We are pleased to announce that powerful new Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) features for Intercept X are now available in early access.
The early-access program (EAP) gives you the power to pull in network data sources in addition to those from endpoints and servers, enabling an even more holistic view of your organization’s cybersecurity environment. It also brings the ability to get critical information from your devices even when they are offline.
Sophos Data Lake
The Sophos Data Lake is a key component of both EDR and XDR functionality. It stores critical information from Intercept X, Intercept X for Server, and XG Firewall in the cloud, both enabling cross-product investigations and the ability to get key information from devices even when they are offline.
For example: look back 30 days for unusual activity on a device that has been destroyed or taken without authorization. Join the EAP to start using it.
Sophos XDR – Extended Detection and Response
Sophos XDR goes beyond the endpoint and server by integrating important network data, building up an in-depth picture of potential threats across your organization’s estate. If you’re already using Intercept X and XG Firewall you just need to join the EAP and you’ll get access to rich cross-product data in one convenient location.
Don’t worry if you don’t have both: you can start a free trial and then join the EAP as normal.
Note: Intercept X and XG Firewall are required to enable the network cross-product functionality. Trying out the cloud storage and offline device capabilities of the Sophos Data Lake just requires joining the EAP; XG Firewall is not required.
Here are just a few Sophos XDR use cases:
- Compare indicators of compromise from multiple data sources to quickly understand a suspected attack
- Use ATP and IPS detections from XG Firewall to investigate suspect hosts
- Identify unmanaged and unprotected devices across an organization’s estate
- Understand why the office network connection is slow and which app is causing the traffic
How to join the early access program
The EAP is open to everyone that has Intercept X and Intercept X for Server; you don’t need to have EDR. Please note: MSP Flex customers are not eligible to join.
For full instructions on joining and getting started, please head over to the Sophos community forums. We’d love to hear what you think!
Source: Sophos