Intercept X Advanced Extended Detection & Response (XDR)
Endpoint Protection - Intercept X Advanced XDR
- Extended detection and response (XDR) provides complete visibility across your hosts, containers, endpoints, networks, and cloud services (cloud native security).
- Secure your Windows and Linux deployments whether they are in the multi-cloud, on-premises, virtual or a mix of them all.
- Sophos powerful XDR functionality enables you to hunt for, investigate, and respond to suspicious activity across Sophos and third-party security controls.
- Sophos Intercept X Advanced for Server with XDR is the industry’s only XDR solution that synchronizes native endpoint, server, firewall, email, cloud and O365 security.
- Exploit prevention stops the techniques used in file-less, malware-less, and exploit-based attacks.
- Get a holistic view of your organization’s environment enriched with Sophos X-Ops threat intelligence for threat detection, investigation, and response designed for dedicated SOC teams and IT admins with investigation workflows.
- By integrating deep learning, Intercept X is ready to face unknown challenges with fast, powerful, predictive defenses and detecting stealthy malware.
- Threat hunt across the Sophos Data Lake or pivot to a device for real-time data and up to 90 days of historical data and extendable to 1 year.
Linux Detection
- Sophos protection for Linux identify sophisticated attacks as they happen without requiring a kernel module, orchestration, baselining, or system scans.
Container Security
- Sophos XDR provides complete visibility into your server host and container workloads, identifying exploits and anomalous behaviors before they get a foothold.
- Sophos XDR identifies attacks as they happen within Linux operating systems, by leveraging analytics around attacker behavior, from initial access, privilege escalation, defense evasion, data collection, exfiltration and more.
- Deploy a lightweight Sophos sensor wherever you have Linux - in public or private cloud environments, in containers or VMs, and on your on-premises hosts.
Integrate with CI/CD Pipelines
- Seamlessly integrate security configuration and compliance checks at any stage of the CI/CD pipeline, scan container images for operating system vulnerabilities, and automatically detect misconfigurations, embedded secrets, passwords, and key in Infrastructure as Code (IaC) templates.
Threat Surface Reduction
- Web Control
- Web Protection
- Download Reputation
- Application Control
- Data Loss Prevention
- Peripheral Control
- Full Disk Encryption - Add-on
Threat Prevention
- Ransomware file protection
- Remote Ransomware protection
- Ransomware Master Boot Record protection
- Antimalware file scanning
- Anti Exploitation
- Application Lockdown (whitelisting) ensures that only the applications you want on your servers can be run
- Potentially Unwanted Application (PUA) blocking
- Behavioral Analysis
- Malicious Traffic Detection
- Deep Learning AI powered malware prevention
- Context sensitive Defense - Adaptive Attack Protection
- Context sensitive Defense - Estate-wide Critical Attack Warnings
- File Integrity monitoring (servers)
Investigation
- Root Cause Analysis (RCA) threat graph
- Automatic & Manual Case creation
- Live Discover query tool
- Scheduled queries
- Simple (SQL less) search
- Forensic data export
- On demand Sophos X-Ops Threat Intelligence
Response
- Automatic malware clean-up
- Automatic ransomware file encryption rollback
- Automatic process termination
- Automatic device isolation when infected by malware
- Automatic removal of device isolation after malware is cleaned-up
- On demand device isolation
- Live Response remote terminal access
Easy to Set Up and Manage
- Cloud-based management platform.
- Strongest protection settings with no tuning required.
- Granular control is also available.
- Account Health Check identifies security posture drift and high-risk misconfigurations, enabling administrators to remediate issues with one click.