We are thrilled to announce that the latest version of Sophos EDR (endpoint detection and response) is now available in Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR.  This release brings powerful new capabilities that enable both IT admins and security analysts to ask detailed IT operations and threat hunting questions across their entire estate. It also provides new functionality to remotely respond with precision.  

Existing EDR customers will see these new features appear in their Sophos Central consoles throughout June (see below for additional rollout details). 

Upgrade your IT security operations 
Maintaining proper IT hygiene can be a significant time investment for IT admins. Being able to identify which devices need attention and what action needs to be taken can add another layer of complexity. 

With Sophos EDR you can now do just that, quickly and easily. For example: 

  • Find devices with software vulnerabilities, unknown services running or unauthorized browser extensions 
  • Identify endpoints and servers that still have RDP and guest accounts enabled 
  • See if software has been deployed on devices, e.g. to make sure a rollout is complete 
  • Remotely access devices to dig deeper and take action such as installing software, editing configuration files and rebooting a device 

 

Hunt and neutralize threats 
Tracking down subtle, evasive threats requires a tool capable detecting even the smallest indicator of compromise. 

With this release Sophos EDR is significantly enhancing its threat hunting capabilities. For example: 

  • Detect processes attempting to make a connection on non-standard ports 
  • Get granular detail on unexpected PowerShell executions 
  • Identify processes that have recently modified files or registry keys 
  • Remotely access a device to deploy additional forensic tools, terminate suspect processes, and run scripts or programs 

 

Introducing Live Discover and Live Response 
The features that make asking and answering these vital questions possible are Live Discover and Live Response. 

Live Discover allows you to examine your data for almost any question you can think of by searching across endpoints and servers with SQL queries. You can choose from a selection of out-of-the-box queries that can be fully customized to pull the exact information that you need both when performing IT security operations hygiene and threat hunting tasks. Data is stored on-disk for up to 90 days, meaning query response times are fast and efficient. 

Live Response is a command line interface, that can remotely access devices in order to perform further investigation or take appropriate action. For example: 

  • Rebooting a device pending updates 
  • Terminating suspicious processes 
  • Browsing the file system 
  • Editing configuration files 
  • Running scripts and programs 

And it’s all done remotely, so it’s ideal in working situations where you may not have physical access to a device that needs attention. 

 

Try out these powerful new features  

From June 23, Intercept X and Intercept X for Server customers, as well as customers with other products managed via Sophos Central that want to try out EDR can do so immediately within the Sophos Central console by selecting ‘Free Trials’ in the left-hand menu and choosing the ‘Intercept X Advanced with EDR’ or ‘Intercept X Advanced for Server with EDR’ trials.  

If you aren’t currently using a product managed via Sophos Central take a look at Intercept X, which gives you world class protection against the latest cybersecurity threats in addition to powerful EDR capabilities. Start your free trial today

Product Rollout Timing 
All Sophos EDR customers will automatically see these new features added to their Sophos Central consoles throughout June. Most customers who have participated in the Early Access Program should now have access to the new features.  We expect all other customers to get access to the features by June 23rd.  

Live Discover is available on Windows and Linux platforms now, with Mac support coming soon. Live Response is available on Windows now, with Linux and Mac support coming soon.