{"id":3050,"date":"2021-05-05T14:08:17","date_gmt":"2021-05-05T12:08:17","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=3050"},"modified":"2021-09-21T16:30:26","modified_gmt":"2021-09-21T14:30:26","slug":"announcing-sophos-xdr-and-edr-4-0","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2021\/05\/products\/announcing-sophos-xdr-and-edr-4-0\/","title":{"rendered":"Announcing Sophos XDR and EDR 4.0"},"content":{"rendered":"<p>On May 5<span style=\"font-size: 12px;\">,<\/span>\u00a0we are announcing some exciting product updates including the launch of Sophos XDR (Extended Detection and Response) and significant enhancements to Sophos EDR (Endpoint Detection and Response). <strong>General availability is planned for May 19.<\/strong><\/p>\n<h2><strong>What\u2019s new?<\/strong><\/h2>\n<p><strong>Introducing Sophos XDR<br \/>\n<\/strong>Sophos XDR goes beyond endpoints and servers, also pulling in rich Sophos Firewall and Sophos Email data (Sophos Mobile and Cloud Optix XDR-integration is coming soon) with 30 days of storage in the Sophos Data Lake. Which means organizations get even more detailed insight into their environments when performing threat hunting or IT operations tasks.<\/p>\n<p>Users get both the broad, big picture view of their cybersecurity environment with the ability to deep dive into areas of interest for granular detail. It\u2019s the best of both worlds.<\/p>\n<p>Here are just a few Sophos XDR use cases:<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"312\"><strong>IT Operations<\/strong><\/td>\n<td width=\"312\"><strong>Threat Hunting<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"312\">\n<ul>\n<li>Identify unmanaged, guest and IoT devices<\/li>\n<li>Why is the office network connection slow? Which application is causing it?<\/li>\n<li>Look back 30 days for unusual activity on a missing or destroyed device<\/li>\n<\/ul>\n<\/td>\n<td width=\"312\">\n<ul>\n<li>Extend investigations to 30 days without bringing a device back online<\/li>\n<li>Use ATP and IPS detections from the firewall to investigate suspect hosts<\/li>\n<li>Compare email header information, SHAs and other IoCs to identify malicious traffic to a domain<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>You can see more examples in the <a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/pdfs\/factsheets\/sophos-intercept-x-EDR-use-cases.pdf\" target=\"_blank\" rel=\"noopener\"><strong>EDR\/XDR use cases PDF<\/strong><\/a><strong>.<\/strong><\/p>\n<p>Sophos XDR includes a data lake retention period of 30 days (7 days with EDR). Sophos XDR and the Sophos Data Lake will be available for Windows and Linux at launch (May 19). macOS support is planned for H2CY21. MSP Flex availability is scheduled for late June.<\/p>\n<p><strong>How do I sell Sophos XDR?<br \/>\n<\/strong>Sophos XDR (CXDR) is an overlay license that enables 30 days of data collection from any Sophos XDR-ready product.<\/p>\n<p>XDR-ready products feed data to the Sophos Data Lake and require their own separate license, for example Intercept X Advanced with EDR (CIXAEDR), Intercept X Advanced for Server with EDR (SVRCIXAEDR), Sophos Firewall (XG\/XGS) with Xstream Protection or Sophos Email Advanced (CEMA).<\/p>\n<p>For further details on requirements, exclusions, and example licensing scenarios, please read the <a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22XDR%22%20AND%20%22Licensing%22\" target=\"_blank\" rel=\"noopener\"><strong>Sophos XDR Licensing Guide<\/strong><\/a>.<\/p>\n<p>For sales tools and additional resources, visit the <a href=\"https:\/\/partners.sophos.com\/prm\/English\/c\/selling-sophos-xdr\" target=\"_blank\" rel=\"noopener\"><strong>Sophos Partner Portal<\/strong><\/a>.<\/p>\n<p><em>Note that only Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR can use Sophos XDR without having another XDR-ready product. See the license guide for further details.