Sophos XDR: Call for Participation in the open Early Access Program (EAP) for the new Sophos XDR Sensor

ProductsEarly Access ProgramSophos XDR

Now you can run Sophos XDR in a detection and response-only mode alongside third-party endpoint protection platforms.

We’re seeking participants for the open Early Access Program (EAP) for the Sophos XDR Sensor, a new deployment option that enables organizations to run Sophos XDR in a detection and response-only mode (no protection actions) alongside third-party (non-Sophos) endpoint protection platforms.

What Prospects or Customers Will Benefit from the Sophos XDR Sensor?

The Sophos XDR Sensor is a new deployment option specifically designed for prospects who are unable to replace their existing, non-Sophos endpoint protection platform with Sophos XDR but are interested in benefiting from our endpoint detection, investigation, and response capabilities. Common examples include:

  • Prospects who are currently using a third-party (non-Sophos) endpoint protection tool but are interested in trialing Sophos as part of a proof-of-concept (POC) without it interfering with their existing endpoint protection platform.
  • Existing customers who are using Sophos endpoint protection (Intercept X Essentials or Intercept X Advanced) in one segment of their environment while using one or more third-party endpoint protection tools in other segments. These customers may be looking to move their entire organization to Sophos over time but need to use the Sophos XDR Sensor to bridge the gap during the consolidation process.
  • Prospects who want to complement a third-party endpoint protection tool with the detection, investigation, and response capabilities enabled through Sophos XDR. In many cases, these will be prospects who only have endpoint protection today but are looking for an immediate path to EDR and XDR capabilities.

What Capabilities Does the Sophos XDR Sensor Enable?

The Sophos XDR Sensor operates in a detection and response-only mode, which means it does not provide automated protection/prevention actions. The customer or prospect will continue relying on their existing third-party endpoint protection tool and will benefit from the following capabilities enabled by the Sophos XDR Sensor.

Threat Detection Capabilities:

  • On-device behavior and cloud-based detections
  • Does not include (HIPS, SFS, Exploits, ML, AMSI, Network)

Threat Investigation Capabilities:

  • Live Discover (manual data lake queries)
  • Scheduled / rule-based data lake queries

Threat Response Capabilities

  • Live Response (manual response)

This EAP will be used to optimize all elements of the Sophos XDR Sensor, ranging from deployment to user experience.

How to Enroll in the Sophos XDR Early Access Program

When logged into Central, click on username at top right of screen → Select ‘Early Access Program’. On the Early Access Program page click to ‘Join’ the ‘New XDR Features’ EAP. On the next screen click continue and then accept the Sophos End User terms of use. You are now successfully enrolled in the EAP.

For sensor deployment instructions, follow the deployment steps here.


For more information, visit the Sophos Community here.