• Ipswich, Suffolk HQ Cybersecurity partner Spear Shield, customer testimonals

    24/7 MDR

    Reduce Risk. Increase Efficiency. Improve Insurability. 
    Human-led threat hunting and incident response providing 24/7 security as a service.

Why organisations are taking a security as a service approach

24/7 Human-Led 
Threat Response

$1M Breach Protection Warranty

3rd Party Integrations 
incl Microsoft 365

Trusted by 19K 
customers globally

500+ Threat 
Response Experts

7 Global SOCs

How does it work?

Outsource your security operations to a team of global cybersecurity experts that monitor your environment 24/7. If a threat is detected, action is taken immediately and you are notified. Our experts can eliminate the threat, identify the root cause, and provide guidance on stopping similar threats in the future.

Step 1. Ingest Telemetry

Sophos' patented Security Event Flow is a key element of the MDR service. Telemetry from across the security environment, including Microsoft Defender, is ingested by the Sophos data lake and then processed through a detection pipeline, which converts the huge volumes of Microsoft and third-party alerts into usable, prioritised insights that enables the MDR Ops Team to investigate and respond effectively. 

Step 2. Remove the noise

Telemetry from across your security environment incl 32 billion other security events processed daily by the Sophos MDR Ops Team is processed through the detection pipeline, which includes:

Ingest & Filter– Ingest telemetry and filter out unwanted noise

Clean – Transform data into normalised schema and map to MITRE ATT&CK

– Add additional third-party threat intelligence and business context information

– Cluster alerts based on entities, MITRE ATT&CK categorisation, and time Prioritise – Score alerts and clusters to rank in order of prioritisation

– Apply logic to escalates clusters into cases for investigation 

Step 3. Who takes what action?

19,000+ Organisations across all sectors use the Sophos MDR service, from small companies with limited or no IT resource to large enterprises with an in- house SOC group. The three most popular MDR response models are:

  • Sophos MDR completely manages threat response on behalf of the customer

  • Sophos MDR works with the in-house team, co-managing threat response

  • Sophos MDR supports and supplements the in-house team, alerting them to incidents that require attention and providing threat insights and remediation guidance 

All response modes are included as part of the service and are completely interchangeable. 
Customers can choose a scheduled approach i.e Collaborate with my internal IT Team Mon-Fri 9-5 but anything outside of that, authorise response actions on my behalf.
Step 4. Response

This unique combination of human, technology, and threat expertise enables the MDR Ops Team to deliver a world-leading incident response time of just 38 minutes that, in turn, drives superior cybersecurity outcomes:

Mean Time To Detect (MTTD): 1 Minute
Mean Time To Investigate (MTTI): 25 Minutes
Mean Time To Respond (MTTR): 12 Minutes

Spear Shield's portfolio of cybersecurity solutions and services

THE are a fast growing business and it was important to find a security solution and service that can scale with our business growth. Being able to respond to cyber threats 24/7, 365 days of the year is a must have to protect our network, people and data that are based all over the world. 

​We consulted with our trusted security partner Spear Shield, who worked closely with us from the pre-sales stage to post-sales support helping us get set up. It's great to have one less thing to worry about knowing that the Sophos MDR Ops Team are hunting and responding to cyber threats on our behalf.

A. Foreman. Head of IT at Times Higher Education

How do Sophos MDR integration packs work?

Integrate your entire security environment with over 50+ supported integrations.

Spear Shield's portfolio of cybersecurity solutions and services
Endpoint Integration Packs

No Sophos? No problem. Whilst customers can choose to utilise Sophos' industry leading Endpoint agent and save on existing renewals elsewhere, you can choose to keep your own 3rd party endpoint protection if you wish. The MDR Service is compatible with Microsoft Defender, Crowdstrike, SentinelOne, Trend Micro, BlackBerry (Cylance), Broadcom (Symantec, and more.

Email Integration Packs

Interested in pulling telemetry from M365 and your 3rd party Secure Email Gateway (SEG)? Add the Email Integration pack to expand visibility to include the telemetry from Microsoft, Proofpoint, Mimecast and more. x1 Email integration pack will cover you for multiple email security vendors you may have in your environment.

Firewall Integration Packs

Interested in pulling in your Network telemetry? Add the Firewall Integration pack to expand visibility to include the telemetry from Palo Alto, Fortinet, Checkpoint and more. x1 Firewall integration pack will cover you for multiple firewall security vendors you may have in your environment. i.e Palo's on the perimiter and Checkpoints internally? No problem, with x1 Firewall integration pack you're covered.

