{"id":7931,"date":"2024-06-26T11:37:05","date_gmt":"2024-06-26T09:37:05","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=7931"},"modified":"2024-07-22T10:57:58","modified_gmt":"2024-07-22T10:57:58","slug":"sophos-xdr-expanding-our-defense-against-active-adversaries","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/es-es\/2024\/06\/products\/sophos-xdr-expanding-our-defense-against-active-adversaries\/","title":{"rendered":"Sophos XDR: Expanding our defense against active adversaries"},"content":{"rendered":"<p><a href=\"https:\/\/partnernews.sophos.com\/en-us\/2023\/11\/products\/new-active-adversary-defense-capabilities-with-sophos-firewall-sophos-xdr-and-sophos-ndr\/\" target=\"_blank\" rel=\"noopener\">Active adversaries<\/a>\u00a0are highly skilled cybercriminals. They use hands-on-keyboard and AI-assisted methods to circumvent preventative security controls and execute advanced multi-stage attacks.<\/p>\n<p>Organizations need adaptive security controls designed to detect, investigate, and respond to the approaches commonly used by these sophisticated threat actors. Effective response to advanced threats requires a toolset that enables security operators to make data-driven decisions faster and execute tasks with speed and efficiency.<\/p>\n<p>Sophos continuously leverages the threat intelligence and cybersecurity expertise from our Sophos X-Ops unit, as well as telemetry from Sophos\u2019 and third-party security solutions, to provide the strongest protection, detection, and response to the most advanced attacks. We are always innovating, and the latest enhancements to the\u00a0<a href=\"https:\/\/www.sophos.com\/en-us\/products\/extended-detection-and-response\">Sophos Extended Detection and Response (XDR)<\/a>\u00a0platform provide even greater power to defend against active adversaries.<\/p>\n<h2>Enhanced Sophos XDR detections<\/h2>\n<p>Check out some of our latest enhancements in this quick demo video:<\/p>\n<div class=\"embed-vimeo\"><iframe loading=\"lazy\" src=\"https:\/\/player.vimeo.com\/video\/964716743\" width=\"640\" height=\"360\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<p><strong>Configurable suppression rules<\/strong><\/p>\n<p>Security operators have greater control over the detections generated by the Sophos XDR platform using an intuitive suppression wizard, enabling analysts to focus on the most important detections and cases by suppressing confirmed-benign events. Granular rules can be created based on specific attributes including severity, detection type, MITRE ATT&amp;CK details, and more.<\/p>\n<p><strong>Comprehensive detection summaries<\/strong><\/p>\n<p>Security operators need to make decisions and execute tasks at speed, so it\u2019s crucial that threat alerts are immediately comprehensible to analysts of all skill levels. Sophos XDR detections now include \u201cnatural language\u201d descriptions to help accelerate investigation and response.<\/p>\n<p><strong>Streamlined SophosLabs Intelix integration<\/strong><\/p>\n<p>Detections generated by Sophos Endpoint are now automatically sent to\u00a0<a href=\"https:\/\/www.sophos.com\/en-us\/intelix\" target=\"_blank\" rel=\"noopener\">SophosLabs Intelix<\/a>\u00a0for threat classification and analysis. Detection details are now enriched with high-fidelity threat intelligence with no need to manually submit to SophosLabs.<\/p>\n<p><strong>Enhanced Microsoft 365 detections<\/strong><\/p>\n<p>Sophos XDR collects and analyzes comprehensive audit log data from Microsoft 365 and uses proprietary rules to identify more threats than Microsoft security tools can on their own. The latest Microsoft \u201cplatform detections\u201d in Sophos XDR focus on identifying compromised accounts and Business Email Compromise.<\/p>\n<p><em>The \u201cMicrosoft Office 365 Management Activity API\u201d integration is included with Sophos XDR at no additional cost.<\/em><\/p>\n<h2>Sophos XDR Public APIs<strong><br \/>\n<\/strong><\/h2>\n<p>Extending our open ecosystem approach, we\u2019ve introduced two new APIs to enable organizations to integrate Sophos XDR data seamlessly into existing security operations tools and workflows.<\/p>\n<p>Organizations with established security operations programs can use these new APIs to surface threat detections and case investigation details from the Sophos XDR platform in their security information and event management (SIEM), professional services automation (PSA), and IT service management (ITSM) tools, providing the flexibility to leverage these existing investments.<\/p>\n<ul>\n<li><strong>Accelerate investigation and response<\/strong>\u00a0\u2013 enable automated workflows that leverage Sophos XDR detections and case details<\/li>\n<li><strong>Centralize analysis of security telemetry<\/strong>\u00a0\u2013 correlate Sophos XDR detections with alerts and telemetry from other data sources<\/li>\n<li><strong>Enrich with third-party threat intelligence\u00a0<\/strong>\u2013 augment Sophos XDR detections with additional threat intelligence for added context<\/li>\n<\/ul>\n<p>Learn more in our documentation:\u00a0<a href=\"https:\/\/developer.sophos.com\/detections\" target=\"_blank\" rel=\"noopener\">Detections API<\/a>\u00a0|\u00a0<a href=\"https:\/\/developer.sophos.com\/docs\/cases-v1\/1\/overview\" target=\"_blank\" rel=\"noopener\">Cases API<\/a><\/p>\n<h2>Increase multi-dimensional visibility with technology integrations<\/h2>\n<p>Active adversaries execute attacks that cross multiple domains across the victim\u2019s environment \u2013 the full scope of which cannot be detected by a single point product. Telemetry from multiple sources is needed to provide a more complete view of an active adversary\u2019s activity at each stage of an attack.