Protect your servers from malware and ransomware
With Sophos Central Intercept X for Server, you benefit from all the features of Central Server Protection, plus all the new features of Intercept X. With it, you equip your servers with the maximum protection Sophos has to offer for servers. Included in Intercept X is “CryptoGuard”, the breakthrough protection against ransomware, which allows you to protect your server environment from encryption Trojans.
Try Sophos Central for free!
Create a free Sophos Central account now and try all products, including Central Intercept X Advanced for servers for 30 days without obligation. If you are convinced of the solution after your test period, you can easily order the licenses from us.
Server Lockdown brings you the benefit of one-click whitelisting. Once you enable lockdown for your server, it will first check if the system is threat-free. After that, it is necessary to record the current state of your server and create the whitelisting. All this happens in the background and does not affect the availability of your server. After one to two hours, indexing is usually complete and the system is in lockdown mode. From this point on, no software, including malware, can be installed on the system.
After lockdown, you can define so-called “update applications”. For example, an update of an ERP can be such an update application. Windows updates are already automatically whitelisted and allowed to update system components of Windows.
A classic antivirus doesn’t stand a chance against encryption Trojans such as Petya, WannaCry or Locky. With CryptoGuard you get a technology on your server that detects when a ransomware tries to encrypt files on your server and stops this process immediately. Already encrypted files are automatically restored afterwards, so that no data loss occurs.
CryptoGuard is the ideal complement to classic virus detection and is included as an additional layer of protection in Sophos intercept X for Server.
Root Cause Analysis
Find out the cause of the attack.
Imagine that, despite all the protective measures, malware has made it into your network. How could this happen? Thanks to the root cause analysis in Intercept X, this secret can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you in great detail how the malware got into the network, which devices were infected and what steps you should take now.
With root cause analysis, you’ll never be in the dark again if your network has been infected by an unknown malware.
Preventing the exploitation of security vulnerabilities.
Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. With Intercept X, every application is monitored in the background and every action is checked to see if an exploit technique is being attempted.
If such a technique is detected, Exploit Prevention prevents a vulnerability from being exploited and restores the system to a secure state.
|Intercept X Advanced for Server||Intercept X Advanced for Server with EDR||Intercept X Advanced for servers with XDR¹||Intercept X Advanced for servers with MTR Standard||Intercept X Advanced for servers with MTR Advanced|
|Web Control/Category-based URL Blocking||✔||✔||✔||✔||✔|
|Application Whitelisting (Server Lockdown)||✔||✔||✔||✔||✔|
|"Deep Learning" malware detection||✔||✔||✔||✔||✔|
|Anti-malware file scans||✔||✔||✔||✔||✔|
|Behavioral analysis before execution (HIPS)||✔||✔||✔||✔||✔|
|Blocking pot. unwanted applications (PUAs)||✔||✔||✔||✔||✔|
|Intrusion Prevention System||✔||✔||✔||✔||✔|
|Data Loss Prevention||✔||✔||✔||✔||✔|
|Runtime behavior analysis (HIPS)||✔||✔||✔||✔||✔|
|Antimalware Scan Interface (AMSI)||✔||✔||✔||✔||✔|
|Malicious Traffic Detection (MTD)||✔||✔||✔||✔||✔|
|Exploit Prevention (details on page 5)||✔||✔||✔||✔||✔|
|Active Adversary Mitigations (details on page 5)||✔||✔||✔||✔||✔|
|Ransomware File Protection (CryptoGuard)||✔||✔||✔||✔||✔|
|Disk and Boot Record Protection (WipeGuard)||✔||✔||✔||✔||✔|
|Man-in-the-Browser Protection (Safe Browsing)||✔||✔||✔||✔||✔|
|Enhanced Application Lockdown||✔||✔||✔||✔||✔|
|Live Discover (cross-environment SQL queries to the Threat Hunting and for security compliance).||-||✔||✔||✔||✔|
|SQL query library (pre-formulated, customizable queries)||-||✔||✔||✔||✔|
|Suspicious event detection and prioritization||-||✔||✔||✔||✔|
|Data storage on hard disk (up to 90 days) with fast data access||-||✔||✔||✔||✔|
|Cross-product data sources (e.g. firewall, e-mail)||-||-||✔||-||see PDF|
|Cross-product queries||-||-||✔||-||see PDF|
|Sophos Data Lake (cloud data storage)||-||7 days||30 days||see PDF||see PDF|
|Threat cases (root cause analysis)||✔||✔||✔||✔||✔|
|Deep Learning Malware Analysis||-||✔||✔||✔||✔|
|Advanced threat data from SophosLabs on demand||-||✔||✔||✔||✔|
|Export of forensic data||-||✔||✔||✔||✔|
|Automated malware removal||✔||✔||✔||✔||✔|
|Synchronized Security Heartbeat||✔||✔||✔||✔||✔|
|Remote terminal access (remote analysis and response)||-||✔||✔||✔||✔|
|On-demand server isolation||-||✔||✔||✔||✔|
|With one click "Remove and block||-||✔||✔||✔||✔|
|Cloud Workload Protection (Amazon Web Services, Microsoft Azure, Google Cloud Platform)||✔||✔||✔||✔||✔|
|Synchronized Application Control (Transparency via applications)||✔||✔||✔||✔||✔|
|Managing your security status in the Cloud (Monitor and protect cloud hosts, serverless functions, S3 buckets etc.)||✔||✔||✔||✔||✔|
|Server-specific policy management||✔||✔||✔||✔||✔|
|Update cache and message relay||✔||✔||✔||✔||✔|
|Automatic scan exceptions||✔||✔||✔||✔||✔|
|File Integrity Monitoring||✔||✔||✔||✔||✔|
|24/7 evidence-based threat hunting||-||-||-||✔||✔|
|Security Health Checks||-||-||-||✔||✔|
|Threat elimination and cleanup||-||-||-||✔||✔|
|24/7 circumstantial threat hunting||-||-||-||-||✔|
|Proactive Security Posture Improvement||-||-||-||-||✔|
|Direct telephone support||-||-||-||-||✔|
|Threat Response Team Lead||-||-||-||-||✔|