Intercept X Advanced with XDR
Upgrade Your IT Security Operations
IT security operations takes up a significant part of most IT administrators’ time. Keeping employees’ devices efficient, patched, and up-to-date can be particularly time-consuming. Easily identifying which devices need attention, and what action needs to be taken to fix them, adds an additional challenge.
With Sophos XDR you can do exactly that. Using powerful querying and remote access capabilities you can:
- Quickly find devices that need actioning
- Remotely access and remediate devices
- Perform core IT security operations tasks more efficiently
Maintain IT Hygiene
Sophos XDR gives you the tools to ask key questions that are vital parts of IT security operations hygiene. Use flexible SQL queries to quickly interrogate your endpoints and servers and locate devices that need actioning. You get access to a library of fully customizable queries as standard, or if you prefer to write your own, the sky is the limit.
Example questions include:
- Why is a machine running slowly? Is it pending a reboot?
- Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?
- Are there programs running on the machine that should be removed?
- Is remote sharing enabled? Are unencrypted SSH keys on the device? Are guest accounts enabled?
- Does the device have a copy of a file I am looking for?
Pre-built, fully customizable SQL queries
Up to 90 days fast access, on-disk data storage
Windows, Mac and Linux compatible
1. Identify the task
For example, search for devices that have unwanted programs installed.
2. Ask the question
Leverage a pre-written SQL query to specify which programs you are looking for.
3. Get the results
The query checks your endpoints and servers for unwanted programs and flags a laptop.
4. Take action
Remotely access their device and uninstall the program.
5. Close the gap
From the same management console, you update your web control policies to restrict downloading the unwanted program.
Guided Threat Hunting
The ability to ask detailed questions is also powerful when hunting down suspicious items and evasive threats across your environment. You can track down indicators of compromise with detailed queries to ask questions such as:
- Are processes trying to make a network connection on non-standard ports?
- Have any processes had files or registry keys modified recently?
- Which processes are disguised as services.exe?
In addition, you get access to curated threat intelligence and AI powered detection and prioritization from the experts at SophosLabs, so you know exactly where to start your investigation and what action needs to be taken.
Extended Detection and Response (XDR)
Sophos XDR goes beyond the endpoint pulling in rich network, email, cloud*, and mobile* data sources to give you an even broader picture of your cybersecurity posture. You can quickly shift from a holistic view down into granular detail. For example:
- Cross reference indicators of comprise from multiple data sources to quickly identify, pinpoint and neutralize a threat
- Use ATP and IPS events from the firewall to investigate suspect hosts and identify unprotected devices across your estate
- Understand office network issues and which application is causing them
- Identify unmanaged, guest and IoT devices across your organization’s environment
Multi-platform, Multi-OS Support
Sophos XDR helps keep your IT operations hygiene top of class across your entire estate. Inspect your endpoints and servers, both on-premises and in the cloud, across Windows, MacOS and Linux operating systems.
As part of Intercept X and Intercept X for Server, you also get access to advanced protection against the latest, never-seen-before threats, ransomware, and file-less, memory-based attacks.
|Intercept X Advanced||Intercept X Advanced with XDR|
|IT security operations hygiene
|Guided threat hunting
(inc. app control, behavioral detection and more)
(inc. deep learning, anti-ransomware, fileless attack protection and more)
|Server specific functionality
(inc. whitelisting, file integrity monitoring and more)