Sophos Intercept X with EDR operates as comprehensive endpoint detection and response software that uses deep learning to prevent known and unknown malware attacks and keep pace with the ever-evolving threat landscape.

This endpoint security software stops breaches before they occur. Its AI-driven threat detection, prioritization, and investigation add expertise, optimize resources and reduce noise and employee workload. The pre-built queries, designed by and for practitioners, replicate the role of expert analysts so that they can answer difficult threat investigation questions.

There are two components to the Sophos ransomware protection: CryptoGuard and WipeGuard. CryptoGuard protects files with just-in-time file caching that identifies malicious encryption behaviors, isolates malicious processes, and automatically rolls back any affected files. WipeGuard stops malicious processes to protect the master boot record and prevent malicious tampering with system areas of the disk.

Sophos Intercept X with EDR has additional, innovative protection mechanisms that cover advanced threats. New fileless attack prevention techniques include AMSI protection to detect and block otherwise obfuscated scripts. The Endpoint IPS network traffic protection uses snort-based rules to detect and block network-based attacks and lateral movements.

Live Discover pulls information gathered from these protection layers and stores it for up to 90 days. The rich endpoint search capabilities drive IT insights and threat hunting to bring analysts a look beyond just malware. Pre-configured and custom SQL queries are available in both the platform and community forum to deliver even more threat details.

Live Response remediates managed devices by acting on the information that Live Discover uncovers. Analysts may choose to isolate or re-boot devices, terminate all active processes, and more. Isolating a device from the network automatically limits its access. However, Sophos Central still maintains management control over it to prevent lateral movement and further system infection.

With well-designed menus and an intuitive layout, it’s an easy-to-navigate interface. The dashboard shows an overview of the enterprisewide security posture as well as valuable, at-a-glance information. Top Threat Indicators notes suspicious activity within the digital estate, while machine learning insights advise analysts where to direct attention. The Threat Analysis Center serves as the go-to view for ongoing, day-to-day activities, and detected threat cases show details about various events. The useful spider graph displays a valuable process tree that highlights useful information such as root cause analyses and threat reputation scores. Sophos Intercept X with EDR caters to all levels of analytical expertise, offering an investigation plane complete with simplified threat hunting and a readily available isolation option.

Overall, security pros will find Sophos Intercept X a worthy, easy-to-install endpoint security solution that adds expertise by offering enriched contextual information without adding to security team headcount. Intercept X becomes part of a broader ecosystem, with its centralized platform that synchronizes security and protects organizations across platforms. Organizations that have worked with other Sophos products in the past may feel particularly comfortable with Intercept X, as it uses the same intuitive dashboard.

The product costs $44.62 per user, per year and includes 24/7 phone, email and website support. Additional support options are available for a fee. Organizations also have access to a knowledgebase and FAQ list. We have enjoyed the thorough and effective support documentation and the easily navigable knowledgebase.   

Written by Katelyn Dunn

Tested by Tom Weil