Sophos Intercept X – Now with Endpoint Detection and Response (EDR)

Tuesday 18th December 2018

Sophos has expanded it’s Intercept X endpoint protection platform with new endpoint detection and response capabilities that can help organisations better understand and respond to emerging threats.

Sophos Intercept X Advanced with EDR integrates intelligent endpoint detection and response (EDR) with the industry’s top-rated malware detection, top-rated exploit protection, and other unmatched endpoint protection features.


  • EDR combined with the strongest endpoint protection
  • Deep Learning Malware Analysis
  • On-demand curated threat intelligence from SophosLabs
  • Machine learning detection and prioritisation of suspicious events*
  • Guided investigations make EDR approachable yet powerful
  • Respond to incidents with a single click

EDR Starts with the Strongest Protection

To stop breaches before they start, prevention is crucial. Intercept X consolidates unmatched protection and endpoint detection and response into a single solution. This means that most threats are stopped before they can ever cause damage, and Intercept X Advanced with EDR provides additional cybersecurity assurance with the ability to detect, investigate, and respond to potential security threats.

The inclusion of EDR into a consistently top-rated endpoint protection suite enables Intercept X to significantly lighten the EDR workload. The more threats that areprevented, the less noise that is created for security teams to investigate. This means teams can optimise key resources enabling them to focus on the business of IT rather than chasing false positives and an overwhelming volume of alerts.

Add Expertise, Not Headcount

Intercept X Advanced with EDR replicates the tasks normally performed by skilled analysts, so organisations can add expertise without having to add staff. Unlike other EDR solutions which rely on highly skilled human analysts to ask questions andinterpret data, Intercept X Advanced with EDR is powered by machine learning and enhanced with curated SophosLabs threat intelligence

Security expertise*: Intercept X Advanced with EDR puts security expertise into the hands of IT by automatically detecting and prioritising potential threats. Using machine
learning, suspicious events are identified and elevated as the most important and in need of immediate attention. Analysts can quickly see where to focus their attentionand understand which machines may be impacted.

Malware expertise: Most organisations rely on malware experts that specialise in reverseengineering to analyse suspicious files. Not only is this approach time consuming and difficult to achieve, but it assumes a level of cybersecurity sophistication which most organisations don’t possess. Intercept X Advanced with EDR offers a better approachby leveraging Deep Learning Malware Analysis which automatically analyses malware in extreme detail, breaking down file attributes and code and comparing them tomillions of other files. Analysts can easily see which attributes and code segments are similar to “known-good” and “known bad” files so they can determine if a file should be blocked or allowed.

Threat intelligence expertise: When Intercept X Advanced with EDR elevates a potentially suspicious file, IT administrators can gather more information by accessing on-demand threat intelligence curated by SophosLabs which receives and processes approximately 400,000 previously unseen malware samples each day. This, and other threat intelligence is collected, aggregated, and summarised for easy analysis. This means that teams that do not have dedicated threat intelligence analysts, or access to expensive and hard to understand threat feeds, can benefit from one of the top cybersecurity research and data science teams in the world.

Guided Incident Response

Intercept X Advanced with EDR allows administrators to answer the tough questions about security incidents by providing visibility into the scope of an attack, how it started, what was impacted, and how to respond. Security teams of all skill levels can quickly understand their security posture thanks to guided investigations which offer suggested next steps, clear visual attack representations, and built-in expertise.

When an investigation is concluded, analysts can respond with a click of a button. Rapid response options include the ability to isolate endpoints for immediate remediation, clean and block files, and create forensic snapshots.

*Available early 2019

Want to keep informed? Sign up to our Newsletter