Get to the bottom of the cause of attacks!
With Sophos Central Intercept X for servers with XDR, you equip your servers with the maximum protection Sophos has to offer for servers. It includes all the functions of classic "Server Protection" with "Intercept X" for protection against ransomware and exploits, allowing you to protect your server environment against encryption Trojans. As the name of the product suggests, you also buy the "XDR" function.
XDR means "Extended Detection and Response" and is interesting for all those who want to get to the bottom of the cause of an attack in more detail, or in certain companies also have to. XDR is used, for example, when malware has been blocked or an exploit has been prevented. It could be that a thwarted attack is just a harbinger of a much larger attack. In our view, XDR can be seen as an extension of the "root cause analysis" already included in Intercept X, simply with many more options.
Try Sophos Central for free!
Create a free Sophos Central account now and test all products, including Central Intercept X Advanced for Server with XDR, without obligation for 30 days. If you are convinced by the solution after your trial period, you can easily order the licenses from us.
The Server lockdown gives you the benefit of one-click whitelisting. Once you activate the lockdown for your Server, it will first check if the system is threat-free. After that, it is necessary to record the current state of your server and create the whitelisting. All this happens in the background and does not affect the availability of your server. After one or two hours, indexing is usually complete and the system is in lockdown mode. From this point on, no software, including malware, can be installed on the system.
After lockdown, you can define so-called "update applications". For example, an update of an ERP can be such an update application. Windows updates are already whitelisted automatically and are allowed to update system components of Windows.
A classic antivirus doesn't stand a chance against encryption Trojans such as Petya, WannaCry or Locky. With CryptoGuard you get a technology on your Server that detects as soon as a ransomware tries to encrypt files on your Server and stops this process immediately. Already encrypted files are automatically restored afterwards, so that no data loss occurs.
CryptoGuard is the ideal complement to classic virus detection and is included as an additional layer of protection in Sophos intercept X for Server.
Root Cause Analysis
Find out the cause of the attack.
Imagine that, despite all the protective measures, malware has made it into your network. How could this happen? Thanks to the root cause analysis in Intercept X, this mystery can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you in great detail how the malware got into your network, which devices were infected and what steps you should take now.
With root cause analysis, you'll never be in the dark again if your network has been infected by an unknown malware.
Preventing the exploitation of security vulnerabilities.
Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. With Intercept X, every application is monitored in the background and every action is checked to see if an exploit technique is being attempted.
If such a technique is detected, Exploit Prevention prevents a vulnerability from being exploited and restores the system to a secure state.
Compare the range of functions of the different Server from Sophos to protect your infrastructure. Not sure which protection best suits your business? We advise you free of charge and completely without obligation.
Intercept X Essentials for ServerAbout the product
Intercept X Advanced for ServerAbout the product
Intercept X Advanced for Server with XDRAbout the product
Sophos MDR for ServerAbout the product
Sophos MDR Complete for ServerAbout the product
|Web Control/Category-based URL Blocking||-||✔||✔||✔||✔|
|Application Whitelisting (Server Lockdown)||-||✔||✔||✔||✔|
|Deep Learning Malware Detection||✔||✔||✔||✔||✔|
|Anti-malware file scans||✔||✔||✔||✔||✔|
|Behavioral analysis before execution (HIPS)||✔||✔||✔||✔||✔|
|Blocking potent. Unwanted applications (PUAs)||✔||✔||✔||✔||✔|
|Intrusion Prevention System||✔||✔||✔||✔||✔|
|Data Loss Prevention||✔||✔||✔||✔||✔|
|Runtime behavior analysis (HIPS)||✔||✔||✔||✔||✔|
|Antimalware Scan Interface (AMSI)||✔||✔||✔||✔||✔|
|Malicious Traffic Detection (MTD)||✔||✔||✔||✔||✔|
|Active Adversary Mitigations||✔||✔||✔||✔||✔|
|Ransomware File Protection (CryptoGuard)||✔||✔||✔||✔||✔|
|Disk and Boot Record Protection (WipeGuard)||✔||✔||✔||✔||✔|
|Man-in-the-Browser Protection (Safe Browsing)||✔||✔||✔||✔||✔|
|Enhanced Application Lockdown||✔||✔||✔||✔||✔|
|Live Discover (cross-environmental SQL queries for threat hunting and security compliance)||-||-||✔||✔||✔|
|SQL query library (pre-formulated, customizable queries)||-||-||✔||✔||✔|
|Suspicious event detection and prioritization||-||-||✔||✔||✔|
|Data storage on hard disk (up to 90 days) with fast data access||-||-||✔||✔||✔|
|Cross-product data sources (e.g. firewall, e-mail)||-||-||✔||✔||✔|
|Sophos Data Lake (cloud data storage)||-||-||30 days||30 days||30 days|
|Threat cases (root cause analysis)||-||✔||✔||✔||✔|
|Deep Learning Malware Analysis||-||-||✔||✔||✔|
|Advanced threat data from SophosLabs on demand||-||-||✔||✔||✔|
|Export of forensic data||-||-||✔||✔||✔|
|Automated malware removal||✔||✔||✔||✔||✔|
|Synchronized Security Heartbeat||✔||✔||✔||✔||✔|
|Remote terminal access (remote analysis and response)||-||-||✔||✔||✔|
|On-demand server isolation||-||-||✔||✔||✔|
|With one click "Remove and block||-||-||✔||✔||✔|
|Cloud Workload Protection (Amazon Web Services, Microsoft Azure, Google Cloud Platform)||✔||✔||✔||✔||✔|
|Synchronized Application Control (transparency over applications)||✔||✔||✔||✔||✔|
|Management of your security status in the cloud (cloud hosts monitor and protect, serverless functions, S3 buckets, etc.).||-||✔||✔||✔||✔|
|Server-specific policy management||✔||✔||✔||✔||✔|
|Update cache and message relay||✔||✔||✔||✔||✔|
|Automatic scan exceptions||✔||✔||✔||✔||✔|
|File Integrity Monitoring||-||-||✔||✔||✔|
|24/7 evidence-based threat hunting||-||-||-||✔||✔|
|Compatible with third-party security tools||-||-||-||✔||✔|
|Security Health Checks||-||-||-||✔||✔|
|Sophos MDR ThreatCast||-||-||-||✔||✔|
|Stop and contain threats||-||-||-||✔||✔|
|Direct telephone support for incidents||-||-||-||✔||✔|
|24/7 circumstantial threat hunting||-||-||-||-||✔|
|Proactive Security Posture Improvement||-||-||-||-||✔|
|Full incident response: complete neutralization of Threats||-||-||-||-||✔|
|Root cause analysis – and how can renewed attacks be prevented?||-||-||-||-||✔|
|Dedicated contact person at the Incident Response Team||-||-||-||-||✔|
Sophos Managed Detection and Response (MDR) – Datasheet
Sophos Managed Detection and Response (MDR) – Buyer's Guide
Sophos Breach Protection Warranty – Datasheet
Sophos Rapid Response – Datasheet
Extended Detection and Response (XDR) – Beginner’s Guide
Sophos Network Detection and Response (NDR) – Datasheet
Sophos Network Detection and Response (NDR) – Solution Brief
Sophos Server Protection – Buyer's Guide
Cybersecurity System – Buyer's Guide
Sophos Intercept X for Server – Datasheet
Sophos Intercept X – Solution Brief
Sophos Intercept X Deep Learning
FAQs zu Intercept X Essentials und Intercept X Essentials for Server