Sophos User Activity Verification (SUAV)

We’re delighted to share an update on our Sophos User Activity Verification feature.

What is Sophos User Activity Verification?

User Activity Verification provides a way to request additional context from admins or users via their mobile device. It leverages the Sophos Intercept X app for Android and iOS, and enables a secure and rapid channel of communication. An example could be requesting information from a user about potentially suspicious activity detected on their desktop machine, or alerting an administrator when a high severity threat is detected.

For more details please see this article.

What’s new?

Users or admins can now be prompted to open a web link or call a telephone number. For example it may be helpful to provide the option of viewing more details about a threat by logging into the Sophos Central dashboard. When selecting this option the web page opens in the device’s default web browser. Another example is including the phone number of the IT Help Desk to make it easier for a user to get in touch. The user guide has been updated with an example, and full details are available in the API specification.

To show this in action we’ve created the below demo showing how Sophos User Activity Verification can be triggered by leveraging a SOAR tool such as Sophos Factory.