Sophos Intercept X is the industry leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI and control technology it stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in depth approach to endpoint protection, rather than relying on one primary security technique.
Harness the Power of a Deep Learning Neural Network
Achieve unmatched endpoint threat prevention. Intercept X uses deep learning, an advanced form of machine learning to detect both known and unknown malware without relying on signatures.
Deep learning makes Intercept X smarter, more scalable, and more effective against never-seen-before threats. Intercept X leverages deep learning to outperform endpoint security solutions that use traditional machine learning or signature-based detection alone.
Stop Ransomware in Its Tracks
Block ransomware attacks before they wreak havoc on your organization. Intercept X with XDR includes anti-ransomware technology that detects malicious encryption processes and shuts them down before they can spread across your network. It prevents both file-based and master boot record ransomware.
Any files that were encrypted are rolled back to a safe state, meaning your employees can continue working uninterrupted, with minimal impact to business continuity. You get detailed post-cleanup information, so you can see where the threat got in, what it touched, and when it was blocked.
Intelligent Endpoint Detection and Response (EDR)
The first EDR designed for security analysts and IT administrators
Intercept X Advanced with EDR allows you to ask any question about what has happened in the past, and what is happening now on your endpoints. Hunt threats to detect active adversaries, or leverage for IT operations to maintain IT security hygiene. When an issue is found remotely respond with precision. By starting with the strongest protection, Intercept X stops breaches before they start. It cuts down the number of items to investigate and saves you time.
The strongest protection combined with powerful EDR
Add expertise, not headcount
Built for IT operations and threat hunting
Extended Detection and Response (XDR)
Intercept X Advanced with XDR is the industry’s only XDR solution that synchronizes native endpoint, server, firewall, email, cloud and O365 security. Get a holistic view of your organization’s environment with the richest data set and deep analysis for threat detection, investigation and response for both dedicated SOC teams and IT admins.
Cross reference indicators of comprise from multiple data sources to quickly identify, pinpoint and neutralize a threat
Use ATP and IPS events from the firewall to investigate suspect hosts and identify unprotected devices across your estate
Understand office network issues and which application is causing them
Identify unmanaged, guest and IoT devices across your organization’s environment
Managed Detection and Response
Threat Hunting - Proactive 24/7 hunting by our elite team of threat analysts. Determine the potential impact and context of threats to your business.
Response - Initiates actions to remotely disrupt, contain, and neutralize threats on your behalf to stop even the most sophisticated threats
Continuous Improvement - Get actionable advice for addressing the root cause of recurring incidents to stop them for occurring again
Sophos Managed Detection and Response – Artificial intelligence mixed with human expertise
With “Sophos Central MDR” you can achieve the highest level of security Sophos can currently offer for the protection of your endpoints (macOS 10.15+, Windows 8.1+). In this bundle, you get all the features of Intercept X Advanced with XDR and the new, enhanced MDR service.
Active threat response by a team of experts – 24/7
With the MDR service, Sophos provides a highly available “Service Operation Center” (SOC). It is the perfect complement for all IT administrators where there are no free resources to go threat hunting themselves with XDR's tools. It takes highly skilled and specialized personnel to use XDR to proactively scan the network for potential threats and take the correct steps when an attack occurs. With Sophos Central MDR for Server, you no longer need to look for trained personnel yourself. Sophos provides a team of experts who work 24/7 to combat threats.
Features of MDR
24/7 circumstantial threat hunting
If something has been detected on your system that could not be fixed automatically and requires human expertise, the MDR team is there for you on a 24/7 basis. An expert then takes a close look at the critical note and uses his experience to decide what needs to be done.
Attack detection
The MDR team pays special attention to attacks executed through legitimate processes, such as PowerShell. Such attacks are often successful because they are difficult for monitoring tools to detect. The MDR team uses proprietary analytics to monitor these processes to ensure they are not being misused for malicious purposes.
Security Health Check
The Security Health Check ensures that your Sophos Central products can always operate at maximum performance. To do this, the MDR team looks at your network requirements and makes recommendations for configuration changes.
Activity Reports
You will learn the current state of your systems, what intelligence was gathered during the reporting period, and what threats were averted. A histogram of these reports is then created over the period where you use the MDR service. With the help of this data, Sophos creates so-called "scorecards", with which one can compare oneself to previous periods.
Onboarding process with maximum control and transparency
Regardless of whether you choose the normal MDR or MDR Complete variant, you retain control over how autonomously the MDR team should operate. This is regulated right at the beginning in the so-called onboarding process. When you purchase the Sophos MDR service, you can choose from three options that determine what response you expect from the MDR team:
Sophos Managed Detection and Response – Artificial intelligence mixed with human expertise
With “Sophos Central MDR” you can achieve the highest level of security Sophos can currently offer for the protection of your endpoints (macOS 10.15+, Windows 8.1+). In this bundle, you get all the features of Intercept X Advanced with XDR and the new, enhanced MDR service.
Active threat response by a team of experts – 24/7
With the MDR service, Sophos provides a highly available “Service Operation Center” (SOC). It is the perfect complement for all IT administrators where there are no free resources to go threat hunting themselves with XDR's tools. It takes highly skilled and specialized personnel to use XDR to proactively scan the network for potential threats and take the correct steps when an attack occurs. With Sophos Central MDR for Server, you no longer need to look for trained personnel yourself. Sophos provides a team of experts who work 24/7 to combat threats.
Features of MDR
24/7 circumstantial threat hunting
If something has been detected on your system that could not be fixed automatically and requires human expertise, the MDR team is there for you on a 24/7 basis. An expert then takes a close look at the critical note and uses his experience to decide what needs to be done.
Attack detection
The MDR team pays special attention to attacks executed through legitimate processes, such as PowerShell. Such attacks are often successful because they are difficult for monitoring tools to detect. The MDR team uses proprietary analytics to monitor these processes to ensure they are not being misused for malicious purposes.
Security Health Check
The Security Health Check ensures that your Sophos Central products can always operate at maximum performance. To do this, the MDR team looks at your network requirements and makes recommendations for configuration changes.
Activity Reports
You will learn the current state of your systems, what intelligence was gathered during the reporting period, and what threats were averted. A histogram of these reports is then created over the period where you use the MDR service. With the help of this data, Sophos creates so-called "scorecards", with which one can compare oneself to previous periods.
Onboarding process with maximum control and transparency
Regardless of whether you choose the normal MDR or MDR Complete variant, you retain control over how autonomously the MDR team should operate. This is regulated right at the beginning in the so-called onboarding process. When you purchase the Sophos MDR service, you can choose from three options that determine what response you expect from the MDR team:
Sophos Managed Detection and Response (MDR) Complete is Sophos' most flexible and comprehensive 24/7 managed threat protection, detection, and response service. MDR Complete provides analyst-led threat hunting and investigation as well as full-scale incident response. Threats are fully eliminated. Sophos MDR Complete includes support for 3rd party endpoint protection solutions. Optional add-ons can be purchased for Sophos Network Detection and Response (NDR), Sophos 3rd party integration packs, and extended data storage. For licensing clarity, Central Managed Detection and Response includes Central Intercept X Advanced with XDR as well as 3rd party endpoint compatibility.
Ransomware and Breach Prevention Services
The need for always-on security operations has become an imperative. However, the complexity of modern operating environments and the velocity of cyberthreats make it increasingly difficult for most organizations to successfully manage detection and response on their own.
With Sophos MDR, our expert team stops advanced human-led attacks. We take action to neutralize threats before they can disrupt your business operations or compromise your sensitive data. Sophos MDR is customizable with different service tiers, and can be delivered via our proprietary technology or using your existing cybersecurity technology investments.
Cybersecurity Delivered as a Service
Enabled by extended detection and response (XDR) capabilities that provide complete security coverage wherever your data reside, Sophos MDR can:
Detect more cyberthreats than security tools can identify on their own Our tools automatically block 99.98% of threats, which enables our analysts to focus on hunting the most sophisticated attackers that can only be detected and stopped by a highly trained human.
Take action on your behalf to stop threats from disrupting your business Our analysts detect, investigate, and respond to threats in minutes — whether you need full-scale incident response or help making accurate decisions.
Identify the root cause of threats to prevent future incidents We proactively take actions and provide recommendations that reduce risk to your organization. Fewer incidents mean less disruption for your IT and security teams, your employees, and your customers.
Compatible with the Cybersecurity Tools You Already Have
We can provide the technology you need from our award-wining portfolio, or our analysts can leverage your existing cybersecurity technologies to detect and respond to threats.
