What is in the EAP?
Sophos Data Lake
The Sophos Data Lake is a key component of both EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) functionality. It stores critical information from Intercept X, Intercept X for Server and XG Firewall, enabling access to data even when the corresponding device is offline. For example, look back 30 days for unusual activity on a device that has been destroyed or taken without authorization.
Data retention periods are 7 days (EDR) and 30 days (XDR). In early access 7 days are available.
Sophos XDR – Extended Detection and Response
Go beyond the endpoint and server by integrating important network data to build up an in-depth picture of potential threats across your estate. In the EAP customers that have both Intercept X and XG Firewall will have access to endpoint and firewall data (cloud firewall reporting required). If a customer has Intercept X but not XG Firewall and wants to test adding network data they will need to start a trial of XG Firewall. An XG Firewall customer would need to start a trial of Intercept X.
Note – Sophos XDR will be a paid for upgrade.
Here are just a few Sophos XDR use cases:
- Compare indicators of compromise from multiple data sources to quickly understand a suspected attack
- Use ATP and IPS detections from XG Firewall to investigate suspect hosts
- Identify unmanaged and unprotected devices across an organization’s estate
- Understand why the office network connection is slow and what app is causing the traffic
How can I sign up for the EAP?
See this community post for all the details on joining the EAP.
Who can join the EAP?
Customers, partners and prospects can all take part in the EAP with the exception of MSP Flex. They don’t need to be existing EDR or XG Firewall users (XG Firewall is not required to try the Sophos Data Lake).
Don’t forget that Intercept X customers and prospects who don’t have EDR will also get access to the powerful IT operations and threat hunting capabilities of Live Discover and Live Response by taking part in the EAP, in addition to the Sophos Data Lake and Sophos XDR.
What is coming at product launch?
While we already have some fantastic features available in the EAP there are even more coming with the full product launch. You may see some of these features start to appear throughout the EAP:
- Scheduled queries that enable organizations to set queries to run ahead of time
- Enhanced pivoting options to further improve workflow and save users time
When is General Availability?
General Availability is currently planned for Q2 (calendar year 2021).
How can I learn more about XDR?
Next week we are running two SophSkills sessions open to internal staff and partners, register for them now.
Introducing XDR – Extended Detection and Response
Americas | APJ | EMEA
Technical SophSkills: XDR – A Technical Look at Extended Detection and Response
Americas | APJ | EMEA
Promoting the EAP
To help you get customers excited about these upcoming features you have access to:
EDR vs XDR – what’s included?
Features | Intercept X Advanced with EDR | Intercept X Advanced with XDR |
Cross-product data sources | X | YES |
Cross-product querying | X | YES |
Sophos Data Lake | YES | YES |
Data lake retention period | 7 days | 30 days |
On-disk data retention period | 90 days | 90 days |
Scheduled queries | YES | YES |
Live Discover (SQL querying for threat hunting and IT operations) | YES | YES |
Live Response (remote terminal access) | YES | YES |
Both versions include all Intercept X protection capabilities. Intercept X for Server also has Sophos XDR available.