<\/em><\/p>\n<p><strong>Offline Access with the Sophos Data Lake<br \/>\n<\/strong>A key component of both XDR and EDR, the Sophos Data Lake stores critical data from XDR and EDR enabled devices, enabling access to that data even when devices are offline. For example, look back for unusual activity on a device that has been destroyed or taken without authorization. It\u2019s an important part of cybersecurity visibility giving organizations the ability to see their entire environment and quickly drill down to granular areas of interest. Data retention periods are 7 days (EDR) and 30 days (XDR). That\u2019s in addition to the up-to 90 days of on-disk data stored on devices.<\/p>\n<p><strong>EDR gets even better \u2013 again!<br \/>\n<\/strong>This latest version of EDR (4.0) brings some incredible enhancements, which will (at GA) be available to existing EDR users.<\/p>\n<p><strong>Sophos Data Lake<\/strong><br \/>\nEDR customers will have the ability to get data up to 7 days in the past from their endpoints and servers, even if those devices aren\u2019t currently online, in addition to the up-to 90 days of on-disk data they have currently. <em>Note that customers have to enable the Sophos Data Lake.<\/em><\/p>\n<p><strong>Scheduled queries<\/strong><br \/>\nUsers can schedule queries to run overnight so key data is ready and waiting for assessment in the morning and they have the information needed to perform critical threat hunting and IT operations tasks. <em>Initially scheduled queries are available for the Sophos Data Lake with on-device Live Query following.<\/em><\/p>\n<p><strong>Enhanced usability<\/strong><br \/>\nUsers can work even faster with enhancements to workflows and pivoting that help them get to key information faster and enable them to take actions and respond even faster.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Tools to help<\/strong><\/h2>\n<p><strong>Web content<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/products\/endpoint-antivirus\/xdr.aspx\" target=\"_blank\" rel=\"noopener\">XDR web page<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/products\/endpoint-antivirus.aspx\" target=\"_blank\" rel=\"noopener\">Intercept X web page<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/products\/server-security.aspx\" target=\"_blank\" rel=\"noopener\">Intercept X for Server web page<\/a><\/li>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/c\/selling-sophos-xdr\" target=\"_blank\" rel=\"noopener\">Sales resources on the partner portal<\/a><\/li>\n<\/ul>\n<p><strong>Documents<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22XDR%22%20AND%20%22Licensing%22\" target=\"_blank\" rel=\"noopener\">XDR license guide<\/a> &#8211; Detailed licensing guide for Sophos XDR <em>(if you have to pick one asset, choose this one!)<\/em><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/security-news-trends\/whitepapers\/gated-wp\/xdr-beginners-guide.aspx\" target=\"_blank\" rel=\"noopener\">XDR beginners guide<\/a> &#8211; Short overview of the XDR concept (partner portal link)<\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/pdfs\/factsheets\/sophos-intercept-x-EDR-use-cases.pdf\" target=\"_blank\" rel=\"noopener\">XDR\/EDR use cases<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/factsheets\/intercept-x-edr.pdf\" target=\"_blank\" rel=\"noopener\">XDR\/EDR datasheet<\/a><\/li>\n<li><a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22What%E2%80%99s%20New%20in%20EDR%204.0%20%26%20XDR%22\" target=\"_blank\" rel=\"noopener\">What&#8217;s New in XDR\/EDR<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/factsheets\/sophos-intercept-x-dsna.pdf\" target=\"_blank\" rel=\"noopener\">Intercept X datasheet<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/factsheets\/sophos-intercept-x-for-server-ds.pdf\" target=\"_blank\" rel=\"noopener\">Intercept X for Server datasheet<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/factsheets\/sophos-intercept-x-license-guide.pdf\" target=\"_blank\" rel=\"noopener\">Intercept