Network Integration Pack

Interested in pulling in your Network telemetry? Add the Network Integration pack to expand visibility to include the telemetry from Darktrace, Vectra AI and more. x1 Network integration pack will cover you for multiple Network security vendors you may have in your environment. Don't currently have a 3rd party one? Speak with the team about Sophos NDR (Network Detection Response) today.

Seven were looking for a local partner that could assist us with enhancing our cyber security across the group and we approached Spear Shield for an initial discussion. We were impressed with their knowledge, product awareness and importantly, the approachability of the team, and we quickly built up a good business to business relationship.

​Subsequently, Spear Shield have now run a succesful phishing email campaign for us to highlight awareness and compliment training, as well as assisting us in replacing our threat protection across the entire business with a Sophos solution.

​With other plans for the future, we look forward to continuing to work with Spear Shield and would recommend them to other local businesses.

J. Farthing. Group IT Manager at Seven Group

Securing with Spear Shield and Sophos

Spear Shield are an award winning Sophos Partner with over 20+ years combined experience working with (and for!) Sophos.
Here are a few reasons why customers choose to secure with Spear Shield and Sophos.

Access to the best commercials

Spear Shield has the flexibility to offer our customers the best commercials available on Sophos' term based licensing agreements or, can offer our customers an MSP, pay as you go model backed up by Spear Shield's in-house team of Sophos Certified Engineers and Technical Architect.

Internal business case building

The team at Spear Shield will work with you to help you articulate the risk you've identified in a language your board will understand. Whether that's through a full business case style proposal or specific cyber risk quantification to help highlight the benefits to your organisation to help you achieve commercial sign-off.

Threat Intelligence

Sophos X-Ops brings together deep expertise accross the attack environment to help our customers defend against even the most advanced threats.

- Deep malware analysis and response expertise from the SophosLabs threat experts

- Real-time intelligence from the Sophos MDR Threat hunting and neutralisations specialists

- The frontline incident response experience of Sophos Rapid Response team

- World-leading deep learning capabilities from Sophos AI

- Security operations expertise from the team running Sophos' own security operations and defences

Adaptive Cybersecurity Ecosystem

Sophos ACE brings together the power of Sophos' threat intelligence, next-gen technologies, data lake, APIs, and Sophos Central management platform, creating an adaptive cybersecurity ecosystem that constantly learns and improves.

It helps our customers broaden the scope of their security investments and addresses the new reality of human-led hacking while supporting today's interconnected, digital world.

What are my options for Security Operations?

Protection Only

Suitable for:

All organisations

Do it yourself

Threat Hunting Requires: EDR/XDR

Suitable for organisations with internal IT Security resource

Done for you

Threat Hunting

Includes: Endpoint Protection, EDR/XDR

Suitable for any organisation from those with minimal to no internal IT team to those with a full internal SOC to use as an overlay

In an emergency

Reactive Threat Hunting in an emergency.

Includes 45 days of 24/7 Monitoring and Response (MDR)

Cyber Threat Intelligence


Root cause of ransomware attacks is exploitable vulnerabilities

10pm - 6am

64% of Incident Response cases started deployment between these hours


of the working week has no one available to response unless you have 24/7 SecOps

11 days

Median attacker dwell time

Achieving Security Outcomes Together

Spear Shield's portfolio of cybersecurity solutions and services


The team at Spear Shield have several year's experience working within both the private and public sector, have a very consultative approach and would welcome the opportunity to learn more about your organisation.

Why customers Secure with Spear Shield

Over 20+ Year's Experience

Working within the private sector, public sector and large enterprise to help organisations solve complex and advanced cybersecurity challenges.

Strategic Portfolio

The team at Spear Shield have done the hard work evaluating the market, understanding the pro's, con's of each solution and what's going to provide the best security outcomes and value for investment so you don't have to.

In-House Technical Expertise

Our customer's benefit from Spear Shield's in-house technical expertise for both pre and post-sales support

In-House Technical Expertise

Cyber criminals collaborate... so why shouldn't the good guys too? Spear Shield customers benefit from our regularly hosted Security Social.exe free to attend cybersecurity social and networking events. 

Let's crush the bad guys together!

Spear Shield has an award winning portfolio of cybersecurity solutions and services that can help keep your network, people and data secure.

