Lively adversaries are extremely expert cybercriminals. They use hands-on-keyboard and AI-assisted strategies to bypass preventative safety controls and execute superior multi-stage assaults.
Organizations want adaptive safety controls designed to detect, examine, and reply to the approaches generally utilized by these refined menace actors. Efficient response to superior threats requires a toolset that allows safety operators to make data-driven choices quicker and execute duties with velocity and effectivity.
Sophos constantly leverages the menace intelligence and cybersecurity experience from our Sophos X-Ops unit, in addition to telemetry from Sophos’ and third-party safety options, to supply the strongest safety, detection, and response to probably the most superior assaults. We’re at all times innovating, and the most recent enhancements to the Sophos Prolonged Detection and Response (XDR) platform present even larger energy to defend towards lively adversaries.
Enhanced Sophos XDR detections
Try a few of our newest enhancements on this fast demo video:
Configurable suppression guidelines
Safety operators have larger management over the detections generated by the Sophos XDR platform utilizing an intuitive suppression wizard, enabling analysts to give attention to a very powerful detections and instances by suppressing confirmed-benign occasions. Granular guidelines might be created based mostly on particular attributes together with severity, detection kind, MITRE ATT&CK particulars, and extra.
Complete detection summaries
Safety operators must make choices and execute duties at velocity, so it’s essential that menace alerts are instantly understandable to analysts of all ability ranges. Sophos XDR detections now embrace “pure language” descriptions to assist speed up investigation and response.
Streamlined SophosLabs Intelix integration
Detections generated by Sophos Endpoint at the moment are mechanically despatched to SophosLabs Intelix for menace classification and evaluation. Detection particulars at the moment are enriched with high-fidelity menace intelligence without having to manually undergo SophosLabs.
Enhanced Microsoft 365 detections
Sophos XDR collects and analyzes complete audit log information from Microsoft 365 and makes use of proprietary guidelines to establish extra threats than Microsoft safety instruments can on their very own. The most recent Microsoft “platform detections” in Sophos XDR give attention to figuring out compromised accounts and Enterprise E mail Compromise.
The “Microsoft Workplace 365 Administration Exercise API” integration is included with Sophos XDR at no further price.
Sophos XDR Public APIs
Extending our open ecosystem method, we’ve launched two new APIs to allow organizations to combine Sophos XDR information seamlessly into present safety operations instruments and workflows.
Organizations with established safety operations packages can use these new APIs to floor menace detections and case investigation particulars from the Sophos XDR platform of their safety data and occasion administration (SIEM), skilled companies automation (PSA), and IT service administration (ITSM) instruments, offering the pliability to leverage these present investments.
- Speed up investigation and response – allow automated workflows that leverage Sophos XDR detections and case particulars
- Centralize evaluation of safety telemetry – correlate Sophos XDR detections with alerts and telemetry from different information sources
- Enrich with third-party menace intelligence – increase Sophos XDR detections with further menace intelligence for added context
Be taught extra in our documentation: Detections API | Circumstances API
Enhance multi-dimensional visibility with expertise integrations
Lively adversaries execute assaults that cross a number of domains throughout the sufferer’s atmosphere – the complete scope of which can’t be detected by a single level product. Telemetry from a number of sources is required to supply a extra full view of an lively adversary’s exercise at every stage of an assault.
The Sophos XDR platform collects, correlates, and analyzes information from a variety of occasion sources, whereas automated actions and optimized workflows enable analysts to detect, examine, and reply to lively adversaries at velocity throughout all key assault surfaces.
We’re consistently increasing our expansive associate ecosystem with further turnkey integrations with endpoint, firewall, community, e-mail, cloud, identification, productiveness, and backup options.
New integrations accessible for Sophos XDR and Sophos MDR prospects embrace the next:
 |
 |
 |
 |
| Forcepoint Subsequent-Gen Firewall |
F5 BIG IP Software Safety Supervisor (ASM) |
Cisco Umbrella | Cisco Id Providers Engine (ISE) |
| Integration Pack: Firewall |
Integration Pack: Firewall |
Integration Pack: Community |
Integration Pack: Id |
| Be taught extra | Be taught extra | Be taught extra | Coming quickly |
Discover our present vary of third-party integrations on the Sophos Market.
Microsoft Graph safety integration (Model 2)
By ingesting, correlating, and analyzing telemetry through the Microsoft Graph safety and Microsoft Workplace 365 Administration Exercise APIs, the Sophos platform makes use of superior proprietary menace detection guidelines to establish threats that would in any other case be missed. These turnkey Microsoft integrations are included with Sophos XDR and Sophos MDR subscriptions at no further price, and over 20,000 prospects are already utilizing them to increase visibility and safety throughout their IT environments.
In July, we’re releasing a brand new model of our Microsoft Graph safety integration. The brand new model, known as “Microsoft Graph safety API (Alerts v2)”, gives further data from a broad vary of Microsoft safety options that analysts can use to speed up detection, investigation, and response. And sure, the brand new model will nonetheless be included in the usual worth of Sophos XDR and Sophos MDR!
Rapidly establish weak endpoints and servers
Figuring out gadgets which are probably uncovered to threats is vital for managing cybersecurity danger. We’ve lately launched a brand new System Publicity dashboard within the Sophos Central console that gives Sophos XDR and Sophos MDR with a transparent overview of endpoint and server gadgets lacking vital working system updates. The visualization highlights the time elapsed for the reason that final OS updates had been utilized, with one-click entry to customizable queries for additional particulars.
Be taught extra in regards to the new System Publicity dashboard
Vulnerability administration delivered as a managed service
The trendy assault floor continues to develop past the borders of conventional on-premises IT, and most organizations now have a big variety of internet-facing belongings they don’t even understand they personal, not to mention perceive whether or not they’re weak to assault. With our newest service providing – Sophos Managed Threat, powered by Tenable – our devoted group of specialists helps remove blind spots in your exterior assault floor and prioritizes remediation efforts based mostly on the exposures that pose the best danger to your group.
Acknowledged by trade specialists and prospects
Sophos XDR and Sophos MDR proceed to garner excessive reward from prospects and trade specialists for superior detection, investigation, and response capabilities.
Current proof factors embrace:
Elevate your defenses towards lively adversaries
To study extra and discover how Sophos XDR may also help your group higher defend towards lively adversaries, communicate with a Sophos adviser or your Sophos associate right this moment.
You can even take it for a check drive in your personal atmosphere with a no-obligation, 30-day free trial – accessible from our web site or (for present Sophos prospects) instantly throughout the Sophos Central console in simply a few clicks.
