In May, we achieved a few significant strategic milestones in our product roadmap.  This included advancements in our EDR offering, the introduction of the Sophos Data Lake, and the launch of Extended Detection and Response (XDR) with integrations to our firewall and email products.  

As of the weekend of July 10th we have integrated EDR and XDR into a single offering. Intercept X Advanced with EDR will become Intercept X Advanced with XDR and Intercept X Advanced for Server with EDR will become Intercept X Advanced for Server with XDR. Sophos MTR customers will also automatically benefit from this new offering with no changes to pricing.  

All existing EDR customers will automatically receive XDR functionality, and standard retention in the Sophos Data Lake will be increased from seven days to thirty days of historical data. Customers who already have endpoint or server EDR will get a better experience – new detection and response features along with additional data retention. Any EDR customers who have Sophos Firewall or Sophos Email will now be able to take advantage of cross-product visibility. And the best part for our customers is that this will come at no extra cost! 

Please note that you need to enable the Sophos Data Lake. In your Sophos Central console select ‘Global Settings’ then under Endpoint or Server Protection (or both) select the ‘Data Lake uploads’ setting and turn on the 'Upload to the Data Lake' toggle. Once enabled we will perform scheduled hydration queries on for your devices which capture interesting threat hunting related data and send it to the Data Lake.  From the settings page you can also exclude specific devices from sending data to the Sophos Data Lake if you wish.  

The Sophos Data Lake is available now for Windows and Linux devices. Mac support will come later this year.

See this blog post for a reminder on all new XDR capabilities introduced in May.

How can I try out these new capabilities?

In product trials are started by clicking the 'Free Trials' link in the bottom of the Left Hand navigation menu in Sophos Central:

  • Central customers looking to try out XDR can start an Intercept X Advanced with XDR Endpoint and/or Server trial.

Customers new to Sophos Central can initiate a new Central trial by clicking here.