Get Detailed Insight Across Your Estate

With Sophos EDR you can quickly ask detailed questions across all of your endpoint devices and servers. Out-of-the-box, customizable SQL queries allow you to get the granular insight vital for identifying stealthy threats.

Example use cases include:

  • What processes are trying to make a network connection on non-standard ports?
  • List detected IoCs mapped to the MITRE ATT&CK framework
  • Show processes that have recently modified files or registry keys
  • Search details about PowerShell executions
  • Identify processes disguised as services.exe
  • Pre-built, fully customizable SQL queries
  • Up to 90 days fast access, on-disk data storage
  • Windows, Mac and Linux compatible

Remotely Respond With Precision

With Intercept X, it is easy to take action even if the device requiring attention is not physically present. From the same cloud management console, you can remotely access devices to perform further investigation, install and uninstall software, or remediate any additional issues.

Using a command line remote terminal you can:

  • Run forensic tools
  • Terminate active processes
  • Run scripts or programs
  • Reboot devices
  • Edit configuration files
  • Install/uninstall software

Detect and Remediate Stealthy Threats

Using Sophos EDR to quickly scan your estate for IoCs is straightforward and fast. Here’s an example :

1Identify the task

For example, search for a process trying to connect on a non-standard port.

2Ask the question

Leverage a pre-written SQL query that scans for non-standard port access attempts.

3Get the results

The query checks your endpoints and servers for connections. A server is highlighted.

4Take action

Remotely access the server to run forensics and terminate the suspicious process.

5Close the gap

From the same management console, you remove all traces of the process and block it across your entire estate.

IT Security Operations Hygiene

The same powerful functionality that lets you perform advanced threat hunting is also extremely effective for supporting IT security operations. Quickly check your endpoints and servers to make sure everything is running at peak performance and verify any security vulnerabilities have been closed.

Ask questions including:

  • Why is a machine running slowly? Is it pending a reboot?
  • Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?
  • Are there programs running on the machine that should be removed?

With these answers, you can easily remote into affected devices to close vulnerabilities, uninstall unwanted browser extensions, reboot the device, and more.

Multi-platform, Multi-OS Support

Sophos EDR brings advanced SQL querying capabilities that give you the insight you need to identify and stop stealthy attacks. Scan your endpoints and servers, both on-premises and in the cloud, across Windows, MacOS and Linux operating systems.

As part of Intercept X and Intercept X for Server, you also get access to advanced protection against the latest, never-seen-before threats, ransomware, and file-less, memory-based attacks.

  Intercept X Advanced with EDR Intercept X Advanced for Server with EDR
IT security operations hygiene
tick tick
Guided threat hunting
tick tick
Foundational techniques
(inc. app control, behavioral detection, and more)
tick tick
Next-gen techniques
(inc. deep learning, anti-ransomware, file-less attack protection and more)
tick tick
Server specific functionality
(inc. whitelisting, file integrity monitoring, and more)