The latest enhancements to the Sophos XDR platform provide even greater power to defend against active adversaries, including configurable suppression rules, public APIs, enhanced Microsoft integrations, and more.

Active adversaries are highly skilled cybercriminals. They use hands-on-keyboard and AI-assisted methods to circumvent preventative security controls and execute advanced multi-stage attacks.

Organizations need adaptive security controls designed to detect, investigate, and respond to the approaches commonly used by these sophisticated threat actors. Effective response to advanced threats requires a toolset that enables security operators to make data-driven decisions faster and execute tasks with speed and efficiency. 

Sophos continuously leverages the threat intelligence and cybersecurity expertise from our Sophos X-Ops unit, as well as telemetry from Sophos’ and third-party security solutions, to provide the strongest protection, detection, and response to the most advanced attacks. We are always innovating, and the latest enhancements to the Sophos Extended Detection and Response (XDR) platform provide even greater power to defend against active adversaries.

Configurable suppression rules
Security operators have greater control over the detections generated by the Sophos XDR platform using an intuitive suppression wizard, enabling analysts to focus on the most important detections and cases by suppressing confirmed-benign events. Granular rules can be created based on specific attributes including severity, detection type, MITRE ATT&CK details, and more.

Comprehensive detection summaries
Security operators need to make decisions and execute tasks at speed, so it’s crucial that threat alerts are immediately comprehensible to analysts of all skill levels. Sophos XDR detections now include ‘natural language’ descriptionsto help accelerate investigation and response.

Streamlined SophosLabs Intelix integration
Detections generated by Sophos Endpoint are now automatically sent to SophosLabs Intelix for threat classification and analysis. Detection details are now enriched with high-fidelity threat intelligence with no need to manually submit to SophosLabs.

Enhanced Microsoft 365 detections
Sophos XDR collects and analyses comprehensive audit log data from Microsoft 365 and uses proprietary rules to identify more threats than Microsoft security tools can on their own. The latest Microsoft ‘platform detections’ in Sophos XDR focus on identifying compromised accounts and Business Email Compromise. 
The ‘Microsoft Office 365 Management Activity API’ integration is included with Sophos XDR at no additional cost.