Technical Specifications
Compare the range of functions of the different Server from Sophos to protect your infrastructure. Not sure which protection best suits your business? We can advise you free of charge and without any obligation.
Intercept X Essentials for Servers is the new entry-level server protection for small businesses at an affordable price. It offers the same protections as Intercept X Advanced for Servers with deep-learning AI, anti-ransomware, and anti-exploit capabilities, but without all the control and management features you probably won't miss if your business is small or perceives low risk.
If you need multiple configurable policies or a higher level of manageability with Peripheral Control, Web Control, Application Control, etc., consider purchasing Intercept X Advanced for Server instead.
Compare the range of functions of the different Server from Sophos to protect your infrastructure. Not sure which protection best suits your business? We can advise you free of charge and without any obligation.
Cloud Email security powered by artificial intelligence Sophos Email is cloud email security simply delivered through Sophos Central’s easy-to-use single management console. Protecting your people from unwanted and malicious email threats today, and tomorrow, with the latest artificial intelligence.
Today’s email threats move fast, and malicious files look more and more like benign files. Growing businesses need predictive email security - defeating today’s threats with an eye on tomorrow.
Using the same technology as our award-winning Intercept X, the artificial intelligence built into Sophos Email’s Sandstorm sandboxing technology is a deep learning neural network, able to detect suspicious payloads containing threats, malware and unwanted applications, as well as high-level threats embedded in documents, including ransomware.
Sophos Sandstorm detonates these files in series of virtual machines, simulating a real end user environment where behavior can be monitored. Delivering safe documents – not just PDFs.
Protecting employees from malicious website links, our advanced URL protection is out-smarting attackers who slip phishing URLs past traditional gateways - delaying the upload of malware to websites until after the email is delivered. Sophos Time-ofClick checks website reputation before delivery and at the time you click – blocking stealthy, delayed attacks.
Attackers relentlessly target organizations with spam, phishing, and advanced socially engineered attacks. Automate phishing imposter defense with Sophos Email authentication. Protecting your employees from phishing attacks using fraudulent email addresses that impersonate trusted contacts and domains, before they reach the inbox.
Using a combination of SPF, DKIM and DMARC authentication techniques and email header analysis, Sophos Email allows you to identify and allow legitimate emails from trusted partners, and block the imposter – allowing you to trust your inbox again.
Sophos Email was born to be flexible. Creating unique security policies for individuals, groups or the whole domain can be done in minutes – saving you valuable time.
While seamless integration with Microsoft Office 365, Google G Suite, on-premises Exchange 2003+, and many more email providers, allows you to protect any email service where you control the domain and DNS records. Best of all - activation is completely in your control, with administrator controls and end-user self-service for common day-to-day tasks.
The answer for business-grade email. Email, Office, Collaboration – Microsoft Office 365 is a great tool for businesses to stay productive. But as customers move to O365, the security features often don’t live up to expectations. Great collaboration needs great security, and Sophos Email provides a simple solution:
Deployment requires a simple MX record change to route email through Sophos Central, and you can simply bring in users and their mailboxes with our handy Azure and on premise Active Directory synchronization tools.
Sophos Central Intercept X Advanced is a combination of Sophos Central Endpoint Protection and Intercept X products.
With Sophos Central Intercept X Advanced, you get all the features of Sophos Central Endpoint Protection and Intercept X in one product.
On the one hand, you benefit from great functions such as "Peripheral Control" or "Malicious Traffic Detection", and at the same time you get a specialist on your computer with Intercept X, which uses a technology called "CryptoGuard" to detect as soon as malware tries to encrypt files on your computer and stops this process immediately. Files that have already been encrypted are then automatically restored, so there is no data loss.
Would you like to see the Sophos Central user interface live? Just go to central.sophos.com and use the demo account. Username: demo@sophos.com / Password: Demo@sophos.com
Preventing the exploitation of security vulnerabilities.
Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. With Intercept X, every application is monitored in the background and every action is checked to see if an exploit technique is being attempted.
If such a technique is detected, Exploit Prevention prevents a vulnerability from being exploited and restores the system to a secure state.
