{"id":1391,"date":"2020-06-09T13:00:04","date_gmt":"2020-06-09T13:00:04","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=1391"},"modified":"2021-04-13T09:34:20","modified_gmt":"2021-04-13T09:34:20","slug":"intercept-x-with-edr-powerful-new-it-operations-and-threat-hunting","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2020\/06\/products\/intercept-x-with-edr-powerful-new-it-operations-and-threat-hunting\/","title":{"rendered":"Intercept X with EDR: Powerful new IT operations and threat hunting"},"content":{"rendered":"<p><span lang=\"EN-GB\">We are thrilled to announce that the latest version of Sophos EDR (endpoint detection and response) is now available in <a href=\"https:\/\/www.sophos.com\/en-us\/products\/endpoint-antivirus.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">Intercept X Advanced with EDR<\/a> and <a href=\"https:\/\/www.sophos.com\/en-us\/products\/server-security.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">Intercept X Advanced for Server with EDR<\/a>.<\/span><\/p>\n<p><span lang=\"EN-GB\">This release brings powerful new capabilities that enable both IT admins and security analysts to ask detailed IT operations and threat hunting questions across their entire estates. It also provides new functionality to remotely respond with precision.<\/span><\/p>\n<p><span lang=\"EN-GB\">Existing EDR customers will see these new features appear in their Sophos Central consoles throughout June (see below for additional rollout details).<\/span><\/p>\n<h2>Upgrade your IT security operations<\/h2>\n<p>Maintaining proper IT hygiene can be a significant time investment for IT admins. Being able to identify which devices need attention and what action needs to be taken can add another layer of complexity.<\/p>\n<p>With Sophos EDR you can now do just that, quickly and easily. For example:<\/p>\n<ul>\n<li>Find devices with software vulnerabilities, unknown services running, or unauthorized browser extensions<\/li>\n<li>Identify endpoints and servers that still have RDP and guest accounts enabled<\/li>\n<li>See if software has been deployed on devices, e.g. to make sure a rollout is complete<\/li>\n<li>Remotely access devices to dig deeper and take action such as installing software, editing configuration files and rebooting a device<\/li>\n<\/ul>\n<h2>Hunt and neutralize threats<\/h2>\n<p>Tracking down subtle, evasive threats requires a tool capable of detecting even the smallest indicator of compromise.<\/p>\n<p>With this release, Sophos EDR is significantly enhancing its threat hunting capabilities. For example:<\/p>\n<ul>\n<li>Detect processes attempting to make a connection on non-standard ports<\/li>\n<li>Get granular detail on unexpected PowerShell executions<\/li>\n<li>Identify processes that have recently modified files or registry keys<\/li>\n<li>Remotely access a device to deploy additional forensic tools, terminate suspect processes, and run scripts or programs<\/li>\n<\/ul>\n<h2>Introducing Live Discover and Live Response<\/h2>\n<p>The features that make solving all the important examples above possible are Live Discover and Live Response.<\/p>\n<p><strong>Live Discover<\/strong> allows users to examine their data for almost any question they can think of by searching across endpoints and servers with SQL queries. They can choose from a selection of out-of-the-box queries, which can be fully customized to pull the exact information that they need when performing both IT security operations hygiene and threat hunting tasks. Data is stored on-disk for up to 90 days, meaning query response times are fast and efficient.<\/p>\n<p><strong>Live Response<\/strong> is a command line interface that can remotely access devices in order to perform further investigation or take appropriate action. For example:<\/p>\n<ul>\n<li>Rebooting a device pending updates<\/li>\n<li>Terminating suspicious processes<\/li>\n<li>Browsing the file system<\/li>\n<li>Editing configuration files<\/li>\n<li>Running scripts and programs<\/li>\n<\/ul>\n<p>And it\u2019s all done remotely, so it\u2019s ideal in working situations where admins may not have physical access to a device that needs attention.<\/p>\n<h2>Try out these powerful new features<\/h2>\n<p>Check out this video to see the new features in action and how they can help your customers save time and get the answers they need.<\/p>\n<p>Intercept X and Intercept X for Server customers, as well as customers with other products managed via Sophos Central that want to try out the new EDR functionality, can do so from June 23, 2020. Head to the Sophos Central console, select \u2018Free Trials\u2019 in the left-hand menu, and choose the \u2018Intercept X Advanced with EDR\u2019 or \u2018Intercept X Advanced for Server with EDR\u2019 trials.<\/p>\n<p>Customers and prospects new to Sophos Central can start a <a href=\"https:\/\/secure2.sophos.com\/en-us\/products\/endpoint-antivirus\/free-trial.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">no-obligation free trial of Intercept X Advanced with EDR<\/a> today. They\u2019ll get world-class protection against the latest cybersecurity threats in addition to powerful EDR capabilities. <a href=\"https:\/\/secure2.sophos.com\/en-us\/products\/endpoint-antivirus\/free-trial.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">Get started<\/a> today.