secure AI capabilities for the new generation of customer AI tooling, and the launch of Sophos CISO Advantage in fall 2026, which will bring strategic security guidance to organizations with and without security leadership in place. Each of these capabilities operates on the same agentic foundation and Defense System that Sophos MDR has demonstrated this past year.
To learn more, visit Sophos MDR.
Disclaimer: Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose
GARTNER and PEER INSIGHTS are trademarks of Gartner, Inc. and/or its affiliates.
Gartner, Gartner Peer Insights ‘Voice of the Customer’: Managed Detection and Response, Peer Contributors, 31 March 2026
About Sophos
Sophos, a global cybersecurity leader, defends more than 600,000 organizations worldwide with the industry’s first AI-native defense system: a single, connected architecture where every control point operates as one. Powered by agentic AI and elite human expertise, Sophos detects, investigates, and neutralizes threats before they become business-disrupting events. Working alongside a global ecosystem of managed service providers, resellers, and technology partners, Sophos compounds intelligence from every threat encountered and every environment defended to make every customer’s defense stronger than the last. More information is available at sophos.com.
Media Contact:
Kelly Archer
Sr. Director, Global PR
press@sophos.com
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