Find out the cause of the attack.
Imagine that, despite all the protective measures, malware has made it into your network. How could this happen? Thanks to the root cause analysis in Intercept X, this mystery can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you in great detail how the malware got into your network, which devices were infected and what steps you should take now.
With root cause analysis, you'll never be in the dark again if your network has been infected by an unknown malware.
Restores the system to its original state after an attack.
With Intercept X, thanks to technologies like CryptoGuard, you are protected against signatureless malware, such as ransomware, but after an attempted attack, your system still needs to be cleaned of all remnants. Since there is no cleaning routine for unknown malware, the entire processes of the executed malware must be forensically examined. This task is performed by Sophos Clean.
Sophos Clean performs a complete cleaning of the system after an attack has been stopped. It not only removes the malware itself, but replaces infected Windows resources with more secure original versions and ultimately restores the system to its original state, as it was before the infection.
Compare the feature set of Sophos’s various endpoint products to protect your clients. Not sure which protection best suits your business? We advise you free of charge and completely without obligation.
Securely connect anyone, anywhere, to any application. Sophos ZTNA transparently connects users to important business applications and data, providing enhanced segmentation, security, and visibility over traditional remote access VPN. It works as a standalone product and as a fully integrated Synchronized Security solution with Sophos Firewall and Intercept X.
ZTNA improves your security posture and reduces your attack surface in many ways: removing vulnerable and old VPN clients and infrastructure, eradicating implicit trust, incorporating device health into access policy, preventing lateral movement across the network, making your apps invisible to attackers, and providing much better insights into user and application activity.
Remote access VPN has served us well, but it was never designed for this new world. ZTNA offers a much better alternative for remote access by providing better security and threat protection, an easier and more scalable management experience, and a more transparent and frictionless experience for end-users.
With VPN, you’re providing network access. With Sophos ZTNA, you’re only providing access to specific applications. We micro-segment your applications, users, and devices, and with the integration of device health into access policies and continuous authentication verification, you get much better security. This eliminates all of the of implicit trust and the lateral movement that comes with VPN.
Hackers are leveraging poorly secured remote systems and VPN vulnerabilities to get a foothold on networks to deploy ransomware. Sophos ZTNA helps reduce the surface area and risk of a ransomware attack by removing a new and growing vector. With ZTNA, remote systems are no longer connected “to the network” and only have specific application access.
Sophos ZTNA is much leaner, cleaner, and therefore easier to deploy and manage than traditional remote access VPN. It enables better security and more agility in quickly changing environments with users coming and going - making day-to-day administration a quick and painless task and not a full-time job.
As an alternative or supplement to SaaS application allowed IP ranges, you can utilize ZTNA and your Azure AD identity provider to control access to important SaaS applications – blocking denied devices and unauthorized users from accessing important cloud apps and data.
With "Sophos Central MDR for Server" you can achieve the highest level of security Sophos can currently offer for the protection of your Server (Linux, Windows Server 2008 R2+). In this bundle, you get all the features of Intercept X Advanced for Server with XDR and the new, enhanced MDR service.
With the MDR service, Sophos provides a highly available “Service Operation Center” (SOC). It is the perfect complement for all IT administrators where there are no free resources to go threat hunting themselves with XDR's tools. It takes highly skilled and specialized personnel to use XDR to proactively scan the network for potential threats and take the correct steps when an attack occurs.
With Sophos Central MDR for Server, you no longer need to look for trained personnel yourself. Sophos provides a team of experts who work 24/7 to combat threats.
If something has been detected on your system that could not be fixed automatically and requires human expertise, the MDR team is there for you on a 24/7 basis. An expert then takes a close look at the critical note and uses his experience to decide what needs to be done.
The MDR team pays special attention to attacks executed through legitimate processes, such as PowerShell. Such attacks are often successful because they are difficult for monitoring tools to detect. The MDR team uses proprietary analytics to monitor these processes to ensure they are not being misused for malicious purposes.
The Security Health Check ensures that your Sophos Central products can always operate at maximum performance. To do this, the MDR team looks at your network requirements and makes recommendations for configuration changes.