Access to the best Commercials

Spear Shield's relationships and technical investment with our partners enables us to provide our customer's with the most competitive commercials available. 


Everything you need to know about Spear Shield.

Do I have to be a customer to attend a Security Social.exe event?

No you don't! Whilst we'd of course hope that one day you might be... Our Security Social events are to provide people with a platform to network. We've built a community of local based IT professionals in East Anglia and Edinburgh so far where people can come together to share cybersecurity challenges and advice for best practice with one another.

Does Spear Shield offer term-based licensing or MSP?

Here at Spear Shield, we can offer both! Consider us a hybrid MSP and VAR (Value added reseller). We are set-up with our vendors to offer our customers all options to ensure we can align our cybersecurity solutions and services with your preferred budget type. Please speak with the team for details.

Can Spear Shield supply public sector organisations through a procurement framework?

Yes! Spear Shield has routes to market including G-Cloud to be able to supply our public sector customers with our cybersecurity solutions and services. Please speak with the team for details.

Can Spear Shield work with Large Enterprise?

Yes! and we do. Our Team has many, many combined years experience working with some of the largest private sector enterprises across the country to help tackle and solve cyber risk. All of Spear Shield's cybersecurity solutions and services are scalable and enterprise-grade.

Does Spear Shield offer not-for-profit discount?

Yes, the Spear Shield Team will always ensure any eligible not-for-profit and public sector discounts are applied to any quotes for our cybersecurity solutions and services.

What are some of the top cybersecurity threats for 2023?

Here are some of the top cybersecurity threats organisations are facing in 2023. 

Social Engineering
Any network is hackable if an employee can be duped into sharing access.

Third-Party Exposure
Vendors, clients, and app integrations with poor security can provide access to an otherwise well-protected network.

Configuration Mistakes
Your cybersecurity investments are only as strong as they are configured correctly.

Human Activated Risk
User education and visibility for IT is essential to ensure those with network access and those handling sensitive data are maintaining cyber best practices.


Hackers are targeting back-ups and using extortion more and more to push receiving the ransom payment from their victims.

Mobile Devices

Every mobile device is a gateway to your network and sensitive business data.

Lack of resource and expertise

Human-led cyber attacks require human-led threat hunting. Unfortunately, skilled threat hunters are few and far between. 

Internet of Things (IoT)
Smart technology users may not realise that any IoT device can be hacked to obtain network access. Securing your network starts with understanding what's on it.

Is there any obligation when opting for a free cybersecurity service by Spear Shield?

No there isn't! The team will just use that as an opportunity for us to work together on a project and prove the value we can provide you as a future strategic partner.

How can I reduce my employees click-rate?

This is an area where the cybersecurity experts at Spear Shield thrive! We've worked with organisations to help reduce employee click rates from 70+% to 0% without the need for any end-user awareness training.

Online training content doesn't work.

Classroom based training gets forgotten.

Static email banners get ignored.

Speak with the team about real-time end-user awareness training to help mitigate the risk of a phishing attack in your organisation.

Why Spear Shield for Managed Detection Response Services?

The team at Spear Shield are an Award Winning Sophos Partner and have a combined 20+ years experience working with Sophos. Our relationship and technical investment, enables Spear Shield to offer our customers the most competitive commercials available. Sophos is one of the largest providers of MDR across the globe with over 17,000 + organisations using the MDR service and is what powers the Spear Shield 24/7 Managed Detection Response Service.

Why Spear Shield for a Managed Phishing Simulation Service?

Spear Shield's Managed Phishing Simulation Service provides our customers with managed phishing simulations and security awareness training for their users delivered as a fully managed services. Customers benefit from the tailored spear phishing examples that the Spear Shield team can tailor to your organisation and also base our templates on real-world phish that we see that are able to evade detection from 3rd party secure email gateways and Microsoft 365. After each campaign, customers benefit from receiving an executive ready report with all of the information and data required to be able to confidently articulate risk back to the business.

What's included in Spear Shield's Managed Phishing Simulation Service reports?

The cybersecurity experts at Spear Shield will provide you with executive ready reporting with all of the intelligence you require to provide cyber-assurance to your organisation.

- Engagement Overview
- % Click Rate
- No. of Credentials Harvested
- Individual Campaign Performance
- Device Breakdown
- Caught-User Breakdown
- User Behaviours Insights

- Industry Benchmarking
- Consultative Recommendations