Intercept X Advanced with XDR

Upgrade Your IT Security Operations

IT security operations (SecOps) takes up a significant part of most IT administrators’ time. Keeping employees’ devices efficient, patched, and up-to-date can be particularly time-consuming. Easily identifying which devices need attention, and what action needs to be taken to fix them, adds an additional challenge.

With Sophos XDR you can do exactly that. Using powerful querying and remote access capabilities you can:

  • Quickly find devices that need actioning
  • Remotely access and remediate devices
  • Perform core IT security operations tasks more efficiently

 

Try It on Your EndpointsTry It on Your Servers

Maintain IT Hygiene

Sophos XDR gives you the tools to ask key questions that are vital parts of IT security operations hygiene. Use flexible SQL queries to quickly interrogate your endpoints and servers and locate devices that need actioning. You get access to a library of fully customizable queries as standard, or if you prefer to write your own, the sky is the limit.

Example questions include:

  • Why is a machine running slowly? Is it pending a reboot?
  • Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?
  • Are there programs running on the machine that should be removed?
  • Is remote sharing enabled? Are unencrypted SSH keys on the device? Are guest accounts enabled?
  • Does the device have a copy of a file I am looking for?
  • Pre-built, fully customizable SQL queries

  • Up to 90 days fast access, on-disk data storage

  • Windows, Mac and Linux compatible

Remotely Respond With Precision

With Intercept X, it is easy to take action even if the device requiring attention is not physically present. From the same cloud management console, you can remotely access devices in order to perform further investigation, install and uninstall software, or remediate any additional issues.

Remote Response uses a command line tool so admins can:

  • Reboot devices
  • Terminate active processes
  • Run scripts or programs
  • Edit configuration files
  • Install/uninstall software
  • Run forensic tools

Quickly Discover and Respond to Potential Issues

Using Sophos XDR to help you quickly perform key IT security operations tasks couldn’t be more straightforward. Here's an example:

identifying-task

 

1. Identify the task

For example, search for devices that have unwanted programs installed.

asking-question

 

2. Ask the question

Leverage a pre-written SQL query to specify which programs you are looking for.

results-icon

 

3. Get the results

The query checks your endpoints and servers for unwanted programs and flags a laptop.

taking-action

 

4. Take action

Remotely access their device and uninstall the program.

close-the-gap

 

5. Close the gap

From the same management console, you update your web control policies to restrict downloading the unwanted program.

Guided Threat Hunting

The ability to ask detailed questions is also powerful when hunting down suspicious items and evasive threats across your environment. You can track down indicators of compromise with detailed queries to ask questions such as:

  • Are processes trying to make a network connection on non-standard ports?
  • Have any processes had files or registry keys modified recently?
  • Which processes are disguised as services.exe?

In addition, you get access to curated threat intelligence and AI powered detection and prioritization from the experts at SophosLabs, so you know exactly where to start your investigation and what action needs to be taken.

Learn More About Threat Hunting

Extended Detection and Response (XDR)

Sophos XDR goes beyond the endpoint pulling in rich network, email, cloud*, and mobile* data sources to give you an even broader picture of your cybersecurity posture. You can quickly shift from a holistic view down into granular detail. For example: 

  • Cross reference indicators of comprise from multiple data sources to quickly identify, pinpoint and neutralize a threat
  • Use ATP and IPS events from the firewall to investigate suspect hosts and identify unprotected devices across your estate
  • Understand office network issues and which application is causing them
  • Identify unmanaged, guest and IoT devices across your organization’s environment

Learn more about XDR

*Coming soon

Multi-platform, Multi-OS Support

Sophos XDR helps keep your IT operations hygiene top of class across your entire estate. Inspect your endpoints and servers, both on-premises and in the cloud, across Windows, MacOS and Linux operating systems.

As part of Intercept X and Intercept X for Server, you also get access to advanced protection against the latest, never-seen-before threats, ransomware, and file-less, memory-based attacks.

  Intercept X Advanced Intercept X Advanced with XDR
IT security operations hygiene
(EDR/XDR)
check-blue
check-blue
Guided threat hunting
(EDR/XDR)
check-blue
check-blue
Foundational techniques
(inc. app control, behavioral detection and more)
check-blue
check-blue
Next-gen techniques
(inc. deep learning, anti-ransomware, fileless attack protection and more)
check-blue
check-blue
Server specific functionality
(inc. whitelisting, file integrity monitoring and more)
 
check-blue