Sophos Central Intercept X Advanced for Server with XDR - 5000+ Servers - 3 Year - CIXXDS36BZNCAA

Sophos Intercept X employs a comprehensive, defense in depth approach to endpoint protection, rather than relying on one primary security technique. This layered approach combines modern and traditional techniques to stop the widest range of threats.

Stop Unknown Threats

Deep learning AI in Intercept X excels at detecting and blocking malware even when it hasn’t been seen before. It does this by scrutinizing file attributes from hundreds of millions of samples to identify threats without the need for a signature.

Block Ransomware

Intercept X includes advanced anti-ransomware capabilities that detect and block the malicious encryption processes used in ransomware attacks. Files that have been encrypted will be rolled back to a safe state, minimizing any impact to business productivity.

Prevent Exploits

Anti-exploit technology stops the exploit techniques that attackers rely on to compromise devices, steal credentials and distribute malware. By stopping the techniques used throughout the attack chain Intercept X keeps your organization secure against file-less attacks and zero-day exploits.

Layered Defenses

In addition to powerful modern functionality, Intercept X also utilizes proven traditional techniques. Example features include application lockdown, web control, data loss prevention and signature-based malware detection. This combination of modern and traditional techniques reduces the attack surface, and provides the best defense in depth.

Synchronized Security

Sophos solutions work better together. For example, Intercept X and XG Firewall will share data to automatically isolate compromised devices while cleanup is performed, then return network access when the threat is neutralized. All without the need for admin intervention.

Sophos Central Intercept X for servers with XDR

Identify the cause of attacks more precisely!

With Sophos Central Intercept X for servers with XDR, you upgrade your servers with the maximum protection Sophos has to offer for servers. Included are all the features of classic server protection with Intercept X for protection against ransomware and exploits, allowing you to protect your server environment against encryption trojans. As the product's name suggests, you also buy the XDR feature here.

XDR means "Extended Detection and Response" and is interesting for all those who want to get to the bottom of the cause of an attack in more detail or who need to do so in certain companies. XDR is therefore used when, for example, malware has been blocked or an exploit has been prevented. It could be that a prevented attack is only a sign of a much larger attack. In our opinion, XDR can be seen as an extension of the Root Cause Analysis already contained in Intercept X, simply with many more possibilities.

Server Lockdown

The server lockdown will give you the benefit of one-click whitelisting. As soon as you activate the lockdown for your server, the system is first checked to see if it is threat-free. Afterwards, it is necessary to record the current status of your server and create the whitelist. All this happens in the background and does not affect the availability of your server. After one to two hours, indexing is normally completed and the system is in lockdown mode. From this time on, no software, i. e. no malware, can be installed on the system

After the lockdown, you can define so-called update applications. An update of an ERP can be, for example, such an update application. Windows updates are automatically added to the whitelist and can update Windows system components.

CryptoGuard

A classic antivirus has no chance against encrypted trojans like Petya, WannaCry or Locky. With CryptoGuard you get a technology on your server that detects when a Ransomware tries to encrypt files on your server and stops this process immediately. Already encrypted files are then restored automatically, so that no data loss occurs.

CryptoGuard is the ideal complement to traditional virus detection and is included in Sophos Central Server Protection Advanced as an additional layer of protection.

Root Cause Analysis

Find out the cause of the attack.

Imagine, in spite of all protection measures, malware has made it into your network. How did this happen? Thanks to the root cause analysis in Intercept X, this secret can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you down to the last detail how the malware got into the network, which devices were infected and which steps you should take now.

With Root Cause Analysis, you'll never be in the dark again when your network has been infected by unknown malware.

Exploit Protection

Prevent exploiting security vulnerabilities.

Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. Intercept X monitors each application in the background and checks for exploit techniques during each action.

If such a technique is detected, exploit prevention prevents a safety gap from being exploited and restores the system to a safe state.

	Intercept X Advanced	Intercept X Advanced with EDR	Intercept X Advanced with EDR and MTR
Automated malware removal	✔	✔	All the features found in Intercept X Advanced with EDR, plus a 24/7, proactive threat-hunting team that finds, contains, and neutralizes the most sophisticated attacks on your behalf.
Cryptoguard ransomware file protection	✔	✔
Real-time antivirus, anti-malware protection	✔	✔
Cloud-based management console	✔	✔
Sophos Central integration	✔	✔
Synchronized Security Heartbeat	✔	✔
Application control	✔	✔
Web control and URL blocking	✔	✔
Deep-learning malware detection	✔	✔
Root-cause analysis	✔	✔
Exploit prevention	✔	✔
Active adversary detection and prevention	✔	✔
Endpoint detection and response		✔
Guided investigations		✔
Deep-learning malware analysis		✔
Endpoint Isolation		✔
Live Discover SQL queries		✔
Live Response command line interface		✔

Sophos MTR Service Tiers

Sophos MTR features two service tiers (Standard and Advanced) to provide a comprehensive set of capabilities for organizations of all sizes and maturity levels.

Regardless of the service tier selected, organizations can take advantage of any of our three Response Modes (Notify, Collaborate, or Authorize) to fit their unique needs.

Sophos MTR: Standard

24/7 Lead-Driven Threat Hunting

Confirmed malicious artifacts or activity (strong signals) are automatically blocked or terminated, freeing up threat hunters to conduct lead-driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected.

Adversarial Detections

Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTPs) used by attackers.

Security Health Check

Keep your Sophos Central products, beginning with Intercept X Advanced with XDR, operating at peak performance with proactive examinations of your operating conditions and recommended configuration improvements.

Activity Reporting

Summaries of case activities enable prioritization and communication, so your team knows what threats were detected and what response actions were taken within each reporting period.

Sophos MTR: Advanced

Includes all Standard features, plus the following:

24/7 Leadless Threat Hunting

Applying data science, threat intelligence, and the intuition of veteran threat hunters, we combine your company profile, high-value assets, and high-risk users to anticipate attacker behavior and identify new Indicators of Attack (IoA).

Dedicated Threat Response Lead

When an incident is confirmed, a dedicated threat response lead is provided to directly collaborate with your on-premises resources (internal team or external partner) until the active threat is neutralized.

Direct Call-In Support

Your team has direct call-in access to our security operations center (SOC). Our MTR Operations Team is available around-the-clock and backed by support teams spanning 26 locations worldwide.

Enhanced Telemetry

Threat investigations are supplemented with telemetry from other Sophos Central products, extending beyond the endpoint to provide a full picture of adversary activities.

Proactive Posture Improvement

Proactively improve your security posture and harden your defenses with prescriptive guidance for addressing configuration and architecture weaknesses that diminish your overall security capabilities.

Asset Discovery

For both managed and unmanaged assets, we provide valuable insights during impact assessments, threat hunts, and as part of proactive posture improvement recommendations.