Sophos has announced Sophos XDR, an extended detection and response (XDR) solution that synchronises native endpoint, server, firewall, and email security. With this comprehensive and integrated approach, Sophos XDR provides a holistic view of an organisation’s environment with the richest data set and deep analysis for threat detection, investigation and response.
“We’re seeing an extraordinarily high level of complex ransomware and other cybercrime, and the need for effective, comprehensive cybersecurity has never been more critical or urgent,” said Dan Schiappa, Chief Product Officer at Sophos. “Sophos XDR is a game-changing new solution for proactively defending against the most sophisticated and evasive attacks, especially those that leverage multiple access points to gain entry, move laterally to evade detection, and do as much damage as possible as fast as possible.”
The company has also published new research, “Intervention halts a ProxyLogon-enabled attack,” detailing an attack against a large organisation that began when the adversaries compromised an Exchange server using the recent ProxyLogon exploit. The research shows how the attackers moved laterally through the network and, over a two-week period, stole account credentials; compromised domain controllers; secured a foothold on multiple machines; deployed a commercial remote access tool to retain access to hacked machines; and delivered a number of malicious programs.
Sophos XDR extends visibility across Sophos’ next-generation portfolio of solutions for an in-depth picture of threats. At the heart of Sophos XDR is the industry’s richest data set. The solution offers two types of data retention, including up to 90 days of on-device data, plus 30 days of cross-product data in the cloud-based data lake. The unique approach of blending on-device and data lake forensics provides the broadest and most in-depth contextualized insights that can be leveraged by security analysts through Sophos Central and via open application programming interfaces (APIs) for ingestion into security information and event management (SIEM); security orchestration, automation and response (SOAR); professional service automation (PSA); and remote monitoring and management (RMM) systems.
The data lake hosts critical information from Intercept X, Intercept X for Server, Sophos Firewall, and Sophos Email.Sophos Cloud Optix and Sophos Mobile will also feed into the data repository later this year. Security and IT teams can easily access this data to run cross-product threat hunts and investigations, and to quickly drill into granular details of past and present attacker activity. The availability of offline access to historical data further protects against lost or impacted devices.
Sophos additionally released a new version of its industry-best endpoint detection and response – Sophos EDR. New scheduled queries and customisable contextual pivoting capabilities make it faster and easier than ever for security analysts and IT administrators to identify, investigate and respond to security issues with speed and precision. Users further benefit with new pre-configured queries and powerful threat intelligence through integration with SophosLabs Intelix. Sophos EDR customers can access seven days of cloud hosted data (upgradable to 30 days) in the data lake, in addition to 90 days of on-device data.
Sophos XDR, as well as the updated EDR capabilities for Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR are available worldwide on May 19 through Sophos partners. Partners and customers can easily manage all XDR and EDR product solutions on the cloud-based Sophos Central platform via a single user interface.
Discussion about this post