<\/p>\n<p>The Sophos XDR platform collects, correlates, and analyzes data from a wide range of event sources, while automated actions and optimized workflows allow analysts to detect, investigate, and respond to active adversaries at speed across all key attack surfaces.<\/p>\n<p>We are constantly expanding our\u00a0<a href=\"https:\/\/www.sophos.com\/en-us\/marketplace?field_marketplace_solution_categ_target_id%5B7266%5D=7266\">expansive partner ecosystem<\/a>\u00a0with additional turnkey integrations with endpoint, firewall, network, email, cloud, identity, productivity, and backup solutions.<\/p>\n<p>New integrations available for Sophos XDR and Sophos MDR customers include the following:<\/p>\n<table>\n<tbody>\n<tr>\n<td><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-955920\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Forcepoint-Logo.png\" alt=\"Forcepoint Logo\" width=\"178\" height=\"100\" \/><\/td>\n<td><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-955921\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/F5-Logo.png\" alt=\"F5 Logo\" width=\"108\" height=\"100\" \/><\/td>\n<td><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-955922\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Umbrella-Logo.png?w=150&amp;h=150&amp;crop=1\" sizes=\"auto, (max-width: 100px) 100vw, 100px\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Umbrella-Logo.png 172w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Umbrella-Logo.png?resize=150,150 150w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Umbrella-Logo.png?resize=32,32 32w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Umbrella-Logo.png?resize=50,50 50w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Umbrella-Logo.png?resize=64,64 64w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Umbrella-Logo.png?resize=96,96 96w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Umbrella-Logo.png?resize=128,128 128w\" alt=\"Cisco Umbrella Logo\" width=\"100\" height=\"100\" \/><\/td>\n<td><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-955923\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Cisco-Logo.png?w=97&amp;h=58&amp;crop=1\" alt=\"Cisco Logo\" width=\"167\" height=\"100\" \/><\/td>\n<\/tr>\n<tr>\n<td><strong>Forcepoint<br \/>\nNext-Gen Firewall<\/strong><\/td>\n<td><strong>F5 BIG IP Application<br \/>\nSecurity Manager (ASM)<\/strong><\/td>\n<td><strong>Cisco Umbrella<\/strong><\/td>\n<td><strong>Cisco Identity<br \/>\nServices Engine (ISE)<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Integration Pack:<br \/>\nFirewall<\/td>\n<td>Integration Pack:<br \/>\nFirewall<\/td>\n<td>Integration Pack:<br \/>\nNetwork<\/td>\n<td>Integration Pack:<br \/>\nIdentity<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/docs.sophos.com\/central\/customer\/help\/en-us\/ManageYourProducts\/ThreatAnalysisCenter\/Integrations\/Forcepoint\/index.html\">Learn more<\/a><\/td>\n<td><a href=\"https:\/\/docs.sophos.com\/central\/customer\/help\/en-us\/ManageYourProducts\/ThreatAnalysisCenter\/Integrations\/F5\/index.html\">Learn more<\/a><\/td>\n<td><a href=\"https:\/\/docs.sophos.com\/central\/customer\/help\/en-us\/ManageYourProducts\/ThreatAnalysisCenter\/Integrations\/Cisco\/Umbrella\/index.html\">Learn more<\/a><\/td>\n<td>Coming soon<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Explore our current range of third-party integrations on the\u00a0<a href=\"https:\/\/www.sophos.com\/en-us\/marketplace?field_marketplace_solution_categ_target_id%5B7266%5D=7266\" target=\"_blank\" rel=\"noopener\">Sophos Marketplace<\/a>.<\/p>\n<h2>Microsoft Graph security integration (Version 2)<\/h2>\n<p>By ingesting, correlating, and analyzing telemetry via the Microsoft Graph security and Microsoft Office 365 Management Activity APIs, the Sophos platform uses advanced proprietary threat detection rules to identify threats that could otherwise be missed. These turnkey Microsoft integrations are included with Sophos XDR and Sophos MDR subscriptions at no additional cost, and over 20,000 customers are already using them to extend visibility and protection across their IT environments.<\/p>\n<p>In July, we are releasing a new version of our Microsoft Graph security integration. The new version, called \u201cMicrosoft Graph security API (Alerts v2)\u201d, provides additional information from a broad range of Microsoft security solutions that analysts can use to accelerate detection, investigation, and response. And yes, the new version will still be included in the standard price of Sophos XDR and Sophos MDR!<\/p>\n<h2>Quickly identify vulnerable endpoints and servers<\/h2>\n<p>Identifying devices that are potentially exposed to threats is critical for managing cybersecurity risk. We\u2019ve recently introduced a new Device Exposure dashboard in the Sophos Central console that provides Sophos XDR and Sophos MDR with a clear overview of endpoint and server devices missing critical operating system updates. The visualization highlights the time elapsed since the last OS updates were applied, with one-click access to customizable queries for further details.