Cloud Email security powered by artificial intelligence Sophos Email is cloud email security simply delivered through Sophos Central’s easy-to-use single management console. Protecting your people from unwanted and malicious email threats today, and tomorrow, with the latest artificial intelligence.
Today’s email threats move fast, and malicious files look more and more like benign files. Growing businesses need predictive email security - defeating today’s threats with an eye on tomorrow.
Using the same technology as our award-winning Intercept X, the artificial intelligence built into Sophos Email’s Sandstorm sandboxing technology is a deep learning neural network, able to detect suspicious payloads containing threats, malware and unwanted applications, as well as high-level threats embedded in documents, including ransomware.
Sophos Sandstorm detonates these files in series of virtual machines, simulating a real end user environment where behavior can be monitored. Delivering safe documents – not just PDFs.
Protecting employees from malicious website links, our advanced URL protection is out-smarting attackers who slip phishing URLs past traditional gateways - delaying the upload of malware to websites until after the email is delivered. Sophos Time-ofClick checks website reputation before delivery and at the time you click – blocking stealthy, delayed attacks.
Attackers relentlessly target organizations with spam, phishing, and advanced socially engineered attacks. Automate phishing imposter defense with Sophos Email authentication. Protecting your employees from phishing attacks using fraudulent email addresses that impersonate trusted contacts and domains, before they reach the inbox.
Using a combination of SPF, DKIM and DMARC authentication techniques and email header analysis, Sophos Email allows you to identify and allow legitimate emails from trusted partners, and block the imposter – allowing you to trust your inbox again.
Sophos Email was born to be flexible. Creating unique security policies for individuals, groups or the whole domain can be done in minutes – saving you valuable time.
While seamless integration with Microsoft Office 365, Google G Suite, on-premises Exchange 2003+, and many more email providers, allows you to protect any email service where you control the domain and DNS records. Best of all - activation is completely in your control, with administrator controls and end-user self-service for common day-to-day tasks.
The answer for business-grade email. Email, Office, Collaboration – Microsoft Office 365 is a great tool for businesses to stay productive. But as customers move to O365, the security features often don’t live up to expectations. Great collaboration needs great security, and Sophos Email provides a simple solution:
Deployment requires a simple MX record change to route email through Sophos Central, and you can simply bring in users and their mailboxes with our handy Azure and on premise Active Directory synchronization tools.
Sophos Central Server Protection does more than defend against known malware based on signatures, and also protects your Windows and Linux servers from modern threats. Based on real-time threat data from SophosLabs, the solution correlates suspicious behavior and activity: from malicious URLs to web exploit code and unexpected system changes to command-and-control traffic. This keeps your servers and data reliably protected.
Sophos Central Intercept X Advanced for Servers uses a combination of leading traditional and modern techniques to protect your servers, rather than relying on a single security approach. This includes deep-learning malware detection, exploit defense, and specialized capabilities for ransomware protection.
The artificial intelligence built into Intercept X is a neural network - an advanced form of machine learning. This network is capable of detecting both known and unknown malware completely without signatures.
Sophos Exploit Prevention blocks the exploit tools and techniques used to spread malware, steal credentials and defeat detection mechanisms. This means hackers and zero-day attacks no longer have a chance to enter your network.
Using behavioral analysis, Intercept X stops unknown ransomware and boot record attacks.Even if trusted files and processes are tampered with, CryptoGuard stops the process and restores the affected items to their original state - without requiring user or IT intervention. CryptoGuard works unobtrusively at the file system level, keeping an eye on remote computers and local processes that attempt to tamper with your documents and other files.
Central Intercept X for Servers with EDR is the first EDR solution specifically designed to help IT administrators and security analysts with IT operations use cases and threat hunting. With Sophos Intercept X Advanced, you can create any query about what happened in the past and what is currently happening on your endpoints. You can use these queries either for threat hunting to detect active attackers or to ensure that security policies are enforced. When a problem is found, you have the ability to take targeted action via remote access.
Sophos Central Intercept X Advanced is a combination of Sophos Central Endpoint Protection and Intercept X products.
