Get to the bottom of the cause of attacks!
With Sophos Central Intercept X for servers with XDR, you equip your servers with the maximum protection Sophos has to offer for servers. Includes all the features of classic “Server Protection” with “Intercept X” for protection against ransomware and exploits, allowing you to protect your server environment from encryption Trojans. However, as the name of the product suggests, you also buy the “XDR” function here.
XDR means “Extended Detection and Response” and is interesting for all those who want to get to the bottom of the cause of an attack in more detail or, in certain companies, have to. XDR is therefore used when, for example, a malware has been blocked or an exploit has been prevented. It could be that a thwarted attack is just a harbinger of a much larger attack. In our eyes, XDR can definitely be considered an extension of the “root cause analysis” already included in Intercept X, simply with many more possibilities.
Try Sophos Central for free!
Create a free Sophos Central account now and try all products, including Central Intercept X Advanced for servers with XDR without obligation for 30 days. If you are convinced of the solution after your test period, you can easily order the licenses from us.
Server Lockdown brings you the benefit of one-click whitelisting. Once you enable lockdown for your server, it will first check if the system is threat-free. After that, it is necessary to record the current state of your server and create the whitelisting. All this happens in the background and does not affect the availability of your server. After one to two hours, indexing is usually complete and the system is in lockdown mode. From this point on, no software, including malware, can be installed on the system.
After lockdown, you can define so-called “update applications”. For example, an update of an ERP can be such an update application. Windows updates are already automatically whitelisted and allowed to update system components of Windows.
A classic antivirus doesn’t stand a chance against encryption Trojans such as Petya, WannaCry or Locky. With CryptoGuard you get a technology on your server that detects when a ransomware tries to encrypt files on your server and stops this process immediately. Files that have already been encrypted are automatically restored afterwards, so there is no loss of data.
CryptoGuard is the ideal complement to classic virus detection and is included as an additional layer of protection in Sophos intercept X for Server.
Root Cause Analysis
Find out the cause of the attack.
Imagine that, despite all the protective measures, malware has made it into your network. How could this happen? Thanks to the root cause analysis in Intercept X, this secret can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you in great detail how the malware got into the network, which devices were infected and what steps you should take now.
With root cause analysis, you’ll never be in the dark again if your network has been infected by an unknown malware.
Preventing the exploitation of security vulnerabilities.
Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. With Intercept X, every application is monitored in the background and every action is checked to see if an exploit technique is being attempted.
If such a technique is detected, Exploit Prevention prevents a vulnerability from being exploited and restores the system to a secure state.
|Intercept X Advanced for Server||Intercept X Advanced for Server with EDR||Intercept X Advanced for servers with XDR¹||Intercept X Advanced for servers with MTR Standard||Intercept X Advanced for servers with MTR Advanced|
|Web Control/Category-based URL Blocking||✔||✔||✔||✔||✔|
|Application Whitelisting (Server Lockdown)||✔||✔||✔||✔||✔|
|"Deep Learning" malware detection||✔||✔||✔||✔||✔|
|Anti-malware file scans||✔||✔||✔||✔||✔|
|Behavioral analysis before execution (HIPS)||✔||✔||✔||✔||✔|
|Blocking pot. unwanted applications (PUAs)||✔||✔||✔||✔||✔|
|Intrusion Prevention System||✔||✔||✔||✔||✔|
|Data Loss Prevention||✔||✔||✔||✔||✔|
|Runtime behavior analysis (HIPS)||✔||✔||✔||✔||✔|
|Antimalware Scan Interface (AMSI)||✔||✔||✔||✔||✔|
|Malicious Traffic Detection (MTD)||✔||✔||✔||✔||✔|
|Exploit Prevention (details on page 5)||✔||✔||✔||✔||✔|
|Active Adversary Mitigations (details on page 5)||✔||✔||✔||✔||✔|
|Ransomware File Protection (CryptoGuard)||✔||✔||✔||✔||✔|
|Disk and Boot Record Protection (WipeGuard)||✔||✔||✔||✔||✔|
|Man-in-the-Browser Protection (Safe Browsing)||✔||✔||✔||✔||✔|
|Enhanced Application Lockdown||✔||✔||✔||✔||✔|
|Live Discover (cross-environment SQL queries to the Threat Hunting and for security compliance).||-||✔||✔||✔||✔|
|SQL query library (pre-formulated, customizable queries)||-||✔||✔||✔||✔|
|Suspicious event detection and prioritization||-||✔||✔||✔||✔|
|Data storage on hard disk (up to 90 days) with fast data access||-||✔||✔||✔||✔|
|Cross-product data sources (e.g. firewall, e-mail)||-||-||✔||-||see PDF|
|Cross-product queries||-||-||✔||-||see PDF|
|Sophos Data Lake (cloud data storage)||-||7 days||30 days||see PDF||see PDF|
|Threat cases (root cause analysis)||✔||✔||✔||✔||✔|
|Deep Learning Malware Analysis||-||✔||✔||✔||✔|
|Advanced threat data from SophosLabs on demand||-||✔||✔||✔||✔|
|Export of forensic data||-||✔||✔||✔||✔|
|Automated malware removal||✔||✔||✔||✔||✔|
|Synchronized Security Heartbeat||✔||✔||✔||✔||✔|
|Remote terminal access (remote analysis and response)||-||✔||✔||✔||✔|
|On-demand server isolation||-||✔||✔||✔||✔|
|With one click "Remove and block||-||✔||✔||✔||✔|
|Cloud Workload Protection (Amazon Web Services, Microsoft Azure, Google Cloud Platform)||✔||✔||✔||✔||✔|
|Synchronized Application Control (Transparency via applications)||✔||✔||✔||✔||✔|
|Managing your security status in the Cloud (Monitor and protect cloud hosts, serverless functions, S3 buckets etc.)||✔||✔||✔||✔||✔|
|Server-specific policy management||✔||✔||✔||✔||✔|
|Update cache and message relay||✔||✔||✔||✔||✔|
|Automatic scan exceptions||✔||✔||✔||✔||✔|
|File Integrity Monitoring||✔||✔||✔||✔||✔|
|24/7 evidence-based threat hunting||-||-||-||✔||✔|
|Security Health Checks||-||-||-||✔||✔|
|Threat elimination and cleanup||-||-||-||✔||✔|
|24/7 circumstantial threat hunting||-||-||-||-||✔|
|Proactive Security Posture Improvement||-||-||-||-||✔|
|Direct telephone support||-||-||-||-||✔|
|Threat Response Team Lead||-||-||-||-||✔|