Sophos Intercept X Advanced with Endpoint Detection and Response Now Available

Sophos Press Release

New Endpoint Solution Provides Advanced Protection, EDR Threat Investigation Capabilities and Direct Access to SophosLabs Intelligence

OXFORD, U.K. – Nov. 20, 2018 – Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced that Intercept X Advanced with Endpoint Detection and Response (EDR) is now fully available following an Early Access Program that allowed customers to trial the new technology. With attackers “living off the land” to gain access and moving laterally through a system as described in SophosLabs’ 2019 Threat Report, prevention, detection and response in a single endpoint solution is essential for every IT admin’s security strategy.

“Cybercriminals are now chaining together sequences of different hacking techniques that tip like digital dominos once executed and are really hard to trace,” said John Shaw, vice president of product management for Sophos Endpoint security. “This type of chained attack has become commonplace, as we have described in our new threat report, and can allow attackers to stay active on a computer even when one of their payloads has been blocked. As a result, IT teams can get lulled into a false sense of security. Even if they realize something is amiss and investigate, these complex attacks make it very hard to work out if data has been compromised and a breach has occurred. Sophos’ EDR can help IT admins quickly identify chained attacks that have evaded their defenses, stop the hackers in their tracks, and determine whether a breach has occurred.”

With Intercept X Advanced with EDR, IT admins have threat investigation and SophosLabs intelligence to help them eradicate stealth cyber attackers. Both Intercept X Advanced and Sophos’ EDR are powered with deep learning technology for expansive malware discovery. Sophos’ deep learning neural network is trained on hundreds of millions of samples to look for suspicious attributes of malicious code to detect never-before-seen threats. It provides broad, expert analysis of potential attacks by comparing the DNA of suspicious files against the malware samples already categorized in SophosLabs.

With a single click, IT managers have on-demand access to curated intelligence from SophosLabs, guided investigations into suspicious events, and recommended next steps. To maintain full visibility into the threat landscape, SophosLabs tracks, deconstructs and analyzes 400,000 unique and previously unseen malware attacks each day in a constant search for attack novelty and cybercriminal innovation.

Until now, effective investigation and incident response has only been achievable in organizations with a dedicated Security Operations Center (SOC) or specialized IT security team trained to hunt and analyze cyberattacks. With Sophos Intercept X Advanced with EDR, every organization can add threat tracking and SOC-like capabilities to their security defenses, reducing the amount of time an attacker can hide in a system and move laterally. As explained in SophosLabs’ 2019 Threat Report, targeted ransomware attacks that are manually-controlled by cybercriminals are reaping millions of dollars and expected to inspire copycats in 2019. With Intercept X Advanced with EDR, IT managers can see if attackers are moving laterally, and leverage the anti-ransomware and anti-exploit capabilities in Intercept X, the industry’s most sophisticated endpoint prevention solution, before they move across to multiple endpoints.

“Sophos EDR in Intercept X Advanced makes our IT team more efficient. If we’ve identified a zero-day threat, for example, we’re able to check and monitor multiple users and endpoints across our entire estate from within Sophos Central and take necessary action,” said Florin Petrutiu, IT director at Florida-based CNS Healthcare and Sophos customer who used Sophos’ Early Access Program to trial Intercept X Advanced with EDR. “Another key feature we like is the ability to isolate a potentially infected computer while we conduct an investigation on it. The graphical visualization Sophos EDR provides makes it easy to understand at lightning speed what is happening, so we can quickly remediate. When you are under attack, time is of the essence to reduce how long an adversary is hiding and to stop the attack from spreading to other endpoints, servers and the network. We also review all of the malware we find against SophosLabs’ database, even if we know that malware, because threat intelligence changes and we need to be up to date. This cross-check is standard procedure for our department. The case record option in Sophos’ EDR is also useful. We use the case record tab next to the threat visualization to take chronological notes of what’s in progress and to keep the entire team up to date. The ability to document how IT resolves certain threats is important for investigations, regulatory compliance and audits.”

Sophos Intercept X Advanced with EDR is available from registered Sophos partners worldwide. Additional information and a free 30-day trial can be found on

Informazioni su Sophos

Sophos è leader mondiale nella cybersecurity next-gen e protegge più di 400.000 organizzazioni di tutte le dimensioni in oltre 150 paesi, difendendone i sistemi contro le minacce informatiche più avanzate. Le soluzioni Sophos sono realizzate per il cloud e ottimizzate con intelligenza artificiale. Si basano sulle tecnologie dei SophosLabs (il nostro team internazionale di esperti di data science e di intelligence sulle minacce) e proteggono endpoint (laptop, server e dispositivi mobili) e reti contro tecniche di attacco in continua evoluzione, che includono: ransomware, malware, exploit, esfiltrazione dei dati, tentativi di violazione per mezzo di active adversary, phishing e molto altro ancora. Sophos Central, una piattaforma di gestione nativa del cloud, integra l’intera gamma di prodotti Sophos di prossima generazione, inclusa la soluzione endpoint Intercept X e il firewall next-gen XG, in un unico sistema di “Synchronized Security”, accessibile per mezzo di un set di API. Da tempo Sophos si dedica a implementare una transizione verso la cybersecurity next-gen, sfruttando opzioni cloud avanzate, machine learning, API, automazione, risposta gestita alle minacce e molte altre funzionalità, al fine garantire una protezione di classe enterprise per le aziende di tutte le dimensioni. Sophos vende i propri prodotti e servizi utilizzando esclusivamente un canale globale di oltre 53.000 Partner e Managed Service Provider (MSP). Inoltre, Sophos mette le proprie tecnologie a disposizione dei consumatori tramite Sophos Home. L’azienda ha sede centrale a Oxford, nel Regno Unito. Ulteriori informazioni sono disponibile alla pagina