• Release Notes & News: EDR Threat Indicators now Generally Available

    After enhancing the Threat Indicators features since it was made available to Intercept X Advanced with EDR and Intercept X with EDR for Server customers in July, Sophos has now declared the feature Generally Available.

    Threat Indicators solves the #1 most requested feature for EDR users – knowing where to start an investigation.  Now admins will utilize a prioritized list of the most suspicious activity, so they…

  • Announcements: Intercept X Enhanced Protection EAP is now open!

    We are pleased to announce that the new EAP that introduces AMSI Protection and Malicious Network Traffic Protection (IPS) is now open.

    Check out the attached slides, or watch this video to find out how to join.

    For questions and feedback, please visit the Feedback and Issues forum

  • Announcements: Announcing Early Access for Enhanced Protection / IPS and AMSI

    Can the best get any better? We sure think so! Our teams have been working hard to add new protection focused features to Central Windows Endpoint & Windows Server. The Early Access Program is due to launch in late October, the full list of included products can be found later in this blog post.

    IPS

    Sophos Network Threat Protection just got better! We're adding Malicious Network Traffic Protection with Packet Inspection…

  • Release Notes & News: The EDR Threat Indicators feature is now live in Beta

    Customers of Intercept X Advanced with EDR and Intercept X with EDR for Servers will see a new Threat Indicators feature available in their Central Threat Analysis Center.

    Threat Indicators solves the #1 most requested feature for EDR users – knowing where to start an investigation.  Now users will utilize a prioritized list of the most suspicious activity, so they know what needs to be investigated and how urgently…

  • Release Notes & News: Intercept X Advanced for Server with EDR - Now available

    Intercept X Advanced for Server with EDR is now available. With this update we bring the EDR capabilities from our Endpoint Protection to Windows Servers.

    You can add EDR today to report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. 

    Existing Customers: You will be able to start a trial from the Free Trials section of Sophos Central in two…

  • Release Notes & News: Intercept X Advanced with EDR 1.1 now available

    Intercept X Advanced with EDR 1.1 is now available. With this latest update, EDR enabled devices will now start to capture and allow searching for the execution of good admin tools which can be used for malicious purposes. To begin with we’ll be supporting PowerShell executions and will look to add support for new admin tools over time. Analysts now have the ability to track down malicious executions that otherwise may…

  • Release Notes & News: Introducing Intercept X for Server with EDR

    All of the tasty EDR goodness you know and love from Intercept X Advanced with EDR is coming soon to Windows Servers. If you want to get a sneak peak see here to get details on joining the early access program.

  • Announcements: Introducing Intercept X for Server with EDR

    After the closure of the Early Access Program (EAP) for our endpoint EDR capabilities we are happy to announce that we have commenced a new EAP giving access to Server EDR capabilities. Check out this post for more detail.

  • Release Notes & News: Early Access Program Release: Intercept X for Server with EDR

    Description:

    The new Intercept X for Server with EDR capabilities allow you to take charge of security incidents by answering the tough questions about an event, investigate with deep expertise, and respond with a click of a button. 

    Eligibility details

    Intercept X for Server with EDR is available on Windows Server 2008R2 and later

    How to enable the features

    Simply enrol in the Early Access Program and assign your Windows…

  • Announcements: Fakedrop - a quick and dirty testing and demo tool for EDR

    Fakedrop is a fake malware dropper to help you safely simulate some suspicious and malicious activity on Sophos Intercept X protected endpoints without fear of causing a malware outbreak. This also means the tool is only for use with our products and not competitors. The code is quick and dirty however it helps get the job done.

    It's designed to be run one or more machines protected by Intercept X (with the Advanced with…

  • Announcements: Intercept X Advanced with EDR Early Access Program Closing Down

    On January 31st the Intercept X Advanced with EDR Early Access Program (EAP) will be closing down. From January 21st the EAP will be closed to new customer registrations and no new endpoints can be assigned to the Early Access Program for existing customers who have joined the EAP.


    What will the experience be for customers coming out of the Early Access Program on January 31st?

    For customers who had joined the Early Access…

  • Announcements: Best Practices for EDR Data Feed

    One of the key new features delivered in Intercept X Advanced with EDR is the ability to search across an endpoint estate for details on portable executable files that have an uncertain or bad reputation and the network destinations those files have connected to. This will search across all the data that has been sent back to Sophos Central but only from Endpoints that have Threat Protection policies with the ‘Allow computers…

  • Announcements: Intercept X Advanced with EDR Early Access Program Updates - December 2018

    Now that the Intercept X Advanced with EDR offering is now available for purchase, we wanted to provide Early Access Program customers some best practices for migrating from the Early Access Program to an Intercept X Advanced with EDR license for those who have made the decision to purchase.

