Defenders need all the help they can get. The Sophos XDR team has been focused on delivering features and functionality that will expand and improve analysts’ efficiency and ability to detect and neutralize threats faster.
The latest enhancements expand the power and capabilities of Sophos XDR with generative AI (genAI) and new case investigation functionality. The genAI features are focused on delivering outcomes, such as accelerated investigations, enabling less experienced analysts to do security operations and neutralize adversaries faster.
| genAI capabilities are available as an opt-in for all licensed Sophos XDR customers, ensuring they remain in control. Customers can opt into these features in Sophos Central. |
AI Search
AI Search helps security analysts by allowing them to search large volumes of security data using natural language. This makes it easier to conduct investigations without needing advanced technical knowledge like SQL. Powered by OpenAI’s large language models (LLMs), AI Search translates natural language queries into structured SQL queries that are executed against Sophos’ data lake. Users can ask simple questions (e.g., “Show me all detections from the last week related to Windows Server”) and view results in a user-friendly format.
For more details, please refer to the AI Search article on the Sophos Community.
AI Case Summary
AI Case Summary provides an easy-to-understand overview of detections and recommended next steps, helping analysts make smart decisions fast. This feature uses genAI to analyze detections associated with a case to summarize what has happened, the entities involved, and possible next steps for investigation. AI Case Summary also determines which MITRE ATT&CK tactics, techniques and procedures (TTPs) are observed within the case, if any.
AI Command Analysis
AI Command Analysis provides insights into attacker behavior by examining potentially malicious commands that create detections. This feature uses genAI to analyze the command line executed in the customer’s environment to explain the intent and describe the possible security impact on your environment. AI Command Analysis will de-obfuscate code, minimizing the complexity, time, and skills needed to assess a detection.
Coming Soon: AI Assistant
The Sophos AI Assistant is a collaborative chat interface designed to elevate security operations with a collaborative, conversational interface. Underpinned by the Sophos Data Lake and a set of robust tools—the AI Assistant streamlines complex investigations using genAI to improve threat response, no matter your level of expertise.
Sophos and AI
Sophos combines AI and human expertise to stop the broadest range of threats wherever they occur. Security analysts are empowered to make smart decisions fast, and customers can operate confidently, knowing Sophos’ robust, battle-proven AI solutions are on their side.
Since 2017, Sophos has been elevating cybersecurity with AI. Deep learning and genAI capabilities are embedded at every point and delivered through the industry’s largest, most scalable, open AI platform. Sophos’ AI-powered products and services secure over 600,000 organizations from cyberattacks and breaches.
New case investigation enhancements
When an analyst looks at the specifics of a detection as a part of a case, they now benefit from a refreshed and simplified interface for the pivot menu for new quick actions and updated queries. The pivot menu allows an analyst to select key information from a detection, using it as a starting point for deeper investigation and immediate action. Here’s what’s new:
- Run actions: We have added the ability to isolate and unisolate devices direct from the pivot menu, allowing users to remediate quickly without losing context.
- Run Live Discover and Search Data Lake: The queries list has been updated to feature the most frequently used queries.
- Copy Device Name: Easily copy the device name to your clipboard.
- Detections with device: Go straight to the detections page to see all detections associated with the device. The default time range is the last 24 hours.
- Device Details: Navigate directly to the device details page for more in-depth information.
The Cases public API has been enhanced, allowing customers and partners to create, update, and delete cases using their preferred tools. With this new functionality, customers can easily modify key fields such as case status, severity, and case summary, enabling more effective prioritization and faster triage times. These improvements are designed to give customers more flexibility in their workflows and help address issues more efficiently. Please refer to the Cases API Guide for more details.
Recognized by industry experts and customers
Sophos XDR continues to garner high praise from customers and industry experts for superior detection, investigation, and response capabilities.
Recent proof points include:
- Sophos XDR was named a Leader across five different segments in the Fall 2024 Reports. Read the report here
- A Leader in the 2024 Gartner®️ Magic Quadrant™️ for Endpoint Protection Platforms for the 15th consecutive time. Read the news article here
- Over 43,000 customers using Sophos XDR today
- ‘Why Sophos’ page on sophos.com
