This release brings powerful new capabilities that enable both IT admins and security analysts to ask detailed IT operations and threat hunting questions across their entire estates. It also provides new functionality to remotely respond with precision.
Existing EDR customers will see these new features appear in their Sophos Central consoles throughout June (see below for additional rollout details).
Upgrade your IT security operations
Maintaining proper IT hygiene can be a significant time investment for IT admins. Being able to identify which devices need attention and what action needs to be taken can add another layer of complexity.
With Sophos EDR you can now do just that, quickly and easily. For example:
- Find devices with software vulnerabilities, unknown services running or unauthorized browser extensions
- Identify endpoints and servers that still have RDP and guest accounts enabled
- See if software has been deployed on devices, e.g. to make sure a rollout is complete
- Remotely access devices to dig deeper and take action such as installing software, editing configuration files and rebooting a device
Hunt and neutralize threats
Tracking down subtle, evasive threats requires a tool capable of detecting even the smallest indicator of compromise.
With this release Sophos EDR is significantly enhancing its threat hunting capabilities. For example:
- Detect processes attempting to make a connection on non-standard ports
- Get granular detail on unexpected PowerShell executions
- Identify processes that have recently modified files or registry keys
- Remotely access a device to deploy additional forensic tools, terminate suspect processes, and run scripts or programs
Introducing Live Discover and Live Response
The features that make solving all the important examples above possible are Live Discover and Live Response.
Live Discover allows you to examine your data for almost any question you can think of by searching across endpoints and servers with SQL queries. You can choose from a selection of out-of-the-box queries, which can be fully customized to pull the exact information that you need both when performing IT security operations hygiene and threat hunting tasks. Data is stored on-disk for up to 90 days, meaning query response times are fast and efficient.
Live Response is a command line interface that can remotely access devices in order to perform further investigation or take appropriate action. For example:
- Rebooting a device pending updates
- Terminating suspicious processes
- Browsing the file system
- Editing configuration files
- Running scripts and programs
And it’s all done remotely, so it’s ideal in working situations where you may not have physical access to a device that needs attention.
Try out these powerful new features
Check out this video to see the new features in action and how they can help you save time and get the answers you need.
Intercept X and Intercept X for Server customers, as well as customers with other products managed via Sophos Central that want to try out the new EDR functionality, can do so from 23 June. Head to the Sophos Central console, select ‘Free Trials’ in the left-hand menu and choose the ‘Intercept X Advanced with EDR’ or ‘Intercept X Advanced for Server with EDR’ trials.
If you’re new to Sophos Central, start a no-obligation free trial of Intercept X Advanced with EDR today. You’ll get world class protection against the latest cybersecurity threats in addition to powerful EDR capabilities. Get started.
Product rollout timing
All Sophos EDR customers will automatically see these new features added throughout June to their Sophos Central consoles. Customers who have participated in the Early Access Program should receive the new version today. All other customers should receive the new version by 23 June.
Live Discover is available on Windows and Linux now, with Mac support coming soon. Live Response is available on Windows now, with Linux and Mac support coming soon.