Sophos XDR and EDR 4.0 are live!

Sophos XDR and EDR 4.0 are now available, bringing powerful Extended Detection and Response (XDR) as well as significant enhancements to Endpoint Detection and Response (EDR).

Introducing Sophos XDR
Sophos XDR goes beyond endpoints and servers, also pulling in rich Sophos Firewall and Sophos Email data (Sophos Mobile and Cloud Optix XDR-integration is coming soon) with 30 days of storage in the Sophos Data Lake. Which means organizations get even more detailed insight into their environments when performing threat hunting or IT operations tasks.

Users get both the broad, big picture view of their cybersecurity environment with the ability to deep dive into areas of interest for granular detail. It’s the best of both worlds.

Here are just a few Sophos XDR use cases:

IT Operations Threat Hunting
  • Identify unmanaged, guest and IoT devices
  • Why is the office network connection slow? Which application is causing it?
  • Look back 30 days for unusual activity on a missing or destroyed device
  • Extend investigations to 30 days without bringing a device back online
  • Use ATP and IPS detections from the firewall to investigate suspect hosts
  • Compare email header information, SHAs and other IoCs to identify malicious traffic to a domain

You can see more examples in the EDR/XDR use cases PDF.

Details on availability
Sophos XDR and the Sophos Data Lake are available for Windows and Linux now. macOS support is planned for H2CY21. MSP Flex availability is scheduled for late June.

How do I sell Sophos XDR?
Sophos XDR (CXDR) is an overlay license that enables 30 days of data collection from any Sophos XDR-ready product.

XDR-ready products feed data to the Sophos Data Lake and require their own separate license, for example Intercept X Advanced with EDR (CIXAEDR), Intercept X Advanced for Server with EDR (SVRCIXAEDR), Sophos Firewall (XG/XGS) with Xstream Protection or Sophos Email Advanced (CEMA).

For further details on requirements, exclusions, and example licensing scenarios, please read the Sophos XDR Licensing Guide.

For sales tools and additional resources, visit the Sophos Partner Portal.

Note that only Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR can use Sophos XDR without having another XDR-ready product. See the license guide for further details.
Customers with an XG Series or virtual appliance and TotalProtect Plus/FullGuard/FullGuard Plus/EnterpriseGuard Plus can also use Sophos XDR at launch. These customers will be automatically migrated to Xstream Protection in the July timeframe. 

Offline Access with the Sophos Data Lake
A key component of both XDR and EDR, the Sophos Data Lake stores critical data from XDR and EDR enabled devices, enabling access to that data even when devices are offline. For example, look back for unusual activity on a device that has been destroyed or taken without authorization. It’s an important part of cybersecurity visibility giving organizations the ability to see their entire environment and quickly drill down to granular areas of interest. Data retention periods are 7 days (EDR) and 30 days (XDR). That’s in addition to the up-to 90 days of on-disk data stored on devices.

EDR gets even better – again!
The latest version of EDR (4.0) brings some incredible enhancements, which are available to existing EDR users.

Sophos Data Lake
EDR customers will have the ability to get data up to 7 days in the past from their endpoints and servers, even if those devices aren’t currently online, in addition to the up-to 90 days of on-disk data they have currently. Note that customers have to enable the Sophos Data Lake. The Sophos Data Lake is available for Windows and Linux now, macOS support is coming H2CY21.

Scheduled queries
Users can schedule queries to run overnight so key data is ready and waiting for assessment in the morning and they have the information needed to perform critical threat hunting and IT operations tasks. Initially scheduled queries are available for the Sophos Data Lake with on-device Live Query following. 

Enhanced usability
Users can work even faster with enhancements to workflows and pivoting that help them get to key information faster and enable them to take actions and respond even faster.


Tools to help 
Web content 

Sophos News articles:


Please follow and like us:

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *


Our website uses cookies. Below, we briefly explain which cookies we use. You can choose not to allow the placement of analytical and/or marketing cookies. You can change your preferences at any time by clicking ‘Cookie Preferences’ in the footer of our website. You can also revoke or grant your permission(s) there. We store cookies to record your cookie preferences. More information about the cookies and the purposes for which specific cookies are stored, who stores these cookies (the provider), and the storage duration of cookies can be found in our Cookie Policy.

  • Altijd aan

    Our websites cannot function properly without certain cookies. These cookies are necessary for the proper functioning of the website, to comply with the law (e.g. being able to demonstrate which cookie preferences you have set) or required for the security of our systems. You cannot disable these cookies.

  • These cookies, also known as statistical cookies, enable us to further develop and improve the functionality of our website by analysing the use of the website. These cookies send information back to our data analytics tools: Google Analytics from Google LLC or Hotjar from Hotjar Ltd.

  • Marketing cookies (tracking cookies) enable us to collect information about your internet behaviour. This allows us to tailor our online marketing campaigns and web content to your interests.

Enjoy this blog? Please spread the word :)