New XDR Features EAP now open

Note: Use of all features and functionalities provided under the Early Access Program is subject to the Sophos End User Terms of Use.

We are excited to announce the opening of the New XDR Features Early Access Program (EAP).  This EAP will be used to give early access to some of the latest and greatest XDR capabilities Sophos currently has in development. 

XDR Sensor: 

The EAP begins with the introduction of the XDR Sensor which is a new deployment option specifically designed for prospects/customers who are unwilling or unable to replace their existing, non-Sophos endpoint protection platform with the full Sophos Intercept X Advanced with XDR agent but are interested in benefiting from our endpoint detection, investigation, and response capabilities. Common examples of this include: 

• Prospects who are currently using a non-Sophos endpoint protection tool but are interested in trialing Sophos as part of a proof-of-concept (POC) without it interfering with their existing endpoint protection platform. 

• Existing customers who are using Sophos endpoint protection (Intercept X Essentials or Intercept X Advanced) in one segment of their environment while using one or more non-Sophos endpoint protection tools in other segments. These customers may be looking to move their entire organization to Sophos over time but need to use the Sophos XDR Sensor to bridge the gap during the consolidation process. 

• Prospects who want to complement a non-Sophos endpoint protection tool with the detection, investigation, and response capabilities enabled through Sophos XDR. In many cases, these will be prospects who only have endpoint protection today but are looking for an immediate path to EDR and XDR capabilities. 

 What Capabilities Does the Sophos XDR Sensor Enable?

The Sophos XDR Sensor operates in a detection and response-only mode, which means it does not provide automated protection/prevention actions. The customer or prospect will continue relying on their existing third-party endpoint protection tool and will benefit from the following capabilities enabled by the Sophos XDR Sensor.

 Threat Detection Capabilities: 

• On-device behavior and cloud-based detections
• Does not include (HIPS, SFS, Exploits, ML, AMSI, Network)

 Threat Investigation Capabilities:

•  Live Discover (manual data lake queries)
• Scheduled / rule-based data lake queries

 Threat Response Capabilities: 

• Live Response (manual response)

How do I join the New XDR Features EAP:

When logged into Central, click on username at top right of screen → Select ‘Early Access Program’

On the Early Access Program page click to 'Join' the ‘New XDR Features’ EAP:

On the next screen click continue.  Accept the Sophos End User terms of use and click the Accept button:

You are now successfully enrolled in the EAP.

Deploying the XDR Sensor to your devices: 

From the Protect Devices page in Central you now have access to the XDR Sensor installer.  Download and run this installer on your endpoint device:

Note: The install is only supported on Windows 10 x64 and Windows Server 2016 devices and above.  This installer is pre-configured to only install the XDR Sensor and to not run the Competitive Removal Tool so that we don’t interfere with a non-Sophos protection product.  You should only install to a device that does not already have Sophos Protection installed.

When the installation completes, you can verify the successful install from Sophos Central where the device will appear like so:

At this stage you can do any testing you would like on the device.  With the XDR sensor you can use tools like Live Discover, Live Response, Admin Isolation and suspect activity that can be identified will be highlighted in the Detections/Investigations dashboards.  If you encounter any problems, have issues with deploying with any non-Sophos Protection products, notice any performance problems please report to the dedicated XDR Sensor Discussion Community here.