X license guide<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/factsheets\/Server_protection_licensing_guide-na.pdf\" target=\"_blank\" rel=\"noopener\">Intercept X for Server license guide<\/a><\/li>\n<li><a href=\"https:\/\/secure2.sophos.com\/en-us\/security-news-trends\/whitepapers\/gated-wp\/endpoint-buyers-guide.aspx\" target=\"_blank\" rel=\"noopener\">Endpoint buyers guide<\/a> (partner portal <a href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?q=%22Endpoint%20Security%20Buyers%20Guide%22\" target=\"_blank\" rel=\"noopener\">link<\/a>)<\/li>\n<li><a href=\"https:\/\/secure2.sophos.com\/en-us\/security-news-trends\/reports\/gartner\/innovation-insight-for-extended-detection-and-response.aspx\" target=\"_blank\" rel=\"noopener\">Gartner XDR Whitepaper<\/a><\/li>\n<\/ul>\n<p><strong>Videos<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/vimeo.com\/533552108\/c9dc1b698b\" target=\"_blank\" rel=\"noopener\">Sophos XDR overview<\/a><\/li>\n<li><a href=\"https:\/\/vimeo.com\/544731209\/fdaa43daaf\" target=\"_blank\" rel=\"noopener\">Sophos XDR: Driven by data<\/a><\/li>\n<li><a href=\"https:\/\/vimeo.com\/showcase\/8212634\/video\/519661823\" target=\"_blank\" rel=\"noopener\">Technical Demo<\/a><\/li>\n<\/ul>\n<p><strong>Training<\/strong><\/p>\n<ul>\n<li>SophSkills \u2013 May 12: <a href=\"https:\/\/register.gotowebinar.com\/register\/3336226556500445195\">APJ<\/a> | <a href=\"https:\/\/attendee.gotowebinar.com\/register\/760156574528275211\">Americas<\/a> | <a href=\"https:\/\/attendee.gotowebinar.com\/register\/4307117314059233547\">EMEA<\/a><\/li>\n<li>Technical SophSkills \u2013 May 13: <a href=\"https:\/\/register.gotowebinar.com\/register\/5282014691989660171\">\u00a0APJ<\/a> | <a href=\"https:\/\/register.gotowebinar.com\/register\/8765277424388714763\">Americas + EMEA<\/a><\/li>\n<li>Competitive Intel SophSkills \u2013 May 19: <a href=\"https:\/\/register.gotowebinar.com\/register\/7070839846032442123\">\u00a0APJ<\/a> | <a href=\"https:\/\/register.gotowebinar.com\/register\/984229347687770123\">Americas<\/a> | <a href=\"https:\/\/register.gotowebinar.com\/register\/7380557977925807883\">EMEA<\/a><\/li>\n<\/ul>\n<p><em>Email <\/em><em>campaigns will be available at product GA.<\/em><\/p>\n<p><strong>Feedback has been great<br \/>\n<\/strong>These new features have been extensively tested in the early access program and feedback has been fantastic.<\/p>\n<blockquote><p><em>\u201cJust ran a test query and I must say it\u2019s super fast.\u201d <\/em><\/p>\n<p><em>\u201cPivoting is beautiful!\u201d<\/em><\/p>\n<p><em>\u201c<\/em><em>I am absolutely loving the data lake queries.\u201d<\/em><\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>This upcoming release brings both powerful XDR capabilities as well as significant enhancements to EDR functionality<\/p>\n","protected":false},"author":56,"featured_media":3000003412,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[105,147],"coauthors":[61],"class_list":["post-3050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-sophos-edr","tag-sophos-xdr"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2021\/07\/featured-image-sophos-xdr-app-icon-1600x960px.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/3050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/users\/56"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/comments?post=3050"}],"version-history":[{"count":6,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/3050\/revisions"}],"predecessor-version":[{"id":3076,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/3050\/revisions\/3076"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media?parent=3050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/categories?post=3050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/tags?post=3050"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=3050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}