Sophos MDR is compatible with security telemetry from vendors such as Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace, and many others. Telemetry is automatically consolidated, correlated, and prioritized with insights from the Sophos Adaptive Cybersecurity Ecosystem (ACE) and Sophos X-Ops threat intelligence unit.
Highlights
Stop ransomware and other advanced human-led attacks with a 24/7 team of threat response experts
Maximize the ROI of your existing cybersecurity technologies
Let Sophos MDR execute full-scale incident response, work with you to manage security incidents, or deliver detailed threat notifications and guidance
Improve cyber insurance coverage eligibility with 24/7 monitoring and endpoint detection and response (EDR) capabilities
Free up your internal IT and security staff to focus on business enablement
Sophos Managed Detection and Response (MDR) Complete is Sophos' most flexible and comprehensive 24/7 managed threat protection, detection, and response service. MDR Complete provides analyst-led threat hunting and investigation as well as full-scale incident response. Threats are fully eliminated. Sophos MDR Complete includes support for 3rd party endpoint protection solutions. Optional add-ons can be purchased for Sophos Network Detection and Response (NDR), Sophos 3rd party integration packs, and extended data storage. For licensing clarity, Central Managed Detection and Response includes Central Intercept X Advanced with XDR as well as 3rd party endpoint compatibility.
Ransomware and Breach Prevention Services
The need for always-on security operations has become an imperative. However, the complexity of modern operating environments and the velocity of cyberthreats make it increasingly difficult for most organizations to successfully manage detection and response on their own.
With Sophos MDR, our expert team stops advanced human-led attacks. We take action to neutralize threats before they can disrupt your business operations or compromise your sensitive data. Sophos MDR is customizable with different service tiers, and can be delivered via our proprietary technology or using your existing cybersecurity technology investments.
Cybersecurity Delivered as a Service
Enabled by extended detection and response (XDR) capabilities that provide complete security coverage wherever your data reside, Sophos MDR can:
Detect more cyberthreats than security tools can identify on their own Our tools automatically block 99.98% of threats, which enables our analysts to focus on hunting the most sophisticated attackers that can only be detected and stopped by a highly trained human.
Take action on your behalf to stop threats from disrupting your business Our analysts detect, investigate, and respond to threats in minutes — whether you need full-scale incident response or help making accurate decisions.
Identify the root cause of threats to prevent future incidents We proactively take actions and provide recommendations that reduce risk to your organization. Fewer incidents mean less disruption for your IT and security teams, your employees, and your customers.
Compatible with the Cybersecurity Tools You Already Have
We can provide the technology you need from our award-wining portfolio, or our analysts can leverage your existing cybersecurity technologies to detect and respond to threats.
Sophos MDR is compatible with security telemetry from vendors such as Microsoft, CrowdStrike, Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace, and many others. Telemetry is automatically consolidated, correlated, and prioritized with insights from the Sophos Adaptive Cybersecurity Ecosystem (ACE) and Sophos X-Ops threat intelligence unit.
Highlights
Stop ransomware and other advanced human-led attacks with a 24/7 team of threat response experts
Maximize the ROI of your existing cybersecurity technologies
Let Sophos MDR execute full-scale incident response, work with you to manage security incidents, or deliver detailed threat notifications and guidance
Improve cyber insurance coverage eligibility with 24/7 monitoring and endpoint detection and response (EDR) capabilities
Free up your internal IT and security staff to focus on business enablement
Each year, millions of laptop computers are misplaced, stolen, or lost; many of them containing important and sensitive data. Full disk encryption is the essential first line of defense to protect your data in any of these events. Sophos Central gives you the ability to manage full disk encryption from a single, integrated, web-based management center.
Manage Windows BitLocker and macOS FileVault full disk encryption centrally from a single console
Proof-of-compliance reporting
Self-service key recovery
User-centric management
Per-user pricing
Quick deployment
Securing data and staying compliant The majority of mobile professionals carry laptops containing confidential company information. Passwords alone do not protect data. The best way to make sure your data is secure at rest is by encrypting the computer's hard drive. As a part of compliance requirements, you are likely to be able to verify which computers in your organization are encrypted. And in the case of lost or stolen laptops, organizations also need to provide proof that these missing devices are encrypted.
Quick deployment Sophos Central Device Encryption lets you centrally manage Windows BitLocker and macOS FileVault native device encryption. With Sophos Central’s web-based management, there is no server to deploy and no need to configure back-end key servers. You can deploy and start securing data in minutes. For existing Sophos Central Endpoint Protection customers, there is no additional agent required. Over-the-air deployment means that it takes only a couple of clicks to push out the new encryption policy. And, it lets you easily secure data on remote laptops.
