Authored by Anthony Merry, Senior Director of Product Marketing (SecOps and DevSecOps), Sophos
Sophos Intercept X with Extended Detection and Response (XDR) has been rated the #1 XDR solution by G2 users in their spring 2023 reports (March 2023). G2 distinctions and rankings are based solely on independent, verified customer reviews on G2.com, the world’s largest software marketplace and peer-review platform.
XDR for the real world
Designed for security experts and IT administrators alike, Sophos Intercept X with XDR enables analysts to detect, investigate, and respond to threats across their entire security environments quickly and accurately.
Building on the strong protection foundation of Sophos Intercept X Endpoint technology, our XDR solution brings together telemetry from endpoints, servers, mobile devices, network, email, and cloud solutions for optimal visibility and accelerated response. Alternatively, organizations looking just for Endpoint Detection and Response (EDR) capabilities can utilize the same detection and response tools, focusing solely on their endpoints.
The G2 rating endorses our commitment to a prevention-first approach that reduces breaches and improves detection and response.
Sophos Intercept X with XDR has had several impressive and innovative updates that enable customers to enjoy superior cybersecurity outcomes:
Third-party integrations enable customers to extend their visibility into threats and conduct more complete investigations to swiftly eject attackers from their environments. Customers can already leverage telemetry from Microsoft Security Graph API, Office365 Audit and Cloud App Security, Azure Activity and Flow, AWS Security Hub, and Google Cloud Platforms to accelerate threat detection and response, and we have a strong 2023 roadmap to match the integrations offered by the Sophos Managed Detection and Response (MDR) service.
Aggressive classification (security posture adjustment) allows admins to select a more aggressive detection threshold for alerting when they suspect an active adversary is present.
Alert-only mode gives admins a greater choice over whether to automatically stop-and-prevent vs. allow-and-alert, based on the customer’s unique risk tolerance.
On-device behavior analytics for suspicious process activity extends existing heuristic and ML model-based detections to leverage an on-device behavior engine. This level of analytics is run on the endpoint instead of in the cloud to ensure that devices are secure even when offline or unable to send data to the data lake.
Document access activity tracking that can be used for threat hunting and investigations when suspicious files have been in your environment.
