Synchronized Security

Sophos is one of the leading security vendors that offers total protection and control over known and unknown attacks, malware, spyware, unwanted programs and spam, providing a line of different products and solutions. Sophos started to produce antivirus and encryption products nearly 30 years ago. Today, Sophos products help to secure more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyber threats.

Sophos products allow you to secure every endpoint of your network, from laptops to virtual desktops and servers, to web and email traffic and mobile devices, managed in the Cloud by Sophos Central integrated management platform. Sophos ensures your networks security by providing the one thing no one else can: Simplicity.

Sophos Labs

A very important part of Sophos are SophosLabs. SophosLabs are a global network of highly skilled and thoroughly trained analysts, with more than 20 years of experience protecting businesses from known and emerging threats. SophosLabs expertise covers every area of network security — including viruses, spyware, adware, intrusion, spam and malicious URLs.

Endpoint Protection

Sophos Intercept-X

Sophos Intercept X employs a comprehensive, defense in depth approach to endpoint protection, rather than relying on one primary security technique. This layered approach combines modern and traditional techniques to stop the widest range of threats. Deep learning AI in Intercept X excels at detecting and blocking malware even when it hasn’t been seen before also including advanced anti-ransomware capabilities that detect and block the malicious encryption processes used in ransomware attacks.

Sophos Intercept-X for Server

Sophos Intercept X for Server delivers protection that is top-rated by industry experts, combining server-specific features to create a comprehensive, defense-in-depth solution. Using deep-learning technology it can detect malware and block exploit techniques that are commonly used to break into organizations’ servers. Intercept X anti-ransomware protection stops ransomware from encrypting server files rolling them back to a safe state if necessary. Stop real-world hacking techniques used for credential harvesting, lateral movement, and privilege escalation.

Sophos Intercept-X with EDR

Sophos Intercept X with Endpoint Detection and Response (EDR) answers to any question about what has happened in the past, and what is happening now on your endpoints. Sophos EDR gives you the tools you need for advanced threat hunting and IT security operations hygiene. Inspect your endpoints and servers, both on-premises and in the cloud, across Windows, MacOS, and Linux operating systems. As part of Intercept X and Intercept X for Server, you also get access to advanced protection against the latest, never-seen-before threats, ransomware, and file-less, memory-based attacks.

Sophos Extended Detection and Response (XDR)

XDR extends the idea of EDR since instead of focusing only on the endpoints, it incorporates data from other security tools, such as firewalls, email gateways, public cloud tools, and mobile threat management products. XDR unifies information from multiple security products to automate and accelerate threat detection, investigation, and response in ways that isolated point solutions cannot. Sophos XDR can help you to compare indicators of compromise from multiple data sources to quickly understand a suspected attack. You may use ATP and IPS detections from XG Firewall to investigate suspect hosts and identify unmanaged and unprotected devices across an organization.

Sophos Mobile

Sophos Mobile can help you to secure smartphones and keep the sensitive business data that's flowing safe and sound, whether referring to corporate devices or employees' devices (BYOD). Sophos Mobile handles all devices from the initial setup and enrollment, right through to device decommissioning. Sophos Mobile is a secure Unified Endpoint Management (UEM) solution that helps businesses spend less time and effort to manage and secure traditional and mobile endpoints. Sophos Mobile supports management of Windows, macOS, iOS, and Android devices.

Sophos Device Encryption

Increased remote working makes it more important than ever to secure computers and the data on them. With the huge number of laptops lost, stolen, or misplaced every day, a crucial first line of defense against the loss or theft of devices is full disk encryption. Sophos Central Device Encryption leverages Windows BitLocker and macOS FileVault to secure devices and data. Central Device Encryption uses the same core agent as Intercept X, meaning that no additional agent needs to be deployed and can start encrypting computers in minutes. Central Device Encryption makes it easy to verify encryption status and demonstrate compliance for companies.

Managed Threat Response
Intercept-X Endpoint
Intercept-X Server
Intercept-X Mobile
XG Firewall
Cloud Optix
Sophos UEM
Sophos Email
Phish Threat
Sophos Wireless

Sophos Central

Sophos Central is a unified cloud-native management and reporting platform for all Sophos next-gen products that simplifies the administration of multiple products and enables more efficient business management for Sophos partners. This unified platform for security management is an element of Sophos' Synchronized Security strategy to enable multiple security products to work together seamlessly with simpler management and better security. Sophos revolutionary Security Heartbeat ensures your endpoint protection, firewall and other Sophos systems are talking to each other, providing better protection against advanced threats and spend less time responding to incidents.

Network Protection

XG Firewall

Sophos XG Firewall introduces an innovative approach to the way that you manage your firewall, providing unrivaled visibility into risky users, unknown and unwanted apps, advanced threats, suspicious payloads, encrypted traffic and much more. Sophos XG Firewall provides all the latest advanced technology you need to protect your network from ransomware and advanced threats including top-rated IPS, Advanced Threat Protection, Cloud Sandboxing and full AI-powered threat analysis, Dual AV, Web and App Control, Email Protection and a full-featured Web Application Firewall. XG Firewall is using Sophos Security Heartbeat technology which is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. The XG Firewall Xstream architecture is a new streaming packet processing architecture that provides extreme levels of protection and performance.


Sophos SG UTM eliminates the complexity of deploying and managing a variety of point solutions to secure a network. Using Sophos SG UTM centralized control through an easy-to-use web administration interface, all the security options needed can be applied easily for a complete perimeter security management system, in order to manage all the necessary security policies to control risks efficiently & effectively. Sophos UTM drives threat prevention to unmatched levels. The artificial intelligence built into Sophos Sandstorm is a deep learning neural network, an advanced form of machine learning, that detects both known and unknown malware without relying on signatures. Sophos SG UTM is unmatched in its deployment flexibility: choose from hardware, software, virtual or cloud with simple options for high-availability, clustering, branch office connectivity, wireless, and centralized management and reporting.

Sophos Wireless

Sophos Wireless provides an easy, effective way to manage and secure wireless networks. Sophos Wireless combines the power of the Sophos Central platform and our unique Security Heartbeat functionality. It monitors and acts upon the health status of connected endpoint and mobile clients to reduce the risk to trusted Wi-Fi networks. With visibility into potential threats, such as rogue APs, insight into clients with compliance or connectivity issues and advanced diagnostics, identifying and troubleshooting issues with Sophos Wireless is quick and easy. Sophos APX Series access points are custom-built to offer optimal performance and increased throughput at load. These models are enabled with Security Heartbeat, offering integration with Sophos Mobile and Sophos Endpoint to protect your Wi-Fi networks.

Sophos Cloud Applications

Sophos Cloud Optix

Sophos Cloud Optix can help you to identify vulnerabilities, ensure compliance, and respond to threats faster. Cloud Optix provides a complete picture of cloud resources and configurations across multi-cloud environments in AWS, Azure, Google Cloud, Kubernetes, and infrastructure-as-code environments. Cloud Optix can enable security teams to focus on and fix critical security vulnerabilities before they are identified and exploited in cyberattacks. The system can help to determine monitoring costs, detecting insecure configurations and deployments, access anomalies, over-privileged IAM roles, and compliance failures from development to the ongoing security of live services. Last but not least, Cloud Optix can help you to block vulnerabilities in container images and infrastructure-as-code templates pre-deployment with DevOps integrations.

Sophos Email

Sophos Email is a cloud-based secure email gateway solution for Sophos Central. Sophos Email is engineered to keep businesses safe from email threats, simply stopping spam, phishing, malware, and data loss. Sophos Email can help you to secure any email service integrating seamlessly with Microsoft Office 365, Google G Suite, on-premises Exchange 2003+, and many more email providers. Processing millions of emails per day, the latest threat intelligence from SophosLabs global network ensures your Sophos Email gateway won’t miss any of the thousands of new threats discovered every hour. Using the same technology as with Intercept X, the artificial intelligence built into Sophos Email is able to detect suspicious payloads containing threats, malware, and unwanted applications, as well as high-level threats embedded in documents, including ransomware.

Sophos Phish Threat

End users are the largest, most vulnerable target in most organizations being relentlessly bombarded with spear-phishing and socially engineered schemes. Sophos Phish Threat emulates a range of phishing attack types to help you identify areas of weakness in your organization’s security posture, and empower users through engaging training to strengthen your organizations defenses. Sophos Phish Threat educates and tests your end users through automated attack simulations, quality security awareness training, and actionable reporting metrics. Phish Threat provides you with the flexibility and customization that your organization needs to facilitate a positive security awareness culture. Sophos Synchronized Security connects Phish Threat with Sophos Email to identify users who have been warned or blocked from visiting a website due to its risk profile.

Sophos NextGenSecurity Components

Sophos Data Lake

The Sophos Data Lake is a key component of both EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) functionality. It stores critical information from Intercept X, Intercept X for Server and XG Firewall, enabling access to data even when the corresponding device is offline. Using Sophos Data Lake information Admins will have the ability to query device information even when it is offline or destroyed and correlate information between devices and XG Firewall data. Sophos Data Lake queries can help you to track lateral movement between devices and search for indicators of compromise across all devices without generating CPU load on the devices.

Sophos Zero Trust (ZTNA)

Sophos ZTNA is a brand new cloud-delivered, cloud-managed product to easily and transparently secure important networked applications with granular controls. ZTNA is all about verifying the user, typically with multi-factor authentication to prevent stolen credentials from being a source of compromise, then validating the health and compliance of a device knowing if is it properly enrolled, if is it up to date, and if it is protected. Afterwards this information can be used to make decisions based on policies to control access and privilege to important networked applications. Overall, ZTNA offers a welcome and much better solution to connecting remote workers or the branch office of one.

Managed Threat Response

Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. With Sophos MTR, you own the decisions and control how and when potential incidents are escalated, what response actions you want us to take, and who should be included in communications. Sophos MTR features two service tiers (Standard and Advanced) to provide a comprehensive set of capabilities for organizations of all sizes and maturity levels. Regardless of the service tier selected, organizations can take advantage of any of the three response modes (notify, collaborate, or authorize) to fit their unique needs:


Sophos notify you about the detection and provide detail to help you in prioritization and response.


Sophos works with your internal team or external points of contact to respond to the detection.


Sophos handles containment and neutralization actions and will inform you of the actions taken.

Sophos Managed Threat Response (MTR) delivers XDR as a managed service. MTR offers machine-accelerated human response that leverages EDR and other Sophos Central products, like XG Firewall and Cloud Optix. MTR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. With Sophos MTR, your organization is backed by an elite team of threat hunters and response experts who can proactively hunt for and validate potential threats and incidents using all available information to determine the scope and severity of threats and provide actionable advice for addressing the root cause of recurring incidents or even take targeted actions on your behalf based on a contract to neutralize even the most sophisticated threats.