Sophos Intercept X for Server - MSP

• Get performance and uptime with lightweight Linux and Windows host protection via agent or API for Linux.
• Protect it all: Cloud, data center, host, container, Windows, and Linux.
• Identify sophisticated Linux security incidents at runtime without deploying a kernel module.
• Secure your Windows hosts and remote workers against ransomware, exploits, and never-before-seen threats.
• Manage applications, lock down configurations, and monitor changes to your critical Windows system files.
• Utilize XDR to streamline threat investigations and response and prioritize and connect events.

Linux Security

• Detection and resilience for Linux systems across container runtimes such as Docker, containerd, CRI-O, and other environments. Our detection is crafted with the threat models of cloud-native systems top of mind.

Windows Security

• Secure your Windows hosts and remote workers against ransomware, exploits, and never-before-seen threats, manage applications, lock down configurations, and monitor changes to critical system files.

Hybrid and Multi-Cloud

• Safeguard applications and data across your hybrid cloud environments from a single console. Our flexible agent runs on-premises, in data centers, and across AWS, Azure, GCP, Oracle Cloud, and other hybrid and multi-cloud environments.

• Integrated Live Response establishes a secure command line terminal to hosts for remediation.
• Extended detection and response (XDR) provides complete visibility across your hosts, containers, endpoints, networks, and cloud services.
• Cloud-native behavioral and exploit runtime detections identify threats, including container escapes, kernel exploits, and privilege-escalation attempts.
• Streamlined threat investigation workflows prioritize high-risk incident detections and consolidate connected events to increase efficiency.

Lightweight Linux and Windows Host Agent

• Secure your hosts and containers with a single agent managed through the Sophos Central management console. Easily investigate and respond to behavioral, exploit, and malware threats in one place and increase IT hygiene with automated detections, intuitive queries, and remote response.

Integrated Linux Threat Intelligence

• Fine-tuned for maximum performance, seamlessly enrich your security operations workflows. Includes an ultra-lightweight Linux sensor that can be integrated into host and behavioral and exploit runtime detections via API and complements your existing automation, orchestration, log management, and incident response tools.

Optimized for Linux

• Identify sophisticated Linux security incidents as they happen without deploying a kernel module.

Eliminate Disruptions

• Use a single agent optimized for resource limits (including CPU, memory, and data collection limits) to avoid costly downtime, overloaded hosts, and stability issues caused by traditional security tools.

Integrate with CI/CD Pipelines

• Seamlessly integrate security configuration and compliance checks at any stage of the CI/CD pipeline, scan container images for operating system vulnerabilities, and automatically detect misconfigurations, embedded secrets, passwords, and keys in Infrastructure as Code (IaC) templates.

• Proactively identify unsanctioned activity, vulnerabilities, and misconfigurations across AWS, Azure, and GCP.
• Continuously discover cloud resources with detailed inventory and visualization of networks, Sophos host protection and Sophos Firewall deployments.
• Automatically overlay security best practices and compliance standards to detect gaps in your security posture and identify quick wins and critical security issues.
• Detect over-privileged access and high-risk anomalies in user behavior to prevent breaches.

Intercept X Essentials for Server

• Foundational server workload protection for small organizations that provides the very best security, from a single policy.

Intercept X Advanced for Server

• All of the features of Intercept X Essentials for Server plus the following:
• Defense in depth for server workloads. Combine anti-exploit, anti-ransomware, deep learning AI and control technology to stop attacks before they impact systems.

Intercept X Advanced for Server with XDR

• All of the features of Intercept X Advanced for Server plus the following:
• Designed for dedicated SOC teams and IT admins, Sophos extended detection and response (XDR) enables you to quickly answer business-critical questions and respond remotely.
• Answer business critical questions and respond remotely with visibility into your server and container workloads, identifying malware, exploits, and anomalous behavior.
• Get to the information that matters most by choosing from pre-written and customizable templates covering threat hunting and IT operations scenarios - or write your own.
• Streamlined threat investigations prioritize high-risk incident detections and consolidate connected events across devices, networks, and the cloud to increase efficiency.
• Remotely access devices to perform further investigation, install and uninstall software, or remediate any additional issues.
• Behavioral and exploit Linux runtime detections identify threats including container escapes, kernel exploits, and privilege escalation attempts before attackers get a foothold.
• Focus investigations by stopping more breaches before they start - Sophos XDR for Windows includes anti-exploit, anti-ransomware, deep learning AI, peripheral, web, and app control.

Central Managed Detection and Response

• All of the features of Intercept X Advanced for Server with XDR plus the following:
• 24/7 Lead-Driven Threat Hunting - Confirmed malicious artifacts or activity (strong signals) are automatically blocked or terminated, freeing up threat hunters to conduct lead-driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected.
• Security Health Check - Keep your Sophos Central products--beginning with Intercept X Advanced with EDR--operating at peak performance with proactive examinations of your operating conditions and recommended configuration improvements.
• Activity Reporting - Summaries of case activities enable prioritization and communication so your team knows what threats were detected and what response actions were taken within each reporting period.
• Adversarial Detections - Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTP) used by attackers.
• Direct Call-In Support - Your team has direct call-in access to our security operations center (SOC). Our MDR Operations Team is available around-the-clock and backed by support teams spanning 26 locations worldwide.

Central Managed Detection and Response Complete

• Asset Discovery - From asset information covering OS versions, applications, and vulnerabilities to identifying managed and unmanaged assets, we provide valuable insights during impact assessments, threat hunts, and as part of proactive posture improvement recommendations.
• All of the features of Central Managed Detection and Response plus the following.
• 24/7 Leadless Threat Hunting - Applying data science, threat intelligence, and the intuition of veteran threat hunters, we combine your company profile, high-value assets, and high-risk users to anticipate attacker behavior and identify new Indicators of Attack (IoA).
• Enhanced Telemetry - Threat investigations are supplemented with telemetry from other Sophos Central products extending beyond the endpoint to provide a full picture of adversary activities.
• Proactive Posture Improvement - Proactively improve your security posture and harden your defenses with prescriptive guidance for addressing configuration and architecture weaknesses that diminish your overall security capabilities.
• Dedicated Threat Response Lead - When an incident is confirmed, a dedicated threat response lead is provided to directly collaborate with your on-premises resources (internal team or external partner) until the active threat is neutralized.