Maintain IT Hygiene

Sophos XDR gives you the tools to ask key questions that are vital parts of IT security operations hygiene. Use flexible SQL queries to quickly interrogate your endpoints and servers and locate devices that need actioning. You get access to a library of fully customizable queries as standard, or if you prefer to write your own, the sky is the limit.

Example questions include:

  • Why is a machine running slowly? Is it pending a reboot?
  • Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?
  • Are there programs running on the machine that should be removed?
  • Is remote sharing enabled? Are unencrypted SSH keys on the device? Are guest accounts enabled?
  • Does the device have a copy of a file I am looking for?
  • Pre-built, fully customizable SQL queries
  • Up to 90 days fast access, on-disk data storage
  • Windows, Mac and Linux compatible

Remotely Respond With Precision

With Intercept X, it is easy to take action even if the device requiring attention is not physically present. From the same cloud management console, you can remotely access devices in order to perform further investigation, install and uninstall software, or remediate any additional issues.

Remote Response uses a command line tool so admins can:

  • Reboot devices
  • Terminate active processes
  • Run scripts or programs
  • Edit configuration files
  • Install/uninstall software
  • Run forensic tools

Quickly Discover and Respond to Potential Issues

Using Sophos XDR to help you quickly perform key IT security operations tasks couldn’t be more straightforward. Here's an example:

1Identify the task

For example, search for devices that have unwanted programs installed.

2Ask the question

Leverage a pre-written SQL query to specify which programs you are looking for.

3Get the results

The query checks your endpoints and servers for unwanted programs and flags a laptop.

4Take action

Remotely access their device and uninstall the program.

5Close the gap

From the same management console, you update your web control policies to restrict downloading the unwanted program.

Guided Threat Hunting

The ability to ask detailed questions is also powerful when hunting down suspicious items and evasive threats across your environment. You can track down indicators of compromise with detailed queries to ask questions such as:

  • Are processes trying to make a network connection on non-standard ports?
  • Have any processes had files or registry keys modified recently?
  • Which processes are disguised as services.exe?

In addition, you get access to curated threat intelligence and AI powered detection and prioritization from the experts at SophosLabs, so you know exactly where to start your investigation and what action needs to be taken.

Extended Detection and Response (XDR)

Sophos XDR goes beyond the endpoint pulling in rich network, email, cloud*, and mobile* data sources to give you an even broader picture of your cybersecurity posture. You can quickly shift from a holistic view down into granular detail. For example: 

  • Cross reference indicators of comprise from multiple data sources to quickly identify, pinpoint and neutralize a threat
  • Use ATP and IPS events from the firewall to investigate suspect hosts and identify unprotected devices across your estate
  • Understand office network issues and which application is causing them
  • Identify unmanaged, guest and IoT devices across your organization’s environment

*Coming soon

Multi-platform, Multi-OS Support

Sophos XDR helps keep your IT operations hygiene top of class across your entire estate. Inspect your endpoints and servers, both on-premises and in the cloud, across Windows, MacOS and Linux operating systems.

As part of Intercept X and Intercept X for Server, you also get access to advanced protection against the latest, never-seen-before threats, ransomware, and file-less, memory-based attacks.

  Intercept X Advanced with XDR Intercept X Advanced for Server with XDR
IT security operations hygiene
tick tick
Guided threat hunting
tick tick
Foundational techniques
(inc. app control, behavioral detection and more)
tick tick
Next-gen techniques
(inc. deep learning, anti-ransomware, fileless attack protection and more)
tick tick
Server specific functionality
(inc. whitelisting, file integrity monitoring and more)

*Mac support coming soon