Unified management interface Manage your encryption policy, encryption keys, as well as all your essential security policies using Sophos Central, a web-based integrated management console. Sophos Central provides an intuitive view for all your Sophos security products.
Simple user-centric management Sophos Central is centered around the user. When a user has more than one computer, you can enable device encryption and protect all of the user's computers with one easy action.
Secure key recovery via our self-service portal Sophos Central Self Service lets users retrieve their own full disk encryption recovery keys. This helps users get back to work faster without needing to contact the help desk, saving both time and IT resources.
Each year, millions of laptop computers are misplaced, stolen, or lost; many of them containing important and sensitive data. Full disk encryption is the essential first line of defense to protect your data in any of these events. Sophos Central gives you the ability to manage full disk encryption from a single, integrated, web-based management center.
Manage Windows BitLocker and macOS FileVault full disk encryption centrally from a single console
Proof-of-compliance reporting
Self-service key recovery
User-centric management
Per-user pricing
Quick deployment
Securing data and staying compliant The majority of mobile professionals carry laptops containing confidential company information. Passwords alone do not protect data. The best way to make sure your data is secure at rest is by encrypting the computer's hard drive. As a part of compliance requirements, you are likely to be able to verify which computers in your organization are encrypted. And in the case of lost or stolen laptops, organizations also need to provide proof that these missing devices are encrypted.
Quick deployment Sophos Central Device Encryption lets you centrally manage Windows BitLocker and macOS FileVault native device encryption. With Sophos Central’s web-based management, there is no server to deploy and no need to configure back-end key servers. You can deploy and start securing data in minutes. For existing Sophos Central Endpoint Protection customers, there is no additional agent required. Over-the-air deployment means that it takes only a couple of clicks to push out the new encryption policy. And, it lets you easily secure data on remote laptops.
Unified management interface Manage your encryption policy, encryption keys, as well as all your essential security policies using Sophos Central, a web-based integrated management console. Sophos Central provides an intuitive view for all your Sophos security products.
Simple user-centric management Sophos Central is centered around the user. When a user has more than one computer, you can enable device encryption and protect all of the user's computers with one easy action.
Secure key recovery via our self-service portal Sophos Central Self Service lets users retrieve their own full disk encryption recovery keys. This helps users get back to work faster without needing to contact the help desk, saving both time and IT resources.
Endpoint Agent: (Windows/macOS) Anti-malware, Live Protection, Web Security, Web Control, Malware Removal, Peripheral Control, Application Control, Synchronized Security Heartbeat (Windows only) Behaviour Analysis/HIPS, Data Loss Prevention, Download Reputation, Malicious Traffic Detection, Exploit Prevention, Cryptoguard Anti-Ransomware, Sophos Clean, Root Cause Analysis.
Sophos for Virtual Environments, Light Agent off-board scanning: (Windows Desktop VMs) Anti-malware, Live Protection, Malware Removal.
Sophos Central Intercept X Essentials for Server - Powerful protection with a lower price tag!
Intercept X Essentials for Servers is the new entry-level server protection for small businesses at an affordable price. It offers the same protections as Intercept X Advanced for Servers with deep-learning AI, anti-ransomware, and anti-exploit capabilities, but without all the control and management features you probably won't miss if your business is small or perceives low risk.
The following features are not included in Intercept X Essentials for Servers
Multiple policies - customers must use the base policy.
Peripheral Control - Customers cannot set users to connect only certain devices.
Controlled updates - Customers cannot delay updates or decide when to deploy them.
Web Control - Customers cannot block access to inappropriate websites.
Application Control - Customers cannot control what types of applications are allowed to be installed and run.
Threat Cases - Customers do not have access to threat cases that show what happened during an incident.
File Integrity Monitoring (FIM) - Customers cannot monitor critical files on their servers for tampering attempts.
Cloud Security Posture Management (CSPM) - Customers cannot see their entire cloud environment, such as serverless functions and databases.
Server Lockdown - Customers cannot lock down their servers to a base configuration.
If you need multiple configurable policies or a higher level of manageability with Peripheral Control, Web Control, Application Control, etc., consider purchasing Intercept X Advanced for Server instead.
Technical Specifications
Compare the range of functions of the different Server from Sophos to protect your infrastructure. Not sure which protection best suits your business? We can advise you free of charge and without any obligation.
Sophos Central Intercept X Essentials for Server - Powerful protection with a lower price tag!
Intercept X Essentials for Servers is the new entry-level server protection for small businesses at an affordable price. It offers the same protections as Intercept X Advanced for Servers with deep-learning AI, anti-ransomware, and anti-exploit capabilities, but without all the control and management features you probably won't miss if your business is small or perceives low risk.
The following features are not included in Intercept X Essentials for Servers
Multiple policies - customers must use the base policy.
Peripheral Control - Customers cannot set users to connect only certain devices.
Controlled updates - Customers cannot delay updates or decide when to deploy them.
Web Control - Customers cannot block access to inappropriate websites.
Application Control - Customers cannot control what types of applications are allowed to be installed and run.
Threat Cases - Customers do not have access to threat cases that show what happened during an incident.
File Integrity Monitoring (FIM) - Customers cannot monitor critical files on their servers for tampering attempts.
Cloud Security Posture Management (CSPM) - Customers cannot see their entire cloud environment, such as serverless functions and databases.
Server Lockdown - Customers cannot lock down their servers to a base configuration.
If you need multiple configurable policies or a higher level of manageability with Peripheral Control, Web Control, Application Control, etc., consider purchasing Intercept X Advanced for Server instead.
Technical Specifications
Compare the range of functions of the different Server from Sophos to protect your infrastructure. Not sure which protection best suits your business? We can advise you free of charge and without any obligation.
Sophos Intercept X for Server is the industry leading Server Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI and control technology it stops attacks before they impact your systems. Intercept X for Server uses a comprehensive, defense in depth approach to server protection, rather than relying on one primary security technique.
Highlights
Secures cloud, on-premises and virtual server deployments
Stops never seen before threats with deep learning AI
Blocks ransomware and rollback files to a safe state
Prevents the exploit techniques used throughout the attack chain
Performs threat hunting and IT ops security hygiene with XDR
Understand and secure your wider cloud environment such as S3 buckets and databases
Provides 24/7/365 security delivered as a fully managed service
Stop Unknown Threats
Deep learning AI in Intercept X for Server excels at detecting and blocking malware even when it hasn’t been seen before. It does this by scrutinizing file attributes from hundreds of millions of samples to identify threats without the need for a signature.
Block Ransomware
Intercept X for Server includes advanced anti-ransomware capabilities that detect and block the malicious encryption processes used in ransomware attacks. Files that have been encrypted will be rolled back to a safe state, minimizing any impact to business productivity.
Prevent Exploits
Anti-exploit technology stops the exploit techniques that attackers rely on to compromise devices, steal credentials and distribute malware. By stopping the techniques used throughout the attack chain Intercept X for Server keeps your organization secure against file-less attacks and zero-day exploits.
Control Your Servers
Ensure only what you want can run. Server Lockdown (whitelisting) makes sure that only applications you have approved can run on a server. File Integrity Monitoring will notify you if there are unauthorized attempts to change critical files.
See Your Wider Cloud Environment
Understand and secure your entire multi-cloud inventory. You can detect your cloud workloads as well as critical cloud services including S3 buckets, databases and serverless functions, identify suspicious activity, spot insecure deployments and close security gaps.
Sophos Intercept X for Server is the industry leading Server Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI and control technology it stops attacks before they impact your systems. Intercept X for Server uses a comprehensive, defense in depth approach to server protection, rather than relying on one primary security technique.
Highlights
Secures cloud, on-premises and virtual server deployments
Stops never seen before threats with deep learning AI
Blocks ransomware and rollback files to a safe state
Prevents the exploit techniques used throughout the attack chain
Performs threat hunting and IT ops security hygiene with XDR
Understand and secure your wider cloud environment such as S3 buckets and databases
Provides 24/7/365 security delivered as a fully managed service
Stop Unknown Threats
Deep learning AI in Intercept X for Server excels at detecting and blocking malware even when it hasn’t been seen before. It does this by scrutinizing file attributes from hundreds of millions of samples to identify threats without the need for a signature.
Block Ransomware
Intercept X for Server includes advanced anti-ransomware capabilities that detect and block the malicious encryption processes used in ransomware attacks. Files that have been encrypted will be rolled back to a safe state, minimizing any impact to business productivity.
Prevent Exploits
Anti-exploit technology stops the exploit techniques that attackers rely on to compromise devices, steal credentials and distribute malware. By stopping the techniques used throughout the attack chain Intercept X for Server keeps your organization secure against file-less attacks and zero-day exploits.
Control Your Servers
Ensure only what you want can run. Server Lockdown (whitelisting) makes sure that only applications you have approved can run on a server. File Integrity Monitoring will notify you if there are unauthorized attempts to change critical files.
See Your Wider Cloud Environment
Understand and secure your entire multi-cloud inventory. You can detect your cloud workloads as well as critical cloud services including S3 buckets, databases and serverless functions, identify suspicious activity, spot insecure deployments and close security gaps.
With Sophos Central Intercept X for servers with XDR, you equip your servers with the maximum protection Sophos has to offer for servers. It includes all the functions of classic "Server Protection" with "Intercept X" for protection against ransomware and exploits, allowing you to protect your server environment against encryption Trojans. As the name of the product suggests, you also buy the "XDR" function.
XDR means "Extended Detection and Response" and is interesting for all those who want to get to the bottom of the cause of an attack in more detail, or in certain companies also have to. XDR is used, for example, when malware has been blocked or an exploit has been prevented. It could be that a thwarted attack is just a harbinger of a much larger attack. In our view, XDR can be seen as an extension of the "root cause analysis" already included in Intercept X, simply with many more options.
Server Lockdown
The Server lockdown gives you the benefit of one-click whitelisting. Once you activate the lockdown for your Server, it will first check if the system is threat-free. After that, it is necessary to record the current state of your server and create the whitelisting. All this happens in the background and does not affect the availability of your server. After one or two hours, indexing is usually complete and the system is in lockdown mode. From this point on, no software, including malware, can be installed on the system.
After lockdown, you can define so-called "update applications". For example, an update of an ERP can be such an update application. Windows updates are already whitelisted automatically and are allowed to update system components of Windows.
CryptoGuard
A classic antivirus doesn't stand a chance against encryption Trojans such as Petya, WannaCry or Locky. With CryptoGuard you get a technology on your Server that detects as soon as a ransomware tries to encrypt files on your Server and stops this process immediately. Already encrypted files are automatically restored afterwards, so that no data loss occurs.
CryptoGuard is the ideal complement to classic virus detection and is included as an additional layer of protection in Sophos intercept X for Server.
Root Cause Analysis
Find out the cause of the attack.
Imagine that, despite all the protective measures, malware has made it into your network. How could this happen? Thanks to the root cause analysis in Intercept X, this mystery can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you in great detail how the malware got into your network, which devices were infected and what steps you should take now.
With root cause analysis, you'll never be in the dark again if your network has been infected by an unknown malware.
Exploit Protection
Preventing the exploitation of security vulnerabilities.
Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. With Intercept X, every application is monitored in the background and every action is checked to see if an exploit technique is being attempted.
If such a technique is detected, Exploit Prevention prevents a vulnerability from being exploited and restores the system to a secure state.
Technical Specifications
Compare the range of functions of the different Server from Sophos to protect your infrastructure. Not sure which protection best suits your business? We can advise you free of charge and without any obligation.
Sophos Central Server Protection does more than defend against known malware based on signatures, and also protects your Windows and Linux servers from modern threats. Based on real-time threat data from SophosLabs, the solution correlates suspicious behavior and activity: from malicious URLs to web exploit code and unexpected system changes to command-and-control traffic. This keeps your servers and data reliably protected.
Central Server Protection combines sophisticated features with simple, intuitive operation. Protection updates are small - usually under 30 KB - so they have virtually no impact on the performance of your network and servers. Upgrade to Sophos Intercept X Advanced for servers to combine traditional IT security features with modern techniques.
Central Intercept X Advanced for Servers with XDR
Sophos Central Intercept X Advanced for Servers uses a combination of leading traditional and modern techniques to protect your servers, rather than relying on a single security approach. This includes deep-learning malware detection, exploit defense, and specialized capabilities for ransomware protection.
The artificial intelligence built into Intercept X is a neural network - an advanced form of machine learning. This network is capable of detecting both known and unknown malware completely without signatures.
Sophos Exploit Prevention blocks the exploit tools and techniques used to spread malware, steal credentials and defeat detection mechanisms. This means hackers and zero-day attacks no longer have a chance to enter your network.