     

    Migration Steps:
     
    1. Apply the Activation code for the “Intercept X Advanced with EDR” license on the Licensing page in Sophos Central…

  • Announcements: Intercept X Advanced with EDR Early Access Program Updates

    Another round of updates have been released as part of the Endpoint Detection and Response early access program. The latest new enhancements include:

     

    Threat Search to now support Network Events:

    The endpoint will be enhanced so that on top of tracking and sending metadata to Sophos Central on detected or suspicious portable executable files, it will also now start to track network connections to IP addresses and domains…

  • Announcements: Submit Your Files to SophosLabs and Win Prizes!

    Deep Learning Malware Analysis is now available as part of the Intercept X Advanced with EDR Early Access Program.  When clicking on a file you can now submit it to SophosLabs to receive the latest threat intelligence, driven by our deep learning malware analysis engine.  This exciting feature automatically analyzes malware in extreme detail, breaking down file attributes and code and comparing them to millions of other…

  • Release Notes & News: New and improved root cause analysis in Intercept X

    We have some exciting news for Intercept X and Intercept X for Server customers.  This week we launched a new and improved version of Root Cause Analysis (RCA) for investigations.  With this new functionality comes a new name - “Threat Cases”.  Threat Cases automatically identify the root cause or sequence of events that led to a potentially malicious file.  With the new release, we will also display more intelligence…

  • Announcements: Deep Learning Malware Analysis introduced to Intercept X EDR Early Access Program.

    Feedback when requesting the latest Sophos Threat intelligence on processes from within Threat Cases has been vastly improved with the introduction of Deep Learning Malware Analysis to the Intercept X EDR Early Access Program. This feature automatica...
  • Announcements: EDR Early Access Program Test Guide Available Now

    As testing some of the new Endpoint EDR capabilities can be a bit tricky, Sophos have put together a Test Guide to help demo and test the new capabilities.  The Test Guide walks through the scenarios below:

     

    1. The investigation of an existing detection where suspect files are identified in the threat chain which warrant further investigation. A file is submitted to SophosLabs for further analysis, an Item Search across…
  • Announcements: Intercept X with EDR Early Access Program Now Open

    The best just got better. Sophos is pleased to announce that the Intercept X Advanced with EDR Early Access Program is now open.  The new Endpoint Detection and Response (EDR) capabilities allow you to take charge of security incidents by answering the tough questions about an event, investigate with deep expertise, and respond with a click of a button.  The EAP is open to Central Endpoint Protection Intercept X customers…

  • Announcements: Sophos Endpoint Detection and Response - Private EAP Update

    Thursday, the 13th of September, Sophos plans on launching the next round of capabilities as part of the EDR Private Early Access program. The new capabilities being launched in this part of the Early Access Program are:

     

    Respond Capabilities

    In the event potential undetected threats have been identified, new respond capabilities can be applied to help contain the threat. Admin led isolation can restrict the network connectivity…

  • Announcements: Using the SDR Exporter

    Demo of SDR Exporter and RCA Threat Case investigation:

    For the attack to get as far as it did I had to turn off 90% of the Sophos endpoint protections.  In the scenario the adversary compromises the endpoint and downloads multiple malware tools only one of which is caught.  The RCA will show both the convicted software and the suspect files downloaded that did not trigger a detection.The SDR Exporter can be used to see…

  • Announcements: Sophos Endpoint Detection and Response - Private Early Access Program

    Sophos are pleased to announce the Endpoint Detection and Response early access program for Central Windows Endpoints.  The new Sophos Endpoint Detection and Response capabilities empower admins with deeper insights into the activity on their endpoints to identify and respond to advanced threats.  Initially this will be a private early access program before opening up to a public early access program in a few months.  If…

  • Release Notes & News: ESH - What's next - status 21 Nov

    Hello!

    unfortunately you have not heard anything in the past 6 months about ESH. That should change now. A lot of things have been going on behind the scenes. We have several news in the pipeline:

    • ESH for Mac - yes, it's coming. 9.7.3 will include ESH, which basically looks the same as in Windows. 
    • ESH for Servers
    • ESH for Intercept X V.2 - new deep learning and reputation information on files will become visible
  • Release Notes & News: Intercept X Early Access Program - Active Adversary and Deep Learning

    Description

    This is the first of multiple updates planned during the early access period.  In this release we have added multiple protections to the Intercept product to prevent active adversaries form completing their objectives, from Credential Theft Prevention, to protections against new exploit techniques like eternalblue and double pulsar the exploits used in the wanna cry worm.

    This fall we add Deep Learning AI models…