<\/p>\n<h2>Product rollout timing<\/h2>\n<p>All Sophos EDR customers will automatically see these new features added throughout June to their Sophos Central consoles. Customers who have participated in the Early Access Program should receive the new version today. All other customers should receive the new version by June 23.<\/p>\n<p><em>Live Discover is available on Windows and Linux now, with Mac support coming soon. Live Response is available on Windows now, with Linux and Mac support coming soon.<\/em><\/p>\n<p><strong>Tools to spread the word<\/strong><\/p>\n<p>To help you get your customers and prospects excited about these fantastic new features, we have put together a package of tools:<\/p>\n<p><strong>Web pages<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/products\/endpoint-antivirus\/edr.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">EDR<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/content\/threat-hunting.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">Threat hunting<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/products\/endpoint-antivirus\/it-security-operations.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">IT security operations<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/products\/endpoint-antivirus.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">Intercept X<\/a><\/li>\n<\/ul>\n<p><strong>PDF assets<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22Sophos%20EDR%203.0%22\" target=\"_blank\" rel=\"noopener noreferrer\">What\u2019s New guide<\/a><\/li>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22Use%20Cases%22\" target=\"_blank\" rel=\"noopener noreferrer\">EDR use cases<\/a><\/li>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22Top%205%20Reasons%22\" target=\"_blank\" rel=\"noopener noreferrer\">Five Reasons You Need EDR whitepaper<\/a><\/li>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22EDR%20Datasheet%22\" target=\"_blank\" rel=\"noopener noreferrer\">EDR datasheet<\/a><\/li>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22Intercept%20X%20Datasheet%22\" target=\"_blank\" rel=\"noopener noreferrer\">Intercept X datasheet<\/a><\/li>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22Intercept%20X%20Licensing%22\" target=\"_blank\" rel=\"noopener noreferrer\">Intercept X license guide<\/a><\/li>\n<\/ul>\n<p><strong>Videos<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/vimeo.com\/420738830\/47b6aab2a0\" target=\"_blank\" rel=\"noopener noreferrer\">EDR overview<\/a><\/li>\n<li><a href=\"https:\/\/vimeo.com\/423311844\/2b14f7c4ff\" target=\"_blank\" rel=\"noopener noreferrer\">Threat hunting<\/a><\/li>\n<li><a href=\"https:\/\/vimeo.com\/421130361\/428600ccaa\" target=\"_blank\" rel=\"noopener noreferrer\">IT security operations<\/a><\/li>\n<li><a href=\"https:\/\/vimeo.com\/420776201\/54fd909137\" target=\"_blank\" rel=\"noopener noreferrer\">EDR technical demo<\/a><\/li>\n<li><a href=\"https:\/\/vimeo.com\/showcase\/6972121\" target=\"_blank\" rel=\"noopener noreferrer\">Series of demos<\/a><\/li>\n<\/ul>\n<p><strong>Sharing content<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/intercept-x-with-edr-powerful-new-it-operations-and-threat-hunting\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos News article<\/a><\/li>\n<li><a href=\"https:\/\/community.sophos.com\/products\/intercept\/early-access-program\/f\/live-discover-queries\" target=\"_blank\" rel=\"noopener noreferrer\">Query sharing community<\/a><\/li>\n<\/ul>\n<p>If you have any questions, please reach out to your Sophos representative.<\/p>\n<hr \/>\n<p><strong><em>Please note: <\/em><\/strong><em>Some of the links above require access to the Sophos Partner Portal. If you are a registered partner and have trouble logging in, please contact<\/em> <a href=\"mailto:customercare@sophos.com\"><em>customercare@sophos.com<\/em><\/a><em>.<\/em><\/p>\n<p><em>In some cases, if you are not logged in, the direct link given may not work. If so, verify you are logged in to the Partner Portal and then click the link again to view the desired page.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The latest version of Sophos EDR is now available in Intercept X Advanced.<\/p>\n","protected":false},"author":11,"featured_media":1392,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[30,35,105],"coauthors":[64],"class_list":["post-1391","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-intercept-x","tag-intercept-x-for-server","tag-sophos-edr"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2020\/06\/featured-image-intercept-x-with-edr.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/1391","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/comments?post=1391"}],"version-history":[{"count":3,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/1391\/revisions"}],"predecessor-version":[{"id":1400,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/1391\/revisions\/1400"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media\/1392"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media?parent=1391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/categories?post=1391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/tags?post=1391"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=1391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}