The Sophos Product marketing team and Customer Success team hosted a webinar in November showcasing recent and upcoming product releases for Sophos Endpoint Protection, Network Protection, and MDR.
The webinar covered a lot of the innovative features recently released and currently being developed to improve Sophos security environments.
Recording
Related Resources:
Endpoint
Firewall
Managed Services
Questions & Answers:
Q: Are there any integrations with other Switch and AP vendors?
A: Visibility of network traffic can be captured via the Sophos NDR appliance as part of an included integration. This requires the purchase of an NDR license and the deployment of the appliance within the network. Sophos does not currently provide integrations with third-party Switch and Access Point products.
Q: I appreciate the newer AP6 devices being available for purchase. We still want to maintain our APX devices with updated and latest wireless performance and enhancements. Will the firmware versions continue to be updated and compete with other market products?
A: We continue to update all our products on a regular basis with new releases and features in firmware updates, and our AP6 line is no exception. So please keep an eye open for firmware updates for those or any other Sophos products you're running and apply them as soon as they become available, and you'll get to take advantage of all the great new capabilities.
Q: These coming soon features, are they within the v21 version branch?
A: Features coming soon will be delivered in subsequent separate releases, not part of Version 21.
Q: Is there a minimum license count for the Sophos XDR client and does it work with XG Home?
A: There is no minimum license count for Sophos XDR; however, the firewall integration does not support XG Home.
Q: Are there any plans to extend data retention beyond 30 days for XDR customers?
A: Retention of data in the Sophos data lake is 90 days by default. If you need longer retention, there is an add-on available for up to a year.
Q: For adaptive attack protection, when the system hardens how does it not impact key business rules and locks down legitimate traffic?
A: We do expect Adaptive Attack Protection to impact end-users due to the type of additional blocking actions that are applied (e.g. certain administrative tools). Administrators may see a temporary impact if they use certain admin tools that are commonly abused by adversaries and therefore may be blocked by Adaptive Attack Protection. This can be controlled - you can click a button to take a device out of this mode, and you can manually put devices into Adaptive Attack Protection mode if needed.
Q: Are you guys providing technical training or resources regarding your MDR? I am interested in to learn more as a security engineer!
A: We recommend starting at sophos.com/training. We have recently relaunched Sophos Academy, a one stop shop for all of our training, both for Sophos customers and Sophos partners.
Q: Will an MDR customer automatically get NDR?
A: Sophos NDR is available to Sophos MDR and Sophos XDR customers as an additional purchase option.
Q: We are a small sized company, <50. Does an XDR or MDR subscription make sense for a company our size?
A: Absolutely. Threat actors love to target organizations that may not have the tools, resources or deep knowledge needed to fully defend themselves against sophisticated attacks. XDR can help to close visibility gaps within the network and provide you with the tools to defend yourself, whilst MDR can give you continuous peace of mind and provide an extension of your team armed with the correct tools and expertise.
Q: What’s the difference between Active Threat Response and Synchronized Security?
A: Sophos introduced Synchronized Security several years ago, which enabled the firewall to communicate with other Sophos products like our endpoint to coordinate a defense in the event a threat was discovered. We introduced Active Threat Response just last year, which is an evolution of synchronized security, extending it to security analysts who may discover an active threat via threat hunting and allow them to effectively kick off an automated response. This year, we've added 3rd party threat feeds as an option to enable an automated response. So think of Active Threat Response as an evolution or an extension of synchronized security. Synchronized security still plays an important role in the response.
Q: Will device exposure be taking in 3rd party apps? What about macOS?
A: The device exposure feature supports macOS devices; however, it is not intended to be an application vulnerability management solution. If you are interested in vulnerability management more broadly, we would recommend looking into the Sophos Managed Risk service.
Q: Are the endpoint additions for Mac as well as Windows? (Adaptive Attack Protection)
A: Adaptive Attack protection is supported on Windows devices (endpoints and servers) at this time.
Q: Does adaptive attack protection alert or show in event log when one of the admin type tools is blocked?
A: Yes, Adaptive Attack Protection generates a 'Disrupt' event within the devices event log. An email alert can also be sent to administrators notifying them of the disrupted attack.
Q: For the Threat Detection side of the Platform, are the Logs/files kept inside the UK?
A: Data is held for 90 days before being deleted from the data lake. Data is stored within the same region as your Sophos Central account.
Q: Will the MDR dashboard be able show the work hours stats for our environment along with the global stats?
A: The MDR Dashboard has an MDR Case Summary widget which displays Analyst Effort, Total Cases, Escalated Cases, Un-escalated Cases, Weekend Cases, and Actions Required which are tailored to your environment.
Q: If I have a Sophos Firewall XGS3100 and I want to update to V21. Will I have a problem with the new version? My actually version is 20.0.0.
A: V21 is a supported upgrade for any supported version you might be running today. We recommend updating to V21 as soon as possible.
Q: Where can I find Managed Risk in the Central console?
A: Sophos Managed Risk is available under the "My Products" tab if you have an active Managed Risk subscription.
Q: Are the Endpoint features you discussed included with MDR?
A: Yes. If you subscribe to the Sophos MDR service, you are automatically entitled to the Sophos Endpoint and Sophos XDR capabilities as part of your subscription. Features like Adaptive Attack Protection, remote ransomware protection, etc., are all included in the endpoint protection solution, which is part of your MDR subscription. The only exception is the Critical Attack Warning feature - customers with Sophos MDR do not receive Critical Attack Warnings because the service includes comprehensive 24/7 monitoring and proactive outreach.
Q: What are the advantages of having Sophos security appliances in conjunction with your MDR/XDR services vs. an other solution such as Cisco and Fortinet?
A: MDR or XDR will integrate with the other products you already have, but utilizing Sophos Firewall and our other network security products gives you a number of significant advantages. Active Threat Response is one advantage we covered in the webinar that allows you to shut down an active adversary instantly and automatically without having to log in to the firewall and set up a rule. This can be done automatically and remotely. You also get all the benefits of having all your cybersecurity products managed from a single console, providing better visibility and ease of management for your team. With our network security products you're getting the best protection and performance for your money, ensuring you're getting maximum value for your investment.