We have some exciting news for Intercept X and Intercept X for Server customers. This week we launched a new and improved version of Root Cause Analysis (RCA) for investigations. With this new functionality comes a new name - “Threat Cases”. Threat Cases automatically identify the root cause or sequence of events that led to a potentially malicious file. With the new release, we will also display more intelligence to aid in investigating and will provide suggested next steps.
New enhancements include:
Access to the new Threat Cases can be found for Endpoints under Sophos Central Admin > Endpoint Protection > Threat Cases and for Servers under Sophos Central Admin > Server Protection > Threat Cases:
Looking for more investigation and analysis?
Threat Cases are available to all Intercept X and Intercept X for Server customers. However, Threat Cases just scratch the surface of what Intercept X Advanced with EDR is able to do (EDR for Servers will be available in 2019). With our new EDR capabilities administrators will be able to leverage even more machine learning and SophosLabs intelligence to dive deeper than ever before when investigating a suspicious event. Intercept X Advanced with EDR will also allow administrators to respond to potential threats with a click of a button, isolate machines on demand while investigating, hunt for threats across their estate, and much more. You can sign up for a sneak preview of the EDR capabilities by joining our Early Access Program.