Intercept X Advanced with XDR
Hunt and Neutralize Security Threats
In today’s threat landscape, malicious actors are more cunning than ever, deploying stealthy techniques to conduct damaging cyberattacks. Organizations need tools that allow them to ask detailed questions to identify advanced threats and active adversaries, and quickly take appropriate action to stop them.
With Sophos XDR you can do exactly that. Using powerful querying and remote response capabilities you can:
- Quickly find indicators of compromise (IoCs) across your estate
- Remotely access, investigate, and remediate devices
- Perform guided threat hunting and response
Get Detailed Insight Across Your Estate
With Sophos XDR you can quickly ask detailed questions across all of your endpoint devices and servers. Out-of-the-box, customizable SQL queries allow you to get the granular insight vital for identifying stealthy threats.
Example use cases include:
- What processes are trying to make a network connection on non-standard ports?
- List detected IoCs mapped to the MITRE ATT&CK framework
- Show processes that have recently modified files or registry keys
- Search details about PowerShell executions
- Identify processes disguised as services.exe
Pre-built, fully customizable SQL queries
Up to 90 days fast access, on-disk data storage
Windows, Mac*, and Linux compatible
With Intercept X, it is easy to take action even if the device requiring attention is not physically present. From the same cloud management console, you can remotely access devices to perform further investigation, install and uninstall software, or remediate any additional issues.
Using a command line remote
- Run forensic tools
- Terminate active processes
- Run scripts or programs
- Reboot devices
- Edit configuration files
- Install/uninstall software
1. Identify the task
For example, search for a process trying to connect on a non-standard port.
2. Asking the Question
Leverage a pre-written SQL query that scans for non-standard port access attempts.
3. Getting the results
The query checks your endpoints and servers for connections, a server is highlighted.
4. Taking Action
Remote access the server to run forensics and terminate the suspicious process.
5. Close the gap
From the same management console you remove all traces of the process and block it across your entire estate.
IT Security Operations Hygiene
The same powerful functionality that lets you perform advanced threat hunting is also extremely effective for supporting IT security operations. Quickly check your endpoints and servers to make sure everything is running at peak performance and verify any security vulnerabilities have been closed.
Ask questions including:
- Why is a machine running slowly? Is it pending a reboot?
- Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?
- Are there programs running on the machine that should be removed?
With these answers, you can easily remote into affected devices to close vulnerabilities, uninstall unwanted browser extensions, reboot the device, and more.
Extended Detection and Response (XDR)
Sophos XDR goes beyond the endpoint pulling in rich network, email, cloud*, and mobile* data sources to give you an even broader picture of your cybersecurity posture. You can quickly shift from a holistic view down into granular detail. For example:
- Cross reference indicators of comprise from multiple data sources to quickly identify, pinpoint and neutralize a threat
- Use ATP and IPS events from the firewall to investigate suspect hosts and identify unprotected devices across your estate
- Understand office network issues and which application is causing them
- Identify unmanaged, guest and IoT devices across your organization’s environment
Multi-platform, Multi-OS Support
Sophos XDR brings advanced SQL querying capabilities that give you the insight you need to identify and stop stealthy attacks. Scan your endpoints and servers, both on-premises and in the cloud, across Windows, MacOS and Linux operating systems.
As part of Intercept X and Intercept X for Server, you also get access to advanced protection against the latest, never-seen-before threats, ransomware, and file-less, memory-based attack
|Intercept X Advanced with XDR||Intercept X Advanced for Server with XDR|
|IT security operations hygiene
|Guided threat hunting
(inc. app control, behavioral detection and more)
(inc. deep learning, anti-ransomware, fileless attack protection and more)
|Server specific functionality
(inc. whitelisting, file integrity monitoring and more)