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-955919 size-full\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png\" sizes=\"auto, (max-width: 1100px) 100vw, 1100px\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png 1100w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png?resize=300,153 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png?resize=768,392 768w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png?resize=1024,523 1024w\" alt=\"Device Exposure\" width=\"1100\" height=\"562\" \/><\/p>\n<p><a href=\"https:\/\/docs.sophos.com\/central\/customer\/help\/en-us\/ManageYourProducts\/ThreatAnalysisCenter\/DeviceExposure\/index.html\" target=\"_blank\" rel=\"noopener\">Learn more about the new Device Exposure dashboard<\/a><\/p>\n<p><strong>Vulnerability management delivered as a managed service<\/strong><\/p>\n<p>The modern attack surface continues to grow beyond the borders of traditional on-premises IT, and most organizations now have a significant number of internet-facing assets they don\u2019t even realize they own, let alone understand whether they are vulnerable to attack. With our latest service offering \u2013\u00a0<a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-risk\" target=\"_blank\" rel=\"noopener\">Sophos Managed Risk, powered by Tenable<\/a>\u00a0\u2013 our dedicated team of experts helps eliminate blind spots in your external attack surface and prioritizes remediation efforts based on the exposures that pose the highest risk to your organization.<\/p>\n<h2>Recognized by industry experts and customers<\/h2>\n<p><a href=\"https:\/\/www.sophos.com\/en-us\/products\/extended-detection-and-response\" target=\"_blank\" rel=\"noopener\">Sophos XDR<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-detection-and-response\" target=\"_blank\" rel=\"noopener\">Sophos MDR<\/a>\u00a0continue to garner high praise from customers and industry experts for superior detection, investigation, and response capabilities.<\/p>\n<p>Recent proof points include:<\/p>\n<ul>\n<li><a href=\"https:\/\/partnernews.sophos.com\/en-us\/2024\/04\/products\/sophos-named-a-leader-in-the-2024-idc-marketscape-for-worldwide-managed-detection-and-response-mdr\/\" target=\"_blank\" rel=\"noopener\">A Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response (MDR)<\/a><\/li>\n<li><a href=\"https:\/\/partnernews.sophos.com\/en-us\/2024\/03\/products\/sophos-named-a-leader-in-frost-sullivans-2024-frost-radar-for-global-managed-detection-and-response\/\" target=\"_blank\" rel=\"noopener\">A Leader in Frost &amp; Sullivan\u2019s 2024 Frost Radar\u2122 for Global Managed Detection and Response<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/content\/why-sophos\" target=\"_blank\" rel=\"noopener\">The only vendor named a Gartner Customers\u2019 Choice in Endpoint Protection Platforms, Managed Detection &amp; Response Services, Network Firewalls, and Mobile Threat Defense<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/content\/why-sophos\" target=\"_blank\" rel=\"noopener\">The only vendor named a Leader in EPP, EDR, MDR, XDR, and Firewall in the G2 Winter 2024 Reports<\/a><\/li>\n<li><a href=\"https:\/\/partnernews.sophos.com\/en-us\/2024\/01\/resources\/sophos-named-a-leader-in-2023-gartner-magic-quadrant-for-endpoint-protection-platforms\/\" target=\"_blank\" rel=\"noopener\">A Leader for the 14th consecutive time in the Gartner\u00ae Magic Quadrant\u2122 for Endpoint Protection Platforms<\/a><\/li>\n<\/ul>\n<h2>Elevate your customers&#8217; defenses against active adversaries<\/h2>\n<p>To learn more and explore how\u00a0<a href=\"https:\/\/www.sophos.com\/xdr\" target=\"_blank\" rel=\"noopener\">Sophos XDR<\/a> can help better defend against active adversaries, visit the\u202f<a href=\"https:\/\/partners.sophos.com\/prm\/English\/c\/selling-sophos-xdr\" target=\"_blank\" rel=\"noopener\">Selling Sophos XDR<\/a> page\u202fon the Sophos Partner Portal. This is where you can also find a wealth of product and marketing resources to support your sales conversations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our latest capabilities to help defend against sophisticated multi-stage attacks.<\/p>\n","protected":false},"author":11,"featured_media":3000007932,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[72],"tags":[33,8,112,115],"coauthors":[204],"class_list":["post-7931","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-intercept-x","tag-sidebar","tag-sophos-endpoint","tag-sophos-xdr"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2024\/06\/featured-image-sophos-xdr-enhancements.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/posts\/7931","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/comments?post=7931"}],"version-history":[{"count":1,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/posts\/7931\/revisions"}],"predecessor-version":[{"id":7967,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/posts\/7931\/revisions\/7967"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/media?parent=7931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/categories?post=7931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/tags?post=7931"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/es-es\/wp-json\/wp\/v2\/coauthors?post=7931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}