Using behavioral analysis, Intercept X stops unknown ransomware and boot record attacks.Even if trusted files and processes are tampered with, CryptoGuard stops the process and restores the affected items to their original state - without requiring user or IT intervention. CryptoGuard works unobtrusively at the file system level, keeping an eye on remote computers and local processes that attempt to tamper with your documents and other files.
Central Intercept X for Servers with EDR is the first EDR solution specifically designed to help IT administrators and security analysts with IT operations use cases and threat hunting. With Sophos Intercept X Advanced, you can create any query about what happened in the past and what is currently happening on your endpoints. You can use these queries either for threat hunting to detect active attackers or to ensure that security policies are enforced. When a problem is found, you have the ability to take targeted action via remote access.
Central Intercept X Advanced for Server with XDR license features
Sophos Managed Detection and Response – Artificial intelligence mixed with human expertise
With "Sophos Central MDR for Server" you can achieve the highest level of security Sophos can currently offer for the protection of your Server (Linux, Windows Server 2008 R2+). In this bundle, you get all the features of Intercept X Advanced for Server with XDR and the new, enhanced MDR service.
Active threat response by a team of experts – 24/7
With the MDR service, Sophos provides a highly available “Service Operation Center” (SOC). It is the perfect complement for all IT administrators where there are no free resources to go threat hunting themselves with XDR's tools. It takes highly skilled and specialized personnel to use XDR to proactively scan the network for potential threats and take the correct steps when an attack occurs. With Sophos Central MDR for Server, you no longer need to look for trained personnel yourself. Sophos provides a team of experts who work 24/7 to combat threats.
Features of MDR
24/7 circumstantial threat hunting
If something has been detected on your system that could not be fixed automatically and requires human expertise, the MDR team is there for you on a 24/7 basis. An expert then takes a close look at the critical note and uses his experience to decide what needs to be done.
Attack detection
The MDR team pays special attention to attacks executed through legitimate processes, such as PowerShell. Such attacks are often successful because they are difficult for monitoring tools to detect. The MDR team uses proprietary analytics to monitor these processes to ensure they are not being misused for malicious purposes.
Security Health Check
The Security Health Check ensures that your Sophos Central products can always operate at maximum performance. To do this, the MDR team looks at your network requirements and makes recommendations for configuration changes.
Central Managed Detection and Response Server is a 24/7 managed threat protection, detection, and response service. The MDR service tier provides analyst-led threat hunting, investigation, and threat containment so attacks are interrupted to prevent spreading. Sophos MDR includes support for 3rd party server protection solutions. Optional add-ons can be purchased for Sophos Network Detection and Response (NDR), Sophos 3rd party integration packs, and extended data storage. For licensing clarity, Central Managed Detection and Response includes Central Intercept X Advanced with XDR as well as 3rd party endpoint compatibility.
Ransomware and Breach Prevention Services
The need for always-on security operations has become an imperative. However, the complexity of modern operating environments and the velocity of cyberthreats make it increasingly difficult for most organizations to successfully manage detection and response on their own.
With Sophos MDR, our expert team stops advanced human-led attacks. We take action to neutralize threats before they can disrupt your business operations or compromise your sensitive data. Sophos MDR is customizable with different service tiers, and can be delivered via our proprietary technology or using your existing cybersecurity technology investments.
Cybersecurity Delivered as a Service
Enabled by extended detection and response (XDR) capabilities that provide complete security coverage wherever your data reside, Sophos MDR can:
Detect more cyberthreats than security tools can identify on their own Our tools automatically block 99.98% of threats, which enables our analysts to focus on hunting the most sophisticated attackers that can only be detected and stopped by a highly trained human.
Take action on your behalf to stop threats from disrupting your business Our analysts detect, investigate, and respond to threats in minutes — whether you need full-scale incident response or help making accurate decisions.
Identify the root cause of threats to prevent future incidents We proactively take actions and provide recommendations that reduce risk to your organization. Fewer incidents mean less disruption for your IT and security teams, your employees, and your customers.
Complete this Enquiry Form to obtain additional information about our services or send personal complaints. We will analyze your enquiry and return to you shortly by email or phone.
Create Account
Complete this Enquiry Form to obtain additional information about our services or send personal complaints. We will analyze your enquiry and return to you shortly by email or phone.
Password Recovery
We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By continuing to the site, you consent to store on your device all the technologies described in our cookie policy.
Here is the the cookie policy
