Skip to content

Sophos Automates SOC Operations: AI Handles Over Half of All Security Incidents

The Bottom Line: Sophos automates over half of its MDR security incidents through AI, while analysts focus on strategic and complex tasks.

Sophos has transformed its Managed Detection and Response (MDR) offering with an agentic SOC model in which artificial intelligence handles routine tasks. Initial results: 52 percent of security incidents are processed entirely automatically.

Sophos now manages approximately 40,000 MDR customers worldwide – a growth of 39 percent compared to the previous year. The company has fundamentally redesigned its security architecture for this: In the agentic SOC model, AI handles processing of large volumes of security events, while human analysts concentrate their expertise on complex analysis, threat hunting, and strategic decision-making.

The Sophos Central platform collects data from endpoints, firewalls, identity management, cloud services, networks, and email systems, creating a unified operational picture. In its first full year of operation, the system processed tens of millions of detections daily, filtered out false positives, and forwarded only genuinely critical incidents. For cases that can be handled automatically, the average response time is 89 seconds from detection to countermeasure.

Sophos distinguishes between two operating modes: In the “Human-on-the-Loop” approach, analysts monitor automated processes; in the “Human-in-the-Loop” model, experts remain actively involved in decisions – such as with novel attack patterns or security-critical situations with high business impact. The underlying AI systems operate within clearly defined rules and are continuously monitored and adjusted.

A structural advantage of the model is that insights from security incidents flow directly into the protective mechanisms of all connected customer environments. This allows organizations of any size to benefit from the same threat intelligence and the same automated defenses that originate from 40,000 customer environments. Sophos plans to expand the agentic operating model to additional product areas in the coming years.


Source: www.it-daily.net · Published 2 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.

Share on: