We are pleased to announce some exciting product updates, including the launch of Sophos XDR (Extended Detection and Response) and significant enhancements to Sophos EDR (Endpoint Detection and Response).
Introducing Sophos XDR
Sophos XDR goes beyond endpoints and servers, pulling in rich Sophos Firewall, Sophos Email, and other data sources.
This means you get even more detailed insight when performing threat hunting or IT operations tasks: both a broad, big picture view of your organization’s cybersecurity environment along with the ability to deep dive into areas of interest for granular detail. It’s the best of both worlds.
Here are just a few Sophos XDR use cases:
IT Operations | Threat Hunting |
Identify unmanaged, guest, and IoT devices | Extend investigations to 30 days without bringing a device back online |
Why is the office network connection slow? Which application is causing it? | Use ATP and IPS detections from the firewall to investigate suspect hosts |
Look back 30 days for unusual activity on a missing or destroyed device | Compare email header information, SHAs, and other IoCs to identify malicious traffic to a domain |
New to Extended Detection and Response (XDR)? We’ve put together a beginner’s guide to get you up to speed. Download your copy.
Offline Access with the Sophos Data Lake
A key component of both XDR and EDR, the Sophos Data Lake stores critical data from XDR- and EDR-enabled devices, including access to that data even when devices are offline.
For example, you can look back for unusual activity on a device that has been destroyed or taken without authorization. It’s an important part of cybersecurity visibility, giving your organization the ability to see the entire environment and quickly drill down to granular areas of interest.
Data retention periods are 7 days for EDR and 30 days for XDR. That’s in addition to the up-to-90 days of on-disk data stored on devices.
Sophos EDR keeps getting better
This release brings some of the most-requested features to Sophos EDR, making it even easier to ask and answer business-critical IT operations and threat hunting questions.
- Scheduled queries Have critical information waiting for you. You can schedule queries to run overnight so key data is ready for assessment. You’ll have the information you need to quickly perform threat hunting and IT operations tasks.
- Enhanced usability Work even faster with enhancements to workflows and pivoting. You’ll get to key information faster and be able to take actions and respond even more quickly.
To learn more about Sophos XDR and EDR please head over to Sophos.com/XDR and Sophos.com/EDR today.
Source: Sophos