Energetic adversaries are extremely expert cybercriminals. They use hands-on-keyboard and AI-assisted strategies to avoid preventative safety controls and execute superior multi-stage assaults.
Organizations want adaptive safety controls designed to detect, examine, and reply to the approaches generally utilized by these subtle menace actors. Efficient response to superior threats requires a toolset that allows safety operators to make data-driven selections quicker and execute duties with velocity and effectivity.
Sophos constantly leverages the menace intelligence and cybersecurity experience from our Sophos X-Ops unit, in addition to telemetry from Sophos’ and third-party safety options, to supply the strongest safety, detection, and response to essentially the most superior assaults. We’re all the time innovating, and the newest enhancements to the Sophos Prolonged Detection and Response (XDR) platform present even better energy to defend in opposition to lively adversaries.
Enhanced Sophos XDR detections
Try a few of our newest enhancements on this fast demo video:
Configurable suppression guidelines
Safety operators have better management over the detections generated by the Sophos XDR platform utilizing an intuitive suppression wizard, enabling analysts to give attention to an important detections and instances by suppressing confirmed-benign occasions. Granular guidelines will be created primarily based on particular attributes together with severity, detection kind, MITRE ATT&CK particulars, and extra.
Complete detection summaries
Safety operators have to make selections and execute duties at velocity, so it’s essential that menace alerts are instantly understandable to analysts of all ability ranges. Sophos XDR detections now embody “pure language” descriptions to assist speed up investigation and response.
Streamlined SophosLabs Intelix integration
Detections generated by Sophos Endpoint at the moment are routinely despatched to SophosLabs Intelix for menace classification and evaluation. Detection particulars at the moment are enriched with high-fidelity menace intelligence without having to manually undergo SophosLabs.
Enhanced Microsoft 365 detections
Sophos XDR collects and analyzes complete audit log information from Microsoft 365 and makes use of proprietary guidelines to establish extra threats than Microsoft safety instruments can on their very own. The newest Microsoft “platform detections” in Sophos XDR give attention to figuring out compromised accounts and Enterprise Electronic mail Compromise.
The “Microsoft Workplace 365 Administration Exercise API” integration is included with Sophos XDR at no extra value.
Sophos XDR Public APIs
Extending our open ecosystem strategy, we’ve launched two new APIs to allow organizations to combine Sophos XDR information seamlessly into present safety operations instruments and workflows.
Organizations with established safety operations packages can use these new APIs to floor menace detections and case investigation particulars from the Sophos XDR platform of their safety data and occasion administration (SIEM), skilled providers automation (PSA), and IT service administration (ITSM) instruments, offering the flexibleness to leverage these present investments.
- Speed up investigation and response – allow automated workflows that leverage Sophos XDR detections and case particulars
- Centralize evaluation of safety telemetry – correlate Sophos XDR detections with alerts and telemetry from different information sources
- Enrich with third-party menace intelligence – increase Sophos XDR detections with extra menace intelligence for added context
Study extra in our documentation: Detections API | Circumstances API
Improve multi-dimensional visibility with know-how integrations
Energetic adversaries execute assaults that cross a number of domains throughout the sufferer’s surroundings – the complete scope of which can’t be detected by a single level product. Telemetry from a number of sources is required to supply a extra full view of an lively adversary’s exercise at every stage of an assault.
The Sophos XDR platform collects, correlates, and analyzes information from a variety of occasion sources, whereas automated actions and optimized workflows permit analysts to detect, examine, and reply to lively adversaries at velocity throughout all key assault surfaces.
We’re continuously increasing our expansive accomplice ecosystem with extra turnkey integrations with endpoint, firewall, community, e mail, cloud, id, productiveness, and backup options.
New integrations accessible for Sophos XDR and Sophos MDR prospects embody the next:
 |
 |
 |
 |
| Forcepoint Subsequent-Gen Firewall |
F5 BIG IP Software Safety Supervisor (ASM) |
Cisco Umbrella | Cisco Identification Providers Engine (ISE) |
| Integration Pack: Firewall |
Integration Pack: Community |
Integration Pack: Community |
Integration Pack: Identification |
| Study extra | Study extra | Study extra | Coming quickly |
Discover our present vary of third-party integrations on the Sophos Market.
Microsoft Graph safety integration (Model 2)
By ingesting, correlating, and analyzing telemetry by way of the Microsoft Graph safety and Microsoft Workplace 365 Administration Exercise APIs, the Sophos platform makes use of superior proprietary menace detection guidelines to establish threats that might in any other case be missed. These turnkey Microsoft integrations are included with Sophos XDR and Sophos MDR subscriptions at no extra value, and over 20,000 prospects are already utilizing them to increase visibility and safety throughout their IT environments.
In July, we’re releasing a brand new model of our Microsoft Graph safety integration. The brand new model, referred to as “Microsoft Graph safety API (Alerts v2)”, offers extra data from a broad vary of Microsoft safety options that analysts can use to speed up detection, investigation, and response. And sure, the brand new model will nonetheless be included in the usual value of Sophos XDR and Sophos MDR!
Rapidly establish weak endpoints and servers
Figuring out gadgets which can be doubtlessly uncovered to threats is essential for managing cybersecurity danger. We’ve not too long ago launched a brand new System Publicity dashboard within the Sophos Central console that gives Sophos XDR and Sophos MDR with a transparent overview of endpoint and server gadgets lacking essential working system updates. The visualization highlights the time elapsed for the reason that final OS updates have been utilized, with one-click entry to customizable queries for additional particulars.
Study extra in regards to the new System Publicity dashboard
Vulnerability administration delivered as a managed service
The fashionable assault floor continues to develop past the borders of conventional on-premises IT, and most organizations now have a major variety of internet-facing property they don’t even notice they personal, not to mention perceive whether or not they’re weak to assault. With our newest service providing – Sophos Managed Danger, powered by Tenable – our devoted crew of specialists helps get rid of blind spots in your exterior assault floor and prioritizes remediation efforts primarily based on the exposures that pose the very best danger to your group.
Acknowledged by trade specialists and prospects
Sophos XDR and Sophos MDR proceed to garner excessive reward from prospects and trade specialists for superior detection, investigation, and response capabilities.
Current proof factors embody:
Elevate your defenses in opposition to lively adversaries
To be taught extra and discover how Sophos XDR may also help your group higher defend in opposition to lively adversaries, converse with a Sophos adviser or your Sophos accomplice at the moment.
You too can take it for a take a look at drive in your personal surroundings with a no-obligation, 30-day free trial – accessible from our web site or (for present Sophos prospects) instantly inside the Sophos Central console in simply a few clicks.
