Identify the cause of attacks more precisely!
With Sophos Central Intercept X for servers with EDR, you upgrade your servers with the maximum protection Sophos has to offer for servers. Included are all the features of classic server protection with Intercept X for protection against ransomware and exploits, allowing you to protect your server environment against encryption trojans. As the product's name suggests, you also buy the EDR feature here.
EDR means "Endpoint Detection and Response" and is interesting for all those who want to get to the bottom of the cause of an attack in more detail or who need to do so in certain companies. EDR is therefore used when, for example, malware has been blocked or an exploit has been prevented. It could be that a prevented attack is only a sign of a much larger attack. In our opinion, EDR can be seen as an extension of the Root Cause Analysis already contained in Intercept X, simply with many more possibilities.Try Sophos Central
username: firstname.lastname@example.org / password: Demo@sophos.com
The server lockdown will give you the benefit of one-click whitelisting. As soon as you activate the lockdown for your server, the system is first checked to see if it is threat-free. Afterwards, it is necessary to record the current status of your server and create the whitelist. All this happens in the background and does not affect the availability of your server. After one to two hours, indexing is normally completed and the system is in lockdown mode. From this time on, no software, i. e. no malware, can be installed on the system
After the lockdown, you can define so-called update applications. An update of an ERP can be, for example, such an update application. Windows updates are automatically added to the whitelist and can update Windows system components.
A classic antivirus has no chance against encrypted trojans like Petya, WannaCry or Locky. With CryptoGuard you get a technology on your server that detects when a Ransomware tries to encrypt files on your server and stops this process immediately. Already encrypted files are then restored automatically, so that no data loss occurs.
CryptoGuard is the ideal complement to traditional virus detection and is included in Sophos Central Server Protection Advanced as an additional layer of protection.
Root Cause Analysis
Find out the cause of the attack.
Imagine, in spite of all protection measures, malware has made it into your network. How did this happen? Thanks to the root cause analysis in Intercept X, this secret can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you down to the last detail how the malware got into the network, which devices were infected and which steps you should take now.
With Root Cause Analysis, you'll never be in the dark again when your network has been infected by unknown malware.
Prevent exploiting security vulnerabilities.
Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. Intercept X monitors each application in the background and checks for exploit techniques during each action.
If such a technique is detected, exploit prevention prevents a safety gap from being exploited and restores the system to a safe state.