With Sophos Central Intercept X Advanced, you get all the features of Sophos Central Endpoint Protection and Intercept X in one product.
On the one hand, you benefit from great functions such as "Peripheral Control" or "Malicious Traffic Detection", and at the same time you get a specialist on your computer with Intercept X, which uses a technology called "CryptoGuard" to detect as soon as malware tries to encrypt files on your computer and stops this process immediately. Files that have already been encrypted are then automatically restored, so there is no data loss.
Would you like to see the Sophos Central user interface live? Just go to central.sophos.com and use the demo account. Username: demo@sophos.com / Password: Demo@sophos.com
Preventing the exploitation of security vulnerabilities.
Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. With Intercept X, every application is monitored in the background and every action is checked to see if an exploit technique is being attempted.
If such a technique is detected, Exploit Prevention prevents a vulnerability from being exploited and restores the system to a secure state.
Find out the cause of the attack.
Imagine that, despite all the protective measures, malware has made it into your network. How could this happen? Thanks to the root cause analysis in Intercept X, this mystery can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you in great detail how the malware got into your network, which devices were infected and what steps you should take now.
With root cause analysis, you'll never be in the dark again if your network has been infected by an unknown malware.
Restores the system to its original state after an attack.
With Intercept X, thanks to technologies like CryptoGuard, you are protected against signatureless malware, such as ransomware, but after an attempted attack, your system still needs to be cleaned of all remnants. Since there is no cleaning routine for unknown malware, the entire processes of the executed malware must be forensically examined. This task is performed by Sophos Clean.
Sophos Clean performs a complete cleaning of the system after an attack has been stopped. It not only removes the malware itself, but replaces infected Windows resources with more secure original versions and ultimately restores the system to its original state, as it was before the infection.
Compare the feature set of Sophos’s various endpoint products to protect your clients. Not sure which protection best suits your business? We advise you free of charge and completely without obligation.
With “Sophos Central MDR” you can achieve the highest level of security Sophos can currently offer for the protection of your endpoints (macOS 10.15+, Windows 8.1+). In this bundle, you get all the features of Intercept X Advanced with XDR and the new, enhanced MDR service.
With the MDR service, Sophos provides a highly available “Service Operation Center” (SOC). It is the perfect complement for all IT administrators where there are no free resources to go threat hunting themselves with XDR's tools. It takes highly skilled and specialized personnel to use XDR to proactively scan the network for potential threats and take the correct steps when an attack occurs.
With Sophos Central MDR for Server, you no longer need to look for trained personnel yourself. Sophos provides a team of experts who work 24/7 to combat threats.
If something has been detected on your system that could not be fixed automatically and requires human expertise, the MDR team is there for you on a 24/7 basis. An expert then takes a close look at the critical note and uses his experience to decide what needs to be done.
The MDR team pays special attention to attacks executed through legitimate processes, such as PowerShell. Such attacks are often successful because they are difficult for monitoring tools to detect. The MDR team uses proprietary analytics to monitor these processes to ensure they are not being misused for malicious purposes.
The Security Health Check ensures that your Sophos Central products can always operate at maximum performance. To do this, the MDR team looks at your network requirements and makes recommendations for configuration changes.
You will learn the current state of your systems, what intelligence was gathered during the reporting period, and what threats were averted. A histogram of these reports is then created over the period where you use the MDR service. With the help of this data, Sophos creates so-called "scorecards", with which one can compare oneself to previous periods.
Regardless of whether you choose the normal MDR or MDR Complete variant, you retain control over how autonomously the MDR team should operate. This is regulated right at the beginning in the so-called onboarding process. When you purchase the Sophos MDR service, you can choose from three options that determine what response you expect from the MDR team:
Sophos Managed Detection and Response (MDR) Complete is Sophos' most flexible and comprehensive 24/7 managed threat protection, detection, and response service. MDR Complete provides analyst-led threat hunting and investigation as well as full-scale incident response. Threats are fully eliminated. Sophos MDR Complete includes support for 3rd party endpoint protection solutions. Optional add-ons can be purchased for Sophos Network Detection and Response (NDR), Sophos 3rd party integration packs, and extended data storage. For licensing clarity, Central Managed Detection and Response includes Central Intercept X Advanced with XDR as well as 3rd party endpoint compatibility.
The need for always-on security operations has become an imperative. However, the complexity of modern operating environments and the velocity of cyberthreats make it increasingly difficult for most organizations to successfully manage detection and response on their own.
With Sophos MDR, our expert team stops advanced human-led attacks. We take action to neutralize threats before they can disrupt your business operations or compromise your sensitive data. Sophos MDR is customizable with different service tiers, and can be delivered via our proprietary technology or using your existing cybersecurity technology investments.
Enabled by extended detection and response (XDR) capabilities that provide complete security coverage wherever your data reside, Sophos MDR can:
We can provide the technology you need from our award-wining portfolio, or our analysts can leverage your existing cybersecurity technologies to detect and respond to threats.
Sophos MDR is compatible with security telemetry from vendors such as Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace, and many others. Telemetry is automatically consolidated, correlated, and prioritized with insights from the Sophos Adaptive Cybersecurity Ecosystem (ACE) and Sophos X-Ops threat intelligence unit.
Central Managed Detection and Response Complete Server is Sophos' most flexible and comprehensive 24/7 managed threat protection, detection, and response service. MDR Complete provides analyst-led threat hunting and investigation as well as full-scale incident response. Threats are fully eliminated. Sophos MDR Complete includes support for 3rd party server protection solutions. Optional add-ons can be purchased for Sophos Network Detection and Response (NDR), Sophos 3rd party integration packs, and extended data storage. For licensing clarity, Central Managed Detection and Response includes Central Intercept X Advanced with XDR as well as 3rd party endpoint compatibility.
The need for always-on security operations has become an imperative. However, the complexity of modern operating environments and the velocity of cyberthreats make it increasingly difficult for most organizations to successfully manage detection and response on their own.
With Sophos MDR, our expert team stops advanced human-led attacks. We take action to neutralize threats before they can disrupt your business operations or compromise your sensitive data. Sophos MDR is customizable with different service tiers, and can be delivered via our proprietary technology or using your existing cybersecurity technology investments.
Enabled by extended detection and response (XDR) capabilities that provide complete security coverage wherever your data reside, Sophos MDR can:
With “Sophos Central MDR” you can achieve the highest level of security Sophos can currently offer for the protection of your endpoints (macOS 10.15+, Windows 8.1+). In this bundle, you get all the features of Intercept X Advanced with XDR and the new, enhanced MDR service.
With the MDR service, Sophos provides a highly available “Service Operation Center” (SOC). It is the perfect complement for all IT administrators where there are no free resources to go threat hunting themselves with XDR's tools. It takes highly skilled and specialized personnel to use XDR to proactively scan the network for potential threats and take the correct steps when an attack occurs.
With Sophos Central MDR for Server, you no longer need to look for trained personnel yourself. Sophos provides a team of experts who work 24/7 to combat threats.
If something has been detected on your system that could not be fixed automatically and requires human expertise, the MDR team is there for you on a 24/7 basis. An expert then takes a close look at the critical note and uses his experience to decide what needs to be done.
The MDR team pays special attention to attacks executed through legitimate processes, such as PowerShell. Such attacks are often successful because they are difficult for monitoring tools to detect. The MDR team uses proprietary analytics to monitor these processes to ensure they are not being misused for malicious purposes.
The Security Health Check ensures that your Sophos Central products can always operate at maximum performance. To do this, the MDR team looks at your network requirements and makes recommendations for configuration changes.
You will learn the current state of your systems, what intelligence was gathered during the reporting period, and what threats were averted. A histogram of these reports is then created over the period where you use the MDR service. With the help of this data, Sophos creates so-called "scorecards", with which one can compare oneself to previous periods.
Regardless of whether you choose the normal MDR or MDR Complete variant, you retain control over how autonomously the MDR team should operate. This is regulated right at the beginning in the so-called onboarding process. When you purchase the Sophos MDR service, you can choose from three options that determine what response you expect from the MDR team:
With Sophos Central Intercept X for servers with XDR, you equip your servers with the maximum protection Sophos has to offer for servers. It includes all the functions of classic "Server Protection" with "Intercept X" for protection against ransomware and exploits, allowing you to protect your server environment against encryption Trojans. As the name of the product suggests, you also buy the "XDR" function.
