3CX DLL-Sideloading attack: What you need to know
In May, we achieved a few significant strategic milestones in our product roadmap. This included advancements in our EDR offering, the introduction of the Sophos Data Lake, and the launch of Extended Detection and Response (XDR) with integrations to our firewall and email products.
As of the weekend of July 10th we have integrated EDR and XDR into a single offering. Intercept X Advanced with EDR will become Intercept X Advanced with XDR and Intercept X Advanced for Server with EDR will become Intercept X Advanced for Server with XDR. Sophos MTR customers will also automatically benefit from this new offering with no changes to pricing.
All existing EDR customers will automatically receive XDR functionality, and standard retention in the Sophos Data Lake will be increased from seven days to thirty days of historical data. Customers who already have endpoint or server EDR will get a better experience – new detection and response features along with additional data retention. Any EDR customers who have Sophos Firewall or Sophos Email will now be able to take advantage of cross-product visibility. And the best part for our customers is that this will come at no extra cost!
Please note that you need to enable the Sophos Data Lake. In your Sophos Central console select ‘Global Settings’ then under Endpoint or Server Protection (or both) select the ‘Data Lake uploads’ setting and turn on the 'Upload to the Data Lake' toggle. Once enabled we will perform scheduled hydration queries on for your devices which capture interesting threat hunting related data and send it to the Data Lake. From the settings page you can also exclude specific devices from sending data to the Sophos Data Lake if you wish.
The Sophos Data Lake is available now for Windows and Linux devices. Mac support will come later this year.
See this blog post for a reminder on all new XDR capabilities introduced in May.
How can I try out these new capabilities?
In product trials are started by clicking the 'Free Trials' link in the bottom of the Left Hand navigation menu in Sophos Central:
Customers new to Sophos Central can initiate a new Central trial by clicking here.
Below you can find the detail on Threat Search and Threat Indicators and also has detail on replacement Live Discover queries that can provide similar functionality. We are working on a new and improved version of Threat Indicators which can report on much more than suspicious PE files so stay tuned! https://community.sophos.com/intercept-x-endpoint/b/blog/posts/intercept-x-advanced-with-edr-updates
It was discontinued. Funny thing though, you could still view it if you manually typed in the URL!
It is not very clear to me what has happened to the characteristics of "Threat Indicators" and "Threat Search", since these are not visible on the console.
Great stuff.Can't wait for Sophos to bring back an equivalent for Threat Indicators and Threat Search based on the new data feed.
This is a home run. Thank you.