Intercept X Advanced with XDR
Upgrade Your IT Security Operations
IT security operations takes up a significant part of most IT administrators’ time. Keeping employees’ devices efficient, patched, and up-to-date can be particularly time-consuming. Easily identifying which devices need attention, and what action needs to be taken to fix them, adds an additional challenge.
With Sophos XDR you can do exactly that. Using powerful querying and remote access capabilities you can:
- Quickly find devices that need actioning
- Remotely access and remediate devices
- Perform core IT security operations tasks more efficiently
Maintain IT Hygiene
Sophos XDR gives you the tools to ask key questions that are vital parts of IT security operations hygiene. Use flexible SQL queries to quickly interrogate your endpoints and servers and locate devices that need actioning. You get access to a library of fully customizable queries as standard, or if you prefer to write your own, the sky is the limit.
Example questions include:
- Why is a machine running slowly? Is it pending a reboot?
- Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?
- Are there programs running on the machine that should be removed?
- Is remote sharing enabled? Are unencrypted SSH keys on the device? Are guest accounts enabled?
- Does the device have a copy of a file I am looking for?
-
Pre-built, fully customizable SQL queries
-
Up to 90 days fast access, on-disk data storage
-
Windows, Mac and Linux compatible
Remotely Respond With Precision
With Intercept X, it is easy to take action even if the device requiring attention is not physically present. From the same cloud management console, you can remotely access devices in order to perform further investigation, install and uninstall software, or remediate any additional issues.
Remote Response uses a command line tool so admins can:
- Reboot devices
- Terminate active processes
- Run scripts or programs
- Edit configuration files
- Install/uninstall software
- Run forensic tools
Quickly Discover and Respond to Potential Issues
Using Sophos XDR to help you quickly perform key IT security operations tasks couldn’t be more straightforward. Here's an example:
1. Identify the task
For example, search for devices that have unwanted programs installed.
2. Ask the question
Leverage a pre-written SQL query to specify which programs you are looking for.
3. Get the results
The query checks your endpoints and servers for unwanted programs and flags a laptop.
4. Take action
Remotely access their device and uninstall the program.
5. Close the gap
From the same management console, you update your web control policies to restrict downloading the unwanted program.
Guided Threat Hunting
The ability to ask detailed questions is also powerful when hunting down suspicious items and evasive threats across your environment. You can track down indicators of compromise with detailed queries to ask questions such as:
- Are processes trying to make a network connection on non-standard ports?
- Have any processes had files or registry keys modified recently?
- Which processes are disguised as services.exe?
In addition, you get access to curated threat intelligence and AI powered detection and prioritization from the experts at SophosLabs, so you know exactly where to start your investigation and what action needs to be taken.
Extended Detection and Response (XDR)
Sophos XDR goes beyond the endpoint pulling in rich network, email, cloud*, and mobile* data sources to give you an even broader picture of your cybersecurity posture. You can quickly shift from a holistic view down into granular detail. For example:
- Cross reference indicators of comprise from multiple data sources to quickly identify, pinpoint and neutralize a threat
- Use ATP and IPS events from the firewall to investigate suspect hosts and identify unprotected devices across your estate
- Understand office network issues and which application is causing them
- Identify unmanaged, guest and IoT devices across your organization’s environment
*Coming soon
Multi-platform, Multi-OS Support
Sophos XDR helps keep your IT operations hygiene top of class across your entire estate. Inspect your endpoints and servers, both on-premises and in the cloud, across Windows, MacOS and Linux operating systems.
As part of Intercept X and Intercept X for Server, you also get access to advanced protection against the latest, never-seen-before threats, ransomware, and file-less, memory-based attacks.
Intercept X Advanced | Intercept X Advanced with XDR | |
---|---|---|
IT security operations hygiene (EDR/XDR) |
|
|
Guided threat hunting (EDR/XDR) |
|
|
Foundational techniques (inc. app control, behavioral detection and more) |
|
|
Next-gen techniques (inc. deep learning, anti-ransomware, fileless attack protection and more) |
|
|
Server specific functionality (inc. whitelisting, file integrity monitoring and more) |
|
Try Intercept XTry Intercept X for Server
*Mac support coming soon