XDR means "Extended Detection and Response" and is interesting for all those who want to get to the bottom of the cause of an attack in more detail, or in certain companies also have to. XDR is used, for example, when malware has been blocked or an exploit has been prevented. It could be that a thwarted attack is just a harbinger of a much larger attack. In our view, XDR can be seen as an extension of the "root cause analysis" already included in Intercept X, simply with many more options.
The Server lockdown gives you the benefit of one-click whitelisting. Once you activate the lockdown for your Server, it will first check if the system is threat-free. After that, it is necessary to record the current state of your server and create the whitelisting. All this happens in the background and does not affect the availability of your server. After one or two hours, indexing is usually complete and the system is in lockdown mode. From this point on, no software, including malware, can be installed on the system.
After lockdown, you can define so-called "update applications". For example, an update of an ERP can be such an update application. Windows updates are already whitelisted automatically and are allowed to update system components of Windows.
A classic antivirus doesn't stand a chance against encryption Trojans such as Petya, WannaCry or Locky. With CryptoGuard you get a technology on your Server that detects as soon as a ransomware tries to encrypt files on your Server and stops this process immediately. Already encrypted files are automatically restored afterwards, so that no data loss occurs.
CryptoGuard is the ideal complement to classic virus detection and is included as an additional layer of protection in Sophos intercept X for Server.
Find out the cause of the attack.
Imagine that, despite all the protective measures, malware has made it into your network. How could this happen? Thanks to the root cause analysis in Intercept X, this mystery can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you in great detail how the malware got into your network, which devices were infected and what steps you should take now.
With root cause analysis, you'll never be in the dark again if your network has been infected by an unknown malware.
Preventing the exploitation of security vulnerabilities.
Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. With Intercept X, every application is monitored in the background and every action is checked to see if an exploit technique is being attempted.
If such a technique is detected, Exploit Prevention prevents a vulnerability from being exploited and restores the system to a secure state.
Compare the range of functions of the different Server from Sophos to protect your infrastructure. Not sure which protection best suits your business? We can advise you free of charge and without any obligation.
Intercept X Essentials is the new entry-level endpoint protection for small businesses at an affordable price. It offers the same protections as Intercept X Advanced with deep-learning AI, anti-ransomware, and anti-exploit capabilities, but without all the control and management features, which you probably won't miss if your organization is small or perceives low risk.
If you need multiple configurable policies or a higher level of manageability with Peripheral Control, Web Control, Application Control, etc., consider purchasing Intercept X Advanced instead.
Compare the feature set of Sophos’s various endpoint products to protect your clients. Not sure which protection best suits your business? We advise you free of charge and completely without obligation.
Sophos Intercept X for Server is the industry leading Server Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI and control technology it stops attacks before they impact your systems. Intercept X for Server uses a comprehensive, defense in depth approach to server protection, rather than relying on one primary security technique.
Deep learning AI in Intercept X for Server excels at detecting and blocking malware even when it hasn’t been seen before. It does this by scrutinizing file attributes from hundreds of millions of samples to identify threats without the need for a signature.
Intercept X for Server includes advanced anti-ransomware capabilities that detect and block the malicious encryption processes used in ransomware attacks. Files that have been encrypted will be rolled back to a safe state, minimizing any impact to business productivity.
Anti-exploit technology stops the exploit techniques that attackers rely on to compromise devices, steal credentials and distribute malware. By stopping the techniques used throughout the attack chain Intercept X for Server keeps your organization secure against file-less attacks and zero-day exploits.
Ensure only what you want can run. Server Lockdown (whitelisting) makes sure that only applications you have approved can run on a server. File Integrity Monitoring will notify you if there are unauthorized attempts to change critical files.
Understand and secure your entire multi-cloud inventory. You can detect your cloud workloads as well as critical cloud services including S3 buckets, databases and serverless functions, identify suspicious activity, spot insecure deployments and close security gaps.