Built for IT Security Operations and Threat Hunting
Leverage endpoint, server, firewall and other data sources
Add Expertise Not Headcount
30 days of cloud storage and 90 days on-disk data retention
EDR Starts With the Strongest Protection
Invest in a security ecosystem
Sophos EDR gives you the tools to ask detailed questions when hunting down threats and strengthening your IT security operations posture.
You get access to powerful, out-of-the-box, customizable SQL queries that access up to 90-days of endpoint and server data, giving you the information you need to make informed decisions.
Example questions include:
- Why is a machine running slowly? Is it pending a reboot?
- Which devices have known vulnerabilities, unknown services or unauthorized browser extensions?
- Are there programs running on the machine that should be removed?
- Are processes trying to make a network connection on non-standard ports?
- Have any processes had files or registry keys modified recently?
With Intercept X it is easy to take action even if the device requiring attention is not physically present. From the same cloud management console you can remotely access devices in order to perform further investigation, install and uninstall software, or remediate any additional issues.
Using a command line tool you can:
- Re-boot devices
- Terminate active processes
- Run scripts or programs
- Edit configuration files
- Install/uninstall software
- Run forensic tools
- Ask detailed questions to hunt threats and uncover IT operations issues
- Out-of-the-box, fully customizable SQL queries
- Up to 90 days fast access to current and historical on-disk data
- Respond with precision using a command line tool
- Remotely access devices to perform further investigation, install and uninstall software, or remediate any additional issues
- Automated expertise to replicate the roles of hard-to-find security analysts
- On-demand threat intelligence curated by SophosLabs
- Reverse engineer files with machine learning-based malware analysis
Exploit techniques are commonly used to break into organizations. Intercept X uses exploit prevention to stop these dangerous attacks
Stop real-world hacking techniques used for credential harvesting, lateral movement, and privilege escalation
Multi-platform, Multi-OS Support
Sophos EDR gives you the tools you need for advanced threat hunting and IT security operations hygiene. Inspect your endpoints and servers, both on-premises and in the cloud across Windows, MacOS*, and Linux operating systems.
As part of Intercept X and Intercept X for Server you also get access to advanced protection against the latest, never-seen-before threats, ransomware and fileless, memory-based attacks.
|Intercept X Advanced||Intercept X Advanced with XDR|
|IT security operations hygiene
|Guided threat hunting
(inc. app control, behavioral detection and more)
(inc. deep learning, anti-ransomware, fileless attack protection and more)
|Server specific functionality
(inc. whitelisting, file integrity monitoring and more)