Maintain IT Hygiene

Sophos EDR gives you the tools to ask key questions that are vital parts of IT security operations hygiene. Use flexible SQL queries to quickly interrogate your endpoints and servers and locate devices that need actioning. You get access to a library of fully customizable queries as standard, or if you prefer to write your own, the sky is the limit.

Example questions include:

  • Why is a machine running slowly? Is it pending a reboot?
  • Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?
  • Are there programs running on the machine that should be removed?
  • Is remote sharing enabled? Are unencrypted SSH keys on the device? Are guest accounts enabled?
  • Does the device have a copy of a file I am looking for?
  • Pre-built, fully customizable SQL queries
  • Up to 90 days fast access, on-disk data storage
  • Windows, Mac*, and Linux compatible

Remotely Respond With Precision

With Intercept X, it is easy to take action even if the device requiring attention is not physically present. From the same cloud management console, you can remotely access devices in order to perform further investigation, install and uninstall software, or remediate any additional issues.

Remote Response uses a command line tool so admins can:

  • Reboot devices
  • Terminate active processes
  • Run scripts or programs
  • Edit configuration files
  • Install/uninstall software
  • Run forensic tools

Quickly Discover and Respond to Potential Issues

Using Sophos EDR to help you quickly perform key IT security operations tasks couldn’t be more straightforward. Here's an example:

1Identify the task

For example, search for devices that have unwanted programs installed.

2Ask the question

Leverage a pre-written SQL query to specify which programs you are looking for.

3Get the results

The query checks your endpoints and servers for unwanted programs and flags a laptop.

4Take action

Remotely access their device and uninstall the program.

5Close the gap

From the same management console, you update your web control policies to restrict downloading the unwanted program.

Guided Threat Hunting

The ability to ask detailed questions is also powerful when hunting down suspicious items and evasive threats across your environment. You can track down indicators of compromise with detailed queries to ask questions such as:

  • Are processes trying to make a network connection on non-standard ports?
  • Have any processes had files or registry keys modified recently?
  • Which processes are disguised as services.exe?

In addition, you get access to curated threat intelligence and AI powered detection and prioritization from the experts at SophosLabs, so you know exactly where to start your investigation and what action needs to be taken.

Multi-platform, Multi-OS Support

Sophos EDR helps keep your IT operations hygiene top of class across your entire estate. Inspect your endpoints and servers, both on-premises and in the cloud, across Windows, MacOS*, and Linux operating systems.

As part of Intercept X and Intercept X for Server, you also get access to advanced protection against the latest, never-seen-before threats, ransomware, and file-less, memory-based attacks.

  Intercept X Advanced with EDR Intercept X Advanced for Server with EDR
IT security operations hygiene
tick tick
Guided threat hunting
tick tick
Foundational techniques
(inc. app control, behavioral detection, and more)
tick tick
Next-gen techniques
(inc. deep learning, anti-ransomware, file-less attack protection and more)
tick tick
Server specific functionality
(inc. whitelisting, file integrity monitoring, and more)

*Mac support coming soon