Content

Sophos Intercept X Advanced with EDR

Sophos Intercept X with EDR operates as comprehensive endpoint detection and response software that uses deep learning to prevent known and unknown malware attacks and keep pace with the ever-evolving threat landscape.

This endpoint security software stops breaches before they occur. Its AI-driven threat detection, prioritization, and investigation add expertise, optimize resources and reduce noise and employee workload. The pre-built queries, designed by and for practitioners, replicate the role of expert analysts so that they can answer difficult threat investigation questions.

There are two components to the Sophos ransomware protection: CryptoGuard and WipeGuard. CryptoGuard protects files with just-in-time file caching that identifies malicious encryption behaviors, isolates malicious processes, and automatically rolls back any affected files. WipeGuard stops malicious processes to protect the master boot record and prevent malicious tampering with system areas of the disk.

Sophos Intercept X with EDR has additional, innovative protection mechanisms that cover advanced threats. New fileless attack prevention techniques include AMSI protection to detect and block otherwise obfuscated scripts. The Endpoint IPS network traffic protection uses snort-based rules to detect and block network-based attacks and lateral movements.

Live Discover pulls information gathered from these protection layers and stores it for up to 90 days. The rich endpoint search capabilities drive IT insights and threat hunting to bring analysts a look beyond just malware. Pre-configured and custom SQL queries are available in both the platform and community forum to deliver even more threat details.

Live Response remediates managed devices by acting on the information that Live Discover uncovers. Analysts may choose to isolate or re-boot devices, terminate all active processes, and more. Isolating a device from the network automatically limits its access. However, Sophos Central still maintains management control over it to prevent lateral movement and further system infection.

With well-designed menus and an intuitive layout, it’s an easy-to-navigate interface. The dashboard shows an overview of the enterprisewide security posture as well as valuable, at-a-glance information. Top Threat Indicators notes suspicious activity within the digital estate, while machine learning insights advise analysts where to direct attention. The Threat Analysis Center serves as the go-to view for ongoing, day-to-day activities, and detected threat cases show details about various events. The useful spider graph displays a valuable process tree that highlights useful information such as root cause analyses and threat reputation scores. Sophos Intercept X with EDR caters to all levels of analytical expertise, offering an investigation plane complete with simplified threat hunting and a readily available isolation option.

Overall, security pros will find Sophos Intercept X a worthy, easy-to-install endpoint security solution that adds expertise by offering enriched contextual information without adding to security team headcount. Intercept X becomes part of a broader ecosystem, with its centralized platform that synchronizes security and protects organizations across platforms. Organizations that have worked with other Sophos products in the past may feel particularly comfortable with Intercept X, as it uses the same intuitive dashboard.

The product costs $44.62 per user, per year and includes 24/7 phone, email and website support. Additional support options are available for a fee. Organizations also have access to a knowledgebase and FAQ list. We have enjoyed the thorough and effective support documentation and the easily navigable knowledgebase.   

Written by Katelyn Dunn

Tested by Tom Weil

Product title
Sophos Intercept X Advanced with EDR
Product info
Vendor: Sophos Contact: www.sophos.com Product: Sophos Intercept X Advanced with EDR Price: $44.62 per user, per year
Strength
The well-designed menus and intuitive interface layout make this platform easy to navigate. This solution effortlessly caters to all levels of analytical expertise, offering an investigation plane complete with simplified threat hunting and a readily-available isolation option.
Weakness
None that we found.
Verdict
Overall, security pros will Sophos Intercept X a worthy, easy-to-install endpoint security solution that adds expertise by delivering enriched contextual information without adding to security team headcount.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds