Server Protection Tech Specs

Intercept X for Server is the industry’s most comprehensive protection against the latest threats. Intercept X Advanced for Server combines next-gen protection capabilities with traditional techniques to give servers the best of both worlds. Intercept X Advanced for Server with EDR integrates intelligent endpoint detection and response (EDR). It is managed by the unified console, Sophos Central.

For additional information please read the Sophos Intercept X for Server datasheet.

Get the full system requirements for all Sophos products at the Sophos Community.

The features listed below are all included in Sophos Intercept X Advanced for Server with EDR.

Features
EXPLOIT PREVENTION
Enforce Data Execution Prevention
Mandatory Address Space Layout Randomization 
Bottom-up ASLR 
Null Page (Null Deference Protection) 
Heap Spray Allocation 
Dynamic Heap Spray 
Stack Pivot 
Stack Exec (MemProt) 
Stack-based ROP Mitigations (Caller) 
Stack-based ROP Mitigations (Hardware Assisted)
Structured Exception Handler Overwrite (SEHOP)
Import Address Table Filtering (IAF) 
Load Library 
Reflective DLL Injection 
Shellcode 
VBScript God Mode 
Wow64 
Syscall 
Hollow Process 
DLL Hijacking 
Squiblydoo Applocker Bypass 
APC Protection (Double Pulsar / AtomBombing)
Process Privilege Escalation
Dynamic Shellcode Protection
EFS Guard
CTF Guard
ApiSetGuard
ACTIVE ADVERSARY MITIGATIONS
Credential Theft Protection 
Code Cave Mitigation
Man-in-the-Browser Protection (Safe Browsing) 
Malicious Traffic Detection
Meterpreter Shell Detection
ANTI-RANSOMWARE
Ransomware File Protection (CryptoGuard) 
Automatic file recovery (CryptoGuard)
Disk and Boot Record Protection (WipeGuard)
APPLICATION LOCKDOWN
Web Browsers (including HTA) 
Web Browser Plugins
Java 
Media Applications 
Office Applications
DEEP LEARNING PROTECTION
Deep Learning Malware Detection
Deep Learning Potentially Unwanted
Applications (PUA) Blocking
False Positive Suppression
RESPOND INVESTIGATE REMOVE
Threat Cases (Root Cause Analysis)
Sophos Clean
Synchronized Security Heartbeat
ENDPOINT DETECTION AND RESPONSE (EDR)
Live Discover SQL queries
Live Response command line interface
Cross Estate Threat Searching
Guided Investigations
EDR Deep Learning Malware Analysis
On-demand SophosLabs Threat Intelligence
Forensic Data Export
Endpoint Isolation
DEPLOYMENT
Windows Server 2008 R2 and later
Linux*

*See licensing guide for supported Linux features.

CENTRAL SERVER PROTECTION INTERCEPT X ADVANCED
FOR SERVER
INTERCEPT X ADVANCED
FOR SERVER WITH EDR
ATTACK SURFACE REDUCTION
Web Security
Download Reputation
Web Control / Category-based URL Blocking
Peripheral Control
(e.g. USB)
Application Control
Application Whitelisting (Server Lockdown)  
BEFORE IT RUNS ON DEVICE
Deep Learning Malware Detection
Anti-Malware File Scanning
Live Protection
Pre-execution Behavior Analysis (HIPS)
Potentially Unwanted Application (PUA) Blocking
Intrusion Prevention System (IPS, coming 2020)
STOP RUNNING THREAT
Data Loss Prevention
Runtime Behavior Analysis (HIPS)
Antimalware Scan Interface (AMSI)
Malicious Traffic Detection (MTD)
Exploit Prevention
Active Adversary Mitigations
Ransomware File Protection (CryptoGuard)
Disk and Boot Record Protection (WipeGuard)
Man-in-the-Browser Protection (Safe Browsing)
Enhanced Application Lockdown
DETECT
Live Discover (Cross Estate SQL Querying for Threat Hunting & IT Security Operations Hygiene)
SQL Query Library (pre-written, fully customizable queries)
Suspicious Events Detection and Prioritization
Fast Access, On-disk Data Storage (up to 90 days)
INVESTIGATE
Threat Cases (Root Cause Analysis)
Deep Learning Malware Analysis
Advanced On-demand SophosLabs Threat Intelligence
Forensic Data Export
REMEDIATE
Automated Malware Removal
Synchronized Security Heartbeat
Sophos Clean
Remote Terminal Access (remotely investigate and take action)
On-demand Server Isolation
Single-click “Clean and Block”
VISIBILITY
Cloud Workload Protection (Amazon Web Services, Microsoft Azure, Google Cloud Platform)
AWS Map, Multi-region Visualization
Synchronized Application Control (visibility of applications)
Cloud Security Posture Management (monitor and secure cloud hosts, serverless functions, shared storage and more)
CONTROL
Server-specific Policy Management
Update Cache and Message Relay
Automatic Scanning Exclusions
File Integrity Monitoring

*Not all features are supported on all operating systems