Sophos Central release for Active Threat Response for AP6 Series access points

3 Jun 2024

Overview

The product team is pleased to announce the introduction of Active Threat Response for Sophos Switch and Sophos Wireless (AP6 Series only). This new offering provides API-triggered responses to automatically isolate compromised hosts across the network. This extends threat intelligence from Sophos MDR, Sophos XDR, Sophos NDR, and third-party solutions to the access layer, quickly preventing lateral movement via any wired, wireless, managed, or unmanaged host.

Sophos Switches and Sophos AP6 access points registered in Sophos Central with an active Support and Services subscription have access to the Active Threat Response feature through Sophos Central. The Active Threat Response API ingests threat feed data allowing MDR analysts or network administrators to quickly isolate compromised hosts across the network.

Benefits

Isolates wired and wireless, managed, and unmanaged hosts
Prevents lateral movement and buys you time for remediation
Detections can originate from multiple sources (Sophos or third-party solutions)

Active Threat Response on Sophos Central

From Sophos Central, the administrator can view an Active Threat Response page, where they can enable or disable Active Threat Response for Sophos switches and access points. This page also presents a list of the isolated hosts across all Sophos switches and AP6 access points managed in the Sophos Central account.

On the Access Points page, the firmware version displayed is now 1.4.1819 for AP6 access points running the MR4 release version 1.4.1748. AP6 access points not running the MR4 release will continue to display the original firmware version.

Active Threat Response APIs

Active Threat Response APIs are available in Sophos Central. For information on how to access and use APIs from Sophos Central, please see https://developer.sophos.com/. The APIs can enable third-party integrations and workflows to swiftly isolate compromised hosts at the network access layer. We are always interested in how third-party integrations are deployed so please send us feedback regarding your custom integrations.

To view the Active Threat Response APIs for Sophos Wireless (AP6 Series only), visit https://developer.sophos.com/docs/wi-fi-management-v1/1/overview.

To view the Sophos Wireless (AP6 Series only) management API guide, visit https://developer.sophos.com/wifi-management.

LuCar Toni 13 days ago

If you want to try this out, here is a powershell script to add MACs to the list Sophos Wireless ATR - Sample Powershell API Library
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
LuCar Toni 13 days ago

If you want to try this out, here is a powershell script to add MACs to the list : Sophos Switch: ATR - Powershell API Library
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
BarbaraH 15 days ago
You can watch and share the short overview video here: https://vimeo.com/953344955

We've also posted the following blog posts:
- Sophos News https://news.sophos.com/en-us/2024/06/05/introducing-active-threat-response-for-sophos-switch-sophos-wireless-ap6/
- Partner News https://partnernews.sophos.com/en-us/2024/06/products/introducing-active-threat-response-for-sophos-switch-sophos